Date: Fri, 14 Mar 2008 19:01:32 GMT From: Yousif Hassan <yousif@alumni.jmu.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/121710: [PATCH] Add flexible response support to snort_inline Message-ID: <200803141901.m2EJ1WQ1030800@www.freebsd.org> Resent-Message-ID: <200803141910.m2EJA2uo044159@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 121710
>Category: ports
>Synopsis: [PATCH] Add flexible response support to snort_inline
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: change-request
>Submitter-Id: current-users
>Arrival-Date: Fri Mar 14 19:10:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Yousif Hassan
>Release: FreeBSD 7.0-RELEASE
>Organization:
>Environment:
FreeBSD coruscant.far-far-away.com 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Wed Mar 12 20:21:04 EDT 2008 yousif@coruscant.far-far-away.com:/usr/src/sys/amd64/compile/CORUSCANT amd64
>Description:
The attached patch adds flexible response (v1) support to snort_inline. It borrows heavily from the snort port, which also has this feature.
I have fully tested the flexible response capability of libnet10 after integrating it with snort_inline... and works very well in my environment. TCP resets or UDP ICMP unreachable messages work perfectly.
This patch adds libnet10 as a dependency if this is chosen.
Also, I have reworked the Makefile to take advantage of "OPTIONS" configs, which presents a nice menu. This makes it easier to add ODBC, POSTGRESQL, and MySQL support (plus flexible responses)
Choosing flexible responses from the menu pulls in libnet10, otherwise it is not needed.
Note that flexible response v2 (needing libnet11) is unsupported due to libnet11 patches not applying cleanly. When this is cleared up for snort, it can be ported to snort_inline.
I would be grateful if the maintainer (or other relevant person(s)) would review this patch for submission.
Thanks!
>How-To-Repeat:
N/A - just apply patch to /usr/ports/security/snort_inline/Makefile and go!
>Fix:
Attached.
Patch attached with submission follows:
--- Makefile.orig 2008-03-14 14:47:14.000000000 -0400
+++ Makefile 2008-03-14 14:44:25.000000000 -0400
@@ -22,6 +22,13 @@
LIB_DEPENDS+= dnet:${PORTSDIR}/net/libdnet
+OPTIONS= MYSQL "With MySQL support" off \
+ ODBC "With ODBC support" off \
+ POSTGRESQL "With POSTGRESQL support" off \
+ FLEXRESP "With flexible responses (resp. w/packet resets)" off
+
+.include <bsd.port.pre.mk>
+
.if defined(WITH_MYSQL)
USE_MYSQL= yes
CONFIGURE_ARGS+= --with-mysql=${LOCALBASE}
@@ -47,6 +54,23 @@
CONFIGURE_ARGS+= --with-postgresql=no
.endif
+
+.if defined(WITH_FLEXRESP)
+LIBNET_CONFIG?= ${LOCALBASE}/bin/libnet10-config
+
+.if exists(${LIBNET_CONFIG})
+LIBNET_CFLAGS!= ${LIBNET_CONFIG} --cflags
+LIBNET_LIBS!= ${LIBNET_CONFIG} --libs
+LIBNET_INCDIR= ${LIBNET_CFLAGS:M-I*:S/-I//}
+LIBNET_LIBDIR= ${LIBNET_LIBS:M-L*:S/-L//}
+.endif
+
+BUILD_DEPENDS+= ${LIBNET_CONFIG}:${PORTSDIR}/net/libnet10
+CONFIGURE_ARGS+= --enable-flexresp \
+ --with-libnet-includes=${LIBNET_INCDIR} \
+ --with-libnet-libraries=${LIBNET_LIBDIR}
+.endif
+
MAN8= snort.8 snort_inline.8
DOCS= ChangeLog doc/AUTHORS doc/BUGS doc/CREDITS doc/faq* doc/NEWS \
doc/README* doc/TODO doc/USAGE doc/*.pdf
@@ -61,12 +85,9 @@
${REINPLACE_CMD} "s,$RULE_PATH/classification.config,${DATADIR}/classification.config," ${WRKSRC}/etc/snort_inline.conf
${REINPLACE_CMD} "s,$RULE_PATH/reference.config,${DATADIR}/reference.config," ${WRKSRC}/etc/snort_inline.conf
${REINPLACE_CMD} -e "s/^unicode.map/\/usr\/local\/share\/snort_inline\/unicode.map/" ${WRKSRC}/etc/snort_inline.conf
-
-pre-configure:
- @${ECHO} ""
- @${ECHO} "Set WITH_MYSQL, WITH_ODBC or WITH_POSTGRESQL"
- @${ECHO} "to get additional support."
- @${ECHO} ""
+.if defined(WITH_FLEXRESP)
+ ${REINPLACE_CMD} -e 's|libnet-config|${LIBNET_CONFIG}|g' ${WRKSRC}/configure
+.endif
post-install:
@${MKDIR} ${DATADIR}
@@ -97,4 +118,4 @@
.endif
@${CAT} ${PKGMESSAGE}
-.include <bsd.port.mk>
+.include <bsd.port.post.mk>
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200803141901.m2EJ1WQ1030800>