[Snort-users] get packet mechanism

gis88530 gis88530 at ...1480...
Tue Apr 10 13:38:50 EDT 2001


hello,

Recently, I have install snort. I have some questions in my mind, 
but I don't have enough ability to resolve them. Do you know...
How snort get packet from kernel?
Does snort mantain another packet queue in the user space?

I have 2 kinds of think.
(1) snort get 1 packet from kernel and check packet with snort rules. 
    After check out, snort will get another packet from kernel.
(2) snort copy packet from kernel space into user space without end.
    (maintain a packet queue in the user space)
    Simultaneously, snort need to take packet from packet queue in the 
    user space, and check packet with snort rules.

Thanks and cheers,
Tom






More information about the Snort-users mailing list