« New Snort_inline TCP window normalization code in SVN
New Snortsam patch for Snort 2.8.0.1 »

Working on Snort_inline 2.8.0.1

The last week I’ve been working on bringing Snort_inline to the Snort 2.8.0.1 level, including it’s IPv6 support. I’m almost ready to commit it to SVN, there are just some issues I need to fix in the inline specific code. The code will get rid of libdnet and use libnet 1.1 for sending reset/reject packets for both IPv4 and IPv6. After committing I will start working on getting the IPv6 features I wrote for NitroSecurity into this tree. This includes more matches, tunnel decoding (including for example the freenet6 tunnel, etc). So stay tuned!

Tags: , , , , , ,

This entry was posted on Saturday, December 22nd, 2007 at 2:49 pm and is filed under IPv6, Snort, Snort_inline. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Working on Snort_inline 2.8.0.1”

  1. Jason Says:
    December 23rd, 2007 at 7:00 am

    Just curious, why libnet 1.1 over libdnet?

  2. Victor Julien Says:
    December 23rd, 2007 at 2:53 pm

    Libdnet and libnet 1.0 both lack IPv6 support. For the reject action we need to be able to craft IPv6 packets. Libnet 1.1 supports this, although I had to fix it and extend it a little. I wrote about that here http://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html

Leave a Reply