9d5158594f
util-device.h exposes some details that are particularly problematic for C++, even when wrapped in 'extern "C"'. To address this, break the header into public and private parts. The public part exposes LiveDevice as an opaque data structure, while the private header has the actual definition. The idea is that only Suricata C source files should include the private header, it should not be re-included in any other header file. And this is the header library users should use, however we don't enforce it with tecnical means, a library user could still include the private header, but the clue there is in the name. |
3 months ago | |
|---|---|---|
| .. | ||
| Makefile.am | ||
| README.md | ||
| plugin.c | 3 months ago | |
| runmode-napatech.c | 3 months ago | |
| runmode-napatech.h | ||
| source-napatech.c | 4 months ago | |
| source-napatech.h | ||
| util-napatech.c | 3 months ago | |
| util-napatech.h | ||
README.md
Napatech Plugin Capture Plugin
Building
To build this plugin, configure Suricata with the --enable-napatech and
optionally the --with-napatech-includes and
--with-napatech-libraries command line options.
Running
/usr/local/suricata/bin/suricata \
--set plugins.0=/usr/local/lib/suricata/napatech.so \
--capture-plugin=napatech
--set plugins.0=/usr/local/lib/suricata/napatech.so
This command line option tells Suricata about this plugin. This could also
be done in suricata.yaml with the following section:
plugins:
- /usr/local/lib/suricata/napatech.so
--capture-plugin=napatech
This is the option that tells Suricata to use a plugin for capture, much like
--pcap tells Suricata to use libpcap or --af-packet tells Suricata to use
AF_PACKET. Here we are telling it to look for a loaded plugin of the name
napatech to provide the capture method.
There is another command line option --capture-plugin-args to pass arbitrary
data on the command line to a capture plugin, but this plugin does not yet handle
data provided through this command line parameter.