Menu
▾
▴
[Snort-inline-users] snort-inline and virtual network interfaces?
|
From: <ko...@in...> - 2005-03-30 16:19:00
|
Has anybody experience with the combination of snort-inline and some kind of virtual network interfaces, namely VTUN/TUN/TAP? What I have in mind is to use several snort-inline instances, every one working with one virtual network device. Can you see some hidden "time bombs" waiting for me on this road? From the VTUN FAQ: "Virtual network device can be viewed as a simple Point-to-Point or Ethernet device, which instead of receiving packets from a physical media, receives them from user space program and instead of sending packets via physical media sends them to the user space program. Let's say that you configured IPX on the tap0, then whenever kernel sends any IPX packet to tap0, it is passed to the application (VTun for example). Application encrypts, compresses and sends it to the other side over TCP or UDP. Application on other side decompress and decrypts them and write packet to the TAP device, kernel handles the packet like it came from real physical device." Thanx alot for any advice or even opinions and feelings. VlK |