[Snort-devel] Status of Snort Inline

Randal T. Rioux randy at ...3004...
Tue Oct 13 20:43:35 EDT 2009


Victor Julien wrote:
> Jan Ježek wrote:
>> Hi everybody,
>>
>> I would like to gather some knowledge about the status of the inline
>> functionalty.
>>
>> There is Snort 2.8 in which the inline functionality does not work. It does
>> not work because it relies on libipq which is no longer supported and the
>> compat layer from libnetfilter-queue has just been removed recently so Snort
>> with GIDS enabled wouldn¹t even compile. Also, IP defragmentation in inline
>> mode seems to be broken in the current 2.8 (though it worked in 2.8.0). The
>> reason is because it tryes to safe memcopy zero bytes.
>>
>> Then there is the snort-inline project which development seems dead. It¹s
>> only 2.6 and the maintainer isn¹t replying.
> 
> We have much newer code in SVN. It does work with libnetfilter_queue and
> it *should* compile just fine.
> 
> It's true that development is (very) slow. Both Will and I are working
> on a new IDP project at http://www.openinfosecfoundation.org/ which is
> taking pretty much all of our time.

Not to threadjack this, but I'm still unclear as to the reason for this 
OISF project. Will it be closed or open source? What features will it 
have as opposed to other IDS/IPS solutions already out there?

Thanks,
Randy




More information about the Snort-devel mailing list