[Snort-devel] snort-2.0 and paengines

Todd Lewis tlewis at ...120...
Sun Jan 7 19:00:24 EST 2001


Hi, everybody!  A few questions relating to snort-2.0:

1) When will we open for business with 2.0?

2) Will the 1.7 code be the starting point?

3) Anyone object to my module code as outlined on the list?

4) Anyone object to my paengine code as outlined on the list?

5) In compiling paengine shared object modules, is it ok to be
gcc-specific, or do I need to use libtool?  Would it be ok for me to
contribute gcc and let someone who knows how replace it with another
build mechanism later on?

6) Would there be any objection to my picking up the threading code and
getting it working properly?  I want to get some serious performance
out of this release via the use of threading on MP machines.

7) I notice that the present threading code assigns one thread per
interface.  I am curious as to why you could not just run one instance
of snort per interface instead.  Wouldn't the performance be the same?
If I do take over the threading stuff, my disposition would be to move
away from this model to a worker-pool model, where worker threads queue
up to receive the next available packet from the paengine, serialized
by a mutex; this would spread the workload even via packet acquisition
mechanisms with a single entry point, like netfilter.  Would there be
any objections to this approach?

8) Are there any volunteers to review my paengine and/or module code
as it presently exists and give me feedback?

I am very excited about 2.0 and can't wait for us to get started on this!

--
Todd Lewis                                       tlewis at ...120...

  God grant me the courage not to give up what I think is right, even
  though I think it is hopeless.          - Admiral Chester W. Nimitz





More information about the Snort-devel mailing list