Project

General

Profile

Actions

Feature #440

closed

afpacket needs to support bpf (and by extension -F bpf.conf command-line option)

Added by Doug Burks over 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Here's my command line:
sudo suricata --user sguil --group sguil -c /etc/nsm/qa-eth0/suricata.yaml --af-packet=eth0 -F /etc/nsm/qa-eth0/bpf.conf -l /nsm/sensor_data/qa-eth0

Suricata starts but there is no log entry confirming the BPF filter and Suricata still alerts on traffic from my IP addresses in the BPF.

If I change "--af-packet=eth0" to "-i eth0", then I see "BPF filter set from command line or via old 'bpf-filter' option" in the log and everything works properly.

IRC conversation:
VictorJ
hmm
thinking about it, I don't think we support bpf for afpacket at all
do we Regit ?

8:59
Regit
VictorJ: no it's not implemented
9:00
VictorJ
9:00
securityonion, so I guess we need a feature ticket

Actions

Also available in: Atom PDF