Project

General

Profile

Feature #440

afpacket needs to support bpf (and by extension -F bpf.conf command-line option)

Added by Doug Burks over 8 years ago. Updated about 8 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 -F /etc/nsm/qa-eth0/bpf.conf -l /nsm/sensor_data/qa-eth0

Suricata starts but there is no log entry confirming the BPF filter and Suricata still alerts on traffic from my IP addresses in the BPF.

If I change "--af-packet=eth0" to "-i eth0", then I see "BPF filter set from command line or via old 'bpf-filter' option" in the log and everything works properly.

IRC conversation:
VictorJ
hmm
thinking about it, I don't think we support bpf for afpacket at all
do we Regit ?

8:59
Regit
VictorJ: no it's not implemented
9:00
VictorJ
9:00
securityonion, so I guess we need a feature ticket

#1

Updated by Victor Julien over 8 years ago

  • Status changed from New to Assigned
  • Assignee set to Eric Leblond
  • Target version set to 1.4beta1
#2

Updated by Eric Leblond about 8 years ago

  • % Done changed from 0 to 80

I've got basic working code. Need more tests and personal review.

#3

Updated by Victor Julien about 8 years ago

  • Status changed from Assigned to Closed
  • % Done changed from 80 to 100

Applied, thanks Eric!

#4

Updated by Victor Julien about 8 years ago

  • Target version changed from 1.4beta1 to 1.3rc1

Also available in: Atom PDF