[Snort-devel] Thoughts on threads
roesch at ...48...
Sat Apr 7 00:07:18 EDT 2001
> On Fri, Apr 06, 2001 at 02:00:10PM -0400, Jon Bentley wrote:
> > I haven't received a good beating recently, so I'll through my two cents
> > into the ring.
> > Threads (nee parallelization) would cause me some concern, as it would
> > potentially remove the serial order of received packets. Perhaps that is
> > a concern of only myself, though. (Packet sequence numbers, with a post-
> > process reordering?)
> not if we papeline the packet process. There's always packet sequentioning solution (but
> then you'd have to block packet logging at the last stage until all the previously received
> packets are logged).
Sequencing packets into the stream reassembler and IP defragger could
potentially be somewhat sensitive, especially if we decide to try to
detect evasion techniques in those sub-processes. If we log
non-sequentially, we're going to have to write something to "de-kink"
the packet log files (which won't work for the non-binary/database
> > Pthreads are great, but do we care about our W*ndows friends?
> Some people do :). But I looked into Windows threads, and the routines there
> seem to have the similar functional meaning, althrough kinda different
> syntaxical (is there such word? :)) representation.
I hear Pandora thought that she could close the box if she didn't like
what she saw inside.... ;)
More information about the Snort-devel