Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort 2.9.0.3 & Phil Wood's modified libpcap

From: Michael Altizer <xiche () verizon net>
Date: Tue, 08 Feb 2011 22:20:02 -0500
On 02/08/2011 08:36 AM, Weir, Jason wrote:

Running into problems - seems DAQ needs libpcap version greater than
1.0.0

./configure on daq gives me this

ERROR!  Libpcap library version>= 1.0.0  not found.

Unfortunately Phil's libpcap version is 0.9.8

Any way around this?

Jason

On Linux, the PCAP DAQ module attempts to emulate Phil's modifications 
by interpolating his PCAP_FRAMES environment variable into something 
relatively equivalent to pass to pcap_set_buffer_size() on LibPCAP >= 
1.0.0 (see daq_pcap.c:translate_PCAP_FRAMES).  Since LibPCAP 1.0.0, the 
default method for opening Linux interfaces is via mmap (AF_PACKET 
socket) if possible.  Also, the AFPacket DAQ module provides a more 
direct and flexible interface to this, as well as a number of other 
features, so I would suggest giving that a try.

-Michael

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: