[Snort-users] divert socket odd behaviour

Sandro guly Zaccarini guly at ...14592...
Mon Feb 22 16:14:36 EST 2010

hello, i was talkin with a friend today who is writing divert
socket code for openbsd and he uses snort as target daemon. he
experience odd behaviour, using the one line configuration:
drop tcp any any -> any any

the first syn packet of the tcp connection pass the filter and
the syn-ack is dropped. snort configured with --enable-inline,
runt with -vJ $port. snort_inline 2.6 works perfect as he gets even
the syn dropped. 

does anybody got 2.8.5.x working inline, even on freebsd, using divert

