[Snort-devel] snort inline mode and bridge

Russ rucombs at ...3461...
Tue Oct 25 14:31:34 EDT 2016


Please restate the original problem.  I don't think fail open is what 
you are after.

On 10/25/16 2:03 PM, Vincent Li wrote:
> On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort at ...3347...> wrote:
>> Hello Vincent,
>>
>>
>> I haven't tried this before, but when building Snort, there is this build
>> option:
>>
>>
>> "--enable-inline-init-failopen  Enable Fail Open during initialization for
>> Inline Mode (adds pthread support implicitly)"
>>
>>
>> Have you tried this? I would be interested to know if this achieves what you
>> need.
>>
> so I tried to build snort with --enable-inline-init-failopen, it did
> not sovle the problem I have.  it looks to me the InlineFailOpen is
> called near to the end of  SnortMain after SnortInit (which take most
> of the time during snort restart) and before PacketLoop();
>
> I tried to hack the code to call InlineFailOpen before SnortInit, but
> I had memory segment fault after starting up snort and pass traffic
> through it, I assume some memory has to be allocated before starting
> up the DAQ bridge, any further clue?
>
> maybe some improvement needed in line with the idea of InlineFailOpen ?
>
> Thanks
>
> Vincent
>
> ------------------------------------------------------------------------------
> The Command Line: Reinvented for Modern Developers
> Did the resurgence of CLI tooling catch you by surprise?
> Reconnect with the command line and become more productive.
> Learn the new .NET and ASP.NET CLI. Get your free copy!
> http://sdm.link/telerik
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!





More information about the Snort-devel mailing list