[Snort-devel] [DAQ][PATCH 1/3] fix --enable-xyz-module options
fwestphal at ...2119...
Tue Aug 3 09:57:15 EDT 2010
Russ Combs <rcombs at ...402...> wrote:
> Thanks for submitting your patches. We will look into incorporating any
> changes into the next release. I'll give you a response to each one way or
> the other when I get a chance.
> How is the DAQ working for you?
Quite nice so far, thanks for asking.
One suggestion is to add a note about "-P" to the snort "nfq"
documentation -- snort will exit on something like "ping -s 2000" if you
use connection tracking with NFQUEUE otherwise.
Another thing that i'd like to see is support for unprivileged operation (setuid
while retaining CAP_NET_ADMIN), I tried to make this work without too
much hackery in daq, but failed. I'll send out an RFC patch later today; maybe
someone else has an idea how to make it work in a better fashion.
More information about the Snort-devel