Actions
Feature #1750
openSet Suricata to listen to all network interfaces when using AF_PACKET
Effort:
medium
Difficulty:
medium
Label:
Description
In a scenario where you have a lot of network interfaces, and not enough resources to start a Suricata instance for each interface, it would be beneficial to allow Suricata to listen to all ports at once.
This can be achieved by setting sll.sll_ifindex to 0 before binding to the interface with bind() [1]. When reading from the ring buffer, each frame will have the sockaddr_ll struct inside it, allowing for extraction of the interface that the frame came in on. [2]
[1] http://man7.org/linux/man-pages/man2/bind.2.html
[2] https://www.kernel.org/doc/Documentation/networking/packet_mmap.txt
Updated by Victor Julien over 8 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
Updated by Eric Leblond over 6 years ago
- Assignee changed from Eric Leblond to Anonymous
Updated by Victor Julien over 6 years ago
- Status changed from Assigned to New
- Effort set to medium
- Difficulty set to medium
Actions