|
|
|
|
Snort Forums Archive
Archive Home » Snort Development » Multi-threading snort (A dream or reality?)
Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.
[ Notice: Full Version of This Topic ]
Multi-threading snort (A dream or reality?)
Posted by Hasnul on September 09, 2005 01:38:37
Hi,
I'm just wondering, has anyone tried to multi thread snort? Is there any direction to do so?
I'm looking into multithreading snort and was wondering if the detection and preprocessor uses global variables which would hinder pushing multiple packets to be processed or it is safe to do so?
I read somewhere that libpcap is not thread safe and based on my test, it will overwrite the pointer that it pass to the callback function ProcessPacket.
Assuming there is a way to get fix the libpcap thread issue, in snort ProcessPacket functions, can the Preprocess(&p) be called simultaneously or it will effect the result since it is not thread safe?
Really appreciate anyone's input since I've tried as much as possible to read through the source codes.
Thanks,
Hasnul |
|
Posted by rdsmith on September 14, 2005 15:05:41
There are a number of issues you need to address to do this. Some of the first are to appropriately deal with all the static and global variables that would need to have distinct per-thread values, depending on how you partition things. The things that immediately come to mind are the doe_ptr, the UriBufs, the telnet decode buffer, etc.
|
|
|
|
|
|
