Jan

I like the submodule approach! Given that there are some todos, likely to be addressed in this process (e.g., https://github.com/J-Gras/zeek-af_packet-plugin/issues/29), and it might take some time for people to update...

I guess you are right: The dependency isn't needed anymore. My understanding is that kernel headers are also required by user space programs that interact with the OS, but Linux...

Another thing to consider might be the difference between sending events per item vs sending the complete `min_data_store` for initialization. @awelzel already mentioned that part: > https://github.com/zeek/zeek/blob/61c001a57e9b0575b7fb8c878872707459a70c7c/scripts/base/frameworks/intel/cluster.zeek#L31-L40 If the manager...

Forgot to mention a [discussion](https://forums.cabling-design.com/ethernet/ethernet-vlan-using-llc-snap-encapsulation-6862-.htm) that provides some pointers to the potentially relevant standards.

This might not be what you are looking for but in a cluster setup, worker nodes know about the interface they are listening on. The following zkg package adds this...

I am not sure I can follow. > Why didn't we just implement SNAP/Novell/LLC analyzers (or leave them unimplemented) and forward into them like any other packet analyzer? We cannot...

I don't see a reason why calculating the address ad-hoc shouldn't work. However, I am wondering why no one else does it this way. I would be surprised to see...

For the record, I can confirm that the patch fixes the issue for the external project using `FindBroker.cmake`. Thanks!

Hi Jason, would you mind to provide a descriptive title and a brief description of the suggested change?

Thanks for your suggestion. Given that AF_Packet just reads from a memory area that is shared between the kernel and the application, I think there is no immediate feedback in...