[Snort-devel] Plugin API Feature Request

Thomas.Seiler at ...2736... Thomas.Seiler at ...2736...
Thu Feb 9 04:50:08 EST 2006


Is really nobody interested in improving the snort plugin API ?

Recently, I discovered that the CleanExit() callback is being called
from the signal handlers (!). It is therefore dangerous to call about
any libc function from within the CleanExit handlers, because we are
sill inside the signal handler.

At least one existing plugin (prelude ids) is suffering from this.
It's the reason for zombie threads when using the prelude output plugin
and issuing a kill -SIGHUP to cause snort to reload.

With the proposed changes to InterfaceThread() in one of my previous
mails it would be possible to only set a global variable in the signal
handlers and defer the calling of CleanExit to the Main Loop in
InterfaceThread, so that it happens synchronously to packet processing,
and that is is safe to call non-reentrance libc functions.

I would really appreciate any comments on this.

Best Regards,
Thomas Seiler

Thomas Seiler
Ing. sys. com. dipl. EPFL
Security and Service Management
Ostermundigenstrasse 93
CH - 3050 Bern

Phone:  +41 (0)31 342 42 69
Mobile: +41 (0)79 427 97 26
Fax:    +41 (0)31 892 62 27

thomas.seiler at ...2736...

More information about the Snort-devel mailing list