Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How can Suricata function prior to scrub?
« previous
next »
Print
Pages: [
1
]
Author
Topic: How can Suricata function prior to scrub? (Read 564 times)
barold
Newbie
Posts: 7
Karma: 0
How can Suricata function prior to scrub?
«
on:
February 09, 2024, 04:39:13 pm »
Hello everyone.
I've encountered the fabulous packet flow diagram at
https://forum.opnsense.org/index.php?topic=36326.0
. (It's so good that it gives me goosebumps.) One thing in the diagram confuses me quite a bit. Whenever that happens I usually learn something new.
The diagram depicts that Suricata processes ingress traffic before pf scrubs. How does Suricata manage that before potentially fragmented packets are reassembled?
Logged
JakaylaLee
Newbie
Posts: 6
Karma: 0
Re: How can Suricata function prior to scrub?
«
Reply #1 on:
February 17, 2024, 01:22:05 am »
The placement of Suricata before pf scrubbing in the packet flow diagram may seem counterintuitive at first, especially considering potential fragmentation issues. However, Suricata's ability to process traffic before pf scrubbing is based on its integration with libpcap and its packet processing capabilities.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
How can Suricata function prior to scrub?
