[Snort-devel] snort_in_kernel

Paul B. Poh paul at ...1481...
Tue Sep 2 10:25:06 EDT 2003


I've actually been playing with Maeda's KML with the idea of eventually 
trying it with snort. It's unclear to me if there will actually be a 
performance enhancement by running snort in kernel mode.

I've started to write a stub library that I can use to link with snort 
so that I can take advantage of KML and directly call kernel system 
functions instead of using the Linux/i386 interrupt 0x80 calls. While it 
appears that there can be a savings of several hundred cycles per system 
call, in the grand scheme of snort, it may still be negligible.

Paul.

Erek Adams wrote:
> On Sat, 30 Aug 2003, Peteris Krumins wrote:
> 
> 
>>Kernel is kernel and userspace is userspace.
> 
> 
> Not anymore.
> 
> http://web.yl.is.s.u-tokyo.ac.jp/~tosh/kml/
> 
> -----
> Erek Adams
> 
>    "When things get weird, the weird turn pro."   H.S. Thompson
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> 
> 





More information about the Snort-devel mailing list