From 4767fbf35ffd5de178ee3bd7ab93690251c71bf8 Mon Sep 17 00:00:00 2001 From: adrianp Date: Sun, 21 Oct 2007 00:22:53 +0000 Subject: Update to 2.8.0 * Port lists * IPv6 support * Packet performance monitoring * Experimental support for target-based stream and IP frag reassembly * Ability to take actions on preprocessor events * Detection for TCP session hijacking based on MAC address * Unified2 output plugin * Improved performance and detection capabilities --- net/snort/Makefile | 7 +++--- net/snort/PLIST | 13 ++++++++--- net/snort/distinfo | 12 +++++------ net/snort/options.mk | 54 ++++++++++++++++++++++++++++++++++++++++++++-- net/snort/patches/patch-aa | 16 +++++++------- net/snort/patches/patch-ae | 43 ++++++++++++++++++++++++++++++++---- 6 files changed, 118 insertions(+), 27 deletions(-) diff --git a/net/snort/Makefile b/net/snort/Makefile index 74b120df007..093f86aa1c9 100644 --- a/net/snort/Makefile +++ b/net/snort/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.32 2007/08/20 20:28:18 adrianp Exp $ +# $NetBSD: Makefile,v 1.33 2007/10/21 00:22:53 adrianp Exp $ # -DISTNAME= snort-2.7.0.1 +DISTNAME= snort-2.8.0 CATEGORIES= net security MASTER_SITES= http://www.snort.org/dl/current/ @@ -83,10 +83,9 @@ post-install: ${INSTALL_DATA} ${WRKSRC}/etc/*.config \ ${WRKSRC}/etc/*.map \ - ${WRKSRC}/etc/generators \ - ${WRKSRC}/etc/sid \ ${WRKSRC}/etc/threshold.conf \ ${WRKSRC}/etc/snort.conf.default ${EGDIR}/ + ${INSTALL_DATA} ${WRKSRC}/doc/generators ${EGDIR} . for i in ${DOC_FILES} ${INSTALL_DATA} ${WRKSRC}/doc/${i} ${PREFIX}/share/doc/snort/ diff --git a/net/snort/PLIST b/net/snort/PLIST index 94e77fb87dc..a3169d18f70 100644 --- a/net/snort/PLIST +++ b/net/snort/PLIST @@ -1,4 +1,4 @@ -@comment $NetBSD: PLIST,v 1.24 2007/02/17 19:08:06 adrianp Exp $ +@comment $NetBSD: PLIST,v 1.25 2007/10/21 00:22:53 adrianp Exp $ bin/snort lib/snort_dynamicengine/libsf_engine.la lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la @@ -7,7 +7,9 @@ lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la man/man8/snort.8 +share/doc/snort/AUTHORS share/doc/snort/BUGS +share/doc/snort/CREDITS share/doc/snort/INSTALL share/doc/snort/NEWS share/doc/snort/PROBLEMS @@ -26,6 +28,7 @@ share/doc/snort/README.asn1 share/doc/snort/README.csv share/doc/snort/README.database share/doc/snort/README.dcerpc +share/doc/snort/README.decode share/doc/snort/README.dns share/doc/snort/README.event_queue share/doc/snort/README.flow @@ -34,12 +37,17 @@ share/doc/snort/README.flowbits share/doc/snort/README.frag3 share/doc/snort/README.ftptelnet share/doc/snort/README.http_inspect +share/doc/snort/README.ipv6 +share/doc/snort/README.ppm share/doc/snort/README.sfportscan share/doc/snort/README.ssh share/doc/snort/README.stream4 share/doc/snort/README.stream5 +share/doc/snort/README.tag share/doc/snort/README.thresholding +share/doc/snort/README.variables share/doc/snort/README.wireless +share/doc/snort/generators share/doc/snort/TODO share/doc/snort/USAGE share/doc/snort/WISHLIST @@ -58,13 +66,13 @@ share/examples/snort/classification.config share/examples/snort/gen-msg.map share/examples/snort/generators share/examples/snort/reference.config -share/examples/snort/sid share/examples/snort/sid-msg.map share/examples/snort/snort.conf.default share/examples/snort/threshold.conf share/examples/snort/unicode.map share/snort/src/snort_dynamicsrc/bitop.h share/snort/src/snort_dynamicsrc/debug.h +share/snort/src/snort_dynamicsrc/pcap_pkthdr32.h share/snort/src/snort_dynamicsrc/preprocids.h share/snort/src/snort_dynamicsrc/profiler.h share/snort/src/snort_dynamicsrc/sf_dynamic_common.h @@ -78,7 +86,6 @@ share/snort/src/snort_dynamicsrc/sfghash.h share/snort/src/snort_dynamicsrc/sfhashfcn.h share/snort/src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.c share/snort/src/snort_dynamicsrc/sfsnort_dynamic_detection_lib.h -share/snort/src/snort_dynamicsrc/snort_packet_header.h share/snort/src/snort_dynamicsrc/str_search.h share/snort/src/snort_dynamicsrc/stream_api.h @dirrm share/snort/src/snort_dynamicsrc diff --git a/net/snort/distinfo b/net/snort/distinfo index 830065101a4..12feb407757 100644 --- a/net/snort/distinfo +++ b/net/snort/distinfo @@ -1,11 +1,11 @@ -$NetBSD: distinfo,v 1.40 2007/08/20 20:28:18 adrianp Exp $ +$NetBSD: distinfo,v 1.41 2007/10/21 00:22:53 adrianp Exp $ -SHA1 (snort-2.7.0.1.tar.gz) = 9b751a73c611126c32e2dccd0a0e99aaff4e9653 -RMD160 (snort-2.7.0.1.tar.gz) = c88b71231bfa65e2c1eabd8931f4d6121e92a26a -Size (snort-2.7.0.1.tar.gz) = 3905846 bytes -SHA1 (patch-aa) = 978f49b2c297305330f0a1c8b9224dab702078bb +SHA1 (snort-2.8.0.tar.gz) = f07b84a0872d861006b56a8c6a79a60308dd68b4 +RMD160 (snort-2.8.0.tar.gz) = dac36a4a1fda60b66ccdc5c774ab61aaa0f6c8a8 +Size (snort-2.8.0.tar.gz) = 4278872 bytes +SHA1 (patch-aa) = 4fe3bb6a40aea972249e4b21b7142b548c761978 SHA1 (patch-ab) = 0ea7deb91de5d3d68558a30e80dcbd8bd81f8a5e SHA1 (patch-ac) = 6cdf26fcaeb8dad9cd9562b77377bd56b49c9f38 SHA1 (patch-ad) = d4bf1dee02af1f1730263a78a868bbdae5d8846d -SHA1 (patch-ae) = 4a669e664ccbce2b9e689fe3d281c46f6549b72c +SHA1 (patch-ae) = ca74cfab6d9010d037a1e72e7c39b7982888c476 SHA1 (patch-af) = ce5129f0337514c9a2a9a482e2f1ed9a405112ec diff --git a/net/snort/options.mk b/net/snort/options.mk index af9725dde46..a2a44d3f8eb 100644 --- a/net/snort/options.mk +++ b/net/snort/options.mk @@ -1,8 +1,10 @@ -# $NetBSD: options.mk,v 1.3 2007/09/09 19:57:23 adrianp Exp $ +# $NetBSD: options.mk,v 1.4 2007/10/21 00:22:53 adrianp Exp $ PKG_OPTIONS_VAR= PKG_OPTIONS.snort -PKG_SUPPORTED_OPTIONS= debug snort-prelude +PKG_SUPPORTED_OPTIONS= debug snort-prelude ssl snmp snort-gre +PKG_SUPPORTED_OPTIONS+= snort-dynamicplugin snort-timestats +PKG_SUPPORTED_OPTIONS+= snort-rulestate PKG_SUGGESTED_OPTIONS= PKG_OPTIONS_OPTIONAL_GROUPS= flex @@ -13,6 +15,33 @@ PKG_OPTIONS_GROUP.database= mysql pgsql .include "../../mk/bsd.options.mk" +### +### Please note that a large number of these options remain un-tested +### for this package. +### + +### +### Enable dynamically loadable preprocessors, detection engine +### and rules libraries. +### +.if !empty(PKG_OPTIONS:Msnort-dynamicplugin) +CONFIGURE_ARGS+= --enable-dynamicplugin +.endif + +### +### Enable rule state configuration feature +### +.if !empty(PKG_OPTIONS:Msnort-rulestate) +CONFIGURE_ARGS+= --enable-rulestate +.endif + +### +### Enable real-time performance statistics +### +.if !empty(PKG_OPTIONS:Msnort-timestats) +CONFIGURE_ARGS+= --enable-timestats +.endif + ### ### Enable debug support ### @@ -20,6 +49,27 @@ PKG_OPTIONS_GROUP.database= mysql pgsql CONFIGURE_ARGS+= --enable-debug .endif +### +### Support for openssl (used by the XML output plugin) +### +.if !empty(PKG_OPTIONS:Mssl) +CONFIGURE_ARGS+= --with-openssl +.endif + +### +### Enable GRE decoder +### +.if !empty(PKG_OPTIONS:Msnort-gre) +CONFIGURE_ARGS+= --enable-gre +.endif + +### +### Enable SNMP alerting code +### +.if !empty(PKG_OPTIONS:Msnmp) +CONFIGURE_ARGS+= --with-snmp +.endif + ### ### Support MySQL for snort logging ### diff --git a/net/snort/patches/patch-aa b/net/snort/patches/patch-aa index eaf713ae824..93826cf886f 100644 --- a/net/snort/patches/patch-aa +++ b/net/snort/patches/patch-aa @@ -1,20 +1,19 @@ -$NetBSD: patch-aa,v 1.15 2007/08/20 20:28:18 adrianp Exp $ +$NetBSD: patch-aa,v 1.16 2007/10/21 00:22:53 adrianp Exp $ ---- src/snort.c.orig 2007-07-26 21:07:18.000000000 +0100 +--- src/snort.c.orig 2007-09-07 19:01:56.000000000 +0100 +++ src/snort.c -@@ -150,7 +150,6 @@ extern OutputFuncNode *LogList; - long start_time; /* tracks how many seconds snort actually ran */ +@@ -158,7 +158,6 @@ extern OutputFuncNode *LogList; + time_t start_time; /* tracks how many seconds snort actually ran */ #endif -extern int errno; /* exported variables *********************************************************/ u_int8_t runMode = 0; /* snort run mode */ -@@ -2656,7 +2655,18 @@ int SetPktProcessor(void) - grinder = DecodeSlipPkt; +@@ -3194,6 +3193,19 @@ int SetPktProcessor(void) break; -- + +#if defined(__NetBSD__) +# if defined(__NetBSD_Version__) +# if (__NetBSD_Version__ >= 105000000) @@ -27,10 +26,11 @@ $NetBSD: patch-aa,v 1.15 2007/08/20 20:28:18 adrianp Exp $ + /* no __NetBSD_Version__ on <1.4 */ +# endif /* __NetBSD_Version__ */ +#endif /* NetBSD */ ++ case DLT_PPP: /* point-to-point protocol */ if(!pv.readmode_flag) { -@@ -3210,7 +3220,7 @@ static char *ConfigFileSearch() +@@ -3743,7 +3755,7 @@ static char *ConfigFileSearch() { struct stat st; int i; diff --git a/net/snort/patches/patch-ae b/net/snort/patches/patch-ae index 429a8060466..46d6cbbd9cb 100644 --- a/net/snort/patches/patch-ae +++ b/net/snort/patches/patch-ae @@ -1,13 +1,48 @@ -$NetBSD: patch-ae,v 1.4 2004/09/21 15:50:26 adrianp Exp $ +$NetBSD: patch-ae,v 1.5 2007/10/21 00:22:53 adrianp Exp $ ---- etc/snort.conf.orig Mon Sep 6 13:21:50 2004 -+++ etc/snort.conf Mon Sep 6 13:24:34 2004 -@@ -106,7 +106,7 @@ +--- etc/snort.conf.orig 2007-09-07 19:32:45.000000000 +0100 ++++ etc/snort.conf +@@ -107,8 +107,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28. # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules -var RULE_PATH ../rules +-var PREPROC_RULE_PATH ../preproc_rules +var RULE_PATH @PREFIX@/share/snort/rules ++var PREPROC_RULE_PATH @PREFIX@/share/snort/preproc_rules # Configure the snort decoder # ============================ +@@ -191,27 +191,27 @@ var PREPROC_RULE_PATH ../preproc_rules + # Load all dynamic preprocessors from the install path + # (same as command line option --dynamic-preprocessor-lib-dir) + # +-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/ ++dynamicpreprocessor directory @PREFIX@/lib/snort_dynamicpreprocessor/ + # + # Load a specific dynamic preprocessor library from the install path + # (same as command line option --dynamic-preprocessor-lib) + # +-# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so ++# dynamicpreprocessor file @PREFIX@/lib/snort_dynamicpreprocessor/libdynamicexample.so + # + # Load a dynamic engine from the install path + # (same as command line option --dynamic-engine-lib) + # +-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so ++dynamicengine @PREFIX@/lib/snort_dynamicengine/libsf_engine.so + # + # Load all dynamic rules libraries from the install path + # (same as command line option --dynamic-detection-lib-dir) + # +-# dynamicdetection directory /usr/local/lib/snort_dynamicrule/ ++# dynamicdetection directory @PREFIX@/lib/snort_dynamicrule/ + # + # Load a specific dynamic rule library from the install path + # (same as command line option --dynamic-detection-lib) + # +-# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so ++# dynamicdetection file @PREFIX@/lib/snort_dynamicrule/libdynamicexamplerule.so + # + + ################################################### -- cgit v1.2.3