Hi Jose since kernel is bypassed with ZC, it is not possible to set kernel filters at all, thus no-kernel-filters is not needed.
Best Regards Alfredo > On 26 Jun 2015, at 04:17, Jose Vila <[email protected]> wrote: > > Excuse me for reviving this thread. > > I've been using Snort's DAQ module variable no-kernel-filters for a long > time, but recently switched to pfring_zc and got this error: > > FATAL ERROR: Can't initialize DAQ pfring_zc (-1) - > pfring_zc_daq_initialize: unsupported variable(no-kernel-filters=1)#012 > > Why isn't this variable present on the ZC driver ? Am I missing something ? > > Thanks, > > Jose Vila. > > On Wed, Jul 11, 2012 at 12:52 PM, Alfredo Cardigliano <[email protected]> > wrote: > >> Peter >> the rules listed are kernel hash filters added by the DAQ module (you can >> disable them with --daq-var no-kernel-filters) >> every time snort emits a verdict, in order to reduce the amount of traffic >> it has to analyze. >> Those rules are automatically removed when idle for more than 5 minutes >> (you can change the default with --daq-var >> kernel-filters-idle-timeout=<seconds>) >> >> Regards >> Alfredo >> >> On Jul 11, 2012, at 12:39 PM, Peter Bates wrote: >> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> >>> Hello again all >>> >>> On 11/07/2012 10:46, Alfredo Cardigliano wrote: >>>> the BPF filter is not counted as "Sw Filt. Rules" (this only >>>> includes wildcard and hash rules) >>> >>>> BPF Filtering : Enabled # Sw Filt. Rules : 17176 # Hw Filt. >>>> Rules : 0 >>> >>> Okay, so what are the 17176 rules listed? >>> Is this the action of the clustering hashing the packets to the >>> different instances? >>> >>> - -- >>> Peter Bates >>> Senior Computer Security Officer Phone: +44(0)2076792049 >>> Information Services Division Internal Ext: 32049 >>> University College London >>> London WC1E 6BT >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2.0.17 (MingW32) >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >>> >>> iQEcBAEBAgAGBQJP/VfGAAoJELhVoVpEMS6RvxAH/RakX+LbYrzy26eYeZSXDc7s >>> sLDosX2v7E1+C6xn8pXvce91mGqml+niZbK+XJyERMEF+kicD/VGWPML1KsVvEDn >>> FATw4lKrzO3hdKEjvjqga0M5QOM99G1GVdJ6JI+agwBszfBASfobjkBs7L+NhTlU >>> mEi3pox0JnN9qGeZ3g6JW1zGur2nkGKQu1H4Dlfa014XHQNnTAgahgSrHTRnAoRX >>> uzK6A2khtssQFPx0X9m/2GjOADc//8xxpt/swhy9nDKmChf3npfcQe36FldCYMdf >>> 7w2lg4uepYJUFGeik4sXv65pkQjx1yGhc4CSoeNz9IdtmpJtmq9N05qd3y6LAdI= >>> =RwA7 >>> -----END PGP SIGNATURE----- >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
