Re: PATCH 1/1]: DAQ pcaprr module

[Joel Esler <jesler () sourcefire com>]

I just put it up on Snort.org as well as put it on the Snort blog at http://blog.snort.org

Thanks Jeff, great work!

Joel

On Apr 29, 2011, at 10:52 AM, Russ Combs wrote:

> Thanks!
>
> On Fri, Apr 29, 2011 at 10:41 AM, Jeff Murphy <jeff.murphy () gmail com> wrote:
> Attached. Here's a suggested blurb (based on the Napatech blurb), feel free to edit 
>
>
> PCAPRR External DAQ
> PCAPRR can be used to read from multiple network interfaces in cases where those interfaces can not be bonded 
> together (e.g. when using Endace cards). To build this requires libpcap library. This is NOT a Sourcefire used or 
> produced module, and support questions should be directed to Jeff Murphy. 
>
>
>
>
> On Apr 29, 2011, at 10:03 AM, Russ Combs wrote:
>
> > Thanks for contributing.  Please follow the guidelines here:
> >
> > http://www.snort.org/snort-downloads/external-daq/
> >
> > Then send us a tarball and we'll add it to the above page.
> >
> > Russ
> >
> > On Fri, Apr 29, 2011 at 9:33 AM, Jeff Murphy <jeff.murphy () gmail com> wrote:
> >
> >
> > We use Endace DAG cards in our sensors along with regen taps. Those cards don't work with the bonding driver, so 
> > merging the two streams from a regen tap isn't possible (unless we use a different tap or fix the drivers to work 
> > together). The attached patch creates a new module in the os-daq-modules directory called "pcaprr.c". This module 
> > will open multiple devices and then make round-robin reads from the device list (much like the bonding driver would 
> > if it worked with the DAG driver).  Modifications made against DAQ 0.5 code.
> >
> > Example use:
> >
> > /usr/sbin/snort --daq-dir=/usr/lib64/daq --daq pcaprr -i dag0:4,dag1:4 
> >
> > I've been running this DAQ code for ~3 weeks now. 
> >
> > jeff 
> > >
> >
> >
> >
> >
> >
> >
> > ------------------------------------------------------------------------------
> > WhatsUp Gold - Download Free Network Management Software
> > The most intuitive, comprehensive, and cost-effective network
> > management toolset available today.  Delivers lowest initial
> > acquisition cost and overall TCO of any competing solution.
> > http://p.sf.net/sfu/whatsupgold-sd
> > _______________________________________________
> > Snort-devel mailing list
> > Snort-devel () lists sourceforge net
> > https://lists.sourceforge.net/lists/listinfo/snort-devel
>
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today.  Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Snort-devel mailing list
> Snort-devel () lists sourceforge net
> https://lists.sourceforge.net/lists/listinfo/snort-devel

------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel