Menu
▾
▴
Re: [Snort-inline-users] Running multiple snortinline on same interface
|
From: <ko...@in...> - 2005-08-22 08:47:21
|
Some time ago I reimplemented snort-inline on Linux so it uses TUN/TAP virtual net interfaces instead of IPQUEUE, so it should be possible to ru= n several instances of snort-inline. Although it can't REJECT yet (workaround on iptables level is possible) and it's almost untested (the development was stopped), it's usable - and is able to solve your problem= . Are you (or anybody else from snort-inline community) interested in the patch/code? VlK >> This is a ip_queue limitation, not a snort-inline limitation. NFQUEUE >> which will be included in the 2.6.14 kernel will support multiple >> queue targets, hence you will be able to run multiple instances of >> snort-inline once we add support for it ;-). >> >> Regards, >> >> Will >> >> On 8/19/05, Sanjai Narain <na...@re...> wrote: >>> We have two independently developed snortinline applications that we'= d >>> now >>> like to run on the same interface. Is this possible via snort >>> configuration, or do we have to merge the source code in the >>> preprocessors >>> directory and rebuild a single application? I would greatly appreciat= e >>> any >>> assistance. >>> >>> We tried starting up both snort binaries on the same interface but go= t >>> an >>> error (I believe it was resource busy). However, if we run two copie= s >>> of >>> the non-inline Snort applications on the same interface, there is no >>> error. >>> >>> Thanks. -- >>> Sanjai Narain >>> Senior Research Scientist >>> Telcordia Technologies |
