[Snort-devel] [DAQ][PATCH 1/3] fix --enable-xyz-module options

Florian Westphal fwestphal at ...2119...
Tue Aug 3 09:57:15 EDT 2010


Russ Combs <rcombs at ...402...> wrote:
> Thanks for submitting your patches.  We will look into incorporating any
> changes into the next release.  I'll give you a response to each one way or
> the other when I get a chance.
> 
> How is the DAQ working for you?

Quite nice so far, thanks for asking.

One suggestion is to add a note about "-P" to the snort "nfq"
documentation -- snort will exit on something like "ping -s 2000" if you
use connection tracking with NFQUEUE otherwise.

Another thing that i'd like to see is support for unprivileged operation (setuid
while retaining CAP_NET_ADMIN), I tried to make this work without too
much hackery in daq, but failed. I'll send out an RFC patch later today; maybe
someone else has an idea how to make it work in a better fashion.




More information about the Snort-devel mailing list