[Snort-devel] introducing a module system

Todd Lewis tlewis at ...120...
Fri Dec 29 15:49:57 EST 2000


Howdy, fellas.

Enclosed is a patch that adds a generic module facility to snort.  I have
used this facility to load packet acquisition engines at run-time.
My hope is that other modular code within snort will be able to use
these routines as well.

The interface is very generic.  While the present implementation is
based on dlopen and friends, the interface used under Linux and Solaris,
it should be possible in modules.c to #ifdef other implementations in
behind this interface.

	extern void get_modules(char **directories, \
		char *symname, void (*callback)(void *sym));
	extern void release_module(void *sym);

The basic idea is that each module system has a single symbol that each
of its modules exports.  For paengines, that symbol is named "paengine"
and is of type paengine_s.  You pass in a list of directories and the name
of the symbol that you're looking for, and the module system will call
your callback for each module that matches, passing into your callback
your symbol as a "void *".

As I mentioned, I use this in the paengine setup to find the module
that implements the engine requested by the user.  I do so by embedding
this functionality into the paengine module system, whose interface is
as follows:

	extern void discover_paengines(char **directories); /* 0 on success */
	extern paengine_s* find_paengine(char *engine_name); /* NULL on failure */

First, I discover all of the paengines with a list of module directories,
and then I find the one that my user has requested (or pcap if none has
been.)  I also support statically-compiled modules at the paengine-layer;
the generic module system is only used for dynamic modules.

There are other ways to approach this matter.  I know that people are
contemplating building other module-based systems for snort v2.  What
do those people think about this API?

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list