Snort mailing list archives
Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing
From: Russ Combs <rcombs () sourcefire com>
Date: Tue, 4 Jan 2011 13:10:57 -0500
On Tue, Jan 4, 2011 at 12:49 PM, evilghost () packetmail net < evilghost () packetmail net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/04/11 11:45, Russ Combs wrote:Snort 2.9.0 uses the pcap library for tcpdump style logging and getting interfaces (on Windows). Those features work with the older libpcapversions. Thanks Russ, I had gathered that much, I guess the real question is LOWMEM aside, is there any reason not to use AF_PACKET over pcap since from what I understand AF_PACKET is quite close if not a better performer than libpcap with mmap (Phil Wood) [1]
The afpacket DAQ gives you inline. And if you use Michael Altizer's TX ring patch performance should be pretty good. I don't have any comparative data.
- -evilghost [1] http://public.lanl.gov/cpw/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBAgAGBQJNI12uAAoJENgimYXu6xOHHYQP/038UPgq1BNvq72HtThYd91G a22mPw+9ISNQNCVskC+qfC+QDtgma2W8kLX3ffOjyucV/ZbZZ+gLI41k5YEwtccj XIdBgWUF0ETlD4HWdbcwYvq+g98+5BcpXcpaQi6DposB4g9wEcSTm2dBdZNjK4bQ ijJHvrqvZDYSgj3G7zNHy1IR3Jwyh9UelwPrfJpntHbIFZn+rkh6Kr5NCNd6Ezmr r5q2pOJU1ejfYB6D5NcLiRFFJf8CTHMzibz1ieLXZqL0PnljA3+1H968cRcyrKcA hk8QrHL2J/U8nULstVmYdFPcH0FFA09m+VLmquKZPZYtAH0Y3LT7sKRiMJv6Jkaq WMPP438piC0pTzV35P1LyAriObvAsus/0mMOUVWBehB0SNSF+hxlcgOYSAf07eoM p+L2BKMBBBGuFY+MAVqXL7TY/IpAfkhg3xzrI6UmCaQ7PsghFA65SLJoJx8/GQAt dvt3zrl5u52uvmNVy3Blk+bl81UGib1g/nHFhixSLcQKaaOOBkh2u+L8WKaCSA3E Zm5VoINrwsufz4YohYDoy/YBpxRPE9L4Yyzn76V7azJ41J8guVKrtWSFBC44Lmn6 1FzSYU6p6ojg5vlxgOQ/oARQB8XngwfwAYKHLxkJhv50rm6zWzOZPi27UFH3rgQP M4yGq4sLiqUtZidUHcl2 =/8zW -----END PGP SIGNATURE-----
------------------------------------------------------------------------------ Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 02)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Nigel Houghton (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Nigel Houghton (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing evilghost () packetmail net (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Russ Combs (Jan 04)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing evilghost () packetmail net (Jan 04)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Russ Combs (Jan 04)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Randal T. Rioux (Jan 03)
- Re: OpenBSD 4.8 / Snort 2.9.0.3 -- libsf_engine.so missing Nigel Houghton (Jan 03)