Snort mailing list archives
Re: snort 2.9.4 daq-2.0.0
From: Michael Altizer <maltizer () sourcefire com>
Date: Wed, 12 Dec 2012 18:04:12 -0500
On 12/12/2012 05:43 PM, Lawrence R. Hughes, Sr. wrote:
Hi, Can daq-0.6.2 be used with snort-2.9.4? What are the differences between daq-2.0.0 & daq-0.6.2? Thanks, Larry
Highlights outside of bug/compatibility fixes were:* Adding the concept of DAQ metapackets (currently used for flow start/end events), changing Acquire() to accept a metapacket callback, and adding the daq_acquire_with_meta() function. * Adding the HUP_Prep(), HUP_Apply(), and HUP_Post() module functions for staging instance changes out-of-band. * Adding the DAQ_PKT_FLAG_NOT_FORWARDING DAQPktHdr flag to indicate that a packet will not be forwarded after inspection regardless of the verdict. * Replacing the device_index field in the DAQPktHdr with a more comprehensive bunch including Ingress Interface, Egress Interface, Ingress Group, Egress Group, and Address Space ID. It also picked up an opaque value and module private data pointer along the way.
* Adding the Modify_Flow() module function.The configure-foo in Snort should handle compiling against the older DAQ library version.
-Michael
------------------------------------------------------------------------------ LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort 2.9.4 daq-2.0.0 Lawrence R. Hughes, Sr. (Dec 12)
- Re: snort 2.9.4 daq-2.0.0 Michael Altizer (Dec 12)