[Snort-devel] Status of Snort Inline

Victor Julien lists at ...2933...
Mon Oct 12 05:05:58 EDT 2009


Jan Ježek wrote:
> Hi everybody,
> 
> I would like to gather some knowledge about the status of the inline
> functionalty.
> 
> There is Snort 2.8 in which the inline functionality does not work. It does
> not work because it relies on libipq which is no longer supported and the
> compat layer from libnetfilter-queue has just been removed recently so Snort
> with GIDS enabled wouldn¹t even compile. Also, IP defragmentation in inline
> mode seems to be broken in the current 2.8 (though it worked in 2.8.0). The
> reason is because it tryes to safe memcopy zero bytes.
> 
> Then there is the snort-inline project which development seems dead. It¹s
> only 2.6 and the maintainer isn¹t replying.

We have much newer code in SVN. It does work with libnetfilter_queue and
it *should* compile just fine.

It's true that development is (very) slow. Both Will and I are working
on a new IDP project at http://www.openinfosecfoundation.org/ which is
taking pretty much all of our time.

Cheers,
Victor

> We would like to integrate Snort in inline mode into a security product. We
> are willing to fix and maintain the inline mode Snort. But the current
> status is unclear. Is the only way to branch and maintain our own project?
> 
> Furthermore, we are willing to maintain the Windows version even with the
> inline mode. Internally, we were able to compile and run 2.8 on Windows in
> inline mode successfully.
> 
> Thanks in advance for any pointers on how to proceed.
> 
> --
> Jan Jezek
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Come build with us! The BlackBerry(R) Developer Conference in SF, CA
> is the only developer event you need to attend this year. Jumpstart your
> developing skills, take BlackBerry mobile applications to market and stay 
> ahead of the curve. Join us from November 9 - 12, 2009. Register now!
> http://p.sf.net/sfu/devconference
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel


-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------





More information about the Snort-devel mailing list