Home | Docs | Forums | Lists | Bugs | Planet | Store | GMN | Get Gentoo!

Full Text Bug Listing

flexresp support via libnet should be optional (a use flag might be overkill;
perhaps a libnet use flag would be more appropriate)?

With libnet-1.1 merged, merging snort-2.0.0 fails due to snort not liking that
version of libnet

Reproducible: Always
Steps to Reproduce:
1.
2.
3.

I wonder if the whole flexresp functionaility shouldn't be dropped as whole
actually. It gives the user of the software a false "snort will protect me from
bad guys" sense of security, while providing zero protection in the default
setup (and most people actually do run default setups) and limited
functionallity when it is in use.

Anyway, if you think it's still a good idea to keep flexresp support in Snort
I'll add the local USE flag to the ebuild.

I'd like to hear what you guys think of this.

I wasn't planning on actually using flexresp - if you want to be a black hole
(which I do), just about the worst thing you can do is start sending ICMP
unreachables or whatever when a hostile scanner passes by.

I suppose it would be easy enough for someone with proper motivation to put the
--enable-flexresp line back into the ebuild if it came out completely...

I am preparing a updated ebuild that disables flexresp by default unless a
(local) "flexresp" USE flag has been specified.

If you have anything against this please voice out now.

Ok, commited snort-2.0.5-r1:

  - Made flexresp optional (controlled by "flexresp" local USE flag)
  - Made smbalert optional (controlled by "samba" USE flag).
  - Threading support was never officially supported in Snort, and has
    been removed from ebuild now as the code is, if not already has been,
    cleaned from the source tree.
  - Updated prelude patch.
  - Assigned myself as the primary maintainer of this ebuild, with the
    hardened as the herd.