[Snort-devel] introducing a module system
roesch at ...48...
Tue Jan 2 03:15:11 EST 2001
Um, do we need secret decoder rings to see the patch? :)
Todd Lewis wrote:
> Howdy, fellas.
> Enclosed is a patch that adds a generic module facility to snort. I have
> used this facility to load packet acquisition engines at run-time.
> My hope is that other modular code within snort will be able to use
> these routines as well.
> The interface is very generic. While the present implementation is
> based on dlopen and friends, the interface used under Linux and Solaris,
> it should be possible in modules.c to #ifdef other implementations in
> behind this interface.
> extern void get_modules(char **directories, \
> char *symname, void (*callback)(void *sym));
> extern void release_module(void *sym);
> The basic idea is that each module system has a single symbol that each
> of its modules exports. For paengines, that symbol is named "paengine"
> and is of type paengine_s. You pass in a list of directories and the name
> of the symbol that you're looking for, and the module system will call
> your callback for each module that matches, passing into your callback
> your symbol as a "void *".
> As I mentioned, I use this in the paengine setup to find the module
> that implements the engine requested by the user. I do so by embedding
> this functionality into the paengine module system, whose interface is
> as follows:
> extern void discover_paengines(char **directories); /* 0 on success */
> extern paengine_s* find_paengine(char *engine_name); /* NULL on failure */
> First, I discover all of the paengines with a list of module directories,
> and then I find the one that my user has requested (or pcap if none has
> been.) I also support statically-compiled modules at the paengine-layer;
> the generic module system is only used for dynamic modules.
> There are other ways to approach this matter. I know that people are
> contemplating building other module-based systems for snort v2. What
> do those people think about this API?
> Todd Lewis tlewis at ...120...
> God grant me the courage not to give up what I think is right, even
> though I think it is hopeless. - Admiral Chester W. Nimitz
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
roesch at ...48...
More information about the Snort-devel