Menu
▾
▴
Re: [Snort-inline-users] no kill with ctrl+c
|
From: Victor J. <li...@in...> - 2007-04-11 12:07:33
|
Hi David, David Gunnarsson wrote: > I have a minor issue with snort_inline 2.6.1.2. > > It is when i try to stop it with ctrl+c, nothing happens! > It seems to be only when using from queues (with nf_queue) and not when > i try with pcap. > It does not seem to matter if snort_inline has recieved any traffic or not. > Like we discussed in IRC, I think the issue here is specific to nfqueue. Snort_inline evaluates a signal only when the 'packet read' function returns. In case of ip_queue I have added a timeout (to ipq_read) so it returns a number of times per second iirc. For nfqueue we haven't done that yet, as far as I can see. The recv call that gets a packet from the kernel is blocking and will wait forever until a packet is read. Dave, do you have any idea's on how to fix this? As far as I know we can't add a timeout value to the recv call. Maybe we need to look at using something like select or poll? Cheers, Victor |
