[Snort-users] Reload shmem preprocessor entries

Eugenio Pérez eupm90 at ...11827...
Thu May 29 12:26:35 EDT 2014


Hi everyone.

I'm experience a problem. I have a snort installation with reload,
reputation preprocessor and shared mem enabled in ./configure.

When I change zone.info, and I send a reload signal, should snort reload
reputation shared memory (the writer one, instance 0)? My experience is
that is not reloading it.

On the other hand, I've tried to reload the shared memory with
snort_control. However, it freezes forever. If I exec it under 'strace', I
found that it freeze in a read() op:

strace /opt/rb/bin/snort_control /opt/rb/etc/snort/0/cs/instance-0 1361
...
connect(3, {sa_family=AF_FILE,
path="/etc/snort/0/cs/instance-0/SNORT.sock"}, 110) = 0
write(3,
"\0\1\5R\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4110)
= 4110
read(3,

And this happens for all 136* commands. How is the proper way to reload the
reputation rules?

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140529/59273994/attachment.html>


More information about the Snort-users mailing list