Snort mailing list archives
Re: Status of Snort Inline
From: Victor Julien <lists () inliniac net>
Date: Mon, 12 Oct 2009 11:05:58 +0200
Jan Ježek wrote:
Hi everybody, I would like to gather some knowledge about the status of the inline functionalty. There is Snort 2.8 in which the inline functionality does not work. It does not work because it relies on libipq which is no longer supported and the compat layer from libnetfilter-queue has just been removed recently so Snort with GIDS enabled wouldn¹t even compile. Also, IP defragmentation in inline mode seems to be broken in the current 2.8 (though it worked in 2.8.0). The reason is because it tryes to safe memcopy zero bytes. Then there is the snort-inline project which development seems dead. It¹s only 2.6 and the maintainer isn¹t replying.
We have much newer code in SVN. It does work with libnetfilter_queue and it *should* compile just fine. It's true that development is (very) slow. Both Will and I are working on a new IDP project at http://www.openinfosecfoundation.org/ which is taking pretty much all of our time. Cheers, Victor
We would like to integrate Snort in inline mode into a security product. We are willing to fix and maintain the inline mode Snort. But the current status is unclear. Is the only way to branch and maintain our own project? Furthermore, we are willing to maintain the Windows version even with the inline mode. Internally, we were able to compile and run 2.8 on Windows in inline mode successfully. Thanks in advance for any pointers on how to proceed. -- Jan Jezek ------------------------------------------------------------------------ ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference ------------------------------------------------------------------------ _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
-- --------------------------------------------- Victor Julien http://www.inliniac.net/ PGP: http://www.inliniac.net/victorjulien.asc --------------------------------------------- ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
Current thread:
- Status of Snort Inline Jan Ježek (Oct 11)
- Re: Status of Snort Inline Victor Julien (Oct 12)
- Re: Status of Snort Inline Randal T. Rioux (Oct 13)
- Re: Status of Snort Inline Richard Bejtlich (Oct 13)
- Re: Status of Snort Inline Randal T. Rioux (Oct 13)
- Re: Status of Snort Inline Joel Esler (Oct 12)
- Re: Status of Snort Inline Jan Ježek (Oct 12)
- Re: Status of Snort Inline justin joseph (Oct 12)
- Re: Status of Snort Inline Jan Ježek (Oct 12)
- Re: Status of Snort Inline Victor Julien (Oct 12)