xxxx81
commented
2 years ago Since the update to Openwrt 22.03.1 the injecting in passive (active plugin in Snort to send a reset on detection) and inline mode with Afpacket works but when using libpcap it still fails. Supposedly libpcap has the same potential.
While testing Snort3 I noticed that it can run inline with afpacket Daq but it doesn't drop packets so I went searching and found that it can't inject packets in the DAQ. It seems that Libdaq3 is too stripped down and important libraries are missing. When I copy the self compiled files from this https://github.com/snort3/libdaq and reinstall libdaq3 (because the libdaq.so3 generates unexplained symbol errors) the injecting works. So it seems that files are missing to guarantee the complete function in inline mode of Snort3.