Ips bpf #333
Ips bpf #333
Conversation
This patch add a message to warn user about the impact of using a BPF filter in IPS mode.
| @@ -1545,8 +1545,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars *tv, void *initdata, void **data) { | |||
| if (ptv->copy_mode != AFP_COPY_MODE_NONE) { | |||
| strlcpy(ptv->out_iface, afpconfig->out_iface, AFP_IFACE_NAME_LENGTH); | |||
| ptv->out_iface[AFP_IFACE_NAME_LENGTH - 1]= '\0'; | |||
| /* Warn about BPF filter consequence */ | |||
| if (ptv->bpf_filter) { | |||
| SCLogInfo("WARNING, enabling a BPF filter in IPS mode result" | |||
There was a problem hiding this comment.
Think SCLogWarning is more appropriate for, well, warnings? :)
There was a problem hiding this comment.
You've got a serious argument here :) I've choose Info because it can be normal if the user really know what he does.
There was a problem hiding this comment.
On 03/26/2013 05:42 PM, Eric Leblond wrote:
In src/source-af-packet.c:
@@ -1545,8 +1545,14 @@ TmEcode ReceiveAFPThreadInit(ThreadVars _tv, void *initdata, void *_data) {
if (ptv->copy_mode != AFP_COPY_MODE_NONE) {
strlcpy(ptv->out_iface, afpconfig->out_iface, AFP_IFACE_NAME_LENGTH);
ptv->out_iface[AFP_IFACE_NAME_LENGTH - 1]= '\0';
/\* Warn about BPF filter consequence */if (ptv->bpf_filter) {SCLogInfo("WARNING, enabling a BPF filter in IPS mode result"You've got a serious argument here :) I've choose Info because it can be
normal if the user really know what he does.
I'm sure a user like that can ignore a real warning then :)
There was a problem hiding this comment.
lol, you've got me ;)
|
Closing and submitting update version. |
This small patchset adds warning or cause error when BPF is used in IPS mode.