On Sat, Dec 01, 2007 at 01:42:41PM +0100, Markus Lude wrote:
>
> New diff against CVS attached. Please test/comment/commit/...
new diff with a few changes. Please test.
Comments/oks?
cheers,
rui
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.51
diff -u -r1.51 Makefile
--- Makefile 15 Sep 2007 22:36:59 -0000 1.51
+++ Makefile 9 Feb 2008 17:38:12 -0000
@@ -2,29 +2,34 @@
COMMENT= highly flexible sniffer/NIDS
-DISTNAME= snort-2.6.0.2
-PKGNAME= ${DISTNAME}p1
+DISTNAME= snort-2.8.0.1
CATEGORIES= net security
MASTER_SITES= ${HOMEPAGE}/dl/current/
HOMEPAGE= http://www.snort.org/
-# GPL
+MAINTAINER= Markus Lude <[EMAIL PROTECTED]>
+
+# GPLv2
PERMIT_PACKAGE_CDROM= Yes
PERMIT_PACKAGE_FTP= Yes
PERMIT_DISTFILES_CDROM= Yes
PERMIT_DISTFILES_FTP= Yes
-WANTLIB= c m pcap
+WANTLIB= c m pcap
-SHARED_LIBS= sf_engine 0.0 \
- sf_dns_preproc 0.0 \
- sf_ftptelnet_preproc 0.0 \
- sf_smtp_preproc 0.0
+SHARED_LIBS= sf_engine 1.0 \
+ sf_dns_preproc 1.0 \
+ sf_ftptelnet_preproc 1.0 \
+ sf_smtp_preproc 1.0 \
+ sf_dcerpc_preproc 0.0 \
+ sf_ssh_preproc 0.0 \
+ _sfdynamic_example_rule 0.0 \
+ _sfdynamic_preprocessor_example 0.0
USE_LIBTOOL= Yes
SEPARATE_BUILD= concurrent
-CONFIGURE_STYLE=gnu
+CONFIGURE_STYLE=simple
CONFIGURE_ARGS+=${CONFIGURE_SHARED} \
--enable-dynamicplugin
@@ -41,6 +46,9 @@
.if ${FLAVOR:L:Mflexresp}
LIB_DEPENDS+= dnet.=1::net/libdnet
CONFIGURE_ARGS+=--enable-flexresp2
+
+MASTER_SITES0=
http://www-fs.informatik.uni-tuebingen.de/~lude/openbsd/distfiles/
+PATCHFILES= snort-flexresp_patch.diff:0
.endif
.if ${FLAVOR:L:Mpostgresql}
@@ -50,22 +58,31 @@
.if ${FLAVOR:L:Mmysql}
LIB_DEPENDS+= lib/mysql/mysqlclient.>=10::databases/mysql
-CONFIGURE_ARGS+=--with-mysql="${LOCALBASE}"
+CONFIGURE_ARGS+=--with-mysql-libraries="${LOCALBASE}/lib" \
+ --with-mysql-includes="${LOCALBASE}/include"
WANTLIB+= z
.endif
.if ${FLAVOR:L:Mprelude}
MODULES= devel/gettext
-WANTLIB+= gcrypt gpg-error pthread z
+WANTLIB+= gcrypt gnutls gpg-error pthread z
LIB_DEPENDS+= prelude.>=8::security/prelude/libprelude
CONFIGURE_ARGS+=--enable-prelude
MESSAGE= ${PKGDIR}/MESSAGE-prelude
.endif
-CONFIGS= classification.config gen-msg.map generators reference.config \
- sid sid-msg.map snort.conf threshold.conf unicode.map
+CONFIGS= classification.config gen-msg.map reference.config \
+ sid-msg.map snort.conf threshold.conf unicode.map
-DOCS= AUTHORS CREDITS README.* *.pdf
+PREPROC= decoder.rules preprocessor.rules
+
+DOCS= AUTHORS CREDITS README README.* *.pdf TODO USAGE WISHLIST
+
+# workaround conflicts between distpatches and patches
+post-patch:
+.if ${FLAVOR:L:Mflexresp}
+ @perl -pi -e "s,ip_t,snort_ip," ${WRKSRC}/src/preprocessors/stream.h
+.endif
post-build:
@perl -pi -e "s,%%SYSCONFDIR%%,${SYSCONFDIR}," \
@@ -77,6 +94,11 @@
${INSTALL_DATA_DIR} ${PREFIX}/share/examples/snort
.for i in ${CONFIGS}
${INSTALL_DATA} ${WRKSRC}/etc/${i} ${PREFIX}/share/examples/snort
+.endfor
+ ${INSTALL_DATA} ${WRKSRC}/doc/generators ${PREFIX}/share/examples/snort
+
+.for i in ${PREPROC}
+ ${INSTALL_DATA} ${WRKSRC}/preproc_rules/${i}
${PREFIX}/share/examples/snort
.endfor
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/snort
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/snort/distinfo,v
retrieving revision 1.15
diff -u -r1.15 distinfo
--- distinfo 5 Apr 2007 16:20:15 -0000 1.15
+++ distinfo 9 Feb 2008 17:38:12 -0000
@@ -1,5 +1,10 @@
-MD5 (snort-2.6.0.2.tar.gz) = XAlP9tgtuEWl8CPkpJIQPg==
-RMD160 (snort-2.6.0.2.tar.gz) = cG1j24O30DesinHIEEMk2bdZTrU=
-SHA1 (snort-2.6.0.2.tar.gz) = Gms/sZqC+Dvw/OWo226xJ3xyN5s=
-SHA256 (snort-2.6.0.2.tar.gz) = B716x7ZF0TgKzmWzPAZO1Y2dwhvXNrH3a8V13CLhpeI=
-SIZE (snort-2.6.0.2.tar.gz) = 3350277
+MD5 (snort-2.8.0.1.tar.gz) = u2UOjv6Fj1w8yx5HF3XX5w==
+MD5 (snort-flexresp_patch.diff) = ZYyI5dSWIpCkny37tRidUQ==
+RMD160 (snort-2.8.0.1.tar.gz) = oLC+wvfMoNR6WYcIu/xpysr0ShI=
+RMD160 (snort-flexresp_patch.diff) = vrc4csTm8t0HUKMbYMrMzDs66jA=
+SHA1 (snort-2.8.0.1.tar.gz) = s7RfptUDcvZYfNd2r0O0FSURljA=
+SHA1 (snort-flexresp_patch.diff) = qkgi0RNWJintUwpX6uYE4QdeWV4=
+SHA256 (snort-2.8.0.1.tar.gz) = T6dP2/5nc2Kw/vImAm5/EQ196Fa6qtIbX+Pr0PYnsRI=
+SHA256 (snort-flexresp_patch.diff) =
cBSVJQ939iIageqqNMHQnsa1GjjplPju96ePvHBMyNY=
+SIZE (snort-2.8.0.1.tar.gz) = 4331731
+SIZE (snort-flexresp_patch.diff) = 48418
Index: patches/patch-etc_snort_conf
===================================================================
RCS file: /cvs/ports/net/snort/patches/patch-etc_snort_conf,v
retrieving revision 1.1
diff -u -r1.1 patch-etc_snort_conf
--- patches/patch-etc_snort_conf 10 Oct 2006 13:33:17 -0000 1.1
+++ patches/patch-etc_snort_conf 9 Feb 2008 17:38:12 -0000
@@ -1,22 +1,26 @@
$OpenBSD: patch-etc_snort_conf,v 1.1 2006/10/10 13:33:17 aanriot Exp $
---- etc/snort.conf.orig Wed Sep 13 21:44:31 2006
-+++ etc/snort.conf Tue Oct 10 12:54:59 2006
-@@ -82,6 +82,9 @@ var SNMP_SERVERS $HOME_NET
- # Port lists must either be continuous [eg 80:8080], or a single port [eg 80].
- # We will adding support for a real list of ports in the future.
-
+--- etc/snort.conf.orig Fri Sep 7 20:32:45 2007
++++ etc/snort.conf Mon Nov 19 22:23:57 2007
+@@ -78,7 +78,10 @@ var SNMP_SERVERS $HOME_NET
+ # like this:
+ #
+ # portvar HTTP_PORTS 8081
+-#
++
+# Ports you run ssh servers on
-+var SSH_PORTS 22
++portvar SSH_PORTS 22
+
# Ports you run web servers on
- #
- # Please note: [80,8080] does not work.
-@@ -108,7 +111,7 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.
+ portvar HTTP_PORTS 80
+
+@@ -107,8 +110,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161
# Path to your rules files (this can be a relative path)
# Note for Windows users: You are advised to make this an absolute path,
# such as: c:\snort\rules
-var RULE_PATH ../rules
+-var PREPROC_RULE_PATH ../preproc_rules
+var RULE_PATH %%SYSCONFDIR%%/snort/rules
++var PREPROC_RULE_PATH %%SYSCONFDIR%%/snort/preproc_rules
# Configure the snort decoder
# ============================
Index: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-plugins_sf_dynamic_plugins_c
--- patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 10 Oct 2006
13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 9 Feb 2008
17:38:12 -0000
@@ -1,11 +1,13 @@
---- src/dynamic-plugins/sf_dynamic_plugins.c.orig Wed Sep 20 16:10:44 2006
-+++ src/dynamic-plugins/sf_dynamic_plugins.c Wed Sep 20 16:09:23 2006
-@@ -42,6 +42,8 @@
- #define EXT "*.sl"
- #elif defined(MACOS)
- #define EXT "*.dylib"
-+#elif defined(OPENBSD)
-+#define EXT "*.so.*"
- #else
- #define EXT "*.so"
- #endif
+$OpenBSD$
+--- src/dynamic-plugins/sf_dynamic_plugins.c.orig Thu Feb 7 09:41:13 2008
++++ src/dynamic-plugins/sf_dynamic_plugins.c Thu Feb 7 09:41:29 2008
+@@ -218,8 +218,7 @@ void LoadAllLibs(char *path, LoadLibraryFunc loadFunc)
+ dirEntry = readdir(directory);
+ while (dirEntry)
+ {
+- if (dirEntry->d_reclen &&
+- !fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
++ if(!fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD))
+ {
+ SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", path, "/",
dirEntry->d_name);
+ loadFunc(path_buf, 1);
Index: patches/patch-src_dynamic-preprocessors_Makefile_in
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_Makefile_in
--- patches/patch-src_dynamic-preprocessors_Makefile_in 10 Oct 2006 13:33:17
-0000 1.1
+++ patches/patch-src_dynamic-preprocessors_Makefile_in 9 Feb 2008 17:38:12
-0000
@@ -1,16 +1,17 @@
$OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.1 2006/10/10
13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/Makefile.in.orig Wed Sep 13 21:40:06 2006
-+++ src/dynamic-preprocessors/Makefile.in Sun Oct 1 17:38:17 2006
-@@ -480,7 +480,7 @@ maintainer-clean-generic:
+--- src/dynamic-preprocessors/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/Makefile.in Thu Nov 29 12:07:49 2007
+@@ -543,8 +543,7 @@ maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES)
[EMAIL PROTECTED]@uninstall-local:
[EMAIL PROTECTED]@install-data-local:
+install-data-local:
clean: clean-recursive
clean-am: clean-generic clean-libtool clean-local mostlyclean-am
-@@ -608,13 +608,6 @@ include/str_search.h: $(srcdir)/../prepr
+@@ -700,20 +699,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s
clean-local:
rm -rf include build
@@ -20,6 +21,13 @@
[EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
[EMAIL PROTECTED]@ if test -f $(srcdir)/$$f; then p=$(srcdir)/$$f;
else p=$$f; fi; \
[EMAIL PROTECTED]@ $(INSTALL_DATA) $$p
$(DESTDIR)$(srcinstdir)/$$truefile; \
[EMAIL PROTECTED]@ done
+-
[EMAIL PROTECTED]@uninstall-local:
[EMAIL PROTECTED]@ @for f in $(exported_files); do \
[EMAIL PROTECTED]@ truefile=`echo $$f | sed -e "s/.*\///"`; \
[EMAIL PROTECTED]@ $(mkinstalldirs) $(DESTDIR)$(srcinstdir); \
[EMAIL PROTECTED]@ $(RM) -f $(DESTDIR)$(srcinstdir)/$$truefile; \
[EMAIL PROTECTED]@ done
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
Index: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
===================================================================
RCS file: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
diff -N patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 9 Feb 2008
17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/dcerpc/Makefile.in Thu Nov 29 12:07:50 2007
+@@ -394,7 +394,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: patches/patch-src_dynamic-preprocessors_dns_Makefile_in
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dns_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_dns_Makefile_in
--- patches/patch-src_dynamic-preprocessors_dns_Makefile_in 10 Oct 2006
13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_dns_Makefile_in 9 Feb 2008
17:38:12 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-src_dynamic-preprocessors_dns_Makefile_in,v 1.1 2006/10/10
13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/dns/Makefile.in.orig Tue Oct 10 12:22:55 2006
-+++ src/dynamic-preprocessors/dns/Makefile.in Tue Oct 10 12:23:59 2006
-@@ -373,7 +373,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/dns/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/dns/Makefile.in Thu Nov 29 12:07:51 2007
+@@ -376,7 +376,7 @@ distdir: $(DISTFILES)
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_ftptelnet_Makefile_in
--- patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 10 Oct
2006 13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 9 Feb
2008 17:38:12 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v 1.1
2006/10/10 13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Tue Oct 10
12:18:08 2006
-+++ src/dynamic-preprocessors/ftptelnet/Makefile.in Tue Oct 10 12:18:34 2006
-@@ -409,7 +409,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Wed Nov 14
15:32:47 2007
++++ src/dynamic-preprocessors/ftptelnet/Makefile.in Thu Nov 29 12:07:52 2007
+@@ -415,7 +415,7 @@ distdir: $(DISTFILES)
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_smtp_Makefile_in
===================================================================
RCS file:
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_smtp_Makefile_in,v
retrieving revision 1.1
diff -u -r1.1 patch-src_dynamic-preprocessors_smtp_Makefile_in
--- patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 10 Oct 2006
13:33:17 -0000 1.1
+++ patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 9 Feb 2008
17:38:12 -0000
@@ -1,7 +1,7 @@
$OpenBSD: patch-src_dynamic-preprocessors_smtp_Makefile_in,v 1.1 2006/10/10
13:33:17 aanriot Exp $
---- src/dynamic-preprocessors/smtp/Makefile.in.orig Tue Oct 10 12:22:47 2006
-+++ src/dynamic-preprocessors/smtp/Makefile.in Tue Oct 10 12:23:13 2006
-@@ -387,7 +387,7 @@ distdir: $(DISTFILES)
+--- src/dynamic-preprocessors/smtp/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/smtp/Makefile.in Thu Nov 29 12:07:53 2007
+@@ -390,7 +390,7 @@ distdir: $(DISTFILES)
check-am: all-am
check: $(BUILT_SOURCES)
$(MAKE) $(AM_MAKEFLAGS) check-am
Index: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
===================================================================
RCS file: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
diff -N patches/patch-src_dynamic-preprocessors_ssh_Makefile_in
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 9 Feb 2008
17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/dynamic-preprocessors/ssh/Makefile.in.orig Wed Nov 14 15:32:47 2007
++++ src/dynamic-preprocessors/ssh/Makefile.in Thu Nov 29 12:07:54 2007
+@@ -376,7 +376,7 @@ distdir: $(DISTFILES)
+ check-am: all-am
+ check: $(BUILT_SOURCES)
+ $(MAKE) $(AM_MAKEFLAGS) check-am
+-all-am: Makefile $(LTLIBRARIES) all-local
++all-am: Makefile $(LTLIBRARIES)
+ installdirs:
+ for dir in "$(DESTDIR)$(libdir)"; do \
+ test -z "$$dir" || $(mkdir_p) "$$dir"; \
Index: patches/patch-src_event_h
===================================================================
RCS file: patches/patch-src_event_h
diff -N patches/patch-src_event_h
--- patches/patch-src_event_h 25 Nov 2006 05:33:28 -0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,21 +0,0 @@
-$OpenBSD: patch-src_event_h,v 1.1 2006/11/25 05:33:28 pvalchev Exp $
---- src/event.h.orig Tue Aug 23 18:52:22 2005
-+++ src/event.h Tue Nov 7 20:28:12 2006
-@@ -34,6 +34,8 @@
- #include <sys/time.h>
- #endif
-
-+#include "snort_packet_header.h"
-+
- typedef struct _Event
- {
- u_int32_t sig_generator; /* which part of snort generated the alert? */
-@@ -45,7 +47,7 @@ typedef struct _Event
- u_int32_t event_reference; /* reference to other events that have gone
off,
- * such as in the case of tagged packets...
- */
-- struct timeval ref_time; /* reference time for the event reference */
-+ struct pcap_timeval ref_time; /* reference time for the event reference
*/
-
- /* Don't add to this structure because this is the serialized data
- * struct for unified logging.
Index: patches/patch-src_log_c
===================================================================
RCS file: patches/patch-src_log_c
diff -N patches/patch-src_log_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_log_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,39 @@
+$OpenBSD$
+--- src/log.c.orig Mon Aug 20 19:40:24 2007
++++ src/log.c Mon Nov 19 22:32:12 2007
+@@ -355,7 +355,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p)
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type););
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print((struct timeval *) & p->pkth->ts, timestamp);
++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+ /* dump the timestamp */
+ fwrite(timestamp, strlen(timestamp), 1, fp);
+@@ -800,7 +800,7 @@ void PrintArpHeader(FILE * fp, Packet * p)
+
+ bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr));
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print((struct timeval *) & p->pkth->ts, timestamp);
++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+ /* determine what to use as MAC src and dst */
+ if (p->eh != NULL)
+@@ -1874,7 +1874,7 @@ void PrintEapolPkt(FILE * fp, Packet * p)
+
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print((struct timeval *) & p->pkth->ts, timestamp);
++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+ /* dump the timestamp */
+ fwrite(timestamp, strlen(timestamp), 1, fp);
+@@ -2048,7 +2048,7 @@ void PrintWifiPkt(FILE * fp, Packet * p)
+
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print((struct timeval *) & p->pkth->ts, timestamp);
++ ts_print((struct timeval32 *) & p->pkth->ts, timestamp);
+
+ /* dump the timestamp */
+ fwrite(timestamp, strlen(timestamp), 1, fp);
Index: patches/patch-src_output-plugins_spo_alert_fast_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_alert_fast_c
diff -N patches/patch-src_output-plugins_spo_alert_fast_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_alert_fast_c 9 Feb 2008 17:38:12
-0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_alert_fast.c.orig Mon Aug 20 19:26:05 2007
++++ src/output-plugins/spo_alert_fast.c Mon Nov 19 22:36:30 2007
+@@ -138,7 +138,7 @@ void AlertFast(Packet *p, char *msg, void *arg, Event
+ SpoAlertFastData *data = (SpoAlertFastData *)arg;
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
timestamp);
+
+ /* dump the timestamp */
+ fwrite(timestamp, strlen(timestamp), 1, data->file);
Index: patches/patch-src_output-plugins_spo_alert_full_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_alert_full_c
diff -N patches/patch-src_output-plugins_spo_alert_full_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_alert_full_c 9 Feb 2008 17:38:12
-0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_alert_full.c.orig Mon Aug 20 19:26:05 2007
++++ src/output-plugins/spo_alert_full.c Mon Nov 19 22:36:14 2007
+@@ -162,7 +162,7 @@ void AlertFull(Packet *p, char *msg, void *arg, Event
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG, "Logging Alert data!\n"););
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
timestamp);
+
+ /* dump the timestamp */
+ fwrite(timestamp, strlen(timestamp), 1, data->file);
Index: patches/patch-src_output-plugins_spo_csv_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_csv_c
diff -N patches/patch-src_output-plugins_spo_csv_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_output-plugins_spo_csv_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/output-plugins/spo_csv.c.orig Mon Aug 20 19:26:06 2007
++++ src/output-plugins/spo_csv.c Mon Nov 19 22:37:14 2007
+@@ -270,7 +270,7 @@ void RealAlertCSV(Packet * p, char *msg, FILE * file,
+ return;
+
+ bzero((char *) timestamp, TIMEBUF_SIZE);
+- ts_print(p == NULL ? NULL : (struct timeval *) & p->pkth->ts, timestamp);
++ ts_print(p == NULL ? NULL : (struct timeval32 *) & p->pkth->ts,
timestamp);
+
+ DEBUG_WRAP(DebugMessage(DEBUG_LOG,"Logging CSV Alert data\n"););
+
Index: patches/patch-src_output-plugins_spo_unified_c
===================================================================
RCS file: patches/patch-src_output-plugins_spo_unified_c
diff -N patches/patch-src_output-plugins_spo_unified_c
--- patches/patch-src_output-plugins_spo_unified_c 25 Nov 2006 05:33:28
-0000 1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,38 +0,0 @@
-$OpenBSD: patch-src_output-plugins_spo_unified_c,v 1.1 2006/11/25 05:33:28
pvalchev Exp $
---- src/output-plugins/spo_unified.c.orig Fri May 12 20:19:56 2006
-+++ src/output-plugins/spo_unified.c Tue Nov 7 20:28:12 2006
-@@ -126,7 +126,7 @@ typedef struct _UnifiedLog
- typedef struct _UnifiedAlert
- {
- Event event;
-- struct timeval ts; /* event timestamp */
-+ struct pcap_timeval ts; /* event timestamp */
- u_int32_t sip; /* src ip */
- u_int32_t dip; /* dest ip */
- u_int16_t sp; /* src port */
-@@ -551,7 +551,11 @@ void RealUnifiedLogPacketAlert(Packet *p
- * this will have to be fixed when we transition to the pa_engine
- * code (p->pkth is libpcap specific)
- */
-- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+ logheader.pkth.caplen = p->pkth->caplen;
-+ logheader.pkth.pktlen = p->pkth->len;
-+
- }
- else
- {
-@@ -1260,7 +1264,11 @@ void OldUnifiedLogPacketAlert(Packet *p,
- {
- logheader.flags = p->packet_flags;
-
-- memcpy(&logheader.pkth, p->pkth, sizeof(SnortPktHeader));
-+ logheader.pkth.ts.tv_sec = p->pkth->ts.tv_sec;
-+ logheader.pkth.ts.tv_usec = p->pkth->ts.tv_usec;
-+ logheader.pkth.caplen = p->pkth->caplen;
-+ logheader.pkth.pktlen = p->pkth->len;
-+
-
- #ifdef GIDS
- /*
Index: patches/patch-src_ppm_c
===================================================================
RCS file: patches/patch-src_ppm_c
diff -N patches/patch-src_ppm_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_ppm_c 9 Feb 2008 17:38:12 -0000
@@ -0,0 +1,21 @@
+$OpenBSD$
+--- src/ppm.c.orig Mon Aug 20 19:25:02 2007
++++ src/ppm.c Mon Nov 19 22:39:12 2007
+@@ -360,7 +360,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
+ if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
+ {
+ if(!*timestamp)
+- ts_print((struct timeval*)&p->pkth->ts, timestamp);
++ ts_print((struct timeval32*)&p->pkth->ts, timestamp);
+
+ LogMessage(PPM_FMT_REENABLED,
+ otn->sigInfo.generator,
+@@ -423,7 +423,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p)
+ if( ppm_cfg.rule_log & PPM_LOG_MESSAGE )
+ {
+ if(!*timestamp)
+- ts_print((struct timeval*)&p->pkth->ts, timestamp);
++ ts_print((struct timeval32*)&p->pkth->ts, timestamp);
+
+ LogMessage(PPM_FMT_SUSPENDED,
+ otn->sigInfo.generator,
Index: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
===================================================================
RCS file: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
diff -N patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 9 Feb 2008
17:38:12 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Tue Nov 13 21:32:49 2007
++++ src/preprocessors/Stream5/snort_stream5_tcp.c Thu Nov 29 12:08:00 2007
+@@ -6076,7 +6076,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet
+ char src_addr[17];
+ char dst_addr[17];
+ bzero((char *)timestamp, TIMEBUF_SIZE);
+- ts_print((struct timeval *) &p->pkth->ts, timestamp);
++ ts_print((struct timeval32 *) &p->pkth->ts, timestamp);
+ SnortSnprintf(src_addr, 17, "%s",
+ inet_ntoa(GET_SRC_ADDR(p)));
+ SnortSnprintf(dst_addr, 17, "%s",
Index: patches/patch-src_preprocessors_snort_stream4_session_c
===================================================================
RCS file: patches/patch-src_preprocessors_snort_stream4_session_c
diff -N patches/patch-src_preprocessors_snort_stream4_session_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_snort_stream4_session_c 9 Feb 2008
17:38:14 -0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/snort_stream4_session.c.orig Mon Aug 20 19:30:23 2007
++++ src/preprocessors/snort_stream4_session.c Mon Nov 19 22:50:05 2007
+@@ -149,7 +149,7 @@ int GetSessionKey(Packet *p, SessionHashKey *key)
+ key->proto = GET_IPH_PROTO(p);
+
+ #ifdef _LP64
+- key->pad1 = key->pad2 = 0;
++ key->pad1 = key->pad2 = key->pad3 = 0;
+ #endif
+
+ return 1;
Index: patches/patch-src_preprocessors_spp_sfportscan_c
===================================================================
RCS file: patches/patch-src_preprocessors_spp_sfportscan_c
diff -N patches/patch-src_preprocessors_spp_sfportscan_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_spp_sfportscan_c 9 Feb 2008 17:38:14
-0000
@@ -0,0 +1,12 @@
+$OpenBSD$
+--- src/preprocessors/spp_sfportscan.c.orig Fri Sep 7 19:59:20 2007
++++ src/preprocessors/spp_sfportscan.c Mon Nov 19 22:39:50 2007
+@@ -247,7 +247,7 @@ static int LogPortscanAlert(Packet *p, char *msg, u_in
+ return 0;
+ }
+
+- ts_print((struct timeval *)&p->pkth->ts, timebuf);
++ ts_print((struct timeval32 *)&p->pkth->ts, timebuf);
+
+ fprintf(g_logfile, "Time: %s\n", timebuf);
+
Index: patches/patch-src_preprocessors_stream_h
===================================================================
RCS file: patches/patch-src_preprocessors_stream_h
diff -N patches/patch-src_preprocessors_stream_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_preprocessors_stream_h 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,80 @@
+$OpenBSD$
+--- src/preprocessors/stream.h.orig Mon Aug 20 19:30:23 2007
++++ src/preprocessors/stream.h Sat Dec 1 02:18:24 2007
+@@ -39,12 +39,12 @@ typedef struct _StreamPacketData
+ u_int8_t *pktOrig;
+ u_int8_t *pkt;
+ struct pcap_pkthdr pkth;
+- u_int16_t pkt_size;
+ /* Pointer to trimmed payload */
+ u_int8_t *payload;
+- u_int16_t payload_size;
+ u_int32_t seq_num;
+ u_int32_t cksum;
++ u_int16_t pkt_size;
++ u_int16_t payload_size;
+ u_int8_t chuck; /* mark the spd for chucking if it's
+ * been reassembled
+ */
+@@ -66,34 +66,37 @@ typedef struct _StreamAlertInfo
+ typedef struct _Stream
+ {
+ ip_t ip; /* IP addr */
+- u_int16_t port; /* port number */
+- u_int8_t state; /* stream state */
+ u_int32_t isn; /* initial sequence number */
+ u_int32_t base_seq; /* base seq num for this packet set */
+ u_int32_t last_ack; /* last segment ack'd */
++ u_int16_t port; /* port number */
+ u_int16_t win_size; /* window size */
+ u_int32_t next_seq; /* next sequence we expect to see -- used on
reassemble */
+ u_int32_t pkts_sent; /* track the number of packets in this stream */
+ u_int32_t bytes_sent; /* track the number of bytes in this stream */
+ u_int32_t bytes_tracked; /* track the total number of bytes on this side
*/
++ u_int8_t state; /* stream state */
+ u_int8_t state_queue; /* queued state transition */
+ u_int8_t expected_flags; /* tcp flag needed to accept transition */
+- u_int32_t trans_seq; /* sequence number of transition packet */
+ u_int8_t stq_chk_seq; /* flag to see if we need to check the seq
+ num of the state transition packet */
++ u_int32_t trans_seq; /* sequence number of transition packet */
+ u_int32_t overlap_pkts; /* track the number of packets with duplicate
seq #s */
+ u_int32_t bytes_inspected; /* track the number of bytes seen since last
+ * data from other side */
+
++ u_int32_t pkt_count;
+ StreamPacketData *seglist;
+ StreamPacketData *seglist_tail;
+- u_int32_t pkt_count;
+- char flags;
+
+ StreamAlertInfo alerts[MAX_SESSION_ALERTS];
+ u_int8_t alert_count; /* count alerts seen in a stream */
+
+ u_int8_t outoforder; /* flag indicating stream is no longer in order
*/
++ char flags;
++#if defined(_LP64)
++ char pad;
++#endif
+ } Stream;
+
+ typedef struct _SessionHashKey
+@@ -103,14 +106,13 @@ typedef struct _SessionHashKey
+ u_int16_t port; /* If IPs are the same, this will be the lower of
+ * the two ports. Otherwise, it will be the port
+ * corresponding to lowIP. */
+-#if defined(_LP64)
+- u_int16_t pad1;
+-#endif
+ u_int16_t port2;
++ u_int8_t proto;
+ #if defined(_LP64)
+- u_int16_t pad2;
++ u_int8_t pad1;
++ u_int8_t pad2;
++ u_int8_t pad3;
+ #endif
+- u_int8_t proto;
+ } SessionHashKey;
+
+ typedef struct _StreamApplicationData
Index: patches/patch-src_snort_packet_header_h
===================================================================
RCS file: patches/patch-src_snort_packet_header_h
diff -N patches/patch-src_snort_packet_header_h
--- patches/patch-src_snort_packet_header_h 25 Nov 2006 05:33:28 -0000
1.1
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,25 +0,0 @@
-$OpenBSD: patch-src_snort_packet_header_h,v 1.1 2006/11/25 05:33:28 pvalchev
Exp $
---- src/snort_packet_header.h.orig Thu Jan 19 19:09:12 2006
-+++ src/snort_packet_header.h Tue Nov 7 20:28:12 2006
-@@ -16,12 +16,20 @@
- #include <sys/types.h>
-
-
-+/* we must use fixed size of 32 bits, because on-disk
-+ * format of savefiles uses 32-bit tv_sec (and tv_usec)
-+ */
-+struct pcap_timeval {
-+ u_int32_t tv_sec; /* seconds */
-+ u_int32_t tv_usec; /* microseconds */
-+};
-+
- /* this is equivalent to the pcap pkthdr struct, but we need one for
- * portability once we introduce the pa_engine code
- */
- typedef struct _SnortPktHeader
- {
-- struct timeval ts; /* packet timestamp */
-+ struct pcap_timeval ts;/* packet timestamp */
- u_int32_t caplen; /* packet capture length */
- u_int32_t pktlen; /* packet "real" length */
- } SnortPktHeader;
Index: patches/patch-src_util_c
===================================================================
RCS file: patches/patch-src_util_c
diff -N patches/patch-src_util_c
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_util_c 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,29 @@
+$OpenBSD$
+--- src/util.c.orig Mon Aug 20 18:31:51 2007
++++ src/util.c Mon Nov 19 22:37:37 2007
+@@ -392,12 +392,13 @@ int DisplayBanner()
+ * Returns: void function
+ *
+ ****************************************************************************/
+-void ts_print(register const struct timeval *tvp, char *timebuf)
++void ts_print(register const struct timeval32 *tvp, char *timebuf)
+ {
+ register int s;
+ int localzone;
+ time_t Time;
+ struct timeval tv;
++ struct timeval32 tvnow;
+ struct timezone tz;
+ struct tm *lt; /* place to stick the adjusted clock data */
+
+@@ -407,7 +408,9 @@ void ts_print(register const struct timeval *tvp, char
+ /* manual page (for linux) says tz is never used, so.. */
+ bzero((char *) &tz, sizeof(tz));
+ gettimeofday(&tv, &tz);
+- tvp = &tv;
++ tvnow.tv_sec = tv.tv_sec;
++ tvnow.tv_usec = tv.tv_usec;
++ tvp = &tvnow;
+ }
+
+ localzone = thiszone;
Index: patches/patch-src_util_h
===================================================================
RCS file: patches/patch-src_util_h
diff -N patches/patch-src_util_h
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_util_h 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,20 @@
+$OpenBSD$
+--- src/util.h.orig Mon Aug 20 18:35:44 2007
++++ src/util.h Mon Nov 19 22:31:17 2007
+@@ -34,6 +34,7 @@
+ #endif
+
+ #include "sf_types.h"
++#include "pcap_pkthdr32.h"
+
+ /* specifies that a function does not return
+ * used for quieting Visual Studio warnings
+@@ -139,7 +140,7 @@ typedef struct _IntervalStats
+ int DisplayBanner();
+ void GetTime(char *);
+ int gmt2local(time_t);
+-void ts_print(register const struct timeval *, char *);
++void ts_print(register const struct timeval32 *, char *);
+ char *copy_argv(char **);
+ void strip(char *);
+ double CalcPct(UINT64, UINT64);
Index: pkg/PFRAG.prelude
===================================================================
RCS file: pkg/PFRAG.prelude
diff -N pkg/PFRAG.prelude
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/PFRAG.prelude 9 Feb 2008 17:38:14 -0000
@@ -0,0 +1,2 @@
[EMAIL PROTECTED] $OpenBSD$
[EMAIL PROTECTED] usermod -G _prelude _snort
Index: pkg/PFRAG.shared
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PFRAG.shared,v
retrieving revision 1.1
diff -u -r1.1 PFRAG.shared
--- pkg/PFRAG.shared 10 Oct 2006 13:33:17 -0000 1.1
+++ pkg/PFRAG.shared 9 Feb 2008 17:38:14 -0000
@@ -1,5 +1,9 @@
@comment $OpenBSD: PFRAG.shared,v 1.1 2006/10/10 13:33:17 aanriot Exp $
@lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.${LIB_sfdynamic_preprocessor_example_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.${LIBsf_dcerpc_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.${LIBsf_dns_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.${LIBsf_ftptelnet_preproc_VERSION}
@lib
lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.${LIBsf_smtp_preproc_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.${LIBsf_ssh_preproc_VERSION}
[EMAIL PROTECTED]
lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.${LIB_sfdynamic_example_rule_VERSION}
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/snort/pkg/PLIST,v
retrieving revision 1.15
diff -u -r1.15 PLIST
--- pkg/PLIST 10 Oct 2006 13:33:17 -0000 1.15
+++ pkg/PLIST 9 Feb 2008 17:38:14 -0000
@@ -1,22 +1,38 @@
@comment $OpenBSD: PLIST,v 1.15 2006/10/10 13:33:17 aanriot Exp $
@newgroup _snort:557
@newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
+%%prelude%%
%%SHARED%%
bin/snort
lib/snort_dynamicengine/
lib/snort_dynamicengine/libsf_engine.a
@comment lib/snort_dynamicengine/libsf_engine.la
lib/snort_dynamicpreprocessor/
+lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a
[EMAIL PROTECTED]
lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la
+lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
[EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
@comment lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
+lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
[EMAIL PROTECTED] lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
+lib/snort_dynamicrules/
+lib/snort_dynamicrules/lib_sfdynamic_example_rule.a
[EMAIL PROTECTED] lib/snort_dynamicrules/lib_sfdynamic_example_rule.la
@man man/man8/snort.8
share/doc/snort/
share/doc/snort/AUTHORS
+share/doc/snort/BUGS
share/doc/snort/CREDITS
+share/doc/snort/INSTALL
+share/doc/snort/NEWS
+share/doc/snort/PROBLEMS
+share/doc/snort/README
+share/doc/snort/README.ARUBA
share/doc/snort/README.FLEXRESP
share/doc/snort/README.FLEXRESP2
share/doc/snort/README.INLINE
@@ -29,6 +45,8 @@
share/doc/snort/README.asn1
share/doc/snort/README.csv
share/doc/snort/README.database
+share/doc/snort/README.dcerpc
+share/doc/snort/README.decode
share/doc/snort/README.dns
share/doc/snort/README.event_queue
share/doc/snort/README.flow
@@ -37,25 +55,45 @@
share/doc/snort/README.frag3
share/doc/snort/README.ftptelnet
share/doc/snort/README.http_inspect
+share/doc/snort/README.ipv6
+share/doc/snort/README.ppm
share/doc/snort/README.sfportscan
+share/doc/snort/README.ssh
+share/doc/snort/README.stream4
+share/doc/snort/README.stream5
+share/doc/snort/README.tag
share/doc/snort/README.thresholding
+share/doc/snort/README.variables
share/doc/snort/README.wireless
+share/doc/snort/TODO
+share/doc/snort/USAGE
+share/doc/snort/WISHLIST
share/doc/snort/faq.pdf
+share/doc/snort/generators
share/doc/snort/snort_manual.pdf
share/doc/snort/snort_schema_v106.pdf
share/examples/snort/
@sample ${SYSCONFDIR}/snort/
@sample ${SYSCONFDIR}/snort/rules/
[EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/
share/examples/snort/classification.config
@sample ${SYSCONFDIR}/snort/classification.config
+share/examples/snort/decoder.rules
[EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/decoder.rules
share/examples/snort/gen-msg.map
@sample ${SYSCONFDIR}/snort/gen-msg.map
share/examples/snort/generators
@sample ${SYSCONFDIR}/snort/generators
+share/examples/snort/preprocessor.rules
[EMAIL PROTECTED] ${SYSCONFDIR}/snort/preproc_rules/preprocessor.rules
[EMAIL PROTECTED] /var/snort/
[EMAIL PROTECTED] _snort
[EMAIL PROTECTED] _snort
[EMAIL PROTECTED] /var/snort/log/
[EMAIL PROTECTED]
[EMAIL PROTECTED]
share/examples/snort/reference.config
@sample ${SYSCONFDIR}/snort/reference.config
-share/examples/snort/sid
[EMAIL PROTECTED] ${SYSCONFDIR}/snort/sid
share/examples/snort/sid-msg.map
@sample ${SYSCONFDIR}/snort/sid-msg.map
share/examples/snort/snort.conf
@@ -64,7 +102,3 @@
@sample ${SYSCONFDIR}/snort/threshold.conf
share/examples/snort/unicode.map
@sample ${SYSCONFDIR}/snort/unicode.map
[EMAIL PROTECTED] /var/snort/
[EMAIL PROTECTED] _snort
[EMAIL PROTECTED] _snort
[EMAIL PROTECTED] /var/snort/log/
