Hi, Jim,
The webrev is updated, and please see in line.
> Jason Zhao wrote:
>>
>> The new webrev is updated, please review it again and tell me your
>> comments.
>> http://cr.opensolaris.org/~jxzhao/snort/webrev
>
> usr/src/cmd/snort/Patches/snort.conf.patch
> - I would keep all these lines and just
> make them all comments so it is easy for
> the user to include desired rules files.
>
> 40 -include $RULE_PATH/local.rules
> 41 -include $RULE_PATH/bad-traffic.rules
> 42 -include $RULE_PATH/exploit.rules
> 43 -include $RULE_PATH/scan.rules
> 44 -include $RULE_PATH/finger.rules
> 45 -include $RULE_PATH/ftp.rules
> 46 -include $RULE_PATH/telnet.rules
> 47 -include $RULE_PATH/rpc.rules
> 48 -include $RULE_PATH/rservices.rules
> 49 -include $RULE_PATH/dos.rules
> 50 -include $RULE_PATH/ddos.rules
> 51 -include $RULE_PATH/dns.rules
> 52 -include $RULE_PATH/tftp.rules
> 53 -
> 54 -include $RULE_PATH/web-cgi.rules
> 55 -include $RULE_PATH/web-coldfusion.rules
> 56 -include $RULE_PATH/web-iis.rules
> 57 -include $RULE_PATH/web-frontpage.rules
> 58 -include $RULE_PATH/web-misc.rules
> 59 -include $RULE_PATH/web-client.rules
> 60 -include $RULE_PATH/web-php.rules
> 61 -
> 62 -include $RULE_PATH/sql.rules
> 63 -include $RULE_PATH/x11.rules
> 64 -include $RULE_PATH/icmp.rules
> 65 -include $RULE_PATH/netbios.rules
> 66 -include $RULE_PATH/misc.rules
> 67 -include $RULE_PATH/attack-responses.rules
> 68 -include $RULE_PATH/oracle.rules
> 69 -include $RULE_PATH/mysql.rules
> 70 -include $RULE_PATH/snmp.rules
> 71 -
> 72 -include $RULE_PATH/smtp.rules
> 73 -include $RULE_PATH/imap.rules
> 74 -include $RULE_PATH/pop2.rules
> 75 -include $RULE_PATH/pop3.rules
> 76 -
> 77 -include $RULE_PATH/nntp.rules
> 78 -include $RULE_PATH/other-ids.rules
> 79 -# include $RULE_PATH/web-attacks.rules
> 80 -# include $RULE_PATH/backdoor.rules
> 81 -# include $RULE_PATH/shellcode.rules
> 82 -# include $RULE_PATH/policy.rules
> 83 -# include $RULE_PATH/porn.rules
> 84 -# include $RULE_PATH/info.rules
> 85 -# include $RULE_PATH/icmp-info.rules
> 86 -# include $RULE_PATH/virus.rules
> 87 -# include $RULE_PATH/chat.rules
> 88 -# include $RULE_PATH/multimedia.rules
> 89 -# include $RULE_PATH/p2p.rules
> 90 -# include $RULE_PATH/spyware-put.rules
> 91 -# include $RULE_PATH/specific-threats.rules
> 92 -include $RULE_PATH/experimental.rules
> 93 -
> 94 -# include $PREPROC_RULE_PATH/preprocessor.rules
> 95 -# include $PREPROC_RULE_PATH/decoder.rules
> 96 -
> 97 # Include any thresholding or suppression commands. See
> threshold.conf in the
> 98 # <snort src>/etc directory for details. Commands don't
> necessarily need to be
> 99 # contained in this conf, but a separate conf makes it easier to
> maintain them.
Done! Thank you.
>
>
> usr/src/pkgdefs/SUNWsnortu/depend
> -shouldn't SUNWopensslr be included to support
> when snort is run with ssl libraries?
>
It seems like it doesn't depend on SUNWopensslr, from ldd output.
##########################################
# ldd ./libsf_ssl_preproc.so
libpcre.so.0 => /usr/lib/libpcre.so.0
libpcap.so => /usr/lib/libpcap.so
libm.so.2 => /usr/lib/libm.so.2
libsocket.so.1 => /usr/lib/libsocket.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
libdlpi.so.1 => /usr/lib/libdlpi.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libmd.so.1 => /usr/lib/libmd.so.1
libscf.so.1 => /usr/lib/libscf.so.1
libinetutil.so.1 => /usr/lib/libinetutil.so.1
libdladm.so.1 => /lib/libdladm.so.1
libuutil.so.1 => /usr/lib/libuutil.so.1
libgen.so.1 => /usr/lib/libgen.so.1
libdevinfo.so.1 => /usr/lib/libdevinfo.so.1
librcm.so.1 => /usr/lib/librcm.so.1
libnvpair.so.1 => /usr/lib/libnvpair.so.1
libexacct.so.1 => /usr/lib/libexacct.so.1
libkstat.so.1 => /usr/lib/libkstat.so.1
libcurses.so.1 => /usr/lib/libcurses.so.1
libsec.so.1 => /usr/lib/libsec.so.1
libavl.so.1 => /usr/lib/libavl.so.1
libidmap.so.1 => /usr/lib/libidmap.so.1
libldap.so.5 => /usr/lib/libldap.so.5
libsldap.so.1 => /usr/lib/libsldap.so.1
libadutils.so.1 => /usr/lib/libadutils.so.1
libsasl.so.1 => /usr/lib/libsasl.so.1
libnspr4.so => /usr/lib/mps/libnspr4.so
libplc4.so => /usr/lib/mps/libplc4.so
libnss3.so => /usr/lib/mps/libnss3.so
libssl3.so => /usr/lib/mps/libssl3.so
libresolv.so.2 => /usr/lib/libresolv.so.2
libpthread.so.1 => /usr/lib/libpthread.so.1
librt.so.1 => /usr/lib/librt.so.1
libsoftokn3.so => /usr/lib/mps/libsoftokn3.so
libplds4.so => /usr/lib/mps/libplds4.so
libthread.so.1 => /usr/lib/libthread.so.1
libbsm.so.1 => /usr/lib/libbsm.so.1
libsecdb.so.1 => /usr/lib/libsecdb.so.1
libtsol.so.2 => /usr/lib/libtsol.so.2
##########################################
It invokes functions of libssl3.so which belongs to SUNWtls package.
I have checked SUNWtls package, it doesn't depend on SUNWopensslr.
The "make check_deps" shows no error.
# make check_deps
......
## Validating control scripts.
## Packaging complete.
/usr/perl5/bin/perl
/builds1/xz201216/sfwnv_split/usr/src/tools/check-deps.pl -e
/builds1/xz201216/sfwnv_split/usr/src/tools/exception_list.check-deps -d
/builds1/xz201216/sfwnv_split/packages/i386/nightly-nd -p
/net/netinstall/export/nv/x/latest/Solaris_11/Product SUNWsnortu
#
The test shows (ssl plugin) it could work without /lib/libssl.so(which
is a library of SUNWopensslr).
###########################
......
SSL Preprocessor:
SSL packets decoded: 4 Client Hello: 1
Server Hello: 1 Certificate: 0 Server
Done: 2 Client Key Exchange: 0 Server Key Exchange:
0 Change Cipher: 2 Finished: 0
Client Application: 1 Server Application: 1
Alert: 0 Unrecognized records: 0
Completed handshakes: 0 Bad handshakes: 0
Sessions ignored: 0 Detection disabled: 0
......
###########################
Thanks
Jason
