Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort inline mode and bridge

From: Vincent Li <vincent.mc.li () gmail com>
Date: Tue, 25 Oct 2016 11:03:28 -0700
On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort () outlook com> wrote:

Hello Vincent,


I haven't tried this before, but when building Snort, there is this build
option:


"--enable-inline-init-failopen  Enable Fail Open during initialization for
Inline Mode (adds pthread support implicitly)"


Have you tried this? I would be interested to know if this achieves what you
need.



so I tried to build snort with --enable-inline-init-failopen, it did
not sovle the problem I have.  it looks to me the InlineFailOpen is
called near to the end of  SnortMain after SnortInit (which take most
of the time during snort restart) and before PacketLoop();

I tried to hack the code to call InlineFailOpen before SnortInit, but
I had memory segment fault after starting up snort and pass traffic
through it, I assume some memory has to be allocated before starting
up the DAQ bridge, any further clue?

maybe some improvement needed in line with the idea of InlineFailOpen ?

Thanks

Vincent

------------------------------------------------------------------------------
The Command Line: Reinvented for Modern Developers
Did the resurgence of CLI tooling catch you by surprise?
Reconnect with the command line and become more productive. 
Learn the new .NET and ASP.NET CLI. Get your free copy!
http://sdm.link/telerik
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!
Previous By Date Next
Previous By Thread Next

Current thread: