New Snortsam patch for Snort

Matt Jonkman of Emerging Threats asked me to have a look at the existing Snortsam patch as people were continuing to report problems with it. I updated it to compile without compiler warnings, build cleanly with debugging enabled, build cleanly with Snort’s IPv6 support enabled and added a check so it won’t act on alerts in IPv6 packets since the Snortsam framework does not support IPv6. Finally I removed the patch script so it’s provided as a ‘normal’ diff. Here is the patch:

Here are the instructions for getting your Snort source patched:

Make sure you have a clean Snort tree, then patch it:

cd snort-
patch -p1 < ../snortsam-

Next, run ‘’ to update the build system (you need to have libtoolize, aclocal, autoheader, autoconf and automake installed). After this, configure and build Snort normally:

./configure <your configure options>
make install

Thats it.

Thanks to Matt Jonkman of Emerging Threats for paying me to do this and CunningPike for doing the first iterations of the patch!