[Snort-devel] Status of Snort Inline

Joel Esler eslerj at ...2499...
Mon Oct 12 09:27:57 EDT 2009


On Mon, Oct 12, 2009 at 12:51 AM, Jan Ježek <jjezek at ...3062...> wrote:

> Hi everybody,
>
> I would like to gather some knowledge about the status of the inline
> functionalty.
>
> There is Snort 2.8 in which the inline functionality does not work. It does
> not work because it relies on libipq which is no longer supported and the
> compat layer from libnetfilter-queue has just been removed recently so
> Snort
> with GIDS enabled wouldn¹t even compile. Also, IP defragmentation in inline
> mode seems to be broken in the current 2.8 (though it worked in 2.8.0). The
> reason is because it tryes to safe memcopy zero bytes.
>
> Then there is the snort-inline project which development seems dead. It¹s
> only 2.6 and the maintainer isn¹t replying.
>
> We would like to integrate Snort in inline mode into a security product. We
> are willing to fix and maintain the inline mode Snort. But the current
> status is unclear. Is the only way to branch and maintain our own project?
>
> Furthermore, we are willing to maintain the Windows version even with the
> inline mode. Internally, we were able to compile and run 2.8 on Windows in
> inline mode successfully.
>
> Thanks in advance for any pointers on how to proceed.
>
>
The code you are looking at, I am assuming you are referring to the
"snort_inline" project?
As opposed to looking at the code in Snort.  Snort can be compiled to
perform IPS functions with the --enable-inline compile tag.

Just for clarification.

Joel

-- 
Joel Esler | 302-223-5974 | gtalk: jesler at ...402...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20091012/59e7d860/attachment.html>


More information about the Snort-devel mailing list