Matt Jonkman of Emerging Threats asked me to have a look at the existing Snortsam 220.127.116.11 patch as people were continuing to report problems with it. I updated it to compile without compiler warnings, build cleanly with debugging enabled, build cleanly with Snort’s IPv6 support enabled and added a check so it won’t act on alerts in IPv6 packets since the Snortsam framework does not support IPv6. Finally I removed the patch script so it’s provided as a ‘normal’ diff. Here is the patch: http://www.inliniac.net/files/snortsam-18.104.22.168.diff
Here are the instructions for getting your Snort 22.214.171.124 source patched:
Make sure you have a clean Snort 126.96.36.199 tree, then patch it:
patch -p1 < ../snortsam-188.8.131.52.diff
Next, run ‘autojunk.sh’ to update the build system (you need to have libtoolize, aclocal, autoheader, autoconf and automake installed). After this, configure and build Snort normally:
./configure <your configure options>
Thanks to Matt Jonkman of Emerging Threats for paying me to do this and CunningPike for doing the first iterations of the patch!