Snort mailing list archives
Re: snort option [-n packet-count ]
From: "Steve Sturges (ststurge)" <ststurge () cisco com>
Date: Thu, 22 May 2014 14:25:59 +0000
On May 21, 2014, at 11:49 PM, "ratheesh kannoth" <ratheesh.ksz () gmail com> wrote:
Hi list, I am working on a daq layer implementation. I have zero copy from driver and will send packet to snort thru daq layer. i have two questions. 1. what is the advantage of mentioning packet-count ? because in Daq_Acquire() function , daq layer has to call the call back function of snort and act on verdict. It is all serial ( one packet at a time ). ?
Yes, one packet at a time. Once snort is finished with a packet, it returns from callback to the daq module and waits for next packet.
2. In DAQ layer, i have to fill DAQ_PktHdr. i could see that
hdr.egress_index is filled as -1 in some implementation (
like in PF_RING DAQ ). what is its significance ?
That is up to the daq module... Basically If inline, that is the id (arbitrary per daq module) of the interface where packets are sent out. If passive, it isn't set.
-Ratheesh ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort option [-n packet-count ] ratheesh kannoth (May 21)
- Re: snort option [-n packet-count ] Steve Sturges (ststurge) (May 22)
- Re: snort option [-n packet-count ] ratheesh kannoth (May 22)
- Re: snort option [-n packet-count ] Steven Sturges (May 22)
- Re: snort option [-n packet-count ] ratheesh kannoth (May 22)
- Re: snort option [-n packet-count ] Steve Sturges (ststurge) (May 22)