[Bro] PF_RING pfring_open() for Endace DAG
seth at icir.org
Tue Mar 11 18:18:37 PDT 2014
On Mar 11, 2014, at 7:01 PM, Benjamin Wood <ben.bt.wood at gmail.com> wrote:
> PF_RING does support the DAG, but you must use the pf_ring library to open the interface with something like pfring_open("dag:dagX:Y") instead of trying to use libpcap.
We don't have resources to do this work and honestly we're going to be taking a slightly different direction with Bro. However we are in the process of abstracting our packet source interface and if you chose to write a native PF_Ring plugin (when we have the interface complete) you could contribute it back to us for possible inclusion into Bro.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140311/78be71c6/attachment.bin
More information about the Bro