Menu
▾
▴
Re: [Snort-inline-users] no kill with ctrl+c
|
From: Victor J. <li...@in...> - 2007-04-12 20:28:13
|
Okay after some testing I noticed the same thing, signals seem to be ignored by nfq enabled Snort_inline. Please try the attached patch to see if it works well for you. On my system it seems to work fine :-) Let me know! Cheers, Victor Victor Julien wrote: > Hi David, > > David Gunnarsson wrote: > >> I have a minor issue with snort_inline 2.6.1.2. >> >> It is when i try to stop it with ctrl+c, nothing happens! >> It seems to be only when using from queues (with nf_queue) and not when >> i try with pcap. >> It does not seem to matter if snort_inline has recieved any traffic or not. >> >> > Like we discussed in IRC, I think the issue here is specific to nfqueue. > Snort_inline evaluates a signal only when the 'packet read' function > returns. In case of ip_queue I have added a timeout (to ipq_read) so it > returns a number of times per second iirc. For nfqueue we haven't done > that yet, as far as I can see. The recv call that gets a packet from the > kernel is blocking and will wait forever until a packet is read. Dave, > do you have any idea's on how to fix this? As far as I know we can't add > a timeout value to the recv call. Maybe we need to look at using > something like select or poll? > > Cheers, > Victor > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
