Project

General

Profile

Actions

Feature #4070

open

capture plugins: receive notification when suricata is done with a packet

Added by Danny Browning about 4 years ago. Updated 6 months ago.

Status:
New
Priority:
Normal
Target version:
Effort:
low
Difficulty:
Label:

Description

Capture plugins should receive a notification when suricata is done with a packet (reinit or free), so that they may take appropriate steps for the packets they have provided to suricata.

One example of this is pulling packets from a ring buffer and being able to mark when when the packet is no longer being used and can be written to again (e.g. write head).

Another example is a packet allocated with a different allocator that will not be cleaned up by a free of ext_pkt, as in a rust packet.

Actions

Also available in: Atom PDF