[Snort-users] bpf filter file size limitation
dan.rieille at gmail.com
Tue Feb 5 05:02:22 EST 2019
I just wanted to know what is the size limit of a bpf filter file.
Currently, I'm using one with about 125 lines (meaning 125 simple
expressions like !(src host xxx && dst host yyyy)) and addind one more line
(expression) makes snort fail although the rules are ok:
pfring DAQ configured to passive.
Acquiring network traffic from "eth2".
ERROR: Can't set DAQ BPF filter to '
I didnt find any clear information about what could impact bpf file size.
Some buffer allocation ?
Any help would be greatly appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users