[Snort-devel] introducing a module system

Martin Roesch roesch at ...48...
Tue Jan 2 03:15:11 EST 2001

Hi Todd,
     Um, do we need secret decoder rings to see the patch? :)  

Todd Lewis wrote:
> Howdy, fellas.
> Enclosed is a patch that adds a generic module facility to snort.  I have
> used this facility to load packet acquisition engines at run-time.
> My hope is that other modular code within snort will be able to use
> these routines as well.
> The interface is very generic.  While the present implementation is
> based on dlopen and friends, the interface used under Linux and Solaris,
> it should be possible in modules.c to #ifdef other implementations in
> behind this interface.
>         extern void get_modules(char **directories, \
>                 char *symname, void (*callback)(void *sym));
>         extern void release_module(void *sym);
> The basic idea is that each module system has a single symbol that each
> of its modules exports.  For paengines, that symbol is named "paengine"
> and is of type paengine_s.  You pass in a list of directories and the name
> of the symbol that you're looking for, and the module system will call
> your callback for each module that matches, passing into your callback
> your symbol as a "void *".
> As I mentioned, I use this in the paengine setup to find the module
> that implements the engine requested by the user.  I do so by embedding
> this functionality into the paengine module system, whose interface is
> as follows:
>         extern void discover_paengines(char **directories); /* 0 on success */
>         extern paengine_s* find_paengine(char *engine_name); /* NULL on failure */
> First, I discover all of the paengines with a list of module directories,
> and then I find the one that my user has requested (or pcap if none has
> been.)  I also support statically-compiled modules at the paengine-layer;
> the generic module system is only used for dynamic modules.
> There are other ways to approach this matter.  I know that people are
> contemplating building other module-based systems for snort v2.  What
> do those people think about this API?
> --
> Todd Lewis                                       tlewis at ...120...
>   God grant me the courage not to give up what I think is right, even
>   though I think it is hopeless.          - Admiral Chester W. Nimitz
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-devel

Martin Roesch
roesch at ...48...

More information about the Snort-devel mailing list