search

clearlinux / distribution

Placeholder repository to allow filing of general bugs/issues/etc against the Clear Linux OS for Intel Architecture linux distribution
521 stars 29 forks source link

Let's include the AF_Packet plugin for the Bro package #552

Closed mpurzynski closed 5 years ago

mpurzynski commented 5 years ago

Is your feature request related to a problem? Please describe.

With the inclusion of Bro 2.6 into the ClearLinux it makes sense to include plugins that enable high-performance packet capture, like the AF_Packet.

The plugin's code is here.

https://github.com/J-Gras/bro-af_packet-plugin/archive/1.4.0.tar.gz

Describe the solution you'd like

I'd like install Bro 2.6.x with the AF_Packet plugin just by adding a bundle.

Describe alternatives you've considered There are no alternatives here, we maintain our own set of spec files to build Bro with plugins.

Additional context

The trial and error process gave me the following files to be used with autospec. Feel free to use them and modify as you see fit.

https://gist.github.com/mpurzynski/d4a8f64f3068f17651fa699d835fa60d

There is one hard requirement for this plugin to build. The Bro package itself must be changed and rebuilt with an option to include static libraries.

The following library is necessary for any plugin to built

/usr/lib/libbinpac.a

If you want to test if plugin works, then

bro -N | egrep -i af_packet

bro -i afpacket::

fenrus75 commented 5 years ago

done

On Mon, Mar 18, 2019 at 6:08 PM Michal Purzynski notifications@github.com wrote:

Is your feature request related to a problem? Please describe.

With the inclusion of Bro 2.6 into the ClearLinux it makes sense to include plugins that enable high-performance packet capture, like the AF_Packet.

The plugin's code is here.

https://github.com/J-Gras/bro-af_packet-plugin/archive/1.4.0.tar.gz

Describe the solution you'd like

I'd like install Bro 2.6.x with the AF_Packet plugin just by adding a bundle.

Describe alternatives you've considered There are no alternatives here, we maintain our own set of spec files to build Bro with plugins.

Additional context

The trial and error process gave me the following files to be used with autospec. Feel free to use them and modify as you see fit.

https://gist.github.com/mpurzynski/d4a8f64f3068f17651fa699d835fa60d

There is one hard requirement for this plugin to build. The Bro package itself must be changed and rebuilt with an option to include static libraries.

The following library is necessary for any plugin to built

/usr/lib/libbinpac.a

If you want to test if plugin works, then

bro -N | egrep -i af_packet

bro -i afpacket::

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/clearlinux/distribution/issues/552, or mute the thread https://github.com/notifications/unsubscribe-auth/ABPeFYbss4hkA4hV45Ir-7Zzhr0QJAUaks5vYDh6gaJpZM4b7Eeb .