File preprocessor and snort daemon

[Eugenio Perez <eugenio () redborder org>]

Hello all.

We've detected a problem capture mode is enable in file preprocessor
and snort is running as daemon.

Snort is supposed to create curcular buffer where it will save files,
and to spawn a new thread to poll these ones. However, this new thread
is lost when snort forks (that is the expected behavior of fork), so
there is no polling thread anymore.

As a workaround, I restart file preprocessor in the fork with
pthread_atfork, because (I think) I have no way to know when snort is
forking, or how to delay file preprocessor starting.

Patch is attached, and related commit in our github server is
(https://github.com/redBorder/snort/commit/c17145ee17f0d067c5d638241fcd2b3c266ff718).
Any comment/suggestion will be appreciated.

Regards.

Attachment: file_daemon.patch
Description:

------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud 
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!