After moving, which went fine, I now finally have some real coding time again. The last week I have been updating and fixing various parts of Snort_inline. The most important change was the update to Snort version 126.96.36.199, which contains security fixes. William also found an issue with the Stream4inline code. The issue was that the memcap that the admin sets to limit the amount of memory used by stream4 wasn’t properly enforced.
Other fixes that are done is that Snort_inline in nfqueue mode now properly honors signals and also no longer needs the libipq library and headers. There are few changes that will be committed soon. One is an issue that clamav can sometimes return an error when parsing malformed file. Until now the spp_clamav preprocessor would issue a FatalError and cause Snort_inline to die. This is obviously not desirable so the patch makes sure that Snort_inline no longer dies and gives the admin an option to either drop or pass traffic that can’t be inspected.
Last but not least there will be a fix to the nfqueue code that appears to solve the ‘stuck packet problem’ we were seeing under heavy load. A number of people are testing my patch currently so if all goes well that will be commited soon as well.
Checking out the latest code is done with the following command:
svn co https://snort-inline.svn.sourceforge.net/svnroot/snort-inline/trunk
hi i was just wondering if you have a copy of snort inline 188.8.131.52 already compiled that you would like to share you see i am fairly new to snort inline and not that great at it and i cant seem to get it compile. it would be nice if someone would compile snort for us non tec people who is just starting out learning 🙂
If you can’t get it to compile please send an email to the snort-inline-users mailinglist or hop into #snort at irc.freenode.net. Compiling is not that hard so I think we can help you quickly 🙂
I don’t think we will start spreading binaries soon because of time constraints…