Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 155168 - net-analyzer/snort- (Update)
Summary: net-analyzer/snort- (Update)
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: New packages (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: Netmon Herd
Depends on:
Reported: 2006-11-14 13:50 UTC by Jason Wallace
Modified: 2006-11-25 08:40 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

snort- (snort-,6.18 KB, text/plain)
2006-11-14 13:52 UTC, Jason Wallace
snort-2.6.0-genpatches.tar.bz2 (snort-2.6.0-genpatches.tar.bz2,2.90 KB, application/octet-stream)
2006-11-14 13:52 UTC, Jason Wallace
2.6.0-libnet-1.0.patch (2.6.0-libnet-1.0.patch,18.04 KB, patch)
2006-11-14 13:54 UTC, Jason Wallace
Details | Diff
snort- (snort-,7.32 KB, text/plain)
2006-11-16 10:54 UTC, Jason Wallace
snort- (snort-,7.29 KB, text/plain)
2006-11-16 11:18 UTC, Jason Wallace

Note You need to log in before you can comment on or make changes to this bug.
Description Jason Wallace 2006-11-14 13:50:40 UTC
Please find attached snort- and snort-2.6.0-genpatches.tar.bz2 which contains a new 2.6.0-libnet-1.0.patch.

This ebuild will update snort to the current stable version of The 2.6.0-libnet-1.0.patch file will fix the inline and flexresp problems from

Known Issues:

1. snortsam is broken. I tried all versions currently in portage but all of them cause snort- to fail to compile. I think this is snortsam issue. I'll work on this some more later if I get time.

2. sguil does not work with snort- I believe this problem is related to sguil not keeping pace with snort-2.6.x based on this post to the sguil list...

"Both of those patches are optional. The stream4 one has been depreciated for sancp. You can use the sfportscan processor in snort 2.6 for now. I'll put a new spp_portscan patch out for the next Sguil release." -- Bammkkkk

I added a note for people enabling sguil that they should use snort-2.4.5 until sguil catches up. I left the sguil USE flag and only commented out the sguil stuff. Should make it easer to update this ebuild when sguil catches up.

Comment 1 Jason Wallace 2006-11-14 13:52:15 UTC
Created attachment 101949 [details]
Comment 2 Jason Wallace 2006-11-14 13:52:52 UTC
Created attachment 101950 [details]
Comment 3 Jason Wallace 2006-11-14 13:54:24 UTC
Created attachment 101951 [details, diff]

This is the file contained in snort-2.6.0-genpatches.tar.bz2 for anyone that wants to look at it.
Comment 4 Jason Wallace 2006-11-16 10:54:35 UTC
Created attachment 102129 [details]

Please find attached a new snort-


1. I have fixed the snortsam problem. There was a missing ,
in their snortpatch9 file when patching snort's plugin_enum.h file. 
Should work for any current versions of snortsam now.
I sent a patch to the snortsam folks and I have added some logic 
to the ebuild to check for the problem and correct it if it is 

2. Added the following USE flags...


use.local.desc should be updated with the following...

net-analyzer/snort:flexresp2 - NEW Flexible Responses on hostile connection attempts (if you don't know what this is don't use it)
net-analyzer/snort:react - Intercept and terminate offending HTTP accesses (if you don't know what this is don't use it)

Also the net-analyzer/snort:flexresp entry should be changed to say..

net-analyzer/snort:flexresp - Flexible Responses on hostile connection attempts (if you don't know what this is don't use it)

3. Added checks to insure that both the 'flexresp' and 'flexresp2' USE
flags are not enabled. If both are enabled it shows a warning and 
defaults to flexresp2.

4. Changed the check for inline mode to use --with-libipq-includes=/usr/include/libipq
at ./configure time instaead of using append-flags. ./configure is the 
right way to do this.

5. Cleaned up the src_compile() section. There were use_with's where there should have been use_enable's

The only thing I've not tested is selinux and prelude. I don't use either of these.

Comment 5 Jason Wallace 2006-11-16 11:18:07 UTC
Created attachment 102138 [details]

Started looking at the other snort bugs and found Bug 150796. The reporter is correct there is no ssl/openssl usage in snort as of 2003-03-27, so I have removed the ssl USE flag.

Comment 6 Cédric Krier gentoo-dev 2006-11-25 08:40:35 UTC
Version in cvs