Home page logo

snort logo Snort mailing list archives

Re: snort 2.9.4 daq-2.0.0
From: Michael Altizer <maltizer () sourcefire com>
Date: Wed, 12 Dec 2012 18:04:12 -0500

On 12/12/2012 05:43 PM, Lawrence R. Hughes, Sr. wrote:
Can daq-0.6.2 be used with snort-2.9.4?
What are the differences between daq-2.0.0 & daq-0.6.2?

Highlights outside of bug/compatibility fixes were:
* Adding the concept of DAQ metapackets (currently used for flow start/end events), changing Acquire() to accept a metapacket callback, and adding the daq_acquire_with_meta() function. * Adding the HUP_Prep(), HUP_Apply(), and HUP_Post() module functions for staging instance changes out-of-band. * Adding the DAQ_PKT_FLAG_NOT_FORWARDING DAQPktHdr flag to indicate that a packet will not be forwarded after inspection regardless of the verdict. * Replacing the device_index field in the DAQPktHdr with a more comprehensive bunch including Ingress Interface, Egress Interface, Ingress Group, Egress Group, and Address Space ID. It also picked up an opaque value and module private data pointer along the way.
* Adding the Modify_Flow() module function.

The configure-foo in Snort should handle compiling against the older DAQ library version.

LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
  • snort 2.9.4 daq-2.0.0 Lawrence R. Hughes, Sr. (Dec 12)
    • Re: snort 2.9.4 daq-2.0.0 Michael Altizer (Dec 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]