[Snort-devel] stream based av and snort/Stream5

Randal T. Rioux randy at ...3004...
Tue Mar 9 15:59:54 EST 2010


On Tue, March 9, 2010 10:22 am, lynch.meng wrote:
> hello all! I am working for develop a snort preprosessor to do stream
> based anti virus. I need do mime decodeing and decompress, so reassembled
> packets should come to my preprosessor sequentially. client side packet
> have no problem, but i can not get packet with PKT_REBUILT_STREAM flags
> from server side?

As Snort is not currently multi-threaded, wouldn't this have terrible
consequences when larger files are encountered?

Then again, does the threading factor even matter? I'm not too familiar
with the internals of preprocessors (do/can they lock?).

Randy






More information about the Snort-devel mailing list