[Snort-users] get packet mechanism
gis88530 at ...1480...
Tue Apr 10 13:38:50 EDT 2001
Recently, I have install snort. I have some questions in my mind,
but I don't have enough ability to resolve them. Do you know...
How snort get packet from kernel?
Does snort mantain another packet queue in the user space?
I have 2 kinds of think.
(1) snort get 1 packet from kernel and check packet with snort rules.
After check out, snort will get another packet from kernel.
(2) snort copy packet from kernel space into user space without end.
(maintain a packet queue in the user space)
Simultaneously, snort need to take packet from packet queue in the
user space, and check packet with snort rules.
Thanks and cheers,
More information about the Snort-users