of signals and packets

Yesterday I posted a message to the user's list about snort ignoring
signal on a new RHE install.  After a couple of hours delving into the
source I discovered the problem.

The machine was sitting in our test rack and didn't have anything
plugged into the monitoring interface.  I was simply building and
testing the managment side of a replacement sensor.

In the standard manner snort interrupt routines simply save the signal
in a variable and then check the variable somewhere else.  The problem
occurred because it is checked in the packet processing loop.

No packets, no interrupts!

I wonder if it would be worth while to feed in dummy packet once a
second to catch signal when there is no traffic.

Russell

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642