Hello Alfredo, Thank you very much for the explanation. Regards, Jose. On Fri, Jun 26, 2015 at 3:29 PM, Alfredo Cardigliano <[email protected]> wrote:
> Hi Jose > since kernel is bypassed with ZC, it is not possible to set kernel filters > at all, thus no-kernel-filters is not needed. > > Best Regards > Alfredo > > > On 26 Jun 2015, at 04:17, Jose Vila <[email protected]> wrote: > > > > Excuse me for reviving this thread. > > > > I've been using Snort's DAQ module variable no-kernel-filters for a long > > time, but recently switched to pfring_zc and got this error: > > > > FATAL ERROR: Can't initialize DAQ pfring_zc (-1) - > > pfring_zc_daq_initialize: unsupported variable(no-kernel-filters=1)#012 > > > > Why isn't this variable present on the ZC driver ? Am I missing > something ? > > > > Thanks, > > > > Jose Vila. > > > > On Wed, Jul 11, 2012 at 12:52 PM, Alfredo Cardigliano < > [email protected]> > > wrote: > > > >> Peter > >> the rules listed are kernel hash filters added by the DAQ module (you > can > >> disable them with --daq-var no-kernel-filters) > >> every time snort emits a verdict, in order to reduce the amount of > traffic > >> it has to analyze. > >> Those rules are automatically removed when idle for more than 5 minutes > >> (you can change the default with --daq-var > >> kernel-filters-idle-timeout=<seconds>) > >> > >> Regards > >> Alfredo > >> > >> On Jul 11, 2012, at 12:39 PM, Peter Bates wrote: > >> > >>> -----BEGIN PGP SIGNED MESSAGE----- > >>> Hash: SHA1 > >>> > >>> > >>> Hello again all > >>> > >>> On 11/07/2012 10:46, Alfredo Cardigliano wrote: > >>>> the BPF filter is not counted as "Sw Filt. Rules" (this only > >>>> includes wildcard and hash rules) > >>> > >>>> BPF Filtering : Enabled # Sw Filt. Rules : 17176 # Hw Filt. > >>>> Rules : 0 > >>> > >>> Okay, so what are the 17176 rules listed? > >>> Is this the action of the clustering hashing the packets to the > >>> different instances? > >>> > >>> - -- > >>> Peter Bates > >>> Senior Computer Security Officer Phone: +44(0)2076792049 > >>> Information Services Division Internal Ext: 32049 > >>> University College London > >>> London WC1E 6BT > >>> -----BEGIN PGP SIGNATURE----- > >>> Version: GnuPG v2.0.17 (MingW32) > >>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > >>> > >>> iQEcBAEBAgAGBQJP/VfGAAoJELhVoVpEMS6RvxAH/RakX+LbYrzy26eYeZSXDc7s > >>> sLDosX2v7E1+C6xn8pXvce91mGqml+niZbK+XJyERMEF+kicD/VGWPML1KsVvEDn > >>> FATw4lKrzO3hdKEjvjqga0M5QOM99G1GVdJ6JI+agwBszfBASfobjkBs7L+NhTlU > >>> mEi3pox0JnN9qGeZ3g6JW1zGur2nkGKQu1H4Dlfa014XHQNnTAgahgSrHTRnAoRX > >>> uzK6A2khtssQFPx0X9m/2GjOADc//8xxpt/swhy9nDKmChf3npfcQe36FldCYMdf > >>> 7w2lg4uepYJUFGeik4sXv65pkQjx1yGhc4CSoeNz9IdtmpJtmq9N05qd3y6LAdI= > >>> =RwA7 > >>> -----END PGP SIGNATURE----- > >>> > >>> _______________________________________________ > >>> Ntop-misc mailing list > >>> [email protected] > >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >> > >> _______________________________________________ > >> Ntop-misc mailing list > >> [email protected] > >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > >> > > _______________________________________________ > > Ntop-misc mailing list > > [email protected] > > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc >
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
