find a way to filter when reading from AF_PACKET socket

Question

find a way to filter when reading from AF_PACKET socket

david415 opened this issue 10 years ago · 1 comments

we either need an iptables related filtering method or something in our application to filter based on port number... for instance many operators of honeybadger may wish to filter on port 80...

this should reduce the need for pcap log rotation...

Answer 1 · 2015-06-24T09:06:51.000Z

Hello, David!

Just look into Suricata code (src/source-af-packet.c). They have nice support of bpf filters here.