Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort'ing MPLS

From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 12 Jan 2012 15:13:03 -0500
On Thu, Jan 12, 2012 at 9:25 AM, Kungu Panda <kungupanda () gmail com> wrote:


I have a new requirement to tap and snort MPLS encapsulated traffic.
 Snort, of course, supports this if compiled with mpls support.

General questions for those snort'ers that are already snort'ing MPLS:
  - any gotcha's  ?
  - how well is this working for you?
  - any observed performance impact?
  - anything else I should know heading down the MPLS rabbit-hole ?


Something I did notice for the sourcefire guys: on 2.9.1.2, running
 "./configure --help", results in some somewhat confusing output:
   --disable-zlib            Enable Http Response Decompression
   --disable-gre             Enable GRE and IP in IP encapsulation support
   --disable-mpls            Enable MPLS support
   --disable-targetbased     Enable Target-Based Support in Stream, Frag,
and Rules (adds pthread support implicitly)
   --disable-decoder-preprocessor-rules  Enable rule actions for decoder
and preprocessor events
   --disable-ppm             Enable packet/rule performance monitor
So you issue a disable compiler command to enable a function?  Pretty sure
there is some crazy logic or some typos here.



Thanks - we can clean that up.  Note that any --disable-X can instead be
--enable-X (for the opposite effect).  We changed some --enables to
--disables to correctly indicate the default.  The help should be updated
too.




Thanks!
KPanda

------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: