[Snort-users] snort 2.9.4 daq-2.0.0
maltizer at ...1935...
Wed Dec 12 18:04:12 EST 2012
On 12/12/2012 05:43 PM, Lawrence R. Hughes, Sr. wrote:
> Can daq-0.6.2 be used with snort-2.9.4?
> What are the differences between daq-2.0.0 & daq-0.6.2?
Highlights outside of bug/compatibility fixes were:
* Adding the concept of DAQ metapackets (currently used for flow
start/end events), changing Acquire() to accept a metapacket callback,
and adding the daq_acquire_with_meta() function.
* Adding the HUP_Prep(), HUP_Apply(), and HUP_Post() module functions
for staging instance changes out-of-band.
* Adding the DAQ_PKT_FLAG_NOT_FORWARDING DAQPktHdr flag to indicate that
a packet will not be forwarded after inspection regardless of the verdict.
* Replacing the device_index field in the DAQPktHdr with a more
comprehensive bunch including Ingress Interface, Egress Interface,
Ingress Group, Egress Group, and Address Space ID. It also picked up an
opaque value and module private data pointer along the way.
* Adding the Modify_Flow() module function.
The configure-foo in Snort should handle compiling against the older DAQ
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users