[Snort-devel] why libnet0 and libipq ?
william.metcalf at ...2499...
Wed Aug 12 09:14:45 EDT 2009
> Why was all this working code taken out and is not there in
> snort-2.8.4(or other releases snort after merging)?
> This is preventing distros from including inline feature(as mentioned
> before). Doesn't make sense to me :-(
We have support for 220.127.116.11 in snort-inline testing if you want/need
it. Dave Ramien from Nitro Security was kind enough to perform the
update. With that said, we kept snort-inline going after the merge to
allow us to sort of do our own thing.
svn co https://snort-inline.svn.sourceforge.net/svnroot/snort-inline/testing
> Note: ipq and 2.8.4 drops packets for me, but snort_inline-18.104.22.168
> works fine(both ipq and nfnetlink)
Just out of curiosity did you set ip_queue_maxlen when using ip_queue?
echo 65535 > /proc/sys/net/ipv4/ip_queue_maxlen
More information about the Snort-devel