Project

General

Profile

Actions

Feature #440

closed

afpacket needs to support bpf (and by extension -F bpf.conf command-line option)

Added by Doug Burks over 9 years ago. Updated over 9 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 -F /etc/nsm/qa-eth0/bpf.conf -l /nsm/sensor_data/qa-eth0

Suricata starts but there is no log entry confirming the BPF filter and Suricata still alerts on traffic from my IP addresses in the BPF.

If I change "--af-packet=eth0" to "-i eth0", then I see "BPF filter set from command line or via old 'bpf-filter' option" in the log and everything works properly.

IRC conversation:
VictorJ
hmm
thinking about it, I don't think we support bpf for afpacket at all
do we Regit ?

8:59
Regit
VictorJ: no it's not implemented
9:00
VictorJ
9:00
securityonion, so I guess we need a feature ticket

Actions #1

Updated by Victor Julien over 9 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Target version set to 1.4beta1
Actions #2

Updated by Eric Leblond over 9 years ago

  • % Done changed from 0 to 80

I've got basic working code. Need more tests and personal review.

Actions #3

Updated by Victor Julien over 9 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 80 to 100

Applied, thanks Eric!

Actions #4

Updated by Victor Julien over 9 years ago

  • Target version changed from 1.4beta1 to 1.3rc1
Actions

Also available in: Atom PDF