Feature #440
closedafpacket needs to support bpf (and by extension -F bpf.conf command-line option)
Description
Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 -F /etc/nsm/qa-eth0/bpf.conf -l /nsm/sensor_data/qa-eth0
Suricata starts but there is no log entry confirming the BPF filter and Suricata still alerts on traffic from my IP addresses in the BPF.
If I change "--af-packet=eth0" to "-i eth0", then I see "BPF filter set from command line or via old 'bpf-filter' option" in the log and everything works properly.
IRC conversation:
VictorJ
hmm
thinking about it, I don't think we support bpf for afpacket at all
do we Regit ?
8:59
Regit
VictorJ: no it's not implemented
9:00
VictorJ
9:00
securityonion, so I guess we need a feature ticket
Updated by Victor Julien over 12 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to 1.4beta1
Updated by Eric Leblond over 12 years ago
- % Done changed from 0 to 80
I've got basic working code. Need more tests and personal review.
Updated by Victor Julien over 12 years ago
- Status changed from Assigned to Closed
- % Done changed from 80 to 100
Applied, thanks Eric!
Updated by Victor Julien over 12 years ago
- Target version changed from 1.4beta1 to 1.3rc1