[Bro] DPD or binpac on kernel-level
Ruoming Pang
rpang at cs.princeton.edu
Fri Dec 21 18:52:46 PST 2007
Hi Dongsu,
People have tried using binpac on systems other than Bro. The main
obstacle is to have a regular expression matching library, which
binpac-based analyzers rely on. If you have such a library that can be
used in-kernel, you are pretty close. Then you need a library to
handle dynamic memory allocation (if I understand kernel programming
correctly).
Ruoming
On Dec 19, 2007 3:50 AM, Dongsu Park <dpark1978 at gmail.com> wrote:
> Hi,
>
> is there any implementation of DPD or binpac on kernel-level,
> for instance on Linux netfilter?
> If not, do you have any plan for it?
>
> I think DPD and binpac are excellent implementations, but they currently
> depend on Bro IDS. They would be more useful if they could be combined
> into kernel-level firewalls, with enabling detected packets to be dropped
> immediately.
>
> As far as I know, L7-filter <http://l7-filter.sourceforge.net> does
> similar jobs. It seems to be interesting if DPD/binpac can be ported to
> kernel modules H L7-filter, or something like that.
>
>
> --
> Dongsu Park <dpark1978 at gmail.com>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list