[Snort-devel] Snort, USR1 signal

Paul Ritchey pritchey at ...278...
Fri Jun 15 18:21:36 EDT 2001


While working on a totally unrelated project, I needed to add the capability to receive and respond to signals (USR1, USR2).

I pulled out the Stephens advanced unix programming book to see what I needed to do.  After reading about the history behind it and the different methods  available and the issues with some of those methods, I decided to see how it was implemented in Snort (which uses the 'signal()' call).

Is everyone aware that when using the 'signal()' api that after the signal is received and processed, it's reset back to the default behavior?  In short, if you send a USR1 to Snort, you get the stats printed out.  If you do it again, Snort quits.

Is this the desired behavior?  If not, the 'sigaction()' api should be used.  When using this method, the handler for the signal stays in place permanently until it is changed by another sigaction call.  If this is the desired behavior, I'd provide a patch, but I don't have the time to do it right now, but can point someone else in the right direction if they want to do it themselves......

Paul R.
pritchey at ...278...

More information about the Snort-devel mailing list