active-response - Enables support for automatically sending TCP resets and ICMP unreachable messages to terminate connections. Used with inline deployments.
debug - Enable extra debug codepaths, like asserts and extra output. If you want to get meaningful backtraces see https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Backtraces
flexresp3 - Enables support for new flexable response preprocessor for enabling connection tearing for inline deployments. Replaces flexresp and flexresp2.
gre - Enable support for inspecting and processing Generic Routing Encapsulation (GRE) packet headers. Only needed if you are monitoring GRE tunnels.
inline-init-failopen - Enables support to allow traffic to pass (fail-open) through inline deployments while snort is starting and not ready to begin inspecting traffic. If this option is not enabled, network traffic will not pass (fail-closed) until snort has fully started and is ready to perform packet inspection.
large-pcap-64bit - Allows Snort to read pcap files that are larger than 2 GB. ONLY VALID FOR 64bit SYSTEMS!
libtirpc - Build against net-libs/libtirpc for RPC support
linux-smp-stats - Enable accurate statistics reporting through /proc on systems with multiple processors.
non-ether-decoders - Enable decoding of non-ethernet protocols such as TokenRing, FDDI, IPX, etc.
open-appid - Enable OpenAppID, an open, application-focused detection language and processing module for Snort that enables users to create, share, and implement application detection. Requires dev-lang/luajit.
perfprofiling - Enables support for preprocessor and rule performance profiling using the perfmonitor preprocessor.
ppm - Enables support for setting per rule or per packet latency limits. Helps protect against introducing network latency with inline deployments.
react - Enables support for the react rule keyword. Supports interception, termination, and redirection of HTTP connections.
reload-error-restart - Enables support for completely restarting snort if an error is detected during a reload.
selinux - !!internal use only!! Security Enhanced Linux support, this must be set by the selinux profile or breakage will occur
shared-rep - Enables the use of shared memory for the Reputation Preprocessor (Only available on Linux systems)