This morning I updated our Snort_inline codebase with SourceFire’s just released 2.8.2.1 version. See the original changelogs here: 2.8.1, 2.8.2, 2.8.2.1.
Also Richard Bejtlich and Nr have good posts about the improvements of the last versions. See Richards post about a fixed frag3 vulnerability here and see Nr’s post here.
Please note that our SVN code has seen limited testing so far, so be careful! Please report any issues!
Inliniac 
Hello, i have update my sensor from 2.8.0.1 to 2.8.2.1 and i have a lot of performance problem: snort_inline starts and, after 2/3 minutes, the cpu’s will go to 100%. I have try with stream4 and stream5 preprocessor: Nothing to do. I have try to disable the clamav preprocessor: nothing to do. I have try to esclude port 80 from stream5: nothing to do. No problem with version 2.8.0.1.
Linux version 2.6.25.11-97.fc9.i686
Dell PowerEdge SC1435 – 2X Dual-Core AMD Opteron(tm) Processor 2222 SE stepping 03 (3Ghz) – 4GB Ram 1333 – 2 HDD Sata2 – 2x nic GB
PCRE 7.3 (from Fedora)
LibNet 1.1.3-RC-01 with ipv6 patch
libdnet 1.12
Clamav 0.93.3
Internet Line: 10MB
Snort_inline:
./configure –enable-clamav –with-clamav-includes=/usr/include –with-clamav-defdir=/var/lib/clamav –enable-dynamicplugin –enable-stream4udp –enable-pthread –enable-memory-cleanup –enable-inline-init-failopen
Fedora 9 with tcpip and file system optiomization (sysctl.conf):
kern.maxfiles=4040
kern.maxfilesperproc=3636
vm.bdflush = 100 1200 128 512 500 6000 500 0 0
vm.buffermem = 80 10 60
fs.file-max = 102400
vm.freepages = 1532 3064 4596
vm.pagecache = 8 25 85
net.ipv4.tcp_max_tw_buckets = 720000
net.core.optmem_max = 10000000
net.core.hot_list_length = 102400
net.ipv4.tcp_mem = 100000000 100000000 100000000
net.ipv4.tcp_wmem = 100000000 100000000 100000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.core.rmem_max = 10485760
net.core.rmem_default = 10485760
net.core.wmem_max = 10485760
net.core.wmem_default = 10485760
ip_queue set to 4086
Please help me!
Thanks 😉