diff options
author | Kubilay Kocak <koobs@FreeBSD.org> | 2015-11-26 11:25:42 +0000 |
---|---|---|
committer | Kubilay Kocak <koobs@FreeBSD.org> | 2015-11-26 11:25:42 +0000 |
commit | 6c541cb6787c2516f53c949b00912835713dbcd8 (patch) | |
tree | a73bf7cd16b8125a402c8f40e8b52ee0c683a492 /security/suricata | |
parent | 96dfa5abaf79d16e66195abfab99ffbe7c647b9f (diff) | |
download | ports-6c541cb6787c2516f53c949b00912835713dbcd8.tar.gz ports-6c541cb6787c2516f53c949b00912835713dbcd8.zip |
Notes
Diffstat (limited to 'security/suricata')
-rw-r--r-- | security/suricata/Makefile | 41 | ||||
-rw-r--r-- | security/suricata/distinfo | 4 | ||||
-rw-r--r-- | security/suricata/files/patch-PR1416 | 264 | ||||
-rw-r--r-- | security/suricata/files/patch-scripts_suricatasc_suricatasc.in | 11 | ||||
-rw-r--r-- | security/suricata/pkg-plist | 4 |
5 files changed, 24 insertions, 300 deletions
diff --git a/security/suricata/Makefile b/security/suricata/Makefile index b26e8b75c258..15861288a481 100644 --- a/security/suricata/Makefile +++ b/security/suricata/Makefile @@ -2,7 +2,7 @@ # $FreeBSD$ PORTNAME= suricata -PORTVERSION= 2.0.9 +DISTVERSION= 3.0RC1 CATEGORIES= security MASTER_SITES= http://www.openinfosecfoundation.org/download/ @@ -26,10 +26,12 @@ CPE_VENDOR= openinfosecfoundation INSTALL_TARGET= install-strip PATHFIX_MAKEFILEIN= Makefile.am -OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE SC TESTS -OPTIONS_DEFAULT= HTP_PORT IPFW JSON PRELUDE +OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE SC TESTS +OPTIONS_DEFAULT= HTP_PORT IPFW JSON NETMAP PRELUDE + OPTIONS_RADIO= SCRIPTS OPTIONS_RADIO_SCRIPTS= LUA LUAJIT + OPTIONS_SUB= yes SCRIPTS_DESC= Scripting @@ -40,6 +42,7 @@ IPFW_DESC= IPFW and IP Divert support for inline IDP JSON_DESC= JSON output support LUA_DESC= LUA scripting support LUAJIT_DESC= LuaJIT scripting support +NETMAP_DESC= Netmap support for inline IDP NSS_DESC= File checksums and SSL/TLS fingerprinting PORTS_PCAP_DESC= Use libpcap from ports PRELUDE_DESC= Prelude support for NIDS alerts @@ -57,16 +60,6 @@ HTP_PORT_USES_OFF= iconv:translit IPFW_CONFIGURE_ON= --enable-ipfw -PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap -PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \ - --with-libpcap-libraries=${LOCALBASE}/lib -PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \ - --with-libpcap-libraries=/usr/lib - -PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude -PRELUDE_CONFIGURE_ENABLE= prelude -PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} - JSON_LIB_DEPENDS= libjansson.so:${PORTSDIR}/devel/jansson JSON_CONFIGURE_ON= --with-libjansson-includes=${LOCALBASE}/include \ --with-libjansson-libraries=${LOCALBASE}/lib @@ -86,6 +79,18 @@ NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \ --with-libnspr-libraries=${LOCALBASE}/lib \ --with-libnspr-includes=${LOCALBASE}/include/nspr +NETMAP_CONFIGURE_ENABLE= netmap + +PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap +PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \ + --with-libpcap-libraries=${LOCALBASE}/lib +PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \ + --with-libpcap-libraries=/usr/lib + +PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude +PRELUDE_CONFIGURE_ENABLE= prelude +PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE} + SC_USES= python SC_CONFIGURE_ENV= ac_cv_path_HAVE_PYTHON_CONFIG=yes SC_CONFIGURE_ENV_OFF= ac_cv_path_HAVE_PYTHON_CONFIG=no @@ -95,6 +100,7 @@ TESTS_CONFIGURE_ENABLE= unittests SUB_FILES= pkg-message CONFIGURE_ARGS+=--enable-gccprotect \ + --disable-silent-rules \ --with-libpcre-includes=${LOCALBASE}/include \ --with-libpcre-libraries=${LOCALBASE}/lib \ --with-libyaml-includes=${LOCALBASE}/include \ @@ -137,13 +143,6 @@ post-install: -d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;}) .endif -TMPDIR?= /tmp -TESTDIR= ${TMPDIR}/${PORTNAME} - -regression-test: build - ${RM} -rf ${TESTDIR} - ${MKDIR} ${TESTDIR} - cd ${WRKSRC}/src && ./suricata -u -l ${TESTDIR} - ${RM} -rf ${TESTDIR} +TEST_TARGET= check .include <bsd.port.post.mk> diff --git a/security/suricata/distinfo b/security/suricata/distinfo index c111787afab4..47a9c2faf324 100644 --- a/security/suricata/distinfo +++ b/security/suricata/distinfo @@ -1,2 +1,2 @@ -SHA256 (suricata-2.0.9.tar.gz) = 4a19214d7673f9c0eba2e4e5ac78152309464186d16df48944b8f5644faa802d -SIZE (suricata-2.0.9.tar.gz) = 3089593 +SHA256 (suricata-3.0RC1.tar.gz) = 61b22ef3931c6fa37bb84ab9b7b26b6a363bde2444d6dd7b563044e8109ecbff +SIZE (suricata-3.0RC1.tar.gz) = 3292713 diff --git a/security/suricata/files/patch-PR1416 b/security/suricata/files/patch-PR1416 deleted file mode 100644 index 18bf848a18f6..000000000000 --- a/security/suricata/files/patch-PR1416 +++ /dev/null @@ -1,264 +0,0 @@ -#From d3b1545e77fc75bdc2ba2e39e307c36b4683d237 Mon Sep 17 00:00:00 2001 -#From: Victor Julien <victor@inliniac.net> -#Subject: [PATCH] pcap: implement LINKTYPE_NULL -# Implement LINKTYPE_NULL for pcap live and pcap file. -# https://github.com/inliniac/suricata/pull/1416 - -diff -rupN ./rules/decoder-events.rules ./rules.new/decoder-events.rules ---- ./rules/decoder-events.rules 2015-02-25 07:31:10.000000000 -0500 -+++ ./rules.new/decoder-events.rules 2015-04-16 21:32:05.000000000 -0400 -@@ -116,5 +116,10 @@ alert pkthdr any any -> any any (msg:"SU - alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 packet too short"; decode-event:ipv6.ipv6_in_ipv6_too_small; sid:2200084; rev:1;) - alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; sid:2200085; rev:1;) - --# next sid is 2200098 -+# linktype null -+alert pkthdr any any -> any any (msg:"SURICATA NULL pkt too small"; decode-event:ltnull.pkt_too_small; sid: 2200103; rev:1;) -+# packet has type not supported by Suricata's decoders -+alert pkthdr any any -> any any (msg:"SURICATA NULL unsupported type"; decode-event:ltnull.unsupported_type; sid: 2200104; rev:1;) -+ -+# next sid is 2200105 - -diff -rupN ./src/Makefile.am new/src/Makefile.am ---- ./src/Makefile.am 2015-02-25 07:31:10.000000000 -0500 -+++ ./src.new/Makefile.am 2015-04-16 21:33:58.000000000 -0400 -@@ -47,6 +47,7 @@ decode-icmpv4.c decode-icmpv4.h \ - decode-icmpv6.c decode-icmpv6.h \ - decode-ipv4.c decode-ipv4.h \ - decode-ipv6.c decode-ipv6.h \ -+decode-null.c decode-null.h \ - decode-ppp.c decode-ppp.h \ - decode-pppoe.c decode-pppoe.h \ - decode-raw.c decode-raw.h \ -diff -rupN ./src/decode-events.h ./src.new/decode-events.h ---- ./src/decode-events.h 2015-02-25 07:31:10.000000000 -0500 -+++ ./src.new/decode-events.h 2015-04-16 21:36:01.000000000 -0400 -@@ -145,6 +145,10 @@ enum { - /* RAW EVENTS */ - IPRAW_INVALID_IPV, /**< invalid ip version in ip raw */ - -+ /* LINKTYPE NULL EVENTS */ -+ LTNULL_PKT_TOO_SMALL, /**< pkt too small for lt:null */ -+ LTNULL_UNSUPPORTED_TYPE, /**< pkt has a type that the decoder doesn't support */ -+ - /* STREAM EVENTS */ - STREAM_3WHS_ACK_IN_WRONG_DIR, - STREAM_3WHS_ASYNC_WRONG_SEQ, -diff -rupN ./src/decode-null.c ./src.new/decode-null.c ---- ./src/decode-null.c 1969-12-31 19:00:00.000000000 -0500 -+++ ./src.new/decode-null.c 2015-04-16 20:53:44.000000000 -0400 -@@ -0,0 +1,89 @@ -+/* Copyright (C) 2015 Open Information Security Foundation -+ * -+ * You can copy, redistribute or modify this Program under the terms of -+ * the GNU General Public License version 2 as published by the Free -+ * Software Foundation. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * version 2 along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA. -+ */ -+ -+/** -+ * \ingroup decode -+ * -+ * @{ -+ */ -+ -+ -+/** -+ * \file -+ * -+ * \author Victor Julien <victor@inliniac.net> -+ * -+ * Decode linkype null: -+ * http://www.tcpdump.org/linktypes.html -+ */ -+ -+#include "suricata-common.h" -+#include "decode.h" -+#include "decode-raw.h" -+#include "decode-events.h" -+ -+#include "util-unittest.h" -+#include "util-debug.h" -+ -+#include "pkt-var.h" -+#include "util-profiling.h" -+#include "host.h" -+ -+#define HDR_SIZE 4 -+ -+int DecodeNull(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq) -+{ -+ SCPerfCounterIncr(dtv->counter_null, tv->sc_perf_pca); -+ -+ if (unlikely(len < HDR_SIZE)) { -+ ENGINE_SET_INVALID_EVENT(p, LTNULL_PKT_TOO_SMALL); -+ return TM_ECODE_FAILED; -+ } -+ -+ uint32_t type = *((uint32_t *)pkt); -+ switch(type) { -+ case AF_INET: -+ SCLogDebug("IPV4 Packet"); -+ DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p)+HDR_SIZE, GET_PKT_LEN(p)-HDR_SIZE, pq); -+ break; -+ case AF_INET6: -+ SCLogDebug("IPV6 Packet"); -+ DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p)+HDR_SIZE, GET_PKT_LEN(p)-HDR_SIZE, pq); -+ break; -+ default: -+ SCLogDebug("Unknown Null packet type version %" PRIu32 "", type); -+ ENGINE_SET_EVENT(p, LTNULL_UNSUPPORTED_TYPE); -+ break; -+ } -+ return TM_ECODE_OK; -+} -+ -+#ifdef UNITTESTS -+ -+#endif /* UNITTESTS */ -+ -+/** -+ * \brief Registers Null unit tests -+ */ -+void DecodeNullRegisterTests(void) -+{ -+#ifdef UNITTESTS -+#endif /* UNITTESTS */ -+} -+/** -+ * @} -+ */ -diff -rupN ./src/decode-null.h ./src.new/decode-null.h ---- ./src/decode-null.h 1969-12-31 19:00:00.000000000 -0500 -+++ ./src.new/decode-null.h 2015-04-16 20:53:44.000000000 -0400 -@@ -0,0 +1,28 @@ -+/* Copyright (C) 2007-2010 Open Information Security Foundation -+ * -+ * You can copy, redistribute or modify this Program under the terms of -+ * the GNU General Public License version 2 as published by the Free -+ * Software Foundation. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * version 2 along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA -+ * 02110-1301, USA. -+ */ -+ -+/** -+ * \file -+ * -+ * \author Victor Julien <victor@inliniac.net> -+ */ -+ -+#ifndef __DECODE_NULL_H__ -+#define __DECODE_NULL_H__ -+void DecodeNullRegisterTests(void); -+#endif /* __DECODE_NULL_H__ */ -+ -diff -rupN ./src/decode.c ./src.new/decode.c ---- ./src/decode.c 2015-02-25 07:31:10.000000000 -0500 -+++ ./src.new/decode.c 2015-04-16 21:38:28.000000000 -0400 -@@ -387,6 +387,8 @@ void DecodeRegisterPerfCounters(DecodeTh - SC_PERF_TYPE_UINT64, "NULL"); - dtv->counter_raw = SCPerfTVRegisterCounter("decoder.raw", tv, - SC_PERF_TYPE_UINT64, "NULL"); -+ dtv->counter_null = SCPerfTVRegisterCounter("decoder.null", tv, -+ SC_PERF_TYPE_UINT64, "NULL"); - dtv->counter_sll = SCPerfTVRegisterCounter("decoder.sll", tv, - SC_PERF_TYPE_UINT64, "NULL"); - dtv->counter_tcp = SCPerfTVRegisterCounter("decoder.tcp", tv, -diff -rupN ./src/decode.h ./src.new/decode.h ---- ./src/decode.h 2015-02-25 07:31:10.000000000 -0500 -+++ ./src.new/decode.h 2015-04-16 21:42:38.000000000 -0400 -@@ -78,6 +78,7 @@ enum PktSrcEnum { - #include "decode-udp.h" - #include "decode-sctp.h" - #include "decode-raw.h" -+#include "decode-null.h" - #include "decode-vlan.h" - - #include "detect-reference.h" -@@ -576,6 +577,7 @@ typedef struct DecodeThreadVars_ - uint16_t counter_eth; - uint16_t counter_sll; - uint16_t counter_raw; -+ uint16_t counter_null; - uint16_t counter_tcp; - uint16_t counter_udp; - uint16_t counter_sctp; -@@ -821,6 +823,7 @@ int DecodePPP(ThreadVars *, DecodeThread - int DecodePPPOESession(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); - int DecodePPPOEDiscovery(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); - int DecodeTunnel(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *, uint8_t) __attribute__ ((warn_unused_result)); -+int DecodeNull(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); - int DecodeRaw(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); - int DecodeIPV4(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); - int DecodeIPV6(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *); -@@ -921,8 +924,13 @@ void AddressDebugPrint(Address *); - #endif - #endif - -+#ifndef DLT_NULL -+#define DLT_NULL 0 -+#endif -+ - /** libpcap shows us the way to linktype codes - * \todo we need more & maybe put them in a separate file? */ -+#define LINKTYPE_NULL DLT_NULL - #define LINKTYPE_ETHERNET DLT_EN10MB - #define LINKTYPE_LINUX_SLL 113 - #define LINKTYPE_PPP 9 -diff -rupN ./src/detect-engine-event.h ./src.new/detect-engine-event.h ---- ./src/detect-engine-event.h 2015-02-25 07:31:10.000000000 -0500 -+++ ./src.new/detect-engine-event.h 2015-04-16 21:44:38.000000000 -0400 -@@ -154,6 +154,10 @@ struct DetectEngineEvents_ { - /* RAW EVENTS */ - { "ipraw.invalid_ip_version",IPRAW_INVALID_IPV, }, - -+ /* LINKTYPE NULL EVENTS */ -+ { "ltnull.pkt_too_small", LTNULL_PKT_TOO_SMALL, }, -+ { "ltnull.unsupported_type", LTNULL_UNSUPPORTED_TYPE, }, -+ - /* STREAM EVENTS */ - { "stream.3whs_ack_in_wrong_dir", STREAM_3WHS_ACK_IN_WRONG_DIR, }, - { "stream.3whs_async_wrong_seq", STREAM_3WHS_ASYNC_WRONG_SEQ, }, -diff -rupN ./src/source-pcap-file.c ./src.new/source-pcap-file.c ---- ./src/source-pcap-file.c 2015-02-25 07:31:12.000000000 -0500 -+++ ./src.new/source-pcap-file.c 2015-04-16 21:47:27.000000000 -0400 -@@ -320,6 +320,9 @@ TmEcode ReceivePcapFileThreadInit(Thread - case LINKTYPE_RAW: - pcap_g.Decoder = DecodeRaw; - break; -+ case LINKTYPE_NULL: -+ pcap_g.Decoder = DecodeNull; -+ break; - - default: - SCLogError(SC_ERR_UNIMPLEMENTED, "datalink type %" PRId32 " not " -diff -rupN ./src/source-pcap.c ./src.new/source-pcap.c ---- ./src/source-pcap.c 2015-02-25 07:31:12.000000000 -0500 -+++ ./src.new/source-pcap.c 2015-04-16 21:46:10.000000000 -0400 -@@ -741,6 +741,9 @@ TmEcode DecodePcap(ThreadVars *tv, Packe - case LINKTYPE_RAW: - DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq); - break; -+ case LINKTYPE_NULL: -+ DecodeNull(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq); -+ break; - default: - SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodePcap", p->datalink); - break; diff --git a/security/suricata/files/patch-scripts_suricatasc_suricatasc.in b/security/suricata/files/patch-scripts_suricatasc_suricatasc.in deleted file mode 100644 index cff51d0a0894..000000000000 --- a/security/suricata/files/patch-scripts_suricatasc_suricatasc.in +++ /dev/null @@ -1,11 +0,0 @@ ---- scripts/suricatasc/suricatasc.in.orig 2014-12-19 17:49:20.651663649 +0200 -+++ scripts/suricatasc/suricatasc.in 2014-12-19 17:49:59.921665563 +0200 -@@ -24,7 +24,7 @@ - args = parser.parse_args() - - if args.socket != None: -- SOCKET_PATH = "@e_localstatedir@/" + args.socket[0] -+ SOCKET_PATH = args.socket - else: - SOCKET_PATH = "@e_localstatedir@/suricata-command.socket" - diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist index 5c452acc58e8..3f22353bbdfa 100644 --- a/security/suricata/pkg-plist +++ b/security/suricata/pkg-plist @@ -45,8 +45,8 @@ bin/suricata %%NO_HTP_PORT%%include/htp/htp_urlencoded.h %%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h %%NO_HTP_PORT%%include/htp/htp_version.h -%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1 -%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1.0.0 +%%NO_HTP_PORT%%lib/libhtp-0.5.18.so.1 +%%NO_HTP_PORT%%lib/libhtp-0.5.18.so.1.0.0 %%NO_HTP_PORT%%lib/libhtp.a %%NO_HTP_PORT%%lib/libhtp.so %%NO_HTP_PORT%%libdata/pkgconfig/htp.pc |