Not know what happened, the mail could not be sent.
Send it again... :(
> Hi, Jim,
>
> The webrev is updated, and please see in line.
>
> http://cr.opensolaris.org/~jxzhao/snort/webrev
>> Jason Zhao wrote:
>>>
>>> The new webrev is updated, please review it again and tell me your
>>> comments.
>>> http://cr.opensolaris.org/~jxzhao/snort/webrev
>>
>> usr/src/cmd/snort/Patches/snort.conf.patch
>> - I would keep all these lines and just
>> make them all comments so it is easy for
>> the user to include desired rules files.
>>
>> 40 -include $RULE_PATH/local.rules
>> 41 -include $RULE_PATH/bad-traffic.rules
>> 42 -include $RULE_PATH/exploit.rules
>> 43 -include $RULE_PATH/scan.rules
>> 44 -include $RULE_PATH/finger.rules
>> 45 -include $RULE_PATH/ftp.rules
>> 46 -include $RULE_PATH/telnet.rules
>> 47 -include $RULE_PATH/rpc.rules
>> 48 -include $RULE_PATH/rservices.rules
>> 49 -include $RULE_PATH/dos.rules
>> 50 -include $RULE_PATH/ddos.rules
>> 51 -include $RULE_PATH/dns.rules
>> 52 -include $RULE_PATH/tftp.rules
>> 53 -
>> 54 -include $RULE_PATH/web-cgi.rules
>> 55 -include $RULE_PATH/web-coldfusion.rules
>> 56 -include $RULE_PATH/web-iis.rules
>> 57 -include $RULE_PATH/web-frontpage.rules
>> 58 -include $RULE_PATH/web-misc.rules
>> 59 -include $RULE_PATH/web-client.rules
>> 60 -include $RULE_PATH/web-php.rules
>> 61 -
>> 62 -include $RULE_PATH/sql.rules
>> 63 -include $RULE_PATH/x11.rules
>> 64 -include $RULE_PATH/icmp.rules
>> 65 -include $RULE_PATH/netbios.rules
>> 66 -include $RULE_PATH/misc.rules
>> 67 -include $RULE_PATH/attack-responses.rules
>> 68 -include $RULE_PATH/oracle.rules
>> 69 -include $RULE_PATH/mysql.rules
>> 70 -include $RULE_PATH/snmp.rules
>> 71 -
>> 72 -include $RULE_PATH/smtp.rules
>> 73 -include $RULE_PATH/imap.rules
>> 74 -include $RULE_PATH/pop2.rules
>> 75 -include $RULE_PATH/pop3.rules
>> 76 -
>> 77 -include $RULE_PATH/nntp.rules
>> 78 -include $RULE_PATH/other-ids.rules
>> 79 -# include $RULE_PATH/web-attacks.rules
>> 80 -# include $RULE_PATH/backdoor.rules
>> 81 -# include $RULE_PATH/shellcode.rules
>> 82 -# include $RULE_PATH/policy.rules
>> 83 -# include $RULE_PATH/porn.rules
>> 84 -# include $RULE_PATH/info.rules
>> 85 -# include $RULE_PATH/icmp-info.rules
>> 86 -# include $RULE_PATH/virus.rules
>> 87 -# include $RULE_PATH/chat.rules
>> 88 -# include $RULE_PATH/multimedia.rules
>> 89 -# include $RULE_PATH/p2p.rules
>> 90 -# include $RULE_PATH/spyware-put.rules
>> 91 -# include $RULE_PATH/specific-threats.rules
>> 92 -include $RULE_PATH/experimental.rules
>> 93 -
>> 94 -# include $PREPROC_RULE_PATH/preprocessor.rules
>> 95 -# include $PREPROC_RULE_PATH/decoder.rules
>> 96 -
>> 97 # Include any thresholding or suppression commands. See
>> threshold.conf in the
>> 98 # <snort src>/etc directory for details. Commands don't
>> necessarily need to be
>> 99 # contained in this conf, but a separate conf makes it easier
>> to maintain them.
>>
> Done! Thank you.
>>
>> usr/src/pkgdefs/SUNWsnortu/depend
>> -shouldn't SUNWopensslr be included to support
>> when snort is run with ssl libraries?
> It seems like it doesn't depend on SUNWopensslr, from ldd output.
> ##########################################
> # ldd ./libsf_ssl_preproc.so
> libpcre.so.0 => /usr/lib/libpcre.so.0
> libpcap.so => /usr/lib/libpcap.so
> libm.so.2 => /usr/lib/libm.so.2
> libsocket.so.1 => /usr/lib/libsocket.so.1
> libnsl.so.1 => /usr/lib/libnsl.so.1
> libdl.so.1 => /usr/lib/libdl.so.1
> libc.so.1 => /usr/lib/libc.so.1
> libgcc_s.so.1 => /usr/sfw/lib/libgcc_s.so.1
> libdlpi.so.1 => /usr/lib/libdlpi.so.1
> libmp.so.2 => /usr/lib/libmp.so.2
> libmd.so.1 => /usr/lib/libmd.so.1
> libscf.so.1 => /usr/lib/libscf.so.1
> libinetutil.so.1 => /usr/lib/libinetutil.so.1
> libdladm.so.1 => /lib/libdladm.so.1
> libuutil.so.1 => /usr/lib/libuutil.so.1
> libgen.so.1 => /usr/lib/libgen.so.1
> libdevinfo.so.1 => /usr/lib/libdevinfo.so.1
> librcm.so.1 => /usr/lib/librcm.so.1
> libnvpair.so.1 => /usr/lib/libnvpair.so.1
> libexacct.so.1 => /usr/lib/libexacct.so.1
> libkstat.so.1 => /usr/lib/libkstat.so.1
> libcurses.so.1 => /usr/lib/libcurses.so.1
> libsec.so.1 => /usr/lib/libsec.so.1
> libavl.so.1 => /usr/lib/libavl.so.1
> libidmap.so.1 => /usr/lib/libidmap.so.1
> libldap.so.5 => /usr/lib/libldap.so.5
> libsldap.so.1 => /usr/lib/libsldap.so.1
> libadutils.so.1 => /usr/lib/libadutils.so.1
> libsasl.so.1 => /usr/lib/libsasl.so.1
> libnspr4.so => /usr/lib/mps/libnspr4.so
> libplc4.so => /usr/lib/mps/libplc4.so
> libnss3.so => /usr/lib/mps/libnss3.so
> libssl3.so => /usr/lib/mps/libssl3.so
> libresolv.so.2 => /usr/lib/libresolv.so.2
> libpthread.so.1 => /usr/lib/libpthread.so.1
> librt.so.1 => /usr/lib/librt.so.1
> libsoftokn3.so => /usr/lib/mps/libsoftokn3.so
> libplds4.so => /usr/lib/mps/libplds4.so
> libthread.so.1 => /usr/lib/libthread.so.1
> libbsm.so.1 => /usr/lib/libbsm.so.1
> libsecdb.so.1 => /usr/lib/libsecdb.so.1
> libtsol.so.2 => /usr/lib/libtsol.so.2
> ##########################################
>
> It invokes functions of libssl3.so which belongs to SUNWtls package.
> I have checked SUNWtls package, it doesn't depend on SUNWopensslr.
>
> The "make check_deps" shows no error.
> # make check_deps
> ......
> ## Validating control scripts.
> ## Packaging complete.
> /usr/perl5/bin/perl
> /builds1/xz201216/sfwnv_split/usr/src/tools/check-deps.pl -e
> /builds1/xz201216/sfwnv_split/usr/src/tools/exception_list.check-deps
> -d /builds1/xz201216/sfwnv_split/packages/i386/nightly-nd -p
> /net/netinstall/export/nv/x/latest/Solaris_11/Product SUNWsnortu
> #
>
> The test shows (ssl plugin) it could work without /lib/libssl.so(which
> is a library of SUNWopensslr).
> ###########################
> ......
> SSL Preprocessor:
> SSL packets decoded: 4 Client Hello: 1
> Server Hello: 1 Certificate: 0
> Server Done: 2 Client Key Exchange: 0
> Server Key Exchange: 0 Change Cipher: 2
> Finished: 0 Client Application: 1
> Server Application: 1 Alert: 0
> Unrecognized records: 0 Completed handshakes: 0
> Bad handshakes: 0 Sessions ignored: 0 Detection
> disabled: 0 ......
> ###########################
>
>
> Thanks
> Jason
>
