While trying to update snort on a server from 2.9.0.5 to 2.9.2.3, i had to change the USE-flags from: - the selected ones in 2.9.0.5: dynamicplugin decoder-preprocessor-rules linux-smp-stats reload reload-error-restart to - the forced ones in 2.9.2.3: dynamicplugin decoder-preprocessor-rules linux-smp-stats zlib -active-response -flexresp3 -gre -mpls -mysql -normalizer -odbc -postgres -ppm -react -reload-error-restart -targetbased The server is using the 10.0/server profile (basic USE-flags only, it a "need-only-an-optimized" system), and snort does not do any fancy stuff like IPS, so no inline / active-response is needed. As such, since 2.9.2.3 automatically seemed to enable alot of flags, i used portage.use to explicitly disable some of them. Reproducible: Always Steps to Reproduce: 1. Unmask snort-2.9.2.3 in /etc/portage/package.keywords 2. Use the following USE-flags for snort in package.use : dynamicplugin decoder-preprocessor-rules linux-smp-stats zlib -active-response -flexresp3 -gre -mpls -mysql -normalizer -odbc -postgres -ppm -react -reload-error-restart -targetbased 3. emerge -av snort Actual Results: [snip] i686-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../src -I../src/sfutil -I/usr/include/pcap -I../src/output-plugins -I../src/detection-plugins -I../src/dynamic-plugins -I../src/preprocessors -I../src/preprocessors/portscan -I../src/preprocessors/HttpInspect/include -I../src/preprocessors/Stream5 -I../src/target-based -I../src/control -DDYNAMIC_PLUGIN -DZLIB -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DLINUX_SMP -DNOCOREFILE -DENABLE_PAF -DSF_WCHAR -DSUP_IP6 -DPERF_PROFILING -DSNORT_RELOAD -DRELOAD_ERROR_FATAL -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -c idle_processing.c /bin/sh ../libtool --tag=CC --mode=link i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -Wl,--as-needed -L/usr/lib -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm -ldl -ldaq -lz -lpthread -lpthread libtool: link: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o -Wl,--as-needed -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a /usr/lib/libdnet.so -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg': sf_dynamic_plugins.c:(.text+0x964): undefined reference to `Active_SendData' dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled': sf_dynamic_plugins.c:(.text+0xa47): undefined reference to `Active_SetEnabled' collect2: ld returned 1 exit status make[3]: *** [snort] Error 1 make[3]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3' make: *** [all] Error 2 emake failed * ERROR: net-analyzer/snort-2.9.2.3 failed (compile phase): * emake failed * * Call stack: * ebuild.sh, line 85: Called src_compile * environment, line 1804: Called _eapi2_src_compile * phase-helpers.sh, line 573: Called die * The specific snippet of code: * emake || die "emake failed" * * If you need support, post the output of 'emerge --info =net-analyzer/snort-2.9.2.3', * the complete build log and the output of 'emerge -pqv =net-analyzer/snort-2.9.2.3'. /usr/lib/portage/bin/isolated-functions.sh: line 214: wait: `emake failed': not a pid or valid job spec * The complete build log is located at '/var/tmp/portage/net-analyzer/snort-2.9.2.3/temp/build.log'. * The ebuild environment file is located at '/var/tmp/portage/net-analyzer/snort-2.9.2.3/temp/environment'. * S: '/var/tmp/portage/net-analyzer/snort-2.9.2.3/work/snort-2.9.2.3' Expected Results: It should have compiled successfully since the USE-flags do not block eachother. As far as i can tell, the two functions which are not found (Active_SendData and Active_SetEnabled) are defined in an #ifdef #endif section which is not active since active-reponse is disabled. For some reason however, DynamicSendBlockResponseMsg and DynamicActiveSetEnabled functions in dynamic-plugins/sf_dynamic_plugins.c want to call the Active_ functions which are not available if active response is disabled. I cannot disable the dynamicplugin USE-flag since the zlib USE-flag depends on it. Here is the emerge --info: Portage 2.1.10.49 (default/linux/x86/10.0/server, gcc-4.4.6, glibc-2.14.1-r3, 3.2.12-gentoo-db-version1 i686) ================================================================= System uname: Linux-3.2.12-gentoo-db-version1-i686-Intel-R-_Xeon-R-_CPU_X5550_@_2.67GHz-with-gentoo-2.0.3 Timestamp of tree: Thu, 14 Jun 2012 00:45:01 +0000 app-shells/bash: 4.1_p9-r839::<unknown repository> dev-lang/python: 2.7.2-r3, 3.2.2 dev-util/cmake: 2.8.6-r4 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.9.8.4 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.68 sys-devel/automake: 1.11.1 sys-devel/binutils: 2.21.1-r1 sys-devel/gcc: 4.4.6-r1, 4.5.3-r2 sys-devel/gcc-config: 1.5-r2 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 3.1 (virtual/os-headers) sys-libs/glibc: 2.14.1-r3 Repositories: gentoo x-portage ACCEPT_KEYWORDS="x86" ACCEPT_LICENSE="* -@EULA" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo" CXXFLAGS="-O2 -march=i686 -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs distlocks ebuild-locks fixlafiles news parallel-fetch protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox" FFLAGS="" GENTOO_MIRRORS="http://10.5.1.237:8080 " LDFLAGS="-Wl,-O1 -Wl,--as-needed" MAKEOPTS="-j9" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://10.5.1.237/gentoo-portage" USE="acl berkdb bzip2 cli cracklib crypt cups cxx dri gd gdbm iconv jpeg modules mudflap ncurses nls nptl openmp pam pcre pppd readline session snmp ssl tcpd tiff truetype unicode x86 xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="kexi words flow plan sheets stage tables krita karbon braindump" CAMERAS="ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" PHP_TARGETS="php5-3" PYTHON_TARGETS="python3_2 python2_7" RUBY_TARGETS="ruby18 ruby19" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nouveau nv r128 radeon savage sis tdfx trident vesa via vmware dummy v4l" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" USE_PYTHON="2.7 3.2" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
Snort 2.9.1 (marked as stable) compiles without any problem with the same USE-flags. .. of course, ignoring all the warnings about the not checked return values.
Snort 2.9.2.1 fails to compile with the same error: configure: ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --enable-decoder-preprocessor-rules --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-aruba --without-mysql --without-odbc --without-postgresql --enable-ipv6 --enable-reload --disable-prelude --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disable-rzb-saac --without-oracle Error: /bin/sh ../libtool --tag=CC --mode=link i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -Wl,--as-needed -L/usr/lib -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm -ldl -ldaq -lz -lpthread -lpthread libtool: link: i686-pc-linux-gnu-gcc -O2 -march=i686 -pipe -fomit-frame-pointer -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -Wl,-O1 -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o -Wl,--as-needed -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a /usr/lib/libdnet.so -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg': sf_dynamic_plugins.c:(.text+0x934): undefined reference to `Active_SendData' dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled': sf_dynamic_plugins.c:(.text+0xa17): undefined reference to `Active_SetEnabled' collect2: ld returned 1 exit status make[3]: *** [snort] Error 1 make[3]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-analyzer/snort-2.9.2.1/work/snort-2.9.2.1' make: *** [all] Error 2 emake failed So the change that breaks it it between 2.9.1 and 2.9.2.1.
Created attachment 315763 [details, diff] Patch to allow compilation of snort-2.9.2.3 with active-response disabled Hello again. Considering the problem should be fixed by either patching ./src/dynamic-plugins/sf_dynamic_plugins.c or active.h/c and since the active-response USE-flag should affect only the active response support, i decided to try to make a patch that should allow the compilation of the package. I have attached the patch. It changes the location as well as adds some #ifdef ACTIVE_RESPONSE [...] #endif so that the two functions which are not available when active-response is disabled (Active_SendData and Active_SetEnabled) are now available but don't do anything (of course, only when active-response is disabled). Since both functions return void, unless the callers expect some changes in the data they pass, the patch should work just fine. Since it's the first time i see the snort source code, i have no idea if the patch keeps the full functionality or breaks something else. All i know is that with the patch applied the ./configure (as posted previously) and make commands complete successfully. So, somebody who has more experience than me in snort code, please take a look at the patch and advise if it should be added to the Gentoo snort package to allow snort to compile with active-response disabled. Also, please tell me if the USE-flags i'm using are not as they should be (although the ebuild lets me use them), maybe i'm not supposed to use this configuration (however, if that is the case, then why did the ./configure let me, or the ebuild). Thank you for your time.
I'll take this and see what fix the developers on snort-devel implement.
Snort 2.9.3.0 has been released. Changelog: http://www.snort.org/downloads/1797 Nothing in the Changelog about this issue (there is an issue referring to compilation error when active response is disabled, but it was part of snort 2.9.1). I downloaded the source of 2.9.3.0, fixed the ./configure (snort no longer supports outputs to databases, aruba or prelude), and it still crashed in the same place as 2.9.2.3. New ./configure: ./configure --prefix=/usr --build=i686-pc-linux-gnu --host=i686-pc-linux-gnu --mandir=/usr/share/man --infodir=/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --enable-shared --disable-static --disable-so-with-static-lib --enable-dynamicplugin --enable-zlib --disable-gre --disable-mpls --disable-targetbased --disable-ppm --enable-perfprofiling --enable-linux-smp-stats --disable-inline-init-failopen --enable-pthread --disable-debug --disable-debug-msgs --disable-corefiles --enable-dlclose --disable-active-response --disable-normalizer --disable-reload-error-restart --disable-react --disable-flexresp3 --enable-paf --disable-large-pcap --disable-ipv6 --enable-reload --disable-build-dynamic-examples --disable-profile --disable-ppm-test --disable-intel-soft-cpm --disable-static-daq --disable-rzb-saac Error compiling: /bin/sh ../libtool --tag=CC --mode=link i686-pc-linux-gnu-gcc -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -lpcre -L/usr/lib -ldnet -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -lz -ldnet -lpcre -lpcap -lnsl -luuid -lm -lm -ldl -ldaq -lz -lpthread -lpthread libtool: link: i686-pc-linux-gnu-gcc -g -O2 -DSF_VISIBILITY -fvisibility=hidden -fno-strict-aliasing -Wall -o snort debug.o decode.o encode.o active.o log.o mstring.o parser.o profiler.o plugbase.o snort.o strlcatu.o strlcpyu.o tag.o util.o detect.o signature.o mempool.o sf_sdlist.o fpcreate.o fpdetect.o pcrm.o byte_extract.o sfthreshold.o packet_time.o event_wrapper.o event_queue.o ppm.o log_text.o detection_filter.o detection_util.o rate_filter.o obfuscation.o sfdaq.o idle_processing.o -L/usr/lib output-plugins/libspo.a detection-plugins/libspd.a dynamic-plugins/libdynamic.a dynamic-output/plugins/liboutput.a preprocessors/libspp.a parser/libparser.a target-based/libtarget_based.a preprocessors/HttpInspect/libhttp_inspect.a preprocessors/Stream5/libstream5.a sfutil/libsfutil.a control/libsfcontrol.a -ldnet -lpcre -lpcap -lnsl -luuid -lm /usr/lib/libdaq.so -ldl -lz -lpthread dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicSendBlockResponseMsg': /home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1559: undefined reference to `Active_SendData' dynamic-plugins/libdynamic.a(sf_dynamic_plugins.o): In function `DynamicActiveSetEnabled': /home/knight/Desktop/tempview/snort-2.9.3/src/dynamic-plugins/sf_dynamic_plugins.c:1452: undefined reference to `Active_SetEnabled' collect2: ld returned 1 exit status make[3]: *** [snort] Error 1 make[3]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3/src' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/home/knight/Desktop/tempview/snort-2.9.3' make: *** [all] Error 2 So the issue this bug was created for still exists. Thank you for your time.
Hello. It seems snort-2.9.3.1 includes the fix for this bug. I can confirm 2.9.3.0 does not. Sourcefire feedback reported this: "Hi Valentin-- 2.9.3 was already packaged up and with our test group. Given that there is a work-around, the changes for this issue didn't make the 2.9.3 release. The changes are already in for the next patch release of Snort, so you should see it there. Cheers. -steve" I have attached an ebuild for 2.9.3.1 which is a modified version of snort-2.9.2.3.ebuild from official Portage. It successfully compiles snort without the active response part. I believe so after looking in the build log and seeing no -DACTIVE_RESPONSE that I used to see in previous builds. Modifications to the 2.9.2.3 build include the following: - removed decoder-preprocessor-rules useflag - does not exist in snort-2.9.3+ such ./configure flag. - removed aruba mysql odbc postgres useflags - snort-2.9.3+ does not longer support output to such backends. - removed --disable-prelude and --without-oracle ./configure flags - snort 2.9.3+ does not have those flags anymore. - removed foldes schemas/* from dodoc - source code for snort-2.9.3+ does not include the schemas folder anymore. I also must mention that is order to build a snort IDS sensor without any active response support, ALL USE-flags about inline deployment MUST be disabled. These flags include: -active-response, -flexresp3, -react. The following flags mention inline deployment but do not auto-magic-enable active response: normalizer, ppm. Please verify the ebuild I have attached and confirm the issue can be closed. Thank you for your time.
Created attachment 327130 [details] ebuild based on latest official snort ebuild
