openbsd-ports/net/daq/patches/patch-os-daq-modules_daq_ipfw_c

$OpenBSD: patch-os-daq-modules_daq_ipfw_c,v 1.5 2016/05/02 02:28:46 lteo Exp $

This patch removes DAQ_CAPA_UNPRIV_START from the list of capabilities so that
Snort can run as an unprivileged user in inline mode.  Sent upstream:
http://marc.info/?l=snort-devel&m=136254358118711&w=2

--- os-daq-modules/daq_ipfw.c.orig	Tue Sep  9 15:57:31 2014
+++ os-daq-modules/daq_ipfw.c	Fri Apr 29 10:54:35 2016
@@ -403,7 +403,7 @@ static int ipfw_daq_get_snaplen (void* handle)
 static uint32_t ipfw_daq_get_capabilities (void* handle)
 {
     return DAQ_CAPA_BLOCK | DAQ_CAPA_REPLACE | DAQ_CAPA_INJECT | DAQ_CAPA_INJECT_RAW
-        | DAQ_CAPA_BREAKLOOP | DAQ_CAPA_UNPRIV_START | DAQ_CAPA_BPF;
+        | DAQ_CAPA_BREAKLOOP | DAQ_CAPA_BPF;
 }
 
 static int ipfw_daq_get_datalink_type(void *handle)
Update to DAQ 2.0.6. ok maintainer Markus Lude (who had the same diff) 2016-05-02 02:28:46 +00:00			$OpenBSD: patch-os-daq-modules_daq_ipfw_c,v 1.5 2016/05/02 02:28:46 lteo Exp $
Fix two bugs in the IPFW DAQ module that prevented Snort from running properly in inline mode: 1. A bug in ipfw_daq_inject() ignores the buf and len arguments that are passed to it. This prevents Snort inline mode from dropping/rejecting packets that match "drop" or "reject" rules. 2. Remove DAQ_CAPA_UNPRIV_START from the list of capabilities so that Snort can run as an unprivileged user when using the IPFW DAQ module. Tested by myself and Adam Jeanguenat. Received guidance from sthen@. Both fixes have been sent upstream. 2013-07-17 18:18:05 +00:00
Update to DAQ 2.0.1, maintainer timeout Upstream has accepted one of my IPFW DAQ fixes, so update the patch file accordingly. Tested with Snort 2.9.5.3 (which will be committed shortly) on amd64 and i386. Before the 64-bit time_t change, it was also tested on amd64 and i386 (by myself and Adam Jeanguenat) and on macppc. 2013-08-21 02:21:14 +00:00			`This patch removes DAQ_CAPA_UNPRIV_START from the list of capabilities so that`
			`Snort can run as an unprivileged user in inline mode. Sent upstream:`
			`http://marc.info/?l=snort-devel&m=136254358118711&w=2`
Fix two bugs in the IPFW DAQ module that prevented Snort from running properly in inline mode: 1. A bug in ipfw_daq_inject() ignores the buf and len arguments that are passed to it. This prevents Snort inline mode from dropping/rejecting packets that match "drop" or "reject" rules. 2. Remove DAQ_CAPA_UNPRIV_START from the list of capabilities so that Snort can run as an unprivileged user when using the IPFW DAQ module. Tested by myself and Adam Jeanguenat. Received guidance from sthen@. Both fixes have been sent upstream. 2013-07-17 18:18:05 +00:00
Update to DAQ 2.0.6. ok maintainer Markus Lude (who had the same diff) 2016-05-02 02:28:46 +00:00			`--- os-daq-modules/daq_ipfw.c.orig Tue Sep 9 15:57:31 2014`
			`+++ os-daq-modules/daq_ipfw.c Fri Apr 29 10:54:35 2016`
			`@@ -403,7 +403,7 @@ static int ipfw_daq_get_snaplen (void* handle)`
Fix two bugs in the IPFW DAQ module that prevented Snort from running properly in inline mode: 1. A bug in ipfw_daq_inject() ignores the buf and len arguments that are passed to it. This prevents Snort inline mode from dropping/rejecting packets that match "drop" or "reject" rules. 2. Remove DAQ_CAPA_UNPRIV_START from the list of capabilities so that Snort can run as an unprivileged user when using the IPFW DAQ module. Tested by myself and Adam Jeanguenat. Received guidance from sthen@. Both fixes have been sent upstream. 2013-07-17 18:18:05 +00:00			`static uint32_t ipfw_daq_get_capabilities (void* handle)`
			`{`
			`return DAQ_CAPA_BLOCK \| DAQ_CAPA_REPLACE \| DAQ_CAPA_INJECT \| DAQ_CAPA_INJECT_RAW`
			`- \| DAQ_CAPA_BREAKLOOP \| DAQ_CAPA_UNPRIV_START \| DAQ_CAPA_BPF;`
			`+ \| DAQ_CAPA_BREAKLOOP \| DAQ_CAPA_BPF;`
			`}`

			`static int ipfw_daq_get_datalink_type(void *handle)`