Menu
▾
▴
Re: [Snort-inline-users] [PATCH] fix restart function called after a SigHUP
|
From: Victor J. <vi...@nk...> - 2004-07-09 00:13:29
|
On Friday 09 July 2004 01:59, William Metcalf wrote: > The more requests that come in, it's getting conceptually harder to meet > them modding the stream4 that comes with vanilla snort. I guess I've found > my research project for my cert, I'll start rewriting stream4 as a separate > preproc for snort_inline. What do you guy's think about this? I'm no snort expert, nor a snort_inline expert, nor a expert programmer, but my question is: what would you gain by writing your own preproc? Can you point problems in the current one that are so big they can't be fixed? > If this is cool with everyone, just send me what you would like to see. As > far as reassembly goes how long do you think we should store packets in memory from the stream? What is a good length to keep state? I would like to be able to walk away from my ssh session for a few hours, and still not lose my session (and i really know people that act this way! =) But Will, can you explain me something? When snort_inline receives a sighup the Restart() function is called, which in its turn runs through the PluginRestartList to execute the restart function of the specific preproc, right? If i'm not mistaken, for stream4 this the Stream4RestartFunction(). However in that function (starting on line 3509 of spp_stream4.c) i can find no reason for the state table to flush... so where is flushed (if at all)? > Rob, would you be > alright with this? > > Regards, > > Will Regards, Victor PS. what kind of cert is that? |
