[Snort-users] snort 2.9.4 daq-2.0.0

Michael Altizer maltizer at ...1935...
Wed Dec 12 18:04:12 EST 2012


On 12/12/2012 05:43 PM, Lawrence R. Hughes, Sr. wrote:
> Hi,
> Can daq-0.6.2 be used with snort-2.9.4?
> What are the differences between daq-2.0.0 & daq-0.6.2?
> Thanks,
> Larry

Highlights outside of bug/compatibility fixes were:
* Adding the concept of DAQ metapackets (currently used for flow 
start/end events), changing Acquire() to accept a metapacket callback, 
and adding the daq_acquire_with_meta() function.
* Adding the HUP_Prep(), HUP_Apply(), and HUP_Post() module functions 
for staging instance changes out-of-band.
* Adding the DAQ_PKT_FLAG_NOT_FORWARDING DAQPktHdr flag to indicate that 
a packet will not be forwarded after inspection regardless of the verdict.
* Replacing the device_index field in the DAQPktHdr with a more 
comprehensive bunch including Ingress Interface, Egress Interface, 
Ingress Group, Egress Group, and Address Space ID.  It also picked up an 
opaque value and module private data pointer along the way.
* Adding the Modify_Flow() module function.

The configure-foo in Snort should handle compiling against the older DAQ 
library version.

-Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121212/027906bc/attachment.html>


More information about the Snort-users mailing list