Also includes a suggestion from sthen@ to use LIBTOOL_FLAGS=--tag=disable-static
to remove static libraries which based on my tests are not needed by Snort.
reads fine to maintainer Markus Lude
Also link libsf_appid_preproc.so against libc++abi so that luajit can access
libunwind symbols, and regen patches and WANTLIB.
tested by abieber@
ok abieber@, Markus Lude (maintainer)
Also sync pkg/README with reality, add daemon_timeout=120 to the rc.d
script (since Snort can take a while to start with the current rules),
and update/regenerate patches.
Other minor changes:
- Shortened a line in pkg/README so that portcheck won't complain.
- Replaced "/var" with ${LOCALSTATEDIR} in pkg/snort.rc.
- Regenerated patches.
Tested on amd64 by myself and on i386 by Markus Lude.
Tests were done with DAQ 2.0.6.
ok Markus Lude (maintainer)
packets since those checksums are not calculated until after Snort sees
those packets.
This causes Snort to discard those packets instead of processing them,
which in turn prevents Snort from triggering alerts for them.
To fix this, set checksum_mode to "none" in snort.conf to disable
Snort's checksum verification feature.
Looks OK to maintainer Markus Lude.
Special thanks to Bhagya Bantwal of Sourcefire for a patch to fix
crashes on sparc64 on first alert.
Tested on sparc64 by Markus; tested on amd64, i386, and macppc by me.
Re-enable support for non Ethernet decoders so that Snort can listen on
our pflog(4) interface again.
Tested on amd64 and i386. Before the 64-bit time_t change, it was also
tested on amd64 and i386 (by myself and Adam Jeanguenat) and on macppc.
Tested on amd64 and i386 by myself, and on 5.2/amd64 by Rodolfo Gouveia.
From Markus Lude (maintainer) with a tweak by me to remove PKGNAME which
is no longer needed.
"go ahead" sthen@
HTTPS to protect the oinkcode from being exposed (suggested by David
Hill).
Also add a note that registered users without a paid subscription are
only allowed to download the official Snort ruleset once every 15
minutes (suggested by Adam Jeanguenat). This restriction is not obvious
on the snort.org site, so I think this note would be helpful to users.
OK Markus Lude (maintainer), sthen@
Notable changes:
* Consolidation of IPv6 -- now only a single build supports both
IPv4 & IPv6, and removal of the IPv4 "only" code paths.
* File API and improvements to file processing for HTTP downloads
and email attachments via SMTP, POP, and IMAP to facilitate
broader file support
* Use of address space ID for tracking Frag & Stream connections
when it is available with the DAQ
* Logging of packet data that triggers PPM for post-analysis via
Snort event
* Decoding of IPv6 with PPPoE
This commit also includes a patch to snort.conf that was done by myself
with feedback from Markus. The snort.conf patch ensures that Snort will
load the latest Snort ruleset since the rule files have been reorganized
by upstream. It also excludes local.rules by default, since rule
managers like Oinkmaster skip that file when downloading rules.
Tested by Markus on i386 and sparc64, Rodolfo Gouveia on 5.2/amd64 with
his own snort.conf, and myself on amd64 and i386.
OK sthen@
* Add an rc.d script.
* In snort.conf, provide the URL to the official Snort rules so that
users know where to get them.
* In snort.conf, provide the URL to the Emerging Threats rules along
with a commented include line to allow users to easily load the
Emerging Threats rules if they wish.
* Revise pkg/README with details on where to obtain Snort rules, the
differences between the official Snort rules and Emerging Threats
rules, how to download them, and provide some guidance on setting up
Snort.
snort.conf and README changes OK Markus Lude (maintainer), sthen@
rc.d script OK sthen@
Thank you to all who tested: Markus Lude (sparc64), abieber@ (macppc),
and Adam Jeanguenat (i386); I also tested on amd64 and i386. Thank you
to Rodolfo Gouveia for help/tests on earlier versions, and brad@ for
comments on an earlier version.
From Markus Lude (maintainer), and includes changes done based on
feedback from sthen@ and myself.
OK abieber@ sthen@
