[Snort-devel] why libnet0 and libipq ?
justinjoseph007 at ...2499...
Mon Aug 10 04:23:00 EDT 2009
Snort inline support is using libnet0 and libipq in snort-2.8.4. Why
is it not using
libnet1(for injecting) and libnetfilter_queue( for queuing related
On Ubuntu Hardy with 2.8.4 in inline mode I get "snort uses obsolete
in syslog, its working though.
For Linux kernel the files that use libnet are (grep-ed for libnet.h inclusion):
Apart form the WIN32 files.
On snort mailing-list (URL:
It mentions libnet1 for instructions for building Snort 2.6-beta or
2.4.4. Is that a mistake
or did snort migrate to libnet1 for sometime?
Is there any particular reason for not migrating to libnet1?
Also am getting too many "nf_conntrack: table full, dropping packet." in syslog
does this mean the kernel is dropping packets when snort is run in in-line mode.
Could this be because of using deprecated library?
IMHO this issue is probably the reason why in Debian and Ubuntu snort in-line
mode is not supported.
Are these right questions or am I just confused?
Would it be nice(better performance?? ) if someone migrated libipq and libnet0
to libnetfilter_queue and libnet1? Or hasn't this migrated because of
I don't know yet?
More information about the Snort-devel