libpcap mmap issues on Snort

[Anand Raj Manickam <anandrm () gmail com>]

Hi,
This is a followup to the email thread - http://seclists.org/snort/2014/q3/547
I m running Snort on Mirror/SPAN port .
I have been facing a issue where the packets got internal
fragmentation / split on libpcap due which snort was failing to
Inspect packets.
When "HAVE_PACKET_RING" code was disabled in libpcap and rebuild ,
Snort was able to Inspect packets right.
But the issue post this was , i was able to run only one flow /
connection . Beyond a single connection , i was not able to interrupt
the snort process (Ctrl + C) fails to summarize the reports .

Thanks,

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!