Feature #277
closedUse a configuration file for bpf
Description
It would be better if suricata can read bpf filters from a configuration file instead of command line with the following format, for example:
"suricata -c /etc/suricata/suricata.yaml -b /etc/suricata/bpf.conf"
And content for bpf.conf config file:
not (dst host 239.192.57.11 and dst port 5405) and
not (dst host 172.17.47.27 and dst port 5405) and
not (dst host 172.17.47.28 and dst port 5405)
Files
Updated by Victor Julien over 13 years ago
- Assignee set to Anonymous
Implementing this should be fairly simple. Code to load a bpf is already in place, so it's really about adding the command line option and reading the bpf from a file.
Great ticket to start getting to know the Suricata code.
Updated by delta yeh over 13 years ago
- File feature-277.patch feature-277.patch added
Please review attached patch
-----------------------------------------------------------------------------------------------
Author: deltay <delta.yeh@gmail.com> 2011-05-25 16:13:05
Committer: deltay <delta.yeh@gmail.com> 2011-05-25 16:13:05
Parent: 75439863ed864fe73f1fb4d0a1aa20bb4da059c6 (Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15.)
Branch: feature-277
Follows: suricata-1.1beta2
Precedes:
#277 Add -b option to specifiy bpf file
Updated by Victor Julien over 13 years ago
- Status changed from New to Closed
- Target version set to 1.1beta3
- % Done changed from 0 to 100
This functionality has been added, thanks Delta Yeh.
Updated by rmkml rmkml over 13 years ago
Hi,
Thx for new option,
but maybe use -F option like tcpdump/snort use already this.
Best Regards
Rmkml
Updated by Victor Julien over 13 years ago
This has already been done, hence the closed bug :)