Re-enable support for non Ethernet decoders so that Snort can listen on
our pflog(4) interface again.
Tested on amd64 and i386. Before the 64-bit time_t change, it was also
tested on amd64 and i386 (by myself and Adam Jeanguenat) and on macppc.
Tested on amd64 and i386 by myself, and on 5.2/amd64 by Rodolfo Gouveia.
From Markus Lude (maintainer) with a tweak by me to remove PKGNAME which
is no longer needed.
"go ahead" sthen@
HTTPS to protect the oinkcode from being exposed (suggested by David
Hill).
Also add a note that registered users without a paid subscription are
only allowed to download the official Snort ruleset once every 15
minutes (suggested by Adam Jeanguenat). This restriction is not obvious
on the snort.org site, so I think this note would be helpful to users.
OK Markus Lude (maintainer), sthen@
Notable changes:
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
This commit also includes a patch to snort.conf that was done by myself
with feedback from Markus. The snort.conf patch ensures that Snort will
load the latest Snort ruleset since the rule files have been reorganized
by upstream. It also excludes local.rules by default, since rule
managers like Oinkmaster skip that file when downloading rules.
Tested by Markus on i386 and sparc64, Rodolfo Gouveia on 5.2/amd64 with
his own snort.conf, and myself on amd64 and i386.
OK sthen@
* Add an rc.d script.
* In snort.conf, provide the URL to the official Snort rules so that
users know where to get them.
* In snort.conf, provide the URL to the Emerging Threats rules along
with a commented include line to allow users to easily load the
Emerging Threats rules if they wish.
* Revise pkg/README with details on where to obtain Snort rules, the
differences between the official Snort rules and Emerging Threats
rules, how to download them, and provide some guidance on setting up
Snort.
snort.conf and README changes OK Markus Lude (maintainer), sthen@
rc.d script OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
- enable dynamicplugin / dynamic preprocessors.
- install documentation.
- fix instructions.
- USE_LIBTOOL.
update from nikns <nikns@secure.lv> with a few changes;
feedback and ok msf@
