Re: [Snort-inline-users] Announcing Snort_inline 2.4.3RC2 a.k.a "The Wedding Release"

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Adrian,

> You mentioned that in this release, stream4inline was re-written.  Did
> it resolve this bug I found more than three months ago?  I think it
> had to do with out-of-order packets?  Could you explain to me what the
> old stream4inline did, and how the new stream4inline resolves a few
> issues?
> 
> http://sourceforge.net/mailarchive/message.php?msg_id=12489363

I think we did, we have not been able to crash it in a long time. From 
the top of my head there were multiple issues:

1. we couldn't handle sequence number wraps
2. we no longer adjust base_seq on alerts because we dont flush the 
stream on an alert like plain stream4 does.
3. we are more intelligent on adjusting base_seq on truncating the stream

> I'm excited to give it a beating and see if it works.  The multiple
> copies of Snort seems to be really cool!  I could use a load-balancing
> iptables module and tripple the throughput on my IPS on a 4-cpu box,
> that's cool.

Cool, please let us know how it works!

Regards,
Victor