[Snort-users] Reload shmem preprocessor entries

Eugenio Pérez eupm90 at ...11827...
Thu May 29 12:26:35 EDT 2014

Hi everyone.

I'm experience a problem. I have a snort installation with reload,
reputation preprocessor and shared mem enabled in ./configure.

When I change zone.info, and I send a reload signal, should snort reload
reputation shared memory (the writer one, instance 0)? My experience is
that is not reloading it.

On the other hand, I've tried to reload the shared memory with
snort_control. However, it freezes forever. If I exec it under 'strace', I
found that it freeze in a read() op:

strace /opt/rb/bin/snort_control /opt/rb/etc/snort/0/cs/instance-0 1361
connect(3, {sa_family=AF_FILE,
path="/etc/snort/0/cs/instance-0/SNORT.sock"}, 110) = 0
"\0\1\5R\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 4110)
= 4110

And this happens for all 136* commands. How is the proper way to reload the
reputation rules?

Thanks in advance.
