Multiple IPS action plugin problem

[Özkan KIRIK via Snort-devel <snort-devel () lists snort org>]

Hello,

I developed 3 example ips_action plugin using snort3_extra repository. (ie
modifypacket_1, modifypacket_2 , modifypacket_3).

In /usr/local/etc/snort/plugins folder;
- When single .so file exists, plugin works perfectly.
- When all of 3 .so files exists, only last registered one triggered for
both modifypacket_1,  modifypacket_2,  modifypacket_3 rules.

# snort --plugin-path /usr/local/etc/snort/plugins --list-plugins | grep
ips_action
ips_action::modifypacket_1 v0
/usr/local/etc/snort/plugins/act_modifypacket_1.so
ips_action::modifypacket_2 v0
/usr/local/etc/snort/plugins/act_modifypacket_2.so
ips_action::modifypacket_3 v0
/usr/local/etc/snort/plugins/act_modifypacket_3.so
ips_action::react v0 static
ips_action::reject v0 static
ips_action::rewrite v0 static

For debugging, I put log messages to mod_ctor and action_ctor functions. In
logs, All of 3 mod_ctor and action_ctor functions are called. But only last
registered .so file's Action::exec(Packet* p) method is called for all the
modifypacket_1,  modifypacket_2,  modifypacket_3 actions.
There is no common method and class names (except snort_plugins[] variable)
across all .so files.

I couldn't find there the bug is and how the other actions related to 1
Action::exec method.

Can you help to resolve this problem.
Regards

_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!