Re: why old libnet?

[Will Metcalf <william.metcalf () gmail com>]

> Yeah, I was looking at the code and you are correct. I guess I
> (incorrectly) assumed it somehow used the netfilter reject target to
> generate the packets. Instead snort generates them itself

The reason for this is that libipq can only set a verdict of NF_DROP,
NF_CONTINUE, or NF_REPEAT, and if I remember correctly the reject
stuff  lives in iptables not in netfilter.

> > Probably because it has support for using reject as well as drop, alert
> > and log.  The reject keyword allows you to reset the connection rather
> > than just drop it.

Until they upgrade the flexresp code to libnet 1.1.x I'm not going to
rewrite the code for the reject stuff.  I'm not going to be
responsible for adding another dep to snort.


Regards,

Will


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users