Other minor changes:
- Shortened a line in pkg/README so that portcheck won't complain.
- Replaced "/var" with ${LOCALSTATEDIR} in pkg/snort.rc.
- Regenerated patches.
Tested on amd64 by myself and on i386 by Markus Lude.
Tests were done with DAQ 2.0.6.
ok Markus Lude (maintainer)
Special thanks to Bhagya Bantwal of Sourcefire for a patch to fix
crashes on sparc64 on first alert.
Tested on sparc64 by Markus; tested on amd64, i386, and macppc by me.
Re-enable support for non Ethernet decoders so that Snort can listen on
our pflog(4) interface again.
Tested on amd64 and i386. Before the 64-bit time_t change, it was also
tested on amd64 and i386 (by myself and Adam Jeanguenat) and on macppc.
Tested on amd64 and i386 by myself, and on 5.2/amd64 by Rodolfo Gouveia.
From Markus Lude (maintainer) with a tweak by me to remove PKGNAME which
is no longer needed.
"go ahead" sthen@
Notable changes:
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
This commit also includes a patch to snort.conf that was done by myself
with feedback from Markus. The snort.conf patch ensures that Snort will
load the latest Snort ruleset since the rule files have been reorganized
by upstream. It also excludes local.rules by default, since rule
managers like Oinkmaster skip that file when downloading rules.
Tested by Markus on i386 and sparc64, Rodolfo Gouveia on 5.2/amd64 with
his own snort.conf, and myself on amd64 and i386.
OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
- enable dynamicplugin / dynamic preprocessors.
- install documentation.
- fix instructions.
- USE_LIBTOOL.
update from nikns <nikns@secure.lv> with a few changes;
feedback and ok msf@
--
This update contains a ton of fixes and features. Included is a small bit
from the ChangeLog:
* corrected big endian rpc decoding
* stop stream4 from clobbering itself
* fixed file rotation bug in spo_unified
* massive speed patch for multiple CIDR blocks
* corrected ICMP printing
* added a ton of new signatures
From ChangeLog:
- Fixed crash in frag2 under Linux
- Fixed flexresp code, session sniping should work again and be
faster to boot
- Fixed ICMP decoder and printout routines for new ICMP header
data structs in decode.h
- Added -B command line switch to translate IP addresses in pcap
files from one subnet to another (see the man page).
- Added spo_log_null to give users an option to deactivate logging
output from the snort.conf file.
