[Snort-devel] snort inline mode and bridge

Vincent Li vincent.mc.li at ...2499...
Tue Oct 25 14:03:28 EDT 2016


On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort at ...3347...> wrote:
> Hello Vincent,
>
>
> I haven't tried this before, but when building Snort, there is this build
> option:
>
>
> "--enable-inline-init-failopen  Enable Fail Open during initialization for
> Inline Mode (adds pthread support implicitly)"
>
>
> Have you tried this? I would be interested to know if this achieves what you
> need.
>

so I tried to build snort with --enable-inline-init-failopen, it did
not sovle the problem I have.  it looks to me the InlineFailOpen is
called near to the end of  SnortMain after SnortInit (which take most
of the time during snort restart) and before PacketLoop();

I tried to hack the code to call InlineFailOpen before SnortInit, but
I had memory segment fault after starting up snort and pass traffic
through it, I assume some memory has to be allocated before starting
up the DAQ bridge, any further clue?

maybe some improvement needed in line with the idea of InlineFailOpen ?

Thanks

Vincent




More information about the Snort-devel mailing list