[Snort-devel] var PKT_TIMEOUT in sfdaq.c

Guillaume Daleux guillaume.daleux at ...1967...
Wed Feb 29 17:00:07 EST 2012


Hi all,

 

We had some problems with snort and snort daq which use 100% of processing power. After debugging, we saw that our system had a lot of call to poll function.

 

The function poll (call in daq) set with a default snort parameter (PKT_TIMEOUT = 1000) is called everytime and didn't respect this timeout of 1 second (maybe heisenbug because only one printf removed this problem).

 

We want to ask you, why this parameter is set to 1000 ms and not -1 ? The poll function is called to wait packets so why the snort daq uses a timeout and not directly value -1 which would block until a packet arrive ?

 

Can we patch snort and change PKT_TIMEOUT to -1 ?

 

 

Thanks for your answer.

 

 

Guillaume DALEUX

 

tel : 450.430.8166 x2279 | guillaume.daleux at ...1967... 

sans frais / toll free : 1.866.430.8166 | fax: 450.430.1858

 

Managed Security Services ∙ Information Risk Management

Surveillance ∙ Gestion Des Risques Informationnels
203 - 1919 boul. Lionel-Bertrand ∙ Boisbriand ∙ QC ∙ Canada ∙ J7H 1N8

www.abovesecurite.com <http://www.abovesecurite.com/> 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120229/a81e67e4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16726 bytes
Desc: image001.png
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20120229/a81e67e4/attachment.png>


More information about the Snort-devel mailing list