Snort mailing list archives
Re: snort'ing MPLS
From: Russ Combs <rcombs () sourcefire com>
Date: Thu, 12 Jan 2012 15:13:03 -0500
On Thu, Jan 12, 2012 at 9:25 AM, Kungu Panda <kungupanda () gmail com> wrote:
I have a new requirement to tap and snort MPLS encapsulated traffic. Snort, of course, supports this if compiled with mpls support. General questions for those snort'ers that are already snort'ing MPLS: - any gotcha's ? - how well is this working for you? - any observed performance impact? - anything else I should know heading down the MPLS rabbit-hole ? Something I did notice for the sourcefire guys: on 2.9.1.2, running "./configure --help", results in some somewhat confusing output: --disable-zlib Enable Http Response Decompression --disable-gre Enable GRE and IP in IP encapsulation support --disable-mpls Enable MPLS support --disable-targetbased Enable Target-Based Support in Stream, Frag, and Rules (adds pthread support implicitly) --disable-decoder-preprocessor-rules Enable rule actions for decoder and preprocessor events --disable-ppm Enable packet/rule performance monitor So you issue a disable compiler command to enable a function? Pretty sure there is some crazy logic or some typos here.
Thanks - we can clean that up. Note that any --disable-X can instead be --enable-X (for the opposite effect). We changed some --enables to --disables to correctly indicate the default. The help should be updated too.
Thanks! KPanda ------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ RSA(R) Conference 2012 Mar 27 - Feb 2 Save $400 by Jan. 27 Register now! http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort'ing MPLS Kungu Panda (Jan 12)
- Re: snort'ing MPLS Russ Combs (Jan 12)