[Bro] Does BPF filter of worker has the ability of packet retransmition
wangdj at ffcs.cn
wangdj at ffcs.cn
Fri Sep 21 05:38:25 PDT 2018
Hi,
When i read the document of "Bro Cluster Architecture"(link: https://www.bro.org/sphinx/cluster/index.html) , i cannot understand the following sentence.
"The packets can then be passed directly to a monitoring host where each worker has a BPF filter to limit its visibility to only that stream of flows, or onward to a commodity switch to split the traffic out to multiple 1G interfaces for the workers."
Does this sentence means worker`s BPF filter can retransmit packets to other switch?
If it can not, what the above-mentioned sentence means?
If it can, then what this following sentence which is also from "Bro Cluster Architecture" means?
"The frontend is a discrete hardware device or on-host technique that splits traffic into many streams or flows. The Bro binary does not do this job"
DeJin Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180921/90b53293/attachment.html
More information about the Bro
mailing list