Hi, Jim, The webrev is updated, and please see in line.
http://cr.opensolaris.org/~jxzhao/snort/webrev > Jason Zhao wrote: >> >> The new webrev is updated, please review it again and tell me your >> comments. >> http://cr.opensolaris.org/~jxzhao/snort/webrev > > usr/src/cmd/snort/Patches/snort.conf.patch > - I would keep all these lines and just > make them all comments so it is easy for > the user to include desired rules files. > > 40 -include $RULE_PATH/local.rules > 41 -include $RULE_PATH/bad-traffic.rules > 42 -include $RULE_PATH/exploit.rules > 43 -include $RULE_PATH/scan.rules > 44 -include $RULE_PATH/finger.rules > 45 -include $RULE_PATH/ftp.rules > 46 -include $RULE_PATH/telnet.rules > 47 -include $RULE_PATH/rpc.rules > 48 -include $RULE_PATH/rservices.rules > 49 -include $RULE_PATH/dos.rules > 50 -include $RULE_PATH/ddos.rules > 51 -include $RULE_PATH/dns.rules > 52 -include $RULE_PATH/tftp.rules > 53 - > 54 -include $RULE_PATH/web-cgi.rules > 55 -include $RULE_PATH/web-coldfusion.rules > 56 -include $RULE_PATH/web-iis.rules > 57 -include $RULE_PATH/web-frontpage.rules > 58 -include $RULE_PATH/web-misc.rules > 59 -include $RULE_PATH/web-client.rules > 60 -include $RULE_PATH/web-php.rules > 61 - > 62 -include $RULE_PATH/sql.rules > 63 -include $RULE_PATH/x11.rules > 64 -include $RULE_PATH/icmp.rules > 65 -include $RULE_PATH/netbios.rules > 66 -include $RULE_PATH/misc.rules > 67 -include $RULE_PATH/attack-responses.rules > 68 -include $RULE_PATH/oracle.rules > 69 -include $RULE_PATH/mysql.rules > 70 -include $RULE_PATH/snmp.rules > 71 - > 72 -include $RULE_PATH/smtp.rules > 73 -include $RULE_PATH/imap.rules > 74 -include $RULE_PATH/pop2.rules > 75 -include $RULE_PATH/pop3.rules > 76 - > 77 -include $RULE_PATH/nntp.rules > 78 -include $RULE_PATH/other-ids.rules > 79 -# include $RULE_PATH/web-attacks.rules > 80 -# include $RULE_PATH/backdoor.rules > 81 -# include $RULE_PATH/shellcode.rules > 82 -# include $RULE_PATH/policy.rules > 83 -# include $RULE_PATH/porn.rules > 84 -# include $RULE_PATH/info.rules > 85 -# include $RULE_PATH/icmp-info.rules > 86 -# include $RULE_PATH/virus.rules > 87 -# include $RULE_PATH/chat.rules > 88 -# include $RULE_PATH/multimedia.rules > 89 -# include $RULE_PATH/p2p.rules > 90 -# include $RULE_PATH/spyware-put.rules > 91 -# include $RULE_PATH/specific-threats.rules > 92 -include $RULE_PATH/experimental.rules > 93 - > 94 -# include $PREPROC_RULE_PATH/preprocessor.rules > 95 -# include $PREPROC_RULE_PATH/decoder.rules > 96 - > 97 # Include any thresholding or suppression commands. See > threshold.conf in the > 98 # <snort src>/etc directory for details. Commands don't > necessarily need to be > 99 # contained in this conf, but a separate conf makes it easier to > maintain them. > Done! Thank you. > > usr/src/pkgdefs/SUNWsnortu/depend > -shouldn't SUNWopensslr be included to support > when snort is run with ssl libraries? It seems like it doesn't depend on SUNWopensslr, from ldd output. ########################################## # ldd ./libsf_ssl_preproc.so libpcre.so.0 => /usr/lib/libpcre.so.0 libpcap.so => /usr/lib/libpcap.so libm.so.2 => /usr/lib/libm.so.2 libsocket.so.1 => /usr/lib/libsocket.so.1 libnsl.so.1 => /usr/lib/libnsl.so.1 libdl.so.1 => /usr/lib/libdl.so.1 libc.so.1 => /usr/lib/libc.so.1 libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1 libdlpi.so.1 => /usr/lib/libdlpi.so.1 libmp.so.2 => /usr/lib/libmp.so.2 libmd.so.1 => /usr/lib/libmd.so.1 libscf.so.1 => /usr/lib/libscf.so.1 libinetutil.so.1 => /usr/lib/libinetutil.so.1 libdladm.so.1 => /lib/libdladm.so.1 libuutil.so.1 => /usr/lib/libuutil.so.1 libgen.so.1 => /usr/lib/libgen.so.1 libdevinfo.so.1 => /usr/lib/libdevinfo.so.1 librcm.so.1 => /usr/lib/librcm.so.1 libnvpair.so.1 => /usr/lib/libnvpair.so.1 libexacct.so.1 => /usr/lib/libexacct.so.1 libkstat.so.1 => /usr/lib/libkstat.so.1 libcurses.so.1 => /usr/lib/libcurses.so.1 libsec.so.1 => /usr/lib/libsec.so.1 libavl.so.1 => /usr/lib/libavl.so.1 libidmap.so.1 => /usr/lib/libidmap.so.1 libldap.so.5 => /usr/lib/libldap.so.5 libsldap.so.1 => /usr/lib/libsldap.so.1 libadutils.so.1 => /usr/lib/libadutils.so.1 libsasl.so.1 => /usr/lib/libsasl.so.1 libnspr4.so => /usr/lib/mps/libnspr4.so libplc4.so => /usr/lib/mps/libplc4.so libnss3.so => /usr/lib/mps/libnss3.so libssl3.so => /usr/lib/mps/libssl3.so libresolv.so.2 => /usr/lib/libresolv.so.2 libpthread.so.1 => /usr/lib/libpthread.so.1 librt.so.1 => /usr/lib/librt.so.1 libsoftokn3.so => /usr/lib/mps/libsoftokn3.so libplds4.so => /usr/lib/mps/libplds4.so libthread.so.1 => /usr/lib/libthread.so.1 libbsm.so.1 => /usr/lib/libbsm.so.1 libsecdb.so.1 => /usr/lib/libsecdb.so.1 libtsol.so.2 => /usr/lib/libtsol.so.2 ########################################## It invokes functions of libssl3.so which belongs to SUNWtls package. I have checked SUNWtls package, it doesn't depend on SUNWopensslr. The "make check_deps" shows no error. # make check_deps ...... ## Validating control scripts. ## Packaging complete. /usr/perl5/bin/perl /builds1/xz201216/sfwnv_split/usr/src/tools/check-deps.pl -e /builds1/xz201216/sfwnv_split/usr/src/tools/exception_list.check-deps -d /builds1/xz201216/sfwnv_split/packages/i386/nightly-nd -p /net/netinstall/export/nv/x/latest/Solaris_11/Product SUNWsnortu # The test shows (ssl plugin) it could work without /lib/libssl.so(which is a library of SUNWopensslr). ########################### ...... SSL Preprocessor: SSL packets decoded: 4 Client Hello: 1 Server Hello: 1 Certificate: 0 Server Done: 2 Client Key Exchange: 0 Server Key Exchange: 0 Change Cipher: 2 Finished: 0 Client Application: 1 Server Application: 1 Alert: 0 Unrecognized records: 0 Completed handshakes: 0 Bad handshakes: 0 Sessions ignored: 0 Detection disabled: 0 ...... ########################### Thanks Jason
