Snort mailing list archives
Re: Multi threading in ips_options
From: "Carter Waxman \(cwaxman\) via Snort-devel" <snort-devel () lists snort org>
Date: Mon, 11 Mar 2019 13:07:00 +0000
We currently do not support internal load balancing; however the general assumption should be a given flow will always be handed to the same thread. There is some support for external load balancing with afpacket, but it still holds to that same assumption. One Module and one Plugin is created globally. From there, pinit/pterm (called once) and tinit/tterm (called per thread, not at reload at the moment) can be used to set up data structures as needed. Calls to ::configure should be used to read in new Module data, especially if it interacts with other plugins as at that point, they have all been instantiated. From: Damian Chiliński <lapsio3 () gmail com> Date: Monday, March 11, 2019 at 8:51 AM To: "Carter Waxman (cwaxman)" <cwaxman () cisco com> Subject: Re: [Snort-devel] Multi threading in ips_options I thought individual packets/tracked connections are balanced between threads. If that's not the case then indeed there's probably no need. Is there new Module instance created per each thread? Or do Option objects in all threads share single "parent" Module object? On Mon, 11 Mar 2019, 13:38 Carter Waxman (cwaxman), <cwaxman () cisco com<mailto:cwaxman () cisco com>> wrote: Hi Diamian, There shouldn’t be any critical sections in an ips options. The current threading model places 1 interface set / pcap per thread, so threads shouldn’t need to share any data with each other. What global data are you trying to share? * Carter From: Snort-devel <snort-devel-bounces () lists snort org<mailto:snort-devel-bounces () lists snort org>> on behalf of Damian Chiliński via Snort-devel <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Reply-To: Damian Chiliński <lapsio3 () gmail com<mailto:lapsio3 () gmail com>> Date: Sunday, March 10, 2019 at 10:28 PM To: "snort-devel () lists snort org<mailto:snort-devel () lists snort org>" <snort-devel () lists snort org<mailto:snort-devel () lists snort org>> Subject: [Snort-devel] Multi threading in ips_options How does multi threading work in Snort 3? I mean - i made IPS Option and I want it to be stateful (as in use global data shared amongst all ips option instances). However from what I saw in manual Snort 3 support multi threading. So how do I handle critical sections in IPS Option module code? Can I just use pthread mutexes? Or is there some other recommended way? Best regards Damian Chilinski
_______________________________________________ Snort-devel mailing list Snort-devel () lists snort org https://lists.snort.org/mailman/listinfo/snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Multi threading in ips_options Damian Chiliński via Snort-devel (Mar 10)
- Re: Multi threading in ips_options Carter Waxman (cwaxman) via Snort-devel (Mar 11)
- Message not available
- Re: Multi threading in ips_options Carter Waxman (cwaxman) via Snort-devel (Mar 11)
- Message not available
- Message not available
- Re: Multi threading in ips_options Carter Waxman (cwaxman) via Snort-devel (Mar 11)
- Message not available
- Re: Multi threading in ips_options Carter Waxman (cwaxman) via Snort-devel (Mar 11)