[Snort-devel] Multi-threading Snort

Andrew R. Baker andrewb at ...835...
Sun Aug 11 17:14:11 EDT 2002


Frank Knobbe wrote:
> Guys,
> 
> as far as I know, Snort calls its Output plugins (log and alert)
> sequentially. I'm curious if there is any interest in changing it so
> that Snort calls the plugins in a multi-thread fashion. That way, each
> plugin can run simultaneous while Snort can resume its other duties
> faster.


You just explained the reason why we started writing Barnyard.  So far, 
the resistence to threads has primarily been that they are very hard to 
work with reliably across the various platforms that Snort runs on. 
There are a number of other reasons that changing Snort to a 
multithreaded system would make things more difficult.  However, if I 
were going to start on multithreading Snort, I would spin out the packet 
acquisition section.

-A





More information about the Snort-devel mailing list