Tested on amd64 and i386 by myself, and on 5.2/amd64 by Rodolfo Gouveia.
From Markus Lude (maintainer) with a tweak by me to remove PKGNAME which
is no longer needed.
"go ahead" sthen@
Notable changes:
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
This commit also includes a patch to snort.conf that was done by myself
with feedback from Markus. The snort.conf patch ensures that Snort will
load the latest Snort ruleset since the rule files have been reorganized
by upstream. It also excludes local.rules by default, since rule
managers like Oinkmaster skip that file when downloading rules.
Tested by Markus on i386 and sparc64, Rodolfo Gouveia on 5.2/amd64 with
his own snort.conf, and myself on amd64 and i386.
OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
- enable dynamicplugin / dynamic preprocessors.
- install documentation.
- fix instructions.
- USE_LIBTOOL.
update from nikns <nikns@secure.lv> with a few changes;
feedback and ok msf@
--
This update contains a ton of fixes and features. Included is a small bit
from the ChangeLog:
* corrected big endian rpc decoding
* stop stream4 from clobbering itself
* fixed file rotation bug in spo_unified
* massive speed patch for multiple CIDR blocks
* corrected ICMP printing
* added a ton of new signatures
From ChangeLog:
- Fixed crash in frag2 under Linux
- Fixed flexresp code, session sniping should work again and be
faster to boot
- Fixed ICMP decoder and printout routines for new ICMP header
data structs in decode.h
- Added -B command line switch to translate IP addresses in pcap
files from one subnet to another (see the man page).
- Added spo_log_null to give users an option to deactivate logging
output from the snort.conf file.
