[Bro] PF_RING pfring_open() for Endace DAG
Benjamin Wood
ben.bt.wood at gmail.com
Tue Mar 11 18:51:56 PDT 2014
Thanks Seth.
Unfortunately I don't have the time to look into this much further either.
I've got some higher priority things to do right now. If I can come back to
it I'll let you know.
I'm assuming this different direction will change the way bro interfaces
with the network? I understand if you can't say much about it.
Cheers,
Ben
On Tue, Mar 11, 2014 at 9:18 PM, Seth Hall <seth at icir.org> wrote:
>
> On Mar 11, 2014, at 7:01 PM, Benjamin Wood <ben.bt.wood at gmail.com> wrote:
>
> > PF_RING does support the DAG, but you must use the pf_ring library to
> open the interface with something like pfring_open("dag:dagX:Y") instead of
> trying to use libpcap.
>
> We don't have resources to do this work and honestly we're going to be
> taking a slightly different direction with Bro. However we are in the
> process of abstracting our packet source interface and if you chose to
> write a native PF_Ring plugin (when we have the interface complete) you
> could contribute it back to us for possible inclusion into Bro.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140311/c6b7fa0d/attachment.html
More information about the Bro
mailing list