[Snort-devel] Status of Snort Inline
eslerj at ...2499...
Mon Oct 12 09:27:57 EDT 2009
On Mon, Oct 12, 2009 at 12:51 AM, Jan Ježek <jjezek at ...3062...> wrote:
> Hi everybody,
> I would like to gather some knowledge about the status of the inline
> There is Snort 2.8 in which the inline functionality does not work. It does
> not work because it relies on libipq which is no longer supported and the
> compat layer from libnetfilter-queue has just been removed recently so
> with GIDS enabled wouldn¹t even compile. Also, IP defragmentation in inline
> mode seems to be broken in the current 2.8 (though it worked in 2.8.0). The
> reason is because it tryes to safe memcopy zero bytes.
> Then there is the snort-inline project which development seems dead. It¹s
> only 2.6 and the maintainer isn¹t replying.
> We would like to integrate Snort in inline mode into a security product. We
> are willing to fix and maintain the inline mode Snort. But the current
> status is unclear. Is the only way to branch and maintain our own project?
> Furthermore, we are willing to maintain the Windows version even with the
> inline mode. Internally, we were able to compile and run 2.8 on Windows in
> inline mode successfully.
> Thanks in advance for any pointers on how to proceed.
The code you are looking at, I am assuming you are referring to the
As opposed to looking at the code in Snort. Snort can be compiled to
perform IPS functions with the --enable-inline compile tag.
Just for clarification.
Joel Esler | 302-223-5974 | gtalk: jesler at ...402...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel