[Snort-devel] Multi threading in ips_options

Carter Waxman (cwaxman) cwaxman at cisco.com
Mon Mar 11 09:07:00 EDT 2019


We currently do not support internal load balancing; however the general assumption should be a given flow will always be handed to the same thread. There is some support for external load balancing with afpacket, but it still holds to that same assumption.

One Module and one Plugin is created globally. From there, pinit/pterm (called once) and tinit/tterm (called per thread, not at reload at the moment) can be used to set up data structures as needed. Calls to ::configure should be used to read in new Module data, especially if it interacts with other plugins as at that point, they have all been instantiated.


From: Damian Chiliński <lapsio3 at gmail.com>
Date: Monday, March 11, 2019 at 8:51 AM
To: "Carter Waxman (cwaxman)" <cwaxman at cisco.com>
Subject: Re: [Snort-devel] Multi threading in ips_options

I thought individual packets/tracked connections are balanced between threads. If that's not the case then indeed there's probably no need.

Is there new Module instance created per each thread? Or do Option objects in all threads share single "parent" Module object?

On Mon, 11 Mar 2019, 13:38 Carter Waxman (cwaxman), <cwaxman at cisco.com<mailto:cwaxman at cisco.com>> wrote:
Hi Diamian,

There shouldn’t be any critical sections in an ips options. The current threading model places 1 interface set / pcap per thread, so threads shouldn’t need to share any data with each other. What global data are you trying to share?


  *   Carter

From: Snort-devel <snort-devel-bounces at lists.snort.org<mailto:snort-devel-bounces at lists.snort.org>> on behalf of Damian Chiliński via Snort-devel <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Reply-To: Damian Chiliński <lapsio3 at gmail.com<mailto:lapsio3 at gmail.com>>
Date: Sunday, March 10, 2019 at 10:28 PM
To: "snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>" <snort-devel at lists.snort.org<mailto:snort-devel at lists.snort.org>>
Subject: [Snort-devel] Multi threading in ips_options

How does multi threading work in Snort 3? I mean - i made IPS Option and I want it to be stateful (as in use global data shared amongst all ips option instances). However from what I saw in manual Snort 3 support multi threading. So how do I handle critical sections in IPS Option module code? Can I just use pthread mutexes? Or is there some other recommended way?

Best regards
Damian Chilinski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20190311/d2956160/attachment-0001.html>


More information about the Snort-devel mailing list