Feature #277
closed
Use a configuration file for bpf
Added by Carlos Lopez over 13 years ago.
Updated about 13 years ago.
Description
It would be better if suricata can read bpf filters from a configuration file instead of command line with the following format, for example:
"suricata -c /etc/suricata/suricata.yaml -b /etc/suricata/bpf.conf"
And content for bpf.conf config file:
not (dst host 239.192.57.11 and dst port 5405) and
not (dst host 172.17.47.27 and dst port 5405) and
not (dst host 172.17.47.28 and dst port 5405)
Files
- Assignee set to Anonymous
Implementing this should be fairly simple. Code to load a bpf is already in place, so it's really about adding the command line option and reading the bpf from a file.
Great ticket to start getting to know the Suricata code.
Please review attached patch
-----------------------------------------------------------------------------------------------
Author: deltay <delta.yeh@gmail.com> 2011-05-25 16:13:05
Committer: deltay <delta.yeh@gmail.com> 2011-05-25 16:13:05
Parent: 75439863ed864fe73f1fb4d0a1aa20bb4da059c6 (Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15.)
Branch: feature-277
Follows: suricata-1.1beta2
Precedes:
#277 Add -b option to specifiy bpf file
- Status changed from New to Closed
- Target version set to 1.1beta3
- % Done changed from 0 to 100
This functionality has been added, thanks Delta Yeh.
Hi,
Thx for new option,
but maybe use -F option like tcpdump/snort use already this.
Best Regards
Rmkml
This has already been done, hence the closed bug :)
Also available in: Atom
PDF