aboutsummaryrefslogtreecommitdiff
path: root/security/suricata
diff options
context:
space:
mode:
authorKubilay Kocak <koobs@FreeBSD.org>2015-11-26 11:25:42 +0000
committerKubilay Kocak <koobs@FreeBSD.org>2015-11-26 11:25:42 +0000
commit6c541cb6787c2516f53c949b00912835713dbcd8 (patch)
treea73bf7cd16b8125a402c8f40e8b52ee0c683a492 /security/suricata
parent96dfa5abaf79d16e66195abfab99ffbe7c647b9f (diff)
downloadports-6c541cb6787c2516f53c949b00912835713dbcd8.tar.gz
ports-6c541cb6787c2516f53c949b00912835713dbcd8.zip
Notes
Diffstat (limited to 'security/suricata')
-rw-r--r--security/suricata/Makefile41
-rw-r--r--security/suricata/distinfo4
-rw-r--r--security/suricata/files/patch-PR1416264
-rw-r--r--security/suricata/files/patch-scripts_suricatasc_suricatasc.in11
-rw-r--r--security/suricata/pkg-plist4
5 files changed, 24 insertions, 300 deletions
diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index b26e8b75c258..15861288a481 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -2,7 +2,7 @@
# $FreeBSD$
PORTNAME= suricata
-PORTVERSION= 2.0.9
+DISTVERSION= 3.0RC1
CATEGORIES= security
MASTER_SITES= http://www.openinfosecfoundation.org/download/
@@ -26,10 +26,12 @@ CPE_VENDOR= openinfosecfoundation
INSTALL_TARGET= install-strip
PATHFIX_MAKEFILEIN= Makefile.am
-OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NSS PORTS_PCAP PRELUDE SC TESTS
-OPTIONS_DEFAULT= HTP_PORT IPFW JSON PRELUDE
+OPTIONS_DEFINE= GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE SC TESTS
+OPTIONS_DEFAULT= HTP_PORT IPFW JSON NETMAP PRELUDE
+
OPTIONS_RADIO= SCRIPTS
OPTIONS_RADIO_SCRIPTS= LUA LUAJIT
+
OPTIONS_SUB= yes
SCRIPTS_DESC= Scripting
@@ -40,6 +42,7 @@ IPFW_DESC= IPFW and IP Divert support for inline IDP
JSON_DESC= JSON output support
LUA_DESC= LUA scripting support
LUAJIT_DESC= LuaJIT scripting support
+NETMAP_DESC= Netmap support for inline IDP
NSS_DESC= File checksums and SSL/TLS fingerprinting
PORTS_PCAP_DESC= Use libpcap from ports
PRELUDE_DESC= Prelude support for NIDS alerts
@@ -57,16 +60,6 @@ HTP_PORT_USES_OFF= iconv:translit
IPFW_CONFIGURE_ON= --enable-ipfw
-PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap
-PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \
- --with-libpcap-libraries=${LOCALBASE}/lib
-PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \
- --with-libpcap-libraries=/usr/lib
-
-PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude
-PRELUDE_CONFIGURE_ENABLE= prelude
-PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE}
-
JSON_LIB_DEPENDS= libjansson.so:${PORTSDIR}/devel/jansson
JSON_CONFIGURE_ON= --with-libjansson-includes=${LOCALBASE}/include \
--with-libjansson-libraries=${LOCALBASE}/lib
@@ -86,6 +79,18 @@ NSS_CONFIGURE_ON= --with-libnss-includes=${LOCALBASE}/include/nss/nss \
--with-libnspr-libraries=${LOCALBASE}/lib \
--with-libnspr-includes=${LOCALBASE}/include/nspr
+NETMAP_CONFIGURE_ENABLE= netmap
+
+PORTS_PCAP_LIB_DEPENDS= libpcap.so:${PORTSDIR}/net/libpcap
+PORTS_PCAP_CONFIGURE_ON= --with-libpcap-includes=${LOCALBASE}/include \
+ --with-libpcap-libraries=${LOCALBASE}/lib
+PORTS_PCAP_CONFIGURE_OFF= --with-libpcap-includes=/usr/include \
+ --with-libpcap-libraries=/usr/lib
+
+PRELUDE_LIB_DEPENDS= libprelude.so:${PORTSDIR}/security/libprelude
+PRELUDE_CONFIGURE_ENABLE= prelude
+PRELUDE_CONFIGURE_ON= --with-libprelude-prefix=${LOCALBASE}
+
SC_USES= python
SC_CONFIGURE_ENV= ac_cv_path_HAVE_PYTHON_CONFIG=yes
SC_CONFIGURE_ENV_OFF= ac_cv_path_HAVE_PYTHON_CONFIG=no
@@ -95,6 +100,7 @@ TESTS_CONFIGURE_ENABLE= unittests
SUB_FILES= pkg-message
CONFIGURE_ARGS+=--enable-gccprotect \
+ --disable-silent-rules \
--with-libpcre-includes=${LOCALBASE}/include \
--with-libpcre-libraries=${LOCALBASE}/lib \
--with-libyaml-includes=${LOCALBASE}/include \
@@ -137,13 +143,6 @@ post-install:
-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
.endif
-TMPDIR?= /tmp
-TESTDIR= ${TMPDIR}/${PORTNAME}
-
-regression-test: build
- ${RM} -rf ${TESTDIR}
- ${MKDIR} ${TESTDIR}
- cd ${WRKSRC}/src && ./suricata -u -l ${TESTDIR}
- ${RM} -rf ${TESTDIR}
+TEST_TARGET= check
.include <bsd.port.post.mk>
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index c111787afab4..47a9c2faf324 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,2 +1,2 @@
-SHA256 (suricata-2.0.9.tar.gz) = 4a19214d7673f9c0eba2e4e5ac78152309464186d16df48944b8f5644faa802d
-SIZE (suricata-2.0.9.tar.gz) = 3089593
+SHA256 (suricata-3.0RC1.tar.gz) = 61b22ef3931c6fa37bb84ab9b7b26b6a363bde2444d6dd7b563044e8109ecbff
+SIZE (suricata-3.0RC1.tar.gz) = 3292713
diff --git a/security/suricata/files/patch-PR1416 b/security/suricata/files/patch-PR1416
deleted file mode 100644
index 18bf848a18f6..000000000000
--- a/security/suricata/files/patch-PR1416
+++ /dev/null
@@ -1,264 +0,0 @@
-#From d3b1545e77fc75bdc2ba2e39e307c36b4683d237 Mon Sep 17 00:00:00 2001
-#From: Victor Julien <victor@inliniac.net>
-#Subject: [PATCH] pcap: implement LINKTYPE_NULL
-# Implement LINKTYPE_NULL for pcap live and pcap file.
-# https://github.com/inliniac/suricata/pull/1416
-
-diff -rupN ./rules/decoder-events.rules ./rules.new/decoder-events.rules
---- ./rules/decoder-events.rules 2015-02-25 07:31:10.000000000 -0500
-+++ ./rules.new/decoder-events.rules 2015-04-16 21:32:05.000000000 -0400
-@@ -116,5 +116,10 @@ alert pkthdr any any -> any any (msg:"SU
- alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 packet too short"; decode-event:ipv6.ipv6_in_ipv6_too_small; sid:2200084; rev:1;)
- alert pkthdr any any -> any any (msg:"SURICATA IPv6-in-IPv6 invalid protocol"; decode-event:ipv6.ipv6_in_ipv6_wrong_version; sid:2200085; rev:1;)
-
--# next sid is 2200098
-+# linktype null
-+alert pkthdr any any -> any any (msg:"SURICATA NULL pkt too small"; decode-event:ltnull.pkt_too_small; sid: 2200103; rev:1;)
-+# packet has type not supported by Suricata's decoders
-+alert pkthdr any any -> any any (msg:"SURICATA NULL unsupported type"; decode-event:ltnull.unsupported_type; sid: 2200104; rev:1;)
-+
-+# next sid is 2200105
-
-diff -rupN ./src/Makefile.am new/src/Makefile.am
---- ./src/Makefile.am 2015-02-25 07:31:10.000000000 -0500
-+++ ./src.new/Makefile.am 2015-04-16 21:33:58.000000000 -0400
-@@ -47,6 +47,7 @@ decode-icmpv4.c decode-icmpv4.h \
- decode-icmpv6.c decode-icmpv6.h \
- decode-ipv4.c decode-ipv4.h \
- decode-ipv6.c decode-ipv6.h \
-+decode-null.c decode-null.h \
- decode-ppp.c decode-ppp.h \
- decode-pppoe.c decode-pppoe.h \
- decode-raw.c decode-raw.h \
-diff -rupN ./src/decode-events.h ./src.new/decode-events.h
---- ./src/decode-events.h 2015-02-25 07:31:10.000000000 -0500
-+++ ./src.new/decode-events.h 2015-04-16 21:36:01.000000000 -0400
-@@ -145,6 +145,10 @@ enum {
- /* RAW EVENTS */
- IPRAW_INVALID_IPV, /**< invalid ip version in ip raw */
-
-+ /* LINKTYPE NULL EVENTS */
-+ LTNULL_PKT_TOO_SMALL, /**< pkt too small for lt:null */
-+ LTNULL_UNSUPPORTED_TYPE, /**< pkt has a type that the decoder doesn't support */
-+
- /* STREAM EVENTS */
- STREAM_3WHS_ACK_IN_WRONG_DIR,
- STREAM_3WHS_ASYNC_WRONG_SEQ,
-diff -rupN ./src/decode-null.c ./src.new/decode-null.c
---- ./src/decode-null.c 1969-12-31 19:00:00.000000000 -0500
-+++ ./src.new/decode-null.c 2015-04-16 20:53:44.000000000 -0400
-@@ -0,0 +1,89 @@
-+/* Copyright (C) 2015 Open Information Security Foundation
-+ *
-+ * You can copy, redistribute or modify this Program under the terms of
-+ * the GNU General Public License version 2 as published by the Free
-+ * Software Foundation.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * version 2 along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-+ * 02110-1301, USA.
-+ */
-+
-+/**
-+ * \ingroup decode
-+ *
-+ * @{
-+ */
-+
-+
-+/**
-+ * \file
-+ *
-+ * \author Victor Julien <victor@inliniac.net>
-+ *
-+ * Decode linkype null:
-+ * http://www.tcpdump.org/linktypes.html
-+ */
-+
-+#include "suricata-common.h"
-+#include "decode.h"
-+#include "decode-raw.h"
-+#include "decode-events.h"
-+
-+#include "util-unittest.h"
-+#include "util-debug.h"
-+
-+#include "pkt-var.h"
-+#include "util-profiling.h"
-+#include "host.h"
-+
-+#define HDR_SIZE 4
-+
-+int DecodeNull(ThreadVars *tv, DecodeThreadVars *dtv, Packet *p, uint8_t *pkt, uint16_t len, PacketQueue *pq)
-+{
-+ SCPerfCounterIncr(dtv->counter_null, tv->sc_perf_pca);
-+
-+ if (unlikely(len < HDR_SIZE)) {
-+ ENGINE_SET_INVALID_EVENT(p, LTNULL_PKT_TOO_SMALL);
-+ return TM_ECODE_FAILED;
-+ }
-+
-+ uint32_t type = *((uint32_t *)pkt);
-+ switch(type) {
-+ case AF_INET:
-+ SCLogDebug("IPV4 Packet");
-+ DecodeIPV4(tv, dtv, p, GET_PKT_DATA(p)+HDR_SIZE, GET_PKT_LEN(p)-HDR_SIZE, pq);
-+ break;
-+ case AF_INET6:
-+ SCLogDebug("IPV6 Packet");
-+ DecodeIPV6(tv, dtv, p, GET_PKT_DATA(p)+HDR_SIZE, GET_PKT_LEN(p)-HDR_SIZE, pq);
-+ break;
-+ default:
-+ SCLogDebug("Unknown Null packet type version %" PRIu32 "", type);
-+ ENGINE_SET_EVENT(p, LTNULL_UNSUPPORTED_TYPE);
-+ break;
-+ }
-+ return TM_ECODE_OK;
-+}
-+
-+#ifdef UNITTESTS
-+
-+#endif /* UNITTESTS */
-+
-+/**
-+ * \brief Registers Null unit tests
-+ */
-+void DecodeNullRegisterTests(void)
-+{
-+#ifdef UNITTESTS
-+#endif /* UNITTESTS */
-+}
-+/**
-+ * @}
-+ */
-diff -rupN ./src/decode-null.h ./src.new/decode-null.h
---- ./src/decode-null.h 1969-12-31 19:00:00.000000000 -0500
-+++ ./src.new/decode-null.h 2015-04-16 20:53:44.000000000 -0400
-@@ -0,0 +1,28 @@
-+/* Copyright (C) 2007-2010 Open Information Security Foundation
-+ *
-+ * You can copy, redistribute or modify this Program under the terms of
-+ * the GNU General Public License version 2 as published by the Free
-+ * Software Foundation.
-+ *
-+ * This program is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ * GNU General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU General Public License
-+ * version 2 along with this program; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
-+ * 02110-1301, USA.
-+ */
-+
-+/**
-+ * \file
-+ *
-+ * \author Victor Julien <victor@inliniac.net>
-+ */
-+
-+#ifndef __DECODE_NULL_H__
-+#define __DECODE_NULL_H__
-+void DecodeNullRegisterTests(void);
-+#endif /* __DECODE_NULL_H__ */
-+
-diff -rupN ./src/decode.c ./src.new/decode.c
---- ./src/decode.c 2015-02-25 07:31:10.000000000 -0500
-+++ ./src.new/decode.c 2015-04-16 21:38:28.000000000 -0400
-@@ -387,6 +387,8 @@ void DecodeRegisterPerfCounters(DecodeTh
- SC_PERF_TYPE_UINT64, "NULL");
- dtv->counter_raw = SCPerfTVRegisterCounter("decoder.raw", tv,
- SC_PERF_TYPE_UINT64, "NULL");
-+ dtv->counter_null = SCPerfTVRegisterCounter("decoder.null", tv,
-+ SC_PERF_TYPE_UINT64, "NULL");
- dtv->counter_sll = SCPerfTVRegisterCounter("decoder.sll", tv,
- SC_PERF_TYPE_UINT64, "NULL");
- dtv->counter_tcp = SCPerfTVRegisterCounter("decoder.tcp", tv,
-diff -rupN ./src/decode.h ./src.new/decode.h
---- ./src/decode.h 2015-02-25 07:31:10.000000000 -0500
-+++ ./src.new/decode.h 2015-04-16 21:42:38.000000000 -0400
-@@ -78,6 +78,7 @@ enum PktSrcEnum {
- #include "decode-udp.h"
- #include "decode-sctp.h"
- #include "decode-raw.h"
-+#include "decode-null.h"
- #include "decode-vlan.h"
-
- #include "detect-reference.h"
-@@ -576,6 +577,7 @@ typedef struct DecodeThreadVars_
- uint16_t counter_eth;
- uint16_t counter_sll;
- uint16_t counter_raw;
-+ uint16_t counter_null;
- uint16_t counter_tcp;
- uint16_t counter_udp;
- uint16_t counter_sctp;
-@@ -821,6 +823,7 @@ int DecodePPP(ThreadVars *, DecodeThread
- int DecodePPPOESession(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
- int DecodePPPOEDiscovery(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
- int DecodeTunnel(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *, uint8_t) __attribute__ ((warn_unused_result));
-+int DecodeNull(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
- int DecodeRaw(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
- int DecodeIPV4(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
- int DecodeIPV6(ThreadVars *, DecodeThreadVars *, Packet *, uint8_t *, uint16_t, PacketQueue *);
-@@ -921,8 +924,13 @@ void AddressDebugPrint(Address *);
- #endif
- #endif
-
-+#ifndef DLT_NULL
-+#define DLT_NULL 0
-+#endif
-+
- /** libpcap shows us the way to linktype codes
- * \todo we need more & maybe put them in a separate file? */
-+#define LINKTYPE_NULL DLT_NULL
- #define LINKTYPE_ETHERNET DLT_EN10MB
- #define LINKTYPE_LINUX_SLL 113
- #define LINKTYPE_PPP 9
-diff -rupN ./src/detect-engine-event.h ./src.new/detect-engine-event.h
---- ./src/detect-engine-event.h 2015-02-25 07:31:10.000000000 -0500
-+++ ./src.new/detect-engine-event.h 2015-04-16 21:44:38.000000000 -0400
-@@ -154,6 +154,10 @@ struct DetectEngineEvents_ {
- /* RAW EVENTS */
- { "ipraw.invalid_ip_version",IPRAW_INVALID_IPV, },
-
-+ /* LINKTYPE NULL EVENTS */
-+ { "ltnull.pkt_too_small", LTNULL_PKT_TOO_SMALL, },
-+ { "ltnull.unsupported_type", LTNULL_UNSUPPORTED_TYPE, },
-+
- /* STREAM EVENTS */
- { "stream.3whs_ack_in_wrong_dir", STREAM_3WHS_ACK_IN_WRONG_DIR, },
- { "stream.3whs_async_wrong_seq", STREAM_3WHS_ASYNC_WRONG_SEQ, },
-diff -rupN ./src/source-pcap-file.c ./src.new/source-pcap-file.c
---- ./src/source-pcap-file.c 2015-02-25 07:31:12.000000000 -0500
-+++ ./src.new/source-pcap-file.c 2015-04-16 21:47:27.000000000 -0400
-@@ -320,6 +320,9 @@ TmEcode ReceivePcapFileThreadInit(Thread
- case LINKTYPE_RAW:
- pcap_g.Decoder = DecodeRaw;
- break;
-+ case LINKTYPE_NULL:
-+ pcap_g.Decoder = DecodeNull;
-+ break;
-
- default:
- SCLogError(SC_ERR_UNIMPLEMENTED, "datalink type %" PRId32 " not "
-diff -rupN ./src/source-pcap.c ./src.new/source-pcap.c
---- ./src/source-pcap.c 2015-02-25 07:31:12.000000000 -0500
-+++ ./src.new/source-pcap.c 2015-04-16 21:46:10.000000000 -0400
-@@ -741,6 +741,9 @@ TmEcode DecodePcap(ThreadVars *tv, Packe
- case LINKTYPE_RAW:
- DecodeRaw(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
- break;
-+ case LINKTYPE_NULL:
-+ DecodeNull(tv, dtv, p, GET_PKT_DATA(p), GET_PKT_LEN(p), pq);
-+ break;
- default:
- SCLogError(SC_ERR_DATALINK_UNIMPLEMENTED, "Error: datalink type %" PRId32 " not yet supported in module DecodePcap", p->datalink);
- break;
diff --git a/security/suricata/files/patch-scripts_suricatasc_suricatasc.in b/security/suricata/files/patch-scripts_suricatasc_suricatasc.in
deleted file mode 100644
index cff51d0a0894..000000000000
--- a/security/suricata/files/patch-scripts_suricatasc_suricatasc.in
+++ /dev/null
@@ -1,11 +0,0 @@
---- scripts/suricatasc/suricatasc.in.orig 2014-12-19 17:49:20.651663649 +0200
-+++ scripts/suricatasc/suricatasc.in 2014-12-19 17:49:59.921665563 +0200
-@@ -24,7 +24,7 @@
- args = parser.parse_args()
-
- if args.socket != None:
-- SOCKET_PATH = "@e_localstatedir@/" + args.socket[0]
-+ SOCKET_PATH = args.socket
- else:
- SOCKET_PATH = "@e_localstatedir@/suricata-command.socket"
-
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 5c452acc58e8..3f22353bbdfa 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -45,8 +45,8 @@ bin/suricata
%%NO_HTP_PORT%%include/htp/htp_urlencoded.h
%%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h
%%NO_HTP_PORT%%include/htp/htp_version.h
-%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1
-%%NO_HTP_PORT%%lib/libhtp-0.5.16.so.1.0.0
+%%NO_HTP_PORT%%lib/libhtp-0.5.18.so.1
+%%NO_HTP_PORT%%lib/libhtp-0.5.18.so.1.0.0
%%NO_HTP_PORT%%lib/libhtp.a
%%NO_HTP_PORT%%lib/libhtp.so
%%NO_HTP_PORT%%libdata/pkgconfig/htp.pc