snort: moved to github

Signed-off-by: Luka Perkov <luka@openwrt.org>

git-svn-id: svn://svn.openwrt.org/openwrt/packages@44148 3c298f89-4303-0410-b956-a3cf2f4a3e73

net/snort/Makefile

@@ -1,181 +0,0 @@
-
-# Copyright (C) 2006-2012 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=snort
-PKG_VERSION:=2.9.2.2
-PKG_RELEASE:=3
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=http://snort.org/dl/snort-current/
-PKG_MD5SUM:=4254389550e3be31afebc70e64e6002f
-
-PKG_BUILD_DEPENDS:=librpc
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/snort/Default
-  SUBMENU:=Firewall
-  SECTION:=net
-  CATEGORY:=Network
-  DEPENDS:=+libpcap +libpcre +libdnet +libdaq +libpthread +libuuid +zlib
-  TITLE:=Lightweight Network Intrusion Detection System
-  URL:=http://www.snort.org/
-endef
-
-define Package/snort/Default/description
-  Snort is an open source network intrusion detection and prevention system.
-  It is capable of performing real-time traffic analysis, alerting, blocking
-  and packet logging on IP networks.  It utilizes a combination of protocol
-  analysis and pattern matching in order to detect anomalies, misuse and
-  attacks.
-endef
-
-define Package/snort
-  $(call Package/snort/Default)
-  VARIANT:=basic
-endef
-
-define Package/snort/description
-  $(call Package/snort/Default/description)
-endef
-
-define Package/snort-mysql
-  $(call Package/snort/Default)
-  DEPENDS+= +libmysqlclient
-  TITLE+= (MySQL)
-  VARIANT:=mysql
-endef
-
-define Package/snort-mysql/description
-  $(call Package/snort/Default/description)
-  This package contains snort with support for logging to a MySQL database.
-endef
-
-define Package/snort-pgsql
-  $(call Package/snort/Default)
-  DEPENDS+= +libpq +libuuid
-  TITLE+= (PostgreSQL)
-  VARIANT:=pgsql
-endef
-
-define Package/snort-pgsql/description
-  $(call Package/snort/Default/description)
-  This package contains snort with support for logging to a PostgreSQL database.
-endef
-
-
-CONFIGURE_ARGS += \
-	--prefix="/usr" \
-	--enable-flexresp \
-	--with-dnet-includes="$(STAGING_DIR)/usr/include" \
-	--with-dnet-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-libpcap-includes="$(STAGING_DIR)/usr/include" \
-	--with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-libpcre-includes="$(STAGING_DIR)/usr/include" \
-	--with-libpcre-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-daq-includes="$(STAGING_DIR)/usr/include" \
-	--with-daq-libraries="$(STAGING_DIR)/usr/lib" \
-	--disable-static-daq
-
-CONFIGURE_VARS += \
-	CPPFLAGS="$$$$CPPFLAGS -I$(STAGING_DIR)/usr/include/mysql" \
-	LDFLAGS="$$$$LDFLAGS -L$(STAGING_DIR)/usr/lib/mysql" \
-	PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH" \
-
-MAKE_FLAGS += \
-	extra_incl="" \
-
-ifeq ($(BUILD_VARIANT),basic)
-
-  CONFIGURE_ARGS += \
-	--without-mysql \
-	--without-postgresql \
-
-endif
-ifeq ($(BUILD_VARIANT),mysql)
-  CONFIGURE_VARS += \
-	mysql_has_reconnect=yes
-
-  CONFIGURE_ARGS += \
-	--with-mysql="$(STAGING_DIR)/usr" \
-	--without-postgresql \
-
-endif
-ifeq ($(BUILD_VARIANT),pgsql)
-
-  CONFIGURE_ARGS += \
-	--without-mysql \
-	--with-postgresql="$(STAGING_DIR)/usr" \
-
-endif
-
-define Build/InstallDev
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/include/snort/dynamic_preproc
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/include/snort/dynamic_preproc/* \
-		$(STAGING_DIR)/usr/include/snort/dynamic_preproc/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort/dynamic_preproc
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort/dynamic_preproc/* \
-		$(STAGING_DIR)/usr/lib/snort/dynamic_preproc/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicengine
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/* \
-		$(STAGING_DIR)/usr/lib/snort_dynamicengine/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/* \
-		$(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor/
-endef
-
-define Package/snort/conffiles
-/etc/default/snort
-/etc/snort/snort.conf
-/etc/snort/threshold.conf
-endef
-
-define Package/snort/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(CP) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/snort.bin
-	$(CP) $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} $(1)/usr/bin
-	$(INSTALL_BIN) ./files/snort.bin $(1)/usr/bin/snort
-	$(INSTALL_DIR) $(1)/usr/lib/snort_dynamicengine
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/libsf_engine.so* $(1)/usr/lib/snort_dynamicengine/
-	$(INSTALL_DIR) $(1)/usr/lib/snort_dynamicpreprocessor
-	$(CP) $(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf*.so* $(1)/usr/lib/snort_dynamicpreprocessor/
-	$(INSTALL_DIR) $(1)/etc/snort
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/snort.conf $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/attribute_table.dtd $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/classification.config $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/gen-msg.map $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/reference.config $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/threshold.conf $(1)/etc/snort/
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/etc/unicode.map $(1)/etc/snort/
-	$(INSTALL_DIR) $(1)/etc/snort/preproc_rules
-	$(INSTALL_DATA) $(PKG_BUILD_DIR)/preproc_rules/*.rules $(1)/etc/snort/preproc_rules/
-	$(INSTALL_DIR) $(1)/etc/snort/rules
-	$(INSTALL_DATA) ./files/snort.local.rules $(1)/etc/snort/rules/local.rules
-	$(INSTALL_DIR) $(1)/etc/default
-	$(INSTALL_DATA) ./files/snort.default $(1)/etc/default/snort
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort
-endef
-
-Package/snort-mysql/conffiles = $(Package/snort/conffiles)
-Package/snort-mysql/install = $(Package/snort/install)
-
-Package/snort-pgsql/conffiles = $(Package/snort/conffiles)
-Package/snort-pgsql/install = $(Package/snort/install)
-
-$(eval $(call BuildPackage,snort))
-$(eval $(call BuildPackage,snort-mysql))
-$(eval $(call BuildPackage,snort-pgsql))

net/snort/files/snort.bin

@@ -1,3 +0,0 @@
-#!/bin/sh
-
-exec snort.bin --daq-dir /usr/lib/daq/ $*

net/snort/files/snort.default

@@ -1,2 +0,0 @@
-INTERFACE="lo"
-OPTIONS="-i $INTERFACE -c /etc/snort/snort.conf -D -N -q -s"

net/snort/files/snort.init

@@ -1,20 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2012 OpenWrt.org
-
-START=99
-APP=snort.bin
-BIN_FILE="/usr/bin/"$APP
-PID_FILE="/var/run/"$APP"_"$INTERFACE".pid"
-OPTIONS="--daq-dir /usr/lib/daq/"
-DEFAULT=/etc/default/snort
-LOG_D=/var/log/snort
-
-start() {
-	[ -d $LOG_D ] || mkdir -p $LOG_D
-	start-stop-daemon -S -x $APP -p $PID_FILE -b -m -- $OPTIONS
-}
-
-stop() {
-	start-stop-daemon -K -x $APP -p $PID_FILE -s TERM
-	rm -rf $PID_FILE
-}

net/snort/files/snort.local.rules

@@ -1,5 +0,0 @@
-# ----------------
-# LOCAL RULES
-# ----------------
-# This file intentionally does not come with signatures.  Put your local
-# additions here.

net/snort/patches/001-automake-compat.patch

@@ -1,4 +0,0 @@
---- /dev/null
-+++ b/acinclude.m4
-@@ -0,0 +1 @@
-+sinclude(m4/libprelude.m4)

net/snort/patches/100-INADDR_NONE.patch

@@ -1,40 +0,0 @@
---- a/configure.in
-+++ b/configure.in
-@@ -283,21 +283,22 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,i
- AC_CHECK_TYPES([boolean])
- 
- # In case INADDR_NONE is not defined (like on Solaris)
--have_inaddr_none="no"
--AC_MSG_CHECKING([for INADDR_NONE])
--AC_RUN_IFELSE(
--[AC_LANG_PROGRAM(
--[[
--#include <sys/types.h>
--#include <netinet/in.h>
--#include <arpa/inet.h>
--]],
--[[
--	if (inet_addr("10,5,2") == INADDR_NONE);
--    return 0;
--]])],
--[have_inaddr_none="yes"],
--[have_inaddr_none="no"])
-+have_inaddr_none="yes"
-+#AC_MSG_CHECKING([for INADDR_NONE])
-+#AC_RUN_IFELSE(
-+#[AC_LANG_PROGRAM(
-+#[[
-+##include <sys/types.h>
-+##include <netinet/in.h>
-+##include <arpa/inet.h>
-+#]],
-+#[[
-+#	if (inet_addr("10,5,2") == INADDR_NONE);
-+#    return 0;
-+#]])],
-+#[have_inaddr_none="yes"],
-+#[have_inaddr_none="yes"])
-+
- AC_MSG_RESULT($have_inaddr_none)
- if test "x$have_inaddr_none" = "xno"; then
- 	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])

net/snort/patches/101-PCAP.patch

@@ -1,31 +0,0 @@
---- a/configure.in
-+++ b/configure.in
-@@ -401,16 +401,18 @@ if test "x$LPCAP" = "xno"; then
- fi
- 
- AC_MSG_CHECKING([for pcap_lex_destroy])
--AC_RUN_IFELSE(
--[AC_LANG_PROGRAM(
--[[
--#include <pcap.h>
--]],
--[[
--   pcap_lex_destroy();
--]])],
--[have_pcap_lex_destroy="yes"],
--[have_pcap_lex_destroy="no"])
-+have_pcap_lex_destroy="yes"
-+#AC_RUN_IFELSE(
-+#[AC_LANG_PROGRAM(
-+#[[
-+##include <pcap.h>
-+#]],
-+#[[
-+#   pcap_lex_destroy();
-+#]])],
-+#[have_pcap_lex_destroy="yes"],
-+#[have_pcap_lex_destroy="no"])
-+
- AC_MSG_RESULT($have_pcap_lex_destroy)
- if test "x$have_pcap_lex_destroy" = "xyes"; then
-     AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])

net/snort/patches/150-config-preprocessors-disable.patch

@@ -1,491 +0,0 @@
---- a/etc/snort.conf
-+++ b/etc/snort.conf
-@@ -20,6 +20,13 @@
- #     test mode -T you are required to supply an interface -i <interface>
- #     or test mode will fail to fully validate the configuration and
- #     exit with a FATAL error
-+#!
-+#!  OpenWrt:
-+#!    Some options in this config were changed to adapt snort for OpenWrt. Any changes
-+#!    made to the original default configuration will start with '#! ' so you can track
-+#!    the changes.
-+#!
-+#!    Most preprocessors and rules were disabled to save memory.
- #--------------------------------------------------
- 
- ###################################################
-@@ -42,10 +49,12 @@
- ###################################################
- 
- # Setup the network addresses you are protecting
--ipvar HOME_NET any
-+#! ipvar HOME_NET any
-+ipvar HOME_NET 192.168.1.0/24
- 
- # Set up the external network addresses. Leave as "any" in most situations
--ipvar EXTERNAL_NET any
-+#! ipvar EXTERNAL_NET any
-+ipvar EXTERNAL_NET !$HOME_NET
- 
- # List of DNS servers on your network 
- ipvar DNS_SERVERS $HOME_NET
-@@ -101,17 +110,23 @@ ipvar AIM_SERVERS [64.12.24.0/23,64.12.2
- # Path to your rules files (this can be a relative path)
- # Note for Windows users:  You are advised to make this an absolute path,
- # such as:  c:\snort\rules
--var RULE_PATH ../rules
--var SO_RULE_PATH ../so_rules
--var PREPROC_RULE_PATH ../preproc_rules
-+#! Those paths are relative to this snort.conf file.
-+#! var RULE_PATH ../rules
-+#! var SO_RULE_PATH ../so_rules
-+#! var PREPROC_RULE_PATH ../preproc_rules
-+var RULE_PATH ./rules
-+var SO_RULE_PATH ./so_rules
-+var PREPROC_RULE_PATH ./preproc_rules
- 
- # If you are using reputation preprocessor set these
- # Currently there is a bug with relative paths, they are relative to where snort is
- # not relative to snort.conf like the above variables
- # This is completely inconsistent with how other vars work, BUG 89986
- # Set the absolute path appropriately
--var WHITE_LIST_PATH ../rules
--var BLACK_LIST_PATH ../rules
-+#! var WHITE_LIST_PATH ../rules
-+#! var BLACK_LIST_PATH ../rules
-+var WHITE_LIST_PATH ./rules
-+var BLACK_LIST_PATH ./rules
- 
- ###################################################
- # Step #2: Configure the decoder.  For more information, see README.decode
-@@ -244,13 +259,16 @@ config paf_max: 16000
- ###################################################
- 
- # path to dynamic preprocessor libraries
--dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
-+#! dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
-+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
- 
- # path to base preprocessor engine
--dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
-+#! dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
-+#! dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so #! disabled for performance reasons
- 
- # path to dynamic rules libraries
--dynamicdetection directory /usr/local/lib/snort_dynamicrules
-+#! dynamicdetection directory /usr/local/lib/snort_dynamicrules
-+#! dynamicdetection directory /usr/lib/snort_dynamicrules #! disabled for performance reasons
- 
- ###################################################
- # Step #5: Configure preprocessors
-@@ -294,124 +312,128 @@ preprocessor stream5_udp: timeout 180
- # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
- 
- # HTTP normalization and anomaly detection.  For more information, see README.http_inspect
--preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
--preprocessor http_inspect_server: server default \
--    http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
--    chunk_length 500000 \
--    server_flow_depth 0 \
--    client_flow_depth 0 \
--    post_depth 65495 \
--    oversize_dir_length 500 \
--    max_header_length 750 \
--    max_headers 100 \
--    max_spaces 0 \
--    small_chunk_length { 10 5 } \
--    ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } \
--    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
--    enable_cookie \
--    extended_response_inspection \
--    inspect_gzip \
--    normalize_utf \
--    unlimited_decompress \
--    normalize_javascript \
--    apache_whitespace no \
--    ascii no \
--    bare_byte no \
--    directory no \
--    double_decode no \
--    iis_backslash no \
--    iis_delimiter no \
--    iis_unicode no \
--    multi_slash no \
--    utf_8 no \
--    u_encode yes \
--    webroot no
-+#! disabled for performance reasons:
-+#! preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
-+#! preprocessor http_inspect_server: server default \
-+#!     http_methods { GET POST PUT SEARCH MKCOL COPY MOVE LOCK UNLOCK NOTIFY POLL BCOPY BDELETE BMOVE LINK UNLINK OPTIONS HEAD DELETE TRACE TRACK CONNECT SOURCE SUBSCRIBE UNSUBSCRIBE PROPFIND PROPPATCH BPROPFIND BPROPPATCH RPC_CONNECT PROXY_SUCCESS BITS_POST CCM_POST SMS_POST RPC_IN_DATA RPC_OUT_DATA RPC_ECHO_DATA } \
-+#!     chunk_length 500000 \
-+#!     server_flow_depth 0 \
-+#!     client_flow_depth 0 \
-+#!     post_depth 65495 \
-+#!     oversize_dir_length 500 \
-+#!     max_header_length 750 \
-+#!     max_headers 100 \
-+#!     max_spaces 0 \
-+#!     small_chunk_length { 10 5 } \
-+#!     ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 4343 5250 7001 7145 7510 7777 7779 8000 8008 8014 8028 8080 8088 8118 8123 8180 8181 8243 8280 8800 8888 8899 9080 9090 9091 9443 9999 11371 55555 } \
-+#!     non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
-+#!     enable_cookie \
-+#!     extended_response_inspection \
-+#!     inspect_gzip \
-+#!     normalize_utf \
-+#!     unlimited_decompress \
-+#!     normalize_javascript \
-+#!     apache_whitespace no \
-+#!     ascii no \
-+#!     bare_byte no \
-+#!     directory no \
-+#!     double_decode no \
-+#!     iis_backslash no \
-+#!     iis_delimiter no \
-+#!     iis_unicode no \
-+#!     multi_slash no \
-+#!     utf_8 no \
-+#!     u_encode yes \
-+#!     webroot no
- 
- # ONC-RPC normalization and anomaly detection.  For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
--preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
-+#! disabled for performance reasons:
-+#! preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
- 
- # Back Orifice detection.
--preprocessor bo
-+#! preprocessor bo #! disabled for performance reasons
- 
- # FTP / Telnet normalization and anomaly detection.  For more information, see README.ftptelnet
--preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no
--preprocessor ftp_telnet_protocol: telnet \
--    ayt_attack_thresh 20 \
--    normalize ports { 23 } \
--    detect_anomalies
--preprocessor ftp_telnet_protocol: ftp server default \
--    def_max_param_len 100 \
--    ports { 21 2100 3535 } \
--    telnet_cmds yes \
--    ignore_telnet_erase_cmds yes \
--    ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
--    ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
--    ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
--    ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
--    ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
--    ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
--    ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
--    ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
--    ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
--    ftp_cmds { XSEN XSHA1 XSHA256 } \
--    alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
--    alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
--    alt_max_param_len 256 { CWD RNTO } \
--    alt_max_param_len 400 { PORT } \
--    alt_max_param_len 512 { SIZE } \
--    chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
--    chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
--    chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
--    chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
--    chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
--    chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
--    chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ 
--    chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
--    cmd_validity ALLO < int [ char R int ] > \    
--    cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
--    cmd_validity MACB < string > \
--    cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
--    cmd_validity MODE < char ASBCZ > \
--    cmd_validity PORT < host_port > \
--    cmd_validity PROT < char CSEP > \
--    cmd_validity STRU < char FRPO [ string ] > \    
--    cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
--preprocessor ftp_telnet_protocol: ftp client default \
--    max_resp_len 256 \
--    bounce yes \
--    ignore_telnet_erase_cmds yes \
--    telnet_cmds yes
-+#! disabled for performance reasons:
-+#! preprocessor ftp_telnet: global inspection_type stateful encrypted_traffic no check_encrypted
-+#! preprocessor ftp_telnet_protocol: telnet \
-+#!     ayt_attack_thresh 20 \
-+#!     normalize ports { 23 } \
-+#!     detect_anomalies
-+#! preprocessor ftp_telnet_protocol: ftp server default \
-+#!     def_max_param_len 100 \
-+#!     ports { 21 2100 3535 } \
-+#!     telnet_cmds yes \
-+#!     ignore_telnet_erase_cmds yes \
-+#!     ftp_cmds { ABOR ACCT ADAT ALLO APPE AUTH CCC CDUP } \
-+#!     ftp_cmds { CEL CLNT CMD CONF CWD DELE ENC EPRT } \
-+#!     ftp_cmds { EPSV ESTA ESTP FEAT HELP LANG LIST LPRT } \
-+#!     ftp_cmds { LPSV MACB MAIL MDTM MIC MKD MLSD MLST } \
-+#!     ftp_cmds { MODE NLST NOOP OPTS PASS PASV PBSZ PORT } \
-+#!     ftp_cmds { PROT PWD QUIT REIN REST RETR RMD RNFR } \
-+#!     ftp_cmds { RNTO SDUP SITE SIZE SMNT STAT STOR STOU } \
-+#!     ftp_cmds { STRU SYST TEST TYPE USER XCUP XCRC XCWD } \
-+#!     ftp_cmds { XMAS XMD5 XMKD XPWD XRCP XRMD XRSQ XSEM } \
-+#!     ftp_cmds { XSEN XSHA1 XSHA256 } \
-+#!     alt_max_param_len 0 { ABOR CCC CDUP ESTA FEAT LPSV NOOP PASV PWD QUIT REIN STOU SYST XCUP XPWD } \
-+#!     alt_max_param_len 200 { ALLO APPE CMD HELP NLST RETR RNFR STOR STOU XMKD } \
-+#!     alt_max_param_len 256 { CWD RNTO } \
-+#!     alt_max_param_len 400 { PORT } \
-+#!     alt_max_param_len 512 { SIZE } \
-+#!     chk_str_fmt { ACCT ADAT ALLO APPE AUTH CEL CLNT CMD } \
-+#!     chk_str_fmt { CONF CWD DELE ENC EPRT EPSV ESTP HELP } \
-+#!     chk_str_fmt { LANG LIST LPRT MACB MAIL MDTM MIC MKD } \
-+#!     chk_str_fmt { MLSD MLST MODE NLST OPTS PASS PBSZ PORT } \
-+#!     chk_str_fmt { PROT REST RETR RMD RNFR RNTO SDUP SITE } \
-+#!     chk_str_fmt { SIZE SMNT STAT STOR STRU TEST TYPE USER } \
-+#!     chk_str_fmt { XCRC XCWD XMAS XMD5 XMKD XRCP XRMD XRSQ } \ 
-+#!     chk_str_fmt { XSEM XSEN XSHA1 XSHA256 } \
-+#!     cmd_validity ALLO < int [ char R int ] > \    
-+#!     cmd_validity EPSV < [ { char 12 | char A char L char L } ] > \
-+#!     cmd_validity MACB < string > \
-+#!     cmd_validity MDTM < [ date nnnnnnnnnnnnnn[.n[n[n]]] ] string > \
-+#!     cmd_validity MODE < char ASBCZ > \
-+#!     cmd_validity PORT < host_port > \
-+#!     cmd_validity PROT < char CSEP > \
-+#!     cmd_validity STRU < char FRPO [ string ] > \    
-+#!     cmd_validity TYPE < { char AE [ char NTC ] | char I | char L [ number ] } >
-+#! preprocessor ftp_telnet_protocol: ftp client default \
-+#!     max_resp_len 256 \
-+#!     bounce yes \
-+#!     ignore_telnet_erase_cmds yes \
-+#!     telnet_cmds yes
- 
- 
- # SMTP normalization and anomaly detection.  For more information, see README.SMTP
--preprocessor smtp: ports { 25 465 587 691 } \
--    inspection_type stateful \
--    b64_decode_depth 0 \
--    qp_decode_depth 0 \
--    bitenc_decode_depth 0 \
--    uu_decode_depth 0 \
--    log_mailfrom \
--    log_rcptto \
--    log_filename \
--    log_email_hdrs \
--    normalize cmds \
--    normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
--    normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
--    normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
--    normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
--    max_command_line_len 512 \
--    max_header_line_len 1000 \
--    max_response_line_len 512 \
--    alt_max_command_line_len 260 { MAIL } \
--    alt_max_command_line_len 300 { RCPT } \
--    alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
--    alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
--    alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
--    valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ 
--    valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
--    valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
--    valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
--    xlink2state { enabled }
-+#! disabled for performance reasons:
-+#! preprocessor smtp: ports { 25 465 587 691 } \
-+#!     inspection_type stateful \
-+#!     b64_decode_depth 0 \
-+#!     qp_decode_depth 0 \
-+#!     bitenc_decode_depth 0 \
-+#!     uu_decode_depth 0 \
-+#!     log_mailfrom \
-+#!     log_rcptto \
-+#!     log_filename \
-+#!     log_email_hdrs \
-+#!     normalize cmds \
-+#!     normalize_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \
-+#!     normalize_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
-+#!     normalize_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
-+#!     normalize_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
-+#!     max_command_line_len 512 \
-+#!     max_header_line_len 1000 \
-+#!     max_response_line_len 512 \
-+#!     alt_max_command_line_len 260 { MAIL } \
-+#!     alt_max_command_line_len 300 { RCPT } \
-+#!     alt_max_command_line_len 500 { HELP HELO ETRN EHLO } \
-+#!     alt_max_command_line_len 255 { EXPN VRFY ATRN SIZE BDAT DEBUG EMAL ESAM ESND ESOM EVFY IDENT NOOP RSET } \
-+#!     alt_max_command_line_len 246 { SEND SAML SOML AUTH TURN ETRN DATA RSET QUIT ONEX QUEU STARTTLS TICK TIME TURNME VERB X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
-+#!     valid_cmds { ATRN AUTH BDAT CHUNKING DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY } \ 
-+#!     valid_cmds { EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND SOML } \
-+#!     valid_cmds { STARTTLS TICK TIME TURN TURNME VERB VRFY X-ADAT X-DRCP X-ERCP X-EXCH50 } \
-+#!     valid_cmds { X-EXPS X-LINK2STATE XADR XAUTH XCIR XEXCH50 XGEN XLICENSE XQUE XSTA XTRN XUSR } \
-+#!     xlink2state { enabled }
- 
- # Portscan detection.  For more information, see README.sfportscan
- # preprocessor sfportscan: proto  { all } memcap { 10000000 } sense_level { low }
-@@ -430,17 +452,19 @@ preprocessor ssh: server_ports { 22 } \
-                   enable_srvoverflow enable_protomismatch
- 
- # SMB / DCE-RPC normalization and anomaly detection.  For more information, see README.dcerpc2
--preprocessor dcerpc2: memcap 102400, events [co ]
--preprocessor dcerpc2_server: default, policy WinXP, \
--    detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
--    autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
--    smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"]
-+#! disabled for performance reasons:
-+#! preprocessor dcerpc2: memcap 102400, events [co ]
-+#! preprocessor dcerpc2_server: default, policy WinXP, \
-+#!     detect [smb [139,445], tcp 135, udp 135, rpc-over-http-server 593], \
-+#!     autodetect [tcp 1025:, udp 1025:, rpc-over-http-server 1025:], \
-+#!     smb_max_chain 3, smb_invalid_shares ["C$", "D$", "ADMIN$"]
- 
- # DNS anomaly detection.  For more information, see README.dns
--preprocessor dns: ports { 53 } enable_rdata_overflow
-+#! preprocessor dns: ports { 53 } enable_rdata_overflow #! disabled for performance reasons
- 
- # SSL anomaly detection and traffic bypass.  For more information, see README.ssl
--preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted
-+#! disabled for performance reasons:
-+#! preprocessor ssl: ports { 443 465 563 636 989 992 993 994 995 7801 7802 7900 7901 7902 7903 7904 7905 7906 7907 7908 7909 7910 7911 7912 7913 7914 7915 7916 7917 7918 7919 7920 }, trustservers, noinspect_encrypted
- 
- # SDF sensitive data preprocessor.  For more information see README.sensitive_data
- preprocessor sensitive_data: alert_threshold 25
-@@ -503,12 +527,13 @@ preprocessor dnp3: ports { 20000 } \
-    check_crc
- 
- # Reputation preprocessor. For more information see README.reputation
--preprocessor reputation: \
--   memcap 500, \
--   priority whitelist, \
--   nested_ip inner, \
--   whitelist $WHITE_LIST_PATH/white_list.rules, \
--   blacklist $BLACK_LIST_PATH/black_list.rules 
-+#! disabled for performance reasons:
-+#! preprocessor reputation: \
-+#!    memcap 500, \
-+#!    priority whitelist, \
-+#!    nested_ip inner, \
-+#!    whitelist $WHITE_LIST_PATH/white_list.rules, \
-+#!    blacklist $BLACK_LIST_PATH/black_list.rules 
- 
- ###################################################
- # Step #6: Configure output plugins
-@@ -551,60 +576,71 @@ include reference.config
- # site specific rules
- include $RULE_PATH/local.rules
- 
--include $RULE_PATH/attack-responses.rules
--include $RULE_PATH/backdoor.rules
--include $RULE_PATH/bad-traffic.rules
--include $RULE_PATH/blacklist.rules
--include $RULE_PATH/botnet-cnc.rules
--include $RULE_PATH/chat.rules
--include $RULE_PATH/content-replace.rules
--include $RULE_PATH/ddos.rules
--include $RULE_PATH/dns.rules
--include $RULE_PATH/dos.rules
--include $RULE_PATH/exploit.rules
--include $RULE_PATH/file-identify.rules
--include $RULE_PATH/finger.rules
--include $RULE_PATH/ftp.rules
--include $RULE_PATH/icmp.rules
--include $RULE_PATH/icmp-info.rules
--include $RULE_PATH/imap.rules
--include $RULE_PATH/info.rules
--include $RULE_PATH/misc.rules
--include $RULE_PATH/multimedia.rules
--include $RULE_PATH/mysql.rules
--include $RULE_PATH/netbios.rules
--include $RULE_PATH/nntp.rules
--include $RULE_PATH/oracle.rules
--include $RULE_PATH/other-ids.rules
--include $RULE_PATH/p2p.rules
--include $RULE_PATH/phishing-spam.rules
--include $RULE_PATH/policy.rules
--include $RULE_PATH/pop2.rules
--include $RULE_PATH/pop3.rules
--include $RULE_PATH/rpc.rules
--include $RULE_PATH/rservices.rules
--include $RULE_PATH/scada.rules
--include $RULE_PATH/scan.rules
--include $RULE_PATH/shellcode.rules
--include $RULE_PATH/smtp.rules
--include $RULE_PATH/snmp.rules
--include $RULE_PATH/specific-threats.rules
--include $RULE_PATH/spyware-put.rules
--include $RULE_PATH/sql.rules
--include $RULE_PATH/telnet.rules
--include $RULE_PATH/tftp.rules
--include $RULE_PATH/virus.rules
--include $RULE_PATH/voip.rules
--include $RULE_PATH/web-activex.rules
--include $RULE_PATH/web-attacks.rules
--include $RULE_PATH/web-cgi.rules
--include $RULE_PATH/web-client.rules
--include $RULE_PATH/web-coldfusion.rules
--include $RULE_PATH/web-frontpage.rules
--include $RULE_PATH/web-iis.rules
--include $RULE_PATH/web-misc.rules
--include $RULE_PATH/web-php.rules
--include $RULE_PATH/x11.rules
-+#! include $RULE_PATH/attack-responses.rules
-+#! include $RULE_PATH/backdoor.rules
-+#! include $RULE_PATH/bad-traffic.rules
-+#! include $RULE_PATH/blacklist.rules
-+#! include $RULE_PATH/botnet-cnc.rules
-+#! include $RULE_PATH/chat.rules
-+#! include $RULE_PATH/content-replace.rules
-+#! include $RULE_PATH/ddos.rules
-+#! include $RULE_PATH/dns.rules
-+#! include $RULE_PATH/dos.rules
-+#! include $RULE_PATH/exploit.rules
-+#! include $RULE_PATH/file-identify.rules
-+#! include $RULE_PATH/file-office.rules
-+#! include $RULE_PATH/file-other.rules
-+#! include $RULE_PATH/file-pdf.rules
-+#! include $RULE_PATH/finger.rules
-+#! include $RULE_PATH/ftp.rules
-+#! include $RULE_PATH/icmp.rules
-+#! include $RULE_PATH/icmp-info.rules
-+#! include $RULE_PATH/imap.rules
-+#! include $RULE_PATH/indicator-compromise.rules
-+#! include $RULE_PATH/indicator-obfuscation.rules
-+#! include $RULE_PATH/info.rules
-+#! include $RULE_PATH/misc.rules
-+#! include $RULE_PATH/multimedia.rules
-+#! include $RULE_PATH/mysql.rules
-+#! include $RULE_PATH/netbios.rules
-+#! include $RULE_PATH/nntp.rules
-+#! include $RULE_PATH/oracle.rules
-+#! include $RULE_PATH/other-ids.rules
-+#! include $RULE_PATH/p2p.rules
-+#! include $RULE_PATH/phishing-spam.rules
-+#! include $RULE_PATH/policy.rules
-+#! include $RULE_PATH/policy-multimedia.rules
-+#! include $RULE_PATH/policy-other.rules
-+#! include $RULE_PATH/policy-social.rules
-+#! include $RULE_PATH/pop2.rules
-+#! include $RULE_PATH/pop3.rules
-+#! include $RULE_PATH/pua-p2p.rules
-+#! include $RULE_PATH/pua-toolbars.rules
-+#! include $RULE_PATH/rpc.rules
-+#! include $RULE_PATH/rservices.rules
-+#! include $RULE_PATH/scada.rules
-+#! include $RULE_PATH/scan.rules
-+#! include $RULE_PATH/server-mail.rules
-+#! include $RULE_PATH/shellcode.rules
-+#! include $RULE_PATH/smtp.rules
-+#! include $RULE_PATH/snmp.rules
-+#! include $RULE_PATH/specific-threats.rules
-+#! include $RULE_PATH/spyware-put.rules
-+#! include $RULE_PATH/sql.rules
-+#! include $RULE_PATH/telnet.rules
-+#! include $RULE_PATH/tftp.rules
-+#! include $RULE_PATH/virus.rules
-+#! include $RULE_PATH/voip.rules
-+#! include $RULE_PATH/web-activex.rules
-+#! include $RULE_PATH/web-attacks.rules
-+#! include $RULE_PATH/web-cgi.rules
-+#! include $RULE_PATH/web-client.rules
-+#! include $RULE_PATH/web-coldfusion.rules
-+#! include $RULE_PATH/web-frontpage.rules
-+#! include $RULE_PATH/web-iis.rules
-+#! include $RULE_PATH/web-misc.rules
-+#! include $RULE_PATH/web-php.rules
-+#! include $RULE_PATH/x11.rules
- 
- ###################################################
- # Step #8: Customize your preprocessor and decoder alerts

net/snort/patches/160-mysql_cross_compiling_checks.patch

@@ -1,66 +0,0 @@
---- a/configure.in
-+++ b/configure.in
-@@ -1128,63 +1128,6 @@ if test "x$with_mysql" != "xno"; then
-     fi
-   fi
- 
--  AC_MSG_CHECKING([for mysql default client reconnect])
--
--  AC_RUN_IFELSE(
--  [AC_LANG_PROGRAM(
--  [[
--  #include <mysql.h>
--  ]],
--  [[
--      if (mysql_get_client_version() < 50003)
--          return 1;
--  ]])],
--  [mysql_default_reconnect="no"],
--  [mysql_default_reconnect="yes"])
--
--  AC_MSG_RESULT($mysql_default_reconnect)
--
--  if test "x$mysql_default_reconnect" = "xno"; then
--      AC_MSG_CHECKING([for mysql reconnect option])
--
--      AC_RUN_IFELSE(
--      [AC_LANG_PROGRAM(
--      [[
--      #include <mysql.h>
--      ]],
--      [[
--          if (mysql_get_client_version() < 50013)
--              return 1;
--      ]])],
--      [mysql_has_reconnect="yes"],
--      [mysql_has_reconnect="no"])
--
--      AC_MSG_RESULT($mysql_has_reconnect)
--
--      if test "x$mysql_has_reconnect" = "xyes"; then
--          AC_DEFINE([MYSQL_HAS_OPT_RECONNECT],[1],[For MySQL versions 5.0.13 and greater])
--
--          AC_MSG_CHECKING([for mysql setting of reconnect option before connect bug])
--
--          AC_RUN_IFELSE(
--          [AC_LANG_PROGRAM(
--          [[
--          #include <mysql.h>
--          ]],
--          [[
--              if (mysql_get_client_version() < 50019)
--                  return 1;
--          ]])],
--          [mysql_has_reconnect_bug="no"],
--          [mysql_has_reconnect_bug="yes"])
--
--          AC_MSG_RESULT($mysql_has_reconnect_bug)
--
--          if test "x$mysql_has_reconnect_bug" = "xyes"; then
--              AC_DEFINE([MYSQL_HAS_OPT_RECONNECT_BUG],[1],[For MySQL versions 5.0.13 to 5.0.18])
--          fi
--      fi
--  fi
- fi
- 
- AC_ARG_WITH(odbc,