[Bro] PF_RING pfring_open() for Endace DAG
ben.bt.wood at gmail.com
Tue Mar 11 18:51:56 PDT 2014
Unfortunately I don't have the time to look into this much further either.
I've got some higher priority things to do right now. If I can come back to
it I'll let you know.
I'm assuming this different direction will change the way bro interfaces
with the network? I understand if you can't say much about it.
On Tue, Mar 11, 2014 at 9:18 PM, Seth Hall <seth at icir.org> wrote:
> On Mar 11, 2014, at 7:01 PM, Benjamin Wood <ben.bt.wood at gmail.com> wrote:
> > PF_RING does support the DAG, but you must use the pf_ring library to
> open the interface with something like pfring_open("dag:dagX:Y") instead of
> trying to use libpcap.
> We don't have resources to do this work and honestly we're going to be
> taking a slightly different direction with Bro. However we are in the
> process of abstracting our packet source interface and if you chose to
> write a native PF_Ring plugin (when we have the interface complete) you
> could contribute it back to us for possible inclusion into Bro.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro