[Snort-devel] why libnet0 and libipq ?

Will Metcalf william.metcalf at ...2499...
Wed Aug 12 09:14:45 EDT 2009


> Why was all this working code taken out and is not there in
> snort-2.8.4(or other releases snort after merging)?
> This is preventing distros from including inline feature(as mentioned
> before).  Doesn't make sense to me :-(

We have support for 2.8.4.1 in snort-inline testing if you want/need
it. Dave Ramien from Nitro Security was kind enough to perform the
update. With that said, we kept snort-inline going after the merge to
allow us to sort of do our own thing.

svn co https://snort-inline.svn.sourceforge.net/svnroot/snort-inline/testing

> Note:  ipq and 2.8.4 drops packets for me, but snort_inline-2.6.1.5
> works fine(both ipq and nfnetlink)

Just out of curiosity did you set ip_queue_maxlen when using ip_queue?

echo 65535 > /proc/sys/net/ipv4/ip_queue_maxlen

Regards,

Will




More information about the Snort-devel mailing list