On Thu, Dec 17, 2009 at 09:33:38PM +0100, Markus Lude wrote: > On Wed, Dec 16, 2009 at 08:11:27PM +0100, Markus Lude wrote: > > On Wed, Dec 16, 2009 at 03:02:59PM +0000, Stuart Henderson wrote: > > > On 2009-10-25, Markus Lude <markus.l...@gmx.de> wrote: > > > > You now need to add the correct library version number to > > > > libsf_engine.so in the dynamicengine config line in your snort.conf. > > > > This applies only to those which use an older already adjusted > > > > snort.conf. The one in the diff below already has it. Should I add a > > > > MESSAGE file for this? > > > > > > This is a bit of a problem, it means users will need to hand-edit their > > > config file every time they upgrade. Were you able to work out what > > > changed > > > between releases that has made this necessary? dlopen(3) should be quite > > > capable of locating the library from the basename without specifying the > > > particular version... > > > > > > Alternatively, does it even make sense to give this a versioned filename? > > > Plugins for e.g. php, apache and others typically just use unversioned > > > names. > > > > Thanks for the feedback. I'll have a look at it. > > Please test the new attached diff. Only changes are in snort.conf and > the Makefile. > > Any hints on how to remove the versions from the libs? Maybe we could > try that later on...
For now I prefer to keep the version numbers in the filenames of the libs. Users will need to edit the snort.conf file if they update snort this round, but usually there are quite a few other stuff which also changes there, like new preprocessors, ... . Later on at least that one line needs no changes (as with former updates). More comments on this or could someone please commit it? Regards, Markus
Index: Makefile =================================================================== RCS file: /cvs/ports/net/snort/Makefile,v retrieving revision 1.54 diff -u -p -r1.54 Makefile --- Makefile 16 Aug 2009 13:31:27 -0000 1.54 +++ Makefile 17 Dec 2009 08:37:02 -0000 @@ -4,7 +4,7 @@ SHARED_ONLY = Yes COMMENT = highly flexible sniffer/NIDS -DISTNAME = snort-2.8.4.1 +DISTNAME = snort-2.8.5.1 CATEGORIES = net security MASTER_SITES = http://dl.snort.org/snort-current/ @@ -19,22 +19,21 @@ PERMIT_DISTFILES_CDROM = Yes PERMIT_DISTFILES_FTP = Yes WANTLIB = c m pcap -SHARED_LIBS = sf_engine 3.0 \ - sf_dce2_preproc 0.0 \ - sf_dcerpc_preproc 2.0 \ - sf_dns_preproc 3.0 \ - sf_ftptelnet_preproc 3.0 \ - sf_smtp_preproc 3.0 \ - sf_ssh_preproc 2.0 \ - sf_ssl_preproc 1.0 \ - _sfdynamic_example_rule 0.0 \ - _sfdynamic_preprocessor_example 0.0 +SHARED_LIBS = sf_engine 4.0 \ + sf_dce2_preproc 1.0 \ + sf_dcerpc_preproc 3.0 \ + sf_dns_preproc 4.0 \ + sf_ftptelnet_preproc 4.0 \ + sf_smtp_preproc 4.0 \ + sf_ssh_preproc 3.0 \ + sf_ssl_preproc 2.0 USE_LIBTOOL = Yes SEPARATE_BUILD = concurrent CONFIGURE_STYLE = simple CONFIGURE_ARGS += ${CONFIGURE_SHARED} \ + --enable-ipv6 \ --enable-dynamicplugin MAKE_FLAGS = mandir=${TRUEPREFIX}/man Index: distinfo =================================================================== RCS file: /cvs/ports/net/snort/distinfo,v retrieving revision 1.18 diff -u -p -r1.18 distinfo --- distinfo 16 Aug 2009 13:31:27 -0000 1.18 +++ distinfo 17 Dec 2009 08:37:02 -0000 @@ -1,5 +1,5 @@ -MD5 (snort-2.8.4.1.tar.gz) = Y/TnaulqLRM/THt0G61UWA== -RMD160 (snort-2.8.4.1.tar.gz) = jzijfJ8Wm6uVKUbMq6JMktJnuIA= -SHA1 (snort-2.8.4.1.tar.gz) = P/q7U2bAiJUv76sZqNwZzoTWJkU= -SHA256 (snort-2.8.4.1.tar.gz) = 7n95DrPfTmFWp8hl8boihVOUyePBP9xX1gqGRyZ/wgk= -SIZE (snort-2.8.4.1.tar.gz) = 4567713 +MD5 (snort-2.8.5.1.tar.gz) = savzqfo0hnIMmite/5IEFw== +RMD160 (snort-2.8.5.1.tar.gz) = +/q0Xx19gVUWBDWS6rjPHMbsk9A= +SHA1 (snort-2.8.5.1.tar.gz) = uXEFLN1LNSegYDhUlTED/prYpFs= +SHA256 (snort-2.8.5.1.tar.gz) = reGw9K50/WI8Yz0otvFCkYd1GzWzaj+KDBl9IQS15a4= +SIZE (snort-2.8.5.1.tar.gz) = 4715078 Index: patches/patch-etc_snort_conf =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-etc_snort_conf,v retrieving revision 1.4 diff -u -p -r1.4 patch-etc_snort_conf --- patches/patch-etc_snort_conf 16 Aug 2009 13:31:27 -0000 1.4 +++ patches/patch-etc_snort_conf 17 Dec 2009 08:37:02 -0000 @@ -1,19 +1,17 @@ $OpenBSD: patch-etc_snort_conf,v 1.4 2009/08/16 13:31:27 rui Exp $ ---- etc/snort.conf.orig Wed Mar 11 14:22:03 2009 -+++ etc/snort.conf Wed Apr 8 12:47:17 2009 -@@ -78,7 +78,10 @@ var SNMP_SERVERS $HOME_NET - # like this: - # - # portvar HTTP_PORTS 8081 --# -+ +--- etc/snort.conf.orig Mon Oct 19 23:09:14 2009 ++++ etc/snort.conf Thu Dec 17 08:25:52 2009 +@@ -99,6 +99,9 @@ portvar HTTP_PORTS 80 + # including the rules file twice is obsolete. See README.variables for more + # details. + +# Ports you run ssh servers on +portvar SSH_PORTS 22 + - # Ports you run web servers on - portvar HTTP_PORTS 80 + # Ports you want to look for SHELLCODE on. + portvar SHELLCODE_PORTS !80 -@@ -107,8 +110,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161 +@@ -117,8 +120,8 @@ var AIM_SERVERS [64.12.24.0/23,64.12.28.0/23,64.12.161 # Path to your rules files (this can be a relative path) # Note for Windows users: You are advised to make this an absolute path, # such as: c:\snort\rules @@ -24,3 +22,12 @@ $OpenBSD: patch-etc_snort_conf,v 1.4 200 # Configure the snort decoder # ============================ +@@ -211,7 +214,7 @@ dynamicpreprocessor directory /usr/local/lib/snort_dyn + # Load a dynamic engine from the install path + # (same as command line option --dynamic-engine-lib) + # +-dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so ++dynamicengine directory /usr/local/lib/snort_dynamicengine/ + # + # Load all dynamic rules libraries from the install path + # (same as command line option --dynamic-detection-lib-dir) Index: patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c,v retrieving revision 1.4 diff -u -p -r1.4 patch-src_dynamic-plugins_sf_dynamic_plugins_c --- patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 16 Aug 2009 13:31:27 -0000 1.4 +++ patches/patch-src_dynamic-plugins_sf_dynamic_plugins_c 17 Dec 2009 08:37:02 -0000 @@ -1,13 +1,13 @@ $OpenBSD: patch-src_dynamic-plugins_sf_dynamic_plugins_c,v 1.4 2009/08/16 13:31:27 rui Exp $ ---- src/dynamic-plugins/sf_dynamic_plugins.c.orig Mon Jan 26 22:50:08 2009 -+++ src/dynamic-plugins/sf_dynamic_plugins.c Wed Apr 8 12:40:35 2009 -@@ -233,8 +233,7 @@ void LoadAllLibs(char *path, LoadLibraryFunc loadFunc) - dirEntry = readdir(directory); - while (dirEntry) +--- src/dynamic-plugins/sf_dynamic_plugins.c.orig Tue Jul 7 17:37:04 2009 ++++ src/dynamic-plugins/sf_dynamic_plugins.c Thu Aug 20 00:32:57 2009 +@@ -244,8 +244,7 @@ void LoadAllLibs(char *path, LoadLibraryFunc loadFunc) + dir_entry = readdir(directory); + while (dir_entry != NULL) { -- if (dirEntry->d_reclen && -- !fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD)) -+ if(!fnmatch(EXT, dirEntry->d_name, FNM_PATHNAME | FNM_PERIOD)) +- if ((dir_entry->d_reclen != 0) && +- (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0)) ++ if (fnmatch(MODULE_EXT, dir_entry->d_name, FNM_PATHNAME | FNM_PERIOD) == 0) { - SnortSnprintf(path_buf, PATH_MAX, "%s%s%s", path, "/", dirEntry->d_name); - loadFunc(path_buf, 1); + /* Get the string up until the first dot. This will be + * considered the file prefix. */ Index: patches/patch-src_dynamic-preprocessors_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-src_dynamic-preprocessors_Makefile_in --- patches/patch-src_dynamic-preprocessors_Makefile_in 16 Aug 2009 13:31:27 -0000 1.4 +++ patches/patch-src_dynamic-preprocessors_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_Makefile_in,v 1.4 2009/08/16 13:31:27 rui Exp $ ---- src/dynamic-preprocessors/Makefile.in.orig Wed Mar 11 14:19:27 2009 -+++ src/dynamic-preprocessors/Makefile.in Wed Apr 8 12:40:35 2009 -@@ -574,8 +574,7 @@ maintainer-clean-generic: +--- src/dynamic-preprocessors/Makefile.in.orig Mon Oct 19 23:08:08 2009 ++++ src/dynamic-preprocessors/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -594,8 +594,7 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) @@ -11,7 +11,7 @@ $OpenBSD: patch-src_dynamic-preprocessor clean: clean-recursive clean-am: clean-generic clean-libtool clean-local mostlyclean-am -@@ -757,20 +756,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s +@@ -778,20 +777,6 @@ include/str_search.h: $(srcdir)/../preprocessors/str_s clean-local: rm -rf include build Index: patches/patch-src_dynamic-preprocessors_dcerpc2_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dcerpc2_Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-src_dynamic-preprocessors_dcerpc2_Makefile_in --- patches/patch-src_dynamic-preprocessors_dcerpc2_Makefile_in 16 Aug 2009 13:31:27 -0000 1.1 +++ patches/patch-src_dynamic-preprocessors_dcerpc2_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_dcerpc2_Makefile_in,v 1.1 2009/08/16 13:31:27 rui Exp $ ---- src/dynamic-preprocessors/dcerpc2/Makefile.in.orig Wed Mar 11 14:19:28 2009 -+++ src/dynamic-preprocessors/dcerpc2/Makefile.in Wed Apr 8 15:58:27 2009 -@@ -418,7 +418,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/dcerpc2/Makefile.in.orig Mon Oct 19 23:08:08 2009 ++++ src/dynamic-preprocessors/dcerpc2/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -424,7 +424,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_dynamic-preprocessors_dcerpc_Makefile_in --- patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 12 Feb 2009 22:12:08 -0000 1.2 +++ patches/patch-src_dynamic-preprocessors_dcerpc_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_dcerpc_Makefile_in,v 1.2 2009/02/12 22:12:08 rui Exp $ ---- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Fri Jul 18 22:52:05 2008 -+++ src/dynamic-preprocessors/dcerpc/Makefile.in Fri Aug 8 14:57:43 2008 -@@ -392,7 +392,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/dcerpc/Makefile.in.orig Mon Oct 19 23:08:08 2009 ++++ src/dynamic-preprocessors/dcerpc/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -399,7 +399,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_dynamic-preprocessors_dns_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_dns_Makefile_in,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_dynamic-preprocessors_dns_Makefile_in --- patches/patch-src_dynamic-preprocessors_dns_Makefile_in 12 Feb 2009 22:12:08 -0000 1.3 +++ patches/patch-src_dynamic-preprocessors_dns_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_dns_Makefile_in,v 1.3 2009/02/12 22:12:08 rui Exp $ ---- src/dynamic-preprocessors/dns/Makefile.in.orig Fri Jul 18 22:52:06 2008 -+++ src/dynamic-preprocessors/dns/Makefile.in Fri Aug 8 14:57:43 2008 -@@ -374,7 +374,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/dns/Makefile.in.orig Mon Oct 19 23:08:08 2009 ++++ src/dynamic-preprocessors/dns/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -381,7 +381,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v retrieving revision 1.4 diff -u -p -r1.4 patch-src_dynamic-preprocessors_ftptelnet_Makefile_in --- patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 16 Aug 2009 13:31:27 -0000 1.4 +++ patches/patch-src_dynamic-preprocessors_ftptelnet_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_ftptelnet_Makefile_in,v 1.4 2009/08/16 13:31:27 rui Exp $ ---- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Wed Mar 11 14:19:29 2009 -+++ src/dynamic-preprocessors/ftptelnet/Makefile.in Wed Apr 8 12:43:22 2009 -@@ -528,7 +528,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/ftptelnet/Makefile.in.orig Mon Oct 19 23:08:09 2009 ++++ src/dynamic-preprocessors/ftptelnet/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -529,7 +529,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-recursive Index: patches/patch-src_dynamic-preprocessors_smtp_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_smtp_Makefile_in,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_dynamic-preprocessors_smtp_Makefile_in --- patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 12 Feb 2009 22:12:08 -0000 1.3 +++ patches/patch-src_dynamic-preprocessors_smtp_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_smtp_Makefile_in,v 1.3 2009/02/12 22:12:08 rui Exp $ ---- src/dynamic-preprocessors/smtp/Makefile.in.orig Fri Jul 18 22:52:07 2008 -+++ src/dynamic-preprocessors/smtp/Makefile.in Fri Aug 8 14:57:44 2008 -@@ -393,7 +393,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/smtp/Makefile.in.orig Mon Oct 19 23:08:09 2009 ++++ src/dynamic-preprocessors/smtp/Makefile.in Thu Oct 22 17:08:53 2009 +@@ -400,7 +400,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_dynamic-preprocessors_ssh_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ssh_Makefile_in,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_dynamic-preprocessors_ssh_Makefile_in --- patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 12 Feb 2009 22:12:08 -0000 1.2 +++ patches/patch-src_dynamic-preprocessors_ssh_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_ssh_Makefile_in,v 1.2 2009/02/12 22:12:08 rui Exp $ ---- src/dynamic-preprocessors/ssh/Makefile.in.orig Fri Jul 18 22:52:08 2008 -+++ src/dynamic-preprocessors/ssh/Makefile.in Fri Aug 8 14:57:44 2008 -@@ -374,7 +374,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/ssh/Makefile.in.orig Mon Oct 19 23:08:09 2009 ++++ src/dynamic-preprocessors/ssh/Makefile.in Thu Oct 22 17:08:54 2009 +@@ -381,7 +381,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_dynamic-preprocessors_ssl_Makefile_in =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_ssl_Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-src_dynamic-preprocessors_ssl_Makefile_in --- patches/patch-src_dynamic-preprocessors_ssl_Makefile_in 12 Feb 2009 22:12:08 -0000 1.1 +++ patches/patch-src_dynamic-preprocessors_ssl_Makefile_in 17 Dec 2009 08:37:02 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-src_dynamic-preprocessors_ssl_Makefile_in,v 1.1 2009/02/12 22:12:08 rui Exp $ ---- src/dynamic-preprocessors/ssl/Makefile.in.orig Fri Jul 18 22:52:08 2008 -+++ src/dynamic-preprocessors/ssl/Makefile.in Fri Aug 8 15:59:22 2008 -@@ -384,7 +384,7 @@ distdir: $(DISTFILES) +--- src/dynamic-preprocessors/ssl/Makefile.in.orig Mon Oct 19 23:08:09 2009 ++++ src/dynamic-preprocessors/ssl/Makefile.in Thu Oct 22 17:08:54 2009 +@@ -391,7 +391,7 @@ distdir: $(DISTFILES) check-am: all-am check: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) check-am @@ -9,4 +9,4 @@ $OpenBSD: patch-src_dynamic-preprocessor +all-am: Makefile $(LTLIBRARIES) installdirs: for dir in "$(DESTDIR)$(libdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + test -z "$$dir" || $(mkdir_p) "$$dir"; \ Index: patches/patch-src_log_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_log_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_log_c --- patches/patch-src_log_c 12 Feb 2009 22:12:08 -0000 1.2 +++ patches/patch-src_log_c 17 Dec 2009 08:37:02 -0000 @@ -1,39 +1,39 @@ $OpenBSD: patch-src_log_c,v 1.2 2009/02/12 22:12:08 rui Exp $ ---- src/log.c.orig Mon Jun 16 20:33:54 2008 -+++ src/log.c Fri Sep 5 22:54:34 2008 -@@ -358,7 +358,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p) +--- src/log.c.orig Tue Jul 7 17:37:01 2009 ++++ src/log.c Wed Aug 19 17:29:41 2009 +@@ -363,7 +363,7 @@ void PrintIPPkt(FILE * fp, int type, Packet * p) DEBUG_WRAP(DebugMessage(DEBUG_LOG, "PrintIPPkt type = %d\n", type);); bzero((char *) timestamp, TIMEBUF_SIZE); - ts_print((struct timeval *) & p->pkth->ts, timestamp); -+ ts_print((struct timeval32 *) & p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32 *) & p->pkth->ts, timestamp); /* dump the timestamp */ fwrite(timestamp, strlen(timestamp), 1, fp); -@@ -851,7 +851,7 @@ void PrintArpHeader(FILE * fp, Packet * p) +@@ -865,7 +865,7 @@ void PrintArpHeader(FILE * fp, Packet * p) bzero((struct in_addr *) &ip_addr, sizeof(struct in_addr)); bzero((char *) timestamp, TIMEBUF_SIZE); - ts_print((struct timeval *) & p->pkth->ts, timestamp); -+ ts_print((struct timeval32 *) & p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32 *) & p->pkth->ts, timestamp); /* determine what to use as MAC src and dst */ if (p->eh != NULL) -@@ -1929,7 +1929,7 @@ void PrintEapolPkt(FILE * fp, Packet * p) +@@ -1945,7 +1945,7 @@ void PrintEapolPkt(FILE * fp, Packet * p) bzero((char *) timestamp, TIMEBUF_SIZE); - ts_print((struct timeval *) & p->pkth->ts, timestamp); -+ ts_print((struct timeval32 *) & p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32 *) & p->pkth->ts, timestamp); /* dump the timestamp */ fwrite(timestamp, strlen(timestamp), 1, fp); -@@ -2103,7 +2103,7 @@ void PrintWifiPkt(FILE * fp, Packet * p) +@@ -2119,7 +2119,7 @@ void PrintWifiPkt(FILE * fp, Packet * p) bzero((char *) timestamp, TIMEBUF_SIZE); - ts_print((struct timeval *) & p->pkth->ts, timestamp); -+ ts_print((struct timeval32 *) & p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32 *) & p->pkth->ts, timestamp); /* dump the timestamp */ fwrite(timestamp, strlen(timestamp), 1, fp); Index: patches/patch-src_log_text_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_log_text_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_log_text_c --- patches/patch-src_log_text_c 16 Aug 2009 13:31:27 -0000 1.2 +++ patches/patch-src_log_text_c 17 Dec 2009 08:37:02 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-src_log_text_c,v 1.2 2009/08/16 13:31:27 rui Exp $ ---- src/log_text.c.orig Mon Jan 26 22:49:57 2009 -+++ src/log_text.c Wed Apr 8 12:40:36 2009 +--- src/log_text.c.orig Thu May 7 00:28:15 2009 ++++ src/log_text.c Wed Aug 19 17:28:24 2009 @@ -62,7 +62,7 @@ extern OptTreeNode *otn_tmp; /* global ptr to curre void LogTimeStamp(TextLog* log, Packet* p) { char timestamp[TIMEBUF_SIZE]; - ts_print((struct timeval*)&p->pkth->ts, timestamp); -+ ts_print((struct timeval32*)&p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32*)&p->pkth->ts, timestamp); TextLog_Puts(log, timestamp); } Index: patches/patch-src_output-plugins_spo_alert_prelude_c =================================================================== RCS file: patches/patch-src_output-plugins_spo_alert_prelude_c diff -N patches/patch-src_output-plugins_spo_alert_prelude_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-src_output-plugins_spo_alert_prelude_c 17 Dec 2009 08:37:02 -0000 @@ -0,0 +1,48 @@ +$OpenBSD$ +--- src/output-plugins/spo_alert_prelude.c.orig Thu May 7 00:29:11 2009 ++++ src/output-plugins/spo_alert_prelude.c Fri Oct 23 20:41:26 2009 +@@ -414,7 +414,15 @@ static int packet_to_data(Packet *p, Event *event, idm + break; + + case ICMP_REDIRECT: ++#ifndef SUP_IP6 + add_string_data(alert, "icmp_gwaddr", inet_ntoa(p->icmph->s_icmp_gwaddr)); ++#else ++ { ++ sfip_t gwaddr; ++ sfip_set_raw(&gwaddr, (void *)&p->icmph->s_icmp_gwaddr.s_addr, AF_INET); ++ add_string_data(alert, "icmp_gwaddr", inet_ntoa(&gwaddr)); ++ } ++#endif + break; + + case ICMP_ROUTER_ADVERTISE: +@@ -606,6 +614,7 @@ void snort_alert_prelude(Packet *p, char *msg, void *d + idmef_message_t *idmef; + idmef_classification_t *class; + prelude_client_t *client = data; ++ struct timeval tv; + + if ( !p ) + return; +@@ -647,7 +656,10 @@ void snort_alert_prelude(Packet *p, char *msg, void *d + ret = idmef_alert_new_detect_time(alert, &time); + if ( ret < 0 ) + goto err; +- idmef_time_set_from_timeval(time, &p->pkth->ts); ++ ++ tv.tv_sec = p->pkth->ts.tv_sec; ++ tv.tv_usec = p->pkth->ts.tv_usec; ++ idmef_time_set_from_timeval(time, &tv); + + ret = idmef_time_new_from_gettimeofday(&time); + if ( ret < 0 ) +@@ -786,7 +798,7 @@ void AlertPreludeSetupAfterSetuid(void) + } + + +-void snort_alert_prelude_init(unsigned char *args) ++static void snort_alert_prelude_init(char *args) + { + /* + * Do nothing here. Wait until AlertPreludeSetupAfterSetuid is called. Index: patches/patch-src_ppm_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_ppm_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_ppm_c --- patches/patch-src_ppm_c 16 Aug 2009 13:31:27 -0000 1.3 +++ patches/patch-src_ppm_c 17 Dec 2009 08:37:02 -0000 @@ -1,21 +1,21 @@ $OpenBSD: patch-src_ppm_c,v 1.3 2009/08/16 13:31:27 rui Exp $ ---- src/ppm.c.orig Mon Jan 26 22:49:58 2009 -+++ src/ppm.c Wed Apr 8 12:40:37 2009 -@@ -361,7 +361,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p) - if( ppm_cfg.rule_log & PPM_LOG_MESSAGE ) - { +--- src/ppm.c.orig Thu May 7 00:28:18 2009 ++++ src/ppm.c Wed Aug 19 17:28:12 2009 +@@ -369,7 +369,7 @@ void ppm_rule_log(ppm_cfg_t *ppm_cfg, uint64_t pktcnt, + int i; + if(!*timestamp) - ts_print((struct timeval*)&p->pkth->ts, timestamp); -+ ts_print((struct timeval32*)&p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32*)&p->pkth->ts, timestamp); for (i=0; i< ppm_n_crules; i++) { -@@ -417,7 +417,7 @@ void ppm_rule_log( UINT64 pktcnt, Packet * p) - if( ppm_cfg.rule_log & PPM_LOG_MESSAGE ) - { +@@ -425,7 +425,7 @@ void ppm_rule_log(ppm_cfg_t *ppm_cfg, uint64_t pktcnt, + int i; + if(!*timestamp) - ts_print((struct timeval*)&p->pkth->ts, timestamp); -+ ts_print((struct timeval32*)&p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32*)&p->pkth->ts, timestamp); for (i=0; i< ppm_n_rules; i++) { Index: patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_preprocessors_Stream5_snort_stream5_tcp_c --- patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 16 Aug 2009 13:31:27 -0000 1.3 +++ patches/patch-src_preprocessors_Stream5_snort_stream5_tcp_c 17 Dec 2009 08:37:02 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-src_preprocessors_Stream5_snort_stream5_tcp_c,v 1.3 2009/08/16 13:31:27 rui Exp $ ---- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Tue Apr 21 18:52:36 2009 -+++ src/preprocessors/Stream5/snort_stream5_tcp.c Wed Apr 29 12:42:40 2009 -@@ -6804,7 +6804,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet +--- src/preprocessors/Stream5/snort_stream5_tcp.c.orig Mon Sep 14 21:12:21 2009 ++++ src/preprocessors/Stream5/snort_stream5_tcp.c Thu Sep 17 15:26:22 2009 +@@ -6914,7 +6914,7 @@ static int ProcessTcp(Stream5LWSession *lwssn, Packet char src_addr[17]; char dst_addr[17]; bzero((char *)timestamp, TIMEBUF_SIZE); - ts_print((struct timeval *) &p->pkth->ts, timestamp); -+ ts_print((struct timeval32 *) &p->pkth->ts, timestamp); ++ ts_print((struct sf_timeval32 *) &p->pkth->ts, timestamp); SnortSnprintf(src_addr, 17, "%s", inet_ntoa(GET_SRC_ADDR(p))); SnortSnprintf(dst_addr, 17, "%s", Index: patches/patch-src_preprocessors_spp_sfportscan_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_preprocessors_spp_sfportscan_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_preprocessors_spp_sfportscan_c --- patches/patch-src_preprocessors_spp_sfportscan_c 16 Aug 2009 13:31:27 -0000 1.3 +++ patches/patch-src_preprocessors_spp_sfportscan_c 17 Dec 2009 08:37:02 -0000 @@ -1,12 +1,12 @@ $OpenBSD: patch-src_preprocessors_spp_sfportscan_c,v 1.3 2009/08/16 13:31:27 rui Exp $ ---- src/preprocessors/spp_sfportscan.c.orig Mon Jan 26 22:50:30 2009 -+++ src/preprocessors/spp_sfportscan.c Wed Apr 8 12:40:37 2009 -@@ -288,7 +288,7 @@ static int LogPortscanAlert(Packet *p, char *msg, u_in +--- src/preprocessors/spp_sfportscan.c.orig Mon Sep 14 21:12:21 2009 ++++ src/preprocessors/spp_sfportscan.c Thu Sep 17 15:26:24 2009 +@@ -310,7 +310,7 @@ static int LogPortscanAlert(Packet *p, char *msg, uint return 0; } - ts_print((struct timeval *)&p->pkth->ts, timebuf); -+ ts_print((struct timeval32 *)&p->pkth->ts, timebuf); ++ ts_print((struct sf_timeval32 *)&p->pkth->ts, timebuf); fprintf(g_logfile, "Time: %s\n", timebuf); Index: patches/patch-src_util_c =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_util_c,v retrieving revision 1.3 diff -u -p -r1.3 patch-src_util_c --- patches/patch-src_util_c 16 Aug 2009 13:31:27 -0000 1.3 +++ patches/patch-src_util_c 17 Dec 2009 08:37:02 -0000 @@ -1,22 +1,22 @@ $OpenBSD: patch-src_util_c,v 1.3 2009/08/16 13:31:27 rui Exp $ ---- src/util.c.orig Wed Mar 11 13:54:59 2009 -+++ src/util.c Wed Apr 8 12:40:37 2009 -@@ -418,12 +418,13 @@ int DisplayBanner() +--- src/util.c.orig Tue Jul 7 17:37:03 2009 ++++ src/util.c Wed Aug 19 17:27:58 2009 +@@ -214,12 +214,13 @@ int DisplayBanner(void) * Returns: void function * ****************************************************************************/ -void ts_print(register const struct timeval *tvp, char *timebuf) -+void ts_print(register const struct timeval32 *tvp, char *timebuf) ++void ts_print(register const struct sf_timeval32 *tvp, char *timebuf) { register int s; int localzone; time_t Time; struct timeval tv; -+ struct timeval32 tvnow; ++ struct sf_timeval32 tvnow; struct timezone tz; struct tm *lt; /* place to stick the adjusted clock data */ -@@ -433,7 +434,9 @@ void ts_print(register const struct timeval *tvp, char +@@ -229,7 +230,9 @@ void ts_print(register const struct timeval *tvp, char /* manual page (for linux) says tz is never used, so.. */ bzero((char *) &tz, sizeof(tz)); gettimeofday(&tv, &tz); @@ -26,4 +26,4 @@ $OpenBSD: patch-src_util_c,v 1.3 2009/08 + tvp = &tvnow; } - localzone = thiszone; + localzone = snort_conf->thiszone; Index: patches/patch-src_util_h =================================================================== RCS file: /cvs/ports/net/snort/patches/patch-src_util_h,v retrieving revision 1.2 diff -u -p -r1.2 patch-src_util_h --- patches/patch-src_util_h 12 Feb 2009 22:12:08 -0000 1.2 +++ patches/patch-src_util_h 17 Dec 2009 08:37:02 -0000 @@ -1,20 +1,20 @@ $OpenBSD: patch-src_util_h,v 1.2 2009/02/12 22:12:08 rui Exp $ ---- src/util.h.orig Tue Feb 26 02:19:23 2008 -+++ src/util.h Fri Aug 8 16:01:52 2008 -@@ -36,6 +36,7 @@ - +--- src/util.h.orig Tue Jul 7 17:37:03 2009 ++++ src/util.h Wed Aug 19 17:27:32 2009 +@@ -37,6 +37,7 @@ #include "sf_types.h" #include "sflsq.h" + #include "sfutil/sf_ipvar.h" +#include "pcap_pkthdr32.h" - /* specifies that a function does not return - * used for quieting Visual Studio warnings -@@ -147,7 +148,7 @@ typedef struct _IntervalStats - int DisplayBanner(); + /* Macros *********************************************************************/ + #define PCAP_CLOSE // allow for rollback for now +@@ -166,7 +167,7 @@ typedef struct _IntervalStats + int DisplayBanner(void); void GetTime(char *); int gmt2local(time_t); -void ts_print(register const struct timeval *, char *); -+void ts_print(register const struct timeval32 *, char *); ++void ts_print(register const struct sf_timeval32 *, char *); char *copy_argv(char **); void strip(char *); - double CalcPct(UINT64, UINT64); + double CalcPct(uint64_t, uint64_t); Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/snort/pkg/PLIST,v retrieving revision 1.18 diff -u -p -r1.18 PLIST --- pkg/PLIST 16 Aug 2009 13:31:27 -0000 1.18 +++ pkg/PLIST 17 Dec 2009 08:37:02 -0000 @@ -2,15 +2,13 @@ @newgroup _snort:557 @newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin %%prelude%% -bin/snort +...@bin bin/snort +lib/pkgconfig/snort.pc lib/snort_dynamicengine/ lib/snort_dynamicengine/libsf_engine.a @comment lib/snort_dynamicengine/libsf_engine.la @lib lib/snort_dynamicengine/libsf_engine.so.${LIBsf_engine_VERSION} lib/snort_dynamicpreprocessor/ -lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.a -...@comment lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.la -...@lib lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.${LIB_sfdynamic_preprocessor_example_VERSION} lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a @comment lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la @lib lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.${LIBsf_dce2_preproc_VERSION} @@ -33,9 +31,6 @@ lib/snort_dynamicpreprocessor/libsf_ssl_ @comment lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la @lib lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.${LIBsf_ssl_preproc_VERSION} lib/snort_dynamicrules/ -lib/snort_dynamicrules/lib_sfdynamic_example_rule.a -...@comment lib/snort_dynamicrules/lib_sfdynamic_example_rule.la -...@lib lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.${LIB_sfdynamic_example_rule_VERSION} @man man/man8/snort.8 share/doc/snort/ share/doc/snort/AUTHORS @@ -64,6 +59,7 @@ share/doc/snort/README.decode share/doc/snort/README.decoder_preproc_rules share/doc/snort/README.dns share/doc/snort/README.event_queue +share/doc/snort/README.filters share/doc/snort/README.flowbits share/doc/snort/README.frag3 share/doc/snort/README.ftptelnet @@ -71,8 +67,10 @@ share/doc/snort/README.gre share/doc/snort/README.http_inspect share/doc/snort/README.ipip share/doc/snort/README.ipv6 +share/doc/snort/README.multipleconfigs share/doc/snort/README.pcap_readmode share/doc/snort/README.ppm +share/doc/snort/README.reload share/doc/snort/README.sfportscan share/doc/snort/README.ssh share/doc/snort/README.ssl