Snort mailing list archives
Re: snort inline mode and bridge
From: Vincent Li <vincent.mc.li () gmail com>
Date: Wed, 26 Oct 2016 14:02:00 -0700
it is not a problem, but some optimal improvement I would like to see. I have a lower end PC with two NIC running snort IPS bridge mode between my ISP modem and my router at home. I use pulledpork to update signatures every day and I scripted snort to restart to take the updated signatures after new signatures finishing downloading. the snort restart takes about 5 minutes to finish and during these 5 minutes period, my home Internet is down since snort start the DAQ bridge after SnortInit which take most of the time I think. btw I have not tried snort reload my question is : can the DAQ bridge be started earlier in the snort startup process, maybe before SnortInit , so that traffic can be passed through early to reduce the network connectivity downtime to minimum. let me know if I made myself clear :) Thanks Vincent On Tue, Oct 25, 2016 at 11:31 AM, Russ <rucombs () cisco com> wrote:
Please restate the original problem. I don't think fail open is what you are after. On 10/25/16 2:03 PM, Vincent Li wrote:On Thu, Oct 13, 2016 at 8:26 PM, Y M <snort () outlook com> wrote:Hello Vincent, I haven't tried this before, but when building Snort, there is this build option: "--enable-inline-init-failopen Enable Fail Open during initialization for Inline Mode (adds pthread support implicitly)" Have you tried this? I would be interested to know if this achieves what you need.so I tried to build snort with --enable-inline-init-failopen, it did not sovle the problem I have. it looks to me the InlineFailOpen is called near to the end of SnortMain after SnortInit (which take most of the time during snort restart) and before PacketLoop(); I tried to hack the code to call InlineFailOpen before SnortInit, but I had memory segment fault after starting up snort and pass traffic through it, I assume some memory has to be allocated before starting up the DAQ bridge, any further clue? maybe some improvement needed in line with the idea of InlineFailOpen ? Thanks Vincent ------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ The Command Line: Reinvented for Modern Developers Did the resurgence of CLI tooling catch you by surprise? Reconnect with the command line and become more productive. Learn the new .NET and ASP.NET CLI. Get your free copy! http://sdm.link/telerik _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort inline mode and bridge Vincent Li (Oct 13)
- Re: snort inline mode and bridge Y M (Oct 13)
- Re: snort inline mode and bridge Vincent Li (Oct 14)
- Re: snort inline mode and bridge Vincent Li (Oct 25)
- Re: snort inline mode and bridge Russ (Oct 25)
- Re: snort inline mode and bridge Vincent Li (Oct 26)
- Re: snort inline mode and bridge Russ (Oct 27)
- Re: snort inline mode and bridge Vincent Li (Oct 27)
- Re: snort inline mode and bridge Y M (Nov 01)
- Re: snort inline mode and bridge Vincent Li (Nov 01)
- Re: snort inline mode and bridge Y M (Nov 01)
- Re: snort inline mode and bridge Y M (Oct 13)