PSARC 2013/113 snort 2.9.2
authorRich Burridge <rich.burridge@oracle.com>
Fri, 14 Jun 2013 16:37:38 -0700
changeset 1345 ee87318d9935
parent 1344 48d2ae15d995
child 1346 ebb3e4503fed
PSARC 2013/113 snort 2.9.2 15793348 SUNBT7170824 Update snort to version 2.9.2
components/daq/Makefile
components/daq/patches/sfbpf.sll.h.patch
components/snort/Makefile
components/snort/Solaris/snort.pc
components/snort/Solaris/snort_preproc.pc
components/snort/patches/snort.8.patch
components/snort/patches/snort.c.patch
components/snort/patches/snort.conf.patch
components/snort/patches/solaris-build.patch
components/snort/resolve.deps
components/snort/snort.p5m
--- a/components/daq/Makefile	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/daq/Makefile	Fri Jun 14 16:37:38 2013 -0700
@@ -36,10 +36,16 @@
 include ../../make-rules/configure.mk
 include ../../make-rules/ips.mk
 
+# Solaris should really define these. See CR #15431883 and 15537286.
+CFLAGS +=	-Du_int8_t=uint8_t
+CFLAGS +=	-Du_int16_t=uint16_t
+CFLAGS +=	-Du_int32_t=uint32_t
+
 # Set -m32 or -m64 correctly for 32 and 64 bit versions.
 CC +=		$(CC_BITS)
 
 CONFIGURE_OPTIONS +=    --enable-static=no
+CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS)"
 
 ASLR_MODE = $(ASLR_ENABLE)
 
--- a/components/daq/patches/sfbpf.sll.h.patch	Thu Jun 13 17:39:51 2013 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,20 +0,0 @@
-Include in missing typedefs needed in order to build DAQ.
-
----  daq-0.6.2/sfbpf/sll.h.orig	2010-05-06 15:13:26.000000000 -0400
-+++  daq-0.6.2/sfbpf/sll.h	2012-01-13 16:27:21.000000000 -0500
[email protected]@ -82,6 +82,15 @@
- #define SLL_HDR_LEN	16          /* total header length */
- #define SLL_ADDRLEN	8           /* length of address field */
- 
-+#if defined (__SVR4) && defined (__sun)
-+
-+typedef uint8_t u_int8_t;
-+typedef uint16_t u_int16_t;
-+typedef uint32_t u_int32_t;
-+
-+#endif /* defined (__SVR4) && defined (__sun) */
-+
-+
- struct sll_header
- {
-     u_int16_t sll_pkttype;      /* packet type */
--- a/components/snort/Makefile	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/Makefile	Fri Jun 14 16:37:38 2013 -0700
@@ -26,39 +26,49 @@
 include ../../make-rules/shared-macros.mk
 
 COMPONENT_NAME=		snort
-COMPONENT_VERSION=	2.8.4.1
+COMPONENT_VERSION=	2.9.2
 COMPONENT_SRC=		$(COMPONENT_NAME)-$(COMPONENT_VERSION)
 COMPONENT_ARCHIVE=	$(COMPONENT_SRC).tar.gz
 COMPONENT_ARCHIVE_HASH=	\
-    sha256:ee7f790eb3df4e6156a7c865f1ba22855394c9e3c13fdc57d60a8647267fc209
+    sha256:04d375b627dd256d6257f2cbe5a770e4552e3f35d5e2100b97f75426b600d8cb
 COMPONENT_PROJECT_URL=	http://www.snort.org/
-# the main site does not retain older releases
-COMPONENT_ARCHIVE_URL=	http://mirror2.openwrt.org/sources/$(COMPONENT_ARCHIVE)
+COMPONENT_ARCHIVE_URL=	$(COMPONENT_PROJECT_URL)dl/snort-current/$(COMPONENT_ARCHIVE)
 COMPONENT_BUGDB=	utility/snort
 
 include ../../make-rules/prep.mk
 include ../../make-rules/configure.mk
 include ../../make-rules/ips.mk
 
-PATCH_LEVEL =	0
-
 # without this we bus error on sparc. sadly I don't see any patches
 # that might relate from the upstream (though maybe that's really
 # "happily", as this is simpler)
-studio_ALIGN.sparc.32=	-xmemalign=1i
+studio_ALIGN.sparc.64=  -xmemalign=1i
+
+# Need to recreate the configure script for gethrtime checks.
+COMPONENT_PREP_ACTION +=	(cd $(@D); autoconf);
 
-CONFIGURE_OPTIONS +=	--with-libpcre=included
-CONFIGURE_OPTIONS +=	--with-libpcap=/usr
-CONFIGURE_OPTIONS +=	--enable-static=no
+CONFIGURE_OPTIONS +=	--with-libpcre-libraries="/usr/lib/$(MACH64)"
+CONFIGURE_OPTIONS +=	--with-dnet-libraries="/usr/lib/$(MACH64)"
+CONFIGURE_OPTIONS +=	--without-mysql
+CONFIGURE_OPTIONS +=	--without-postgresql
+CONFIGURE_OPTIONS +=	--enable-zlib
+CONFIGURE_OPTIONS +=	--enable-ipv6
+CONFIGURE_OPTIONS +=	--disable-static-daq
 CONFIGURE_OPTIONS +=	CFLAGS="$(CFLAGS)"
+CONFIGURE_OPTIONS +=	LDFLAGS="$(LDFLAGS)"
+
+# Move snort shared objects to 64-bit path to stop pkglint bitching.
+COMPONENT_POST_INSTALL_ACTION += \
+	$(MV) $(PROTOUSRLIBDIR)/snort_dynamicengine $(PROTOUSRLIBDIR64); \
+	$(MV) $(PROTOUSRLIBDIR)/snort_dynamicpreprocessor $(PROTOUSRLIBDIR64) ;
 
 # Enable ASLR for this component
 ASLR_MODE = $(ASLR_ENABLE)
 
 # common targets
-build:		$(BUILD_32)
+build:		$(BUILD_64)
 
-install:	$(INSTALL_32)
+install:	$(INSTALL_64)
 
 test:		$(NO_TESTS)
 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/Solaris/snort.pc	Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,11 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=/usr/lib/64
+includedir=${prefix}/include
+
+Name: Snort
+Description: Snort dynamic plugins/detection/rules
+URL: www.snort.org
+Version: 2.9.2
+Libs: -L${libdir} -lcurl -lz -ldnet -lpcre -lpcap -lsocket -lnsl -lrt -luuid -lm -ldl -ldaq -lpthread
+Cflags: -m64 -mt -I/usr/include/pcre -DDYNAMIC_PLUGIN -DZLIB -DGRE -DMPLS -DPREPROCESSOR_AND_DECODER_RULE_EVENTS -DPPM_MGR -DENABLE_PAF -DENABLE_REACT -DENABLE_RESPOND -DENABLE_RESPONSE3 -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/Solaris/snort_preproc.pc	Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,12 @@
+prefix=/usr
+exec_prefix=${prefix}
+libdir=/usr/lib/64
+package=snort
+includedir=${prefix}/include
+
+Name: Snort
+Description: Snort dynamic preprocessors
+URL: www.snort.org
+Version: 2.9.2
+Libs: -L${libdir}/${package}/dynamic_preproc -lsf_dynamic_preproc
+Cflags: -I/usr/include/pcre -I${includedir}/${package}/dynamic_preproc  -DBSD_COMP -D_REENTRANT -DSF_WCHAR -DSUP_IP6 -DTARGET_BASED -DPERF_PROFILING -DSNORT_RELOAD -DNORMALIZER -DACTIVE_RESPONSE
--- a/components/snort/patches/snort.8.patch	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/patches/snort.8.patch	Fri Jun 14 16:37:38 2013 -0700
@@ -1,29 +1,34 @@
---- snort.8.orig	Tue May  3 11:40:24 2011
-+++ snort.8	Tue May  3 11:42:11 2011
+Adjust snort man page to be in section 1M.
+
+--- snort-2.9.2/snort.8.orig	2013-03-18 12:26:58.589074327 -0700
++++ snort-2.9.2/snort.8	2013-03-18 12:28:26.378646691 -0700
 @@ -1,8 +1,8 @@
  .\" Process this file with
 -.\" groff -man -Tascii snort.8
 +.\" groff -man -Tascii snort.1m
  .\"
  .\" $Id$
--.TH SNORT 8 "February 2009"
-+.TH SNORT 1M "February 2009"
+-.TH SNORT 8 "December 2011"
++.TH SNORT 1M "December 2011"
  .SH NAME
  Snort \- open source network intrusion detection system
  .SH SYNOPSIS
[email protected]@ -901,13 +901,13 @@
[email protected]@ -913,15 +913,15 @@
+ Causes the daemon to close all opened files and restart.
  Please \fBnote\fR that this will only work if the \fBfull\fR pathname is
- used to invoke snort in daemon mode, otherwise snort will just exit with an 
- error message being sent to  
--.B syslogd(8)
-+.B syslogd(1M)
- .
- .PP 
+ used to invoke snort in daemon mode, otherwise snort will just exit with an
+-error message being sent to \fBsyslogd(8)\fR.
++error message being sent to \fBsyslogd(1M)\fR.
+ .PP
  .IP SIGUSR1
  Causes the program to dump its current packet statistical information to the
- console or 
--.B syslogd(8)
-+.B syslogd(1M)
- if in daemon mode.
- .
+-console or \fBsyslogd(8)\fR if in daemon mode.
++console or \fBsyslogd(1M)\fR if in daemon mode.
  .PP
+ .IP SIGUSR2
+ Causes the program to rotate Perfmonitor statistical information to the 
+-console or \fBsyslogd(8)\fR if in daemon mode.
++console or \fBsyslogd(1M)\fR if in daemon mode.
+ .PP
+ .IP SIGURG
+ Causes the program to reload attribute table.
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/snort.c.patch	Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,58 @@
+Provide the directory where snort will initially look for DAQ modules.
+
+This patch has not been sent upstream, because the Solaris integration
+of libdaq is different from the way that Linux systems do this.
+
+On Linux systems, DAQ installs two static libraries:
+
+  /usr/lib/libdaq_static.a
+  /usr/lib/libdaq_static_modules.a 
+
+When snort is being configured, you see:
+
+...
+checking for daq_load_modules in -ldaq_static... yes
+...
+
+and at link time we see "-ldaq_static ... -ldaq_static_modules ...".
+
+This means that when you start snort running, it knows where to
+look for a set of DAQ modules that it loads. This is done with
+with a call to the DAQ routine daq_load_modules().
+
+On Solaris, we do not provide those two static libraries (or their 64-bit
+equivalents). Therefore, by default, a call to daq_load_modules() using
+the dynamic libraries doesn't know where to look for any DAQ modules.
+
+Now you can override this by starting snort with:
+
+  $ sudo /usr/bin/snort --daq-dir /usr/lib/64/daq
+
+  or
+
+  $ sudo /usr/bin/snort -c /etc/snort.conf
+
+or something similar, but that doesn't allow:
+
+  $ sudo /usr/bin/snort
+
+to work, right out of the box, which is what snort users would expect.
+
+To resolve this, at snort initialization time on Solaris, the code has
+been adjusted to specify a single default DAQ module directory:
+
+  /usr/lib/64/daq
+
+
+--- snort-2.9.2/src/snort.c.orig	2013-05-15 11:52:06.640833897 -0700
++++ snort-2.9.2/src/snort.c	2013-05-15 11:58:03.040482526 -0700
[email protected]@ -3677,6 +3677,9 @@
+ {
+     SnortConfig *sc = (SnortConfig *)SnortAlloc(sizeof(SnortConfig));
+ 
++    /* Define where to look for DAQ modules. */
++    ConfigDaqDir(sc, "/usr/lib/64/daq");
++
+     sc->pkt_cnt = -1;
+     sc->pkt_snaplen = -1;
+     /*user_id and group_id should be initialized to -1 by default, because
--- a/components/snort/patches/snort.conf.patch	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/patches/snort.conf.patch	Fri Jun 14 16:37:38 2013 -0700
@@ -1,159 +1,218 @@
---- etc/snort.conf.orig	Wed Mar 11 21:22:03 2009
-+++ etc/snort.conf	Wed May 20 15:22:07 2009
[email protected]@ -191,27 +191,27 @@
- # Load all dynamic preprocessors from the install path
- # (same as command line option --dynamic-preprocessor-lib-dir)
+--- snort-2.9.2/etc/snort.conf.orig	2013-05-15 07:26:24.138736340 -0700
++++ snort-2.9.2/etc/snort.conf	2013-05-15 07:36:06.628399989 -0700
[email protected]@ -143,7 +143,7 @@
+ # Configure DAQ related options for inline operation. For more information, see README.daq
  #
--dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
-+dynamicpreprocessor directory /usr/lib/snort_dynamicpreprocessor/
- #
- # Load a specific dynamic preprocessor library from the install path
- # (same as command line option --dynamic-preprocessor-lib)
- #
--# dynamicpreprocessor file /usr/local/lib/snort_dynamicpreprocessor/libdynamicexample.so
-+# dynamicpreprocessor file /usr/lib/snort_dynamicpreprocessor/libdynamicexample.so
+ # config daq: <type>
+-# config daq_dir: <dir>
++config daq_dir: /usr/lib/64/daq/
+ # config daq_mode: <mode>
+ # config daq_var: <var>
  #
- # Load a dynamic engine from the install path
- # (same as command line option --dynamic-engine-lib)
- #
[email protected]@ -217,13 +217,13 @@
+ ###################################################
+ 
+ # path to dynamic preprocessor libraries
+-dynamicpreprocessor directory /usr/local/lib/snort_dynamicpreprocessor/
++dynamicpreprocessor directory /usr/lib/64/snort_dynamicpreprocessor/
+ 
+ # path to base preprocessor engine
 -dynamicengine /usr/local/lib/snort_dynamicengine/libsf_engine.so
-+dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
- #
- # Load all dynamic rules libraries from the install path
- # (same as command line option --dynamic-detection-lib-dir)
- #
--# dynamicdetection directory /usr/local/lib/snort_dynamicrule/
-+# dynamicdetection directory /usr/lib/snort_dynamicrule/
- #
- # Load a specific dynamic rule library from the install path
- # (same as command line option --dynamic-detection-lib)
- #
--# dynamicdetection file /usr/local/lib/snort_dynamicrule/libdynamicexamplerule.so
-+# dynamicdetection file /usr/lib/snort_dynamicrule/libdynamicexamplerule.so
- #
++dynamicengine /usr/lib/64/snort_dynamicengine/libsf_engine.so
+ 
+ # path to dynamic rules libraries
+-dynamicdetection directory /usr/local/lib/snort_dynamicrules
++dynamicdetection directory /usr/lib/64/snort_dynamicrules
  
  ###################################################
[email protected]@ -307,11 +307,11 @@
- # lots of options available here. See doc/README.http_inspect.
- # unicode.map should be wherever your snort.conf lives, or given
- # a full path to where snort can find it.
--preprocessor http_inspect: global \
--    iis_unicode_map unicode.map 1252 
-+#preprocessor http_inspect: global \
-+#    iis_unicode_map unicode.map 1252 
+ # Step #5: Configure preprocessors
[email protected]@ -264,34 +264,34 @@
+ # preprocessor perfmonitor: time 300 file /var/snort/snort.stats pktcnt 10000
  
+ # HTTP normalization and anomaly detection.  For more information, see README.http_inspect
+-preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
 -preprocessor http_inspect_server: server default \
--    profile all ports { 80 8080 8180 } oversize_dir_length 500
+-    chunk_length 500000 \
+-    server_flow_depth 0 \
+-    client_flow_depth 0 \
+-    post_depth 65495 \
+-    oversize_dir_length 500 \
+-    max_header_length 750 \
+-    max_headers 100 \
+-    ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
+-    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
+-    enable_cookie \
+-    extended_response_inspection \
+-    inspect_gzip \
+-    normalize_utf \
+-    unlimited_decompress \
+-    apache_whitespace no \
+-    ascii no \
+-    bare_byte no \
+-    directory no \
+-    double_decode no \
+-    iis_backslash no \
+-    iis_delimiter no \
+-    iis_unicode no \
+-    multi_slash no \
+-   utf_8 no \
+-    u_encode yes \
+-    webroot no
++#preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
 +#preprocessor http_inspect_server: server default \
-+#    profile all ports { 80 8080 8180 } oversize_dir_length 500
++#    chunk_length 500000 \
++#    server_flow_depth 0 \
++#    client_flow_depth 0 \
++#    post_depth 65495 \
++#    oversize_dir_length 500 \
++#    max_header_length 750 \
++#    max_headers 100 \
++#    ports { 80 81 311 591 593 901 1220 1414 1830 2301 2381 2809 3128 3702 5250 7001 7777 7779 8000 8008 8028 8080 8088 8118 8123 8180 8181 8243 8280 8888 9090 9091 9443 9999 11371 } \
++#    non_rfc_char { 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 } \
++#    enable_cookie \
++#    extended_response_inspection \
++#    inspect_gzip \
++#    normalize_utf \
++#    unlimited_decompress \
++#    apache_whitespace no \
++#    ascii no \
++#    bare_byte no \
++#    directory no \
++#    double_decode no \
++#    iis_backslash no \
++#    iis_delimiter no \
++#    iis_unicode no \
++#    multi_slash no \
++#   utf_8 no \
++#    u_encode yes \
++#    webroot no
  
- #
- #  Example unique server configuration
[email protected]@ -760,7 +760,7 @@
- # such as:  c:\snort\etc\classification.config
- #
+ # ONC-RPC normalization and anomaly detection.  For more information, see the Snort Manual, Configuring Snort - Preprocessors - RPC Decode
+ preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
[email protected]@ -487,8 +487,8 @@
+ # output alert_prelude
  
+ # metadata reference data.  do not modify these lines
 -include classification.config
-+#include classification.config
+-include reference.config
++# include classification.config
++# include reference.config
  
- #
- # Include reference systems
[email protected]@ -768,7 +768,7 @@
- # such as:  c:\snort\etc\reference.config
- #
  
--include reference.config
-+#include reference.config
+ ###################################################
[email protected]@ -499,61 +499,61 @@
+ ###################################################
  
- ####################################################################
- # Step #5: Configure snort with config statements
[email protected]@ -807,45 +807,45 @@
- # README.alert_order for how rule ordering affects how alerts are triggered.
- #=========================================
+ # site specific rules
+-include $RULE_PATH/local.rules
++# include $RULE_PATH/local.rules
  
--include $RULE_PATH/local.rules
+-include $RULE_PATH/attack-responses.rules
+-include $RULE_PATH/backdoor.rules
 -include $RULE_PATH/bad-traffic.rules
+-include $RULE_PATH/blacklist.rules
+-include $RULE_PATH/botnet-cnc.rules
+-include $RULE_PATH/chat.rules
+-include $RULE_PATH/content-replace.rules
+-include $RULE_PATH/ddos.rules
+-include $RULE_PATH/dns.rules
+-include $RULE_PATH/dos.rules
 -include $RULE_PATH/exploit.rules
--include $RULE_PATH/scan.rules
 -include $RULE_PATH/finger.rules
 -include $RULE_PATH/ftp.rules
--include $RULE_PATH/telnet.rules
+-include $RULE_PATH/icmp.rules
+-include $RULE_PATH/icmp-info.rules
+-include $RULE_PATH/imap.rules
+-include $RULE_PATH/info.rules
+-include $RULE_PATH/misc.rules
+-include $RULE_PATH/multimedia.rules
+-include $RULE_PATH/mysql.rules
+-include $RULE_PATH/netbios.rules
+-include $RULE_PATH/nntp.rules
+-include $RULE_PATH/oracle.rules
+-include $RULE_PATH/other-ids.rules
+-include $RULE_PATH/p2p.rules
+-include $RULE_PATH/phishing-spam.rules
+-include $RULE_PATH/policy.rules
+-include $RULE_PATH/pop2.rules
+-include $RULE_PATH/pop3.rules
 -include $RULE_PATH/rpc.rules
 -include $RULE_PATH/rservices.rules
--include $RULE_PATH/dos.rules
--include $RULE_PATH/ddos.rules
--include $RULE_PATH/dns.rules
+-include $RULE_PATH/scada.rules
+-include $RULE_PATH/scan.rules
+-include $RULE_PATH/shellcode.rules
+-include $RULE_PATH/smtp.rules
+-include $RULE_PATH/snmp.rules
+-include $RULE_PATH/specific-threats.rules
+-include $RULE_PATH/spyware-put.rules
+-include $RULE_PATH/sql.rules
+-include $RULE_PATH/telnet.rules
 -include $RULE_PATH/tftp.rules
-+# include $RULE_PATH/local.rules
+-include $RULE_PATH/virus.rules
+-include $RULE_PATH/voip.rules
+-include $RULE_PATH/web-activex.rules
+-include $RULE_PATH/web-attacks.rules
+-include $RULE_PATH/web-cgi.rules
+-include $RULE_PATH/web-client.rules
+-include $RULE_PATH/web-coldfusion.rules
+-include $RULE_PATH/web-frontpage.rules
+-include $RULE_PATH/web-iis.rules
+-include $RULE_PATH/web-misc.rules
+-include $RULE_PATH/web-php.rules
+-include $RULE_PATH/x11.rules
++# include $RULE_PATH/attack-responses.rules
++# include $RULE_PATH/backdoor.rules
 +# include $RULE_PATH/bad-traffic.rules
-+# include $RULE_PATH/exploit.rules
-+# include $RULE_PATH/scan.rules
-+# include $RULE_PATH/finger.rules
-+# include $RULE_PATH/ftp.rules
-+# include $RULE_PATH/telnet.rules
-+# include $RULE_PATH/rpc.rules
-+# include $RULE_PATH/rservices.rules
-+# include $RULE_PATH/dos.rules
++# include $RULE_PATH/blacklist.rules
++# include $RULE_PATH/botnet-cnc.rules
++# include $RULE_PATH/chat.rules
++# include $RULE_PATH/content-replace.rules
 +# include $RULE_PATH/ddos.rules
 +# include $RULE_PATH/dns.rules
-+# include $RULE_PATH/tftp.rules
- 
--include $RULE_PATH/web-cgi.rules
--include $RULE_PATH/web-coldfusion.rules
--include $RULE_PATH/web-iis.rules
--include $RULE_PATH/web-frontpage.rules
--include $RULE_PATH/web-misc.rules
--include $RULE_PATH/web-client.rules
--include $RULE_PATH/web-php.rules
-+# include $RULE_PATH/web-cgi.rules
-+# include $RULE_PATH/web-coldfusion.rules
-+# include $RULE_PATH/web-iis.rules
-+# include $RULE_PATH/web-frontpage.rules
-+# include $RULE_PATH/web-misc.rules
-+# include $RULE_PATH/web-client.rules
-+# include $RULE_PATH/web-php.rules
- 
--include $RULE_PATH/sql.rules
--include $RULE_PATH/x11.rules
--include $RULE_PATH/icmp.rules
--include $RULE_PATH/netbios.rules
--include $RULE_PATH/misc.rules
--include $RULE_PATH/attack-responses.rules
--include $RULE_PATH/oracle.rules
--include $RULE_PATH/mysql.rules
--include $RULE_PATH/snmp.rules
-+# include $RULE_PATH/sql.rules
-+# include $RULE_PATH/x11.rules
++# include $RULE_PATH/dos.rules
++# include $RULE_PATH/exploit.rules
++# include $RULE_PATH/finger.rules
++# include $RULE_PATH/ftp.rules
 +# include $RULE_PATH/icmp.rules
-+# include $RULE_PATH/netbios.rules
++# include $RULE_PATH/icmp-info.rules
++# include $RULE_PATH/imap.rules
++# include $RULE_PATH/info.rules
 +# include $RULE_PATH/misc.rules
-+# include $RULE_PATH/attack-responses.rules
-+# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/multimedia.rules
 +# include $RULE_PATH/mysql.rules
-+# include $RULE_PATH/snmp.rules
- 
--include $RULE_PATH/smtp.rules
--include $RULE_PATH/imap.rules
--include $RULE_PATH/pop2.rules
--include $RULE_PATH/pop3.rules
-+# include $RULE_PATH/smtp.rules
-+# include $RULE_PATH/imap.rules
++# include $RULE_PATH/netbios.rules
++# include $RULE_PATH/nntp.rules
++# include $RULE_PATH/oracle.rules
++# include $RULE_PATH/other-ids.rules
++# include $RULE_PATH/p2p.rules
++# include $RULE_PATH/phishing-spam.rules
++# include $RULE_PATH/policy.rules
 +# include $RULE_PATH/pop2.rules
 +# include $RULE_PATH/pop3.rules
++# include $RULE_PATH/rpc.rules
++# include $RULE_PATH/rservices.rules
++# include $RULE_PATH/scada.rules
++# include $RULE_PATH/scan.rules
++# include $RULE_PATH/shellcode.rules
++# include $RULE_PATH/smtp.rules
++# include $RULE_PATH/snmp.rules
++# include $RULE_PATH/specific-threats.rules
++# include $RULE_PATH/spyware-put.rules
++# include $RULE_PATH/sql.rules
++# include $RULE_PATH/telnet.rules
++# include $RULE_PATH/tftp.rules
++# include $RULE_PATH/virus.rules
++# include $RULE_PATH/voip.rules
++# include $RULE_PATH/web-activex.rules
++# include $RULE_PATH/web-attacks.rules
++# include $RULE_PATH/web-cgi.rules
++# include $RULE_PATH/web-client.rules
++# include $RULE_PATH/web-coldfusion.rules
++# include $RULE_PATH/web-frontpage.rules
++# include $RULE_PATH/web-iis.rules
++# include $RULE_PATH/web-misc.rules
++# include $RULE_PATH/web-php.rules
++# include $RULE_PATH/x11.rules
  
--include $RULE_PATH/nntp.rules
--include $RULE_PATH/other-ids.rules
-+# include $RULE_PATH/nntp.rules
-+# include $RULE_PATH/other-ids.rules
- # include $RULE_PATH/web-attacks.rules
- # include $RULE_PATH/backdoor.rules
- # include $RULE_PATH/shellcode.rules
[email protected]@ -859,7 +859,7 @@
- # include $RULE_PATH/p2p.rules
- # include $RULE_PATH/spyware-put.rules
- # include $RULE_PATH/specific-threats.rules
--include $RULE_PATH/experimental.rules
-+# include $RULE_PATH/experimental.rules
- 
- # include $PREPROC_RULE_PATH/preprocessor.rules
- # include $PREPROC_RULE_PATH/decoder.rules
+ ###################################################
+ # Step #8: Customize your preprocessor and decoder alerts
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/snort/patches/solaris-build.patch	Fri Jun 14 16:37:38 2013 -0700
@@ -0,0 +1,86 @@
+This patch does three things:
+
+1/ Uses gethrtime() rather than trying to read the %tick register (the
+   latter has issues in MP environments)
+2/ Allows Studio to compile in 64-bit and normal optimization.
+3/ Removed the need to define lines like "CFLAGS += -Du_int8_t=uint8_t"
+   in the snort component Makefile.
+
+It has been sent upstream for consideration by the snort maintainers for 
+a future release.
+
+--- snort-2.9.2/configure.in.orig	2013-06-04 14:05:22.814684109 -0700
++++ snort-2.9.2/configure.in	2013-06-04 14:41:42.703306013 -0700
[email protected]@ -686,27 +686,8 @@
+     AC_MSG_RESULT(no)
+ fi
+ 
+-# check for sparc %time register
+-if eval "echo $host_cpu|grep -i sparc >/dev/null"; then
+-    OLD_CFLAGS="$CFLAGS"
+-    CFLAGS="$CFLAGS -mcpu=v9 "
+-    AC_MSG_CHECKING([for sparc %time register])
+-    AC_RUN_IFELSE(
+-    [AC_LANG_PROGRAM(
+-    [[]],
+-    [[
+-        int val;
+-        __asm__ __volatile__("rd %%tick, %0" : "=r"(val));
+-    ]])],
+-    [sparcv9="yes"],
+-    [sparcv9="no"])
+-    AC_MSG_RESULT($sparcv9)
+-    if test "x$sparcv9" = "xyes"; then
+-        AC_DEFINE([SPARCV9],[1],[For sparc v9 with %time register])
+-    else
+-        CFLAGS="$OLD_CFLAGS"
+-    fi
+-fi
++# Check for the presence of the Solaris gethrtime routine.
++AC_CHECK_FUNCS(gethrtime)
+ 
+ # modified from gnulib/m4/visibility.m4
+ AC_DEFUN([CC_VISIBILITY],
+--- snort-2.9.2/src/cpuclock.h.orig	2013-06-04 12:30:59.362777817 -0700
++++ snort-2.9.2/src/cpuclock.h	2013-06-04 14:19:42.869930833 -0700
[email protected]@ -83,26 +83,15 @@
+     val = ((uint64_t)tbl) | (((uint64_t)tbu0) << 32);  \
+ }
+ #else
+-/* SPARC */
+-#ifdef SPARCV9
+-#ifdef _LP64
++/* SOLARIS */
++#ifdef HAVE_GETHRTIME
+ #define get_clockticks(val) \
+ { \
+-    __asm__ __volatile__("rd %%tick, %0" : "=r"(val)); \
++    val = gethrtime(); \
+ }
+ #else
+-#define get_clockticks(val) \
+-{ \
+-    uint32_t a, b; \
+-    __asm__ __volatile__("rd %%tick, %0\n" \
+-                         "srlx %0, 32, %1" \
+-                         : "=r"(a), "=r"(b)); \
+-    val = ((uint64_t)a) | (((uint64_t)b) << 32); \
+-}
+-#endif /* _LP64 */
+-#else
+ #define get_clockticks(val)
+-#endif /* SPARC */
++#endif /* HAVE_GETTHRTIME */
+ #endif /* POWERPC || PPC */
+ #endif /* IA64 && HPUX */
+ #endif /* IA64 && GNUC */
+--- snort-2.9.2/src/sfutil/sf_ip.h.orig	2013-06-04 12:33:38.923475148 -0700
++++ snort-2.9.2/src/sfutil/sf_ip.h	2013-06-04 12:33:52.951704625 -0700
[email protected]@ -38,6 +38,7 @@
+ #endif
+ 
+ #include "snort_debug.h" /* for inline definition */
++#include "sf_types.h"
+ 
+ /* define SFIP_ROBUST to check pointers passed into the sfip libs.
+  * Robustification should not be enabled if the client code is trustworthy.
--- a/components/snort/resolve.deps	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/resolve.deps	Fri Jun 14 16:37:38 2013 -0700
@@ -1,7 +1,10 @@
 library/pcre
+library/zlib
 shell/ksh93
 system/core-os
 system/library
+system/library/libdaq
+system/library/libdnet
 system/library/libpcap
 system/library/math
 system/linker
--- a/components/snort/snort.p5m	Thu Jun 13 17:39:51 2013 -0700
+++ b/components/snort/snort.p5m	Fri Jun 14 16:37:38 2013 -0700
@@ -22,47 +22,174 @@
 #
 
 <transform file path=usr.*/man/.+ -> default mangler.man.stability uncommitted>
-
-set name=pkg.fmri value=pkg:/diagnostic/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
+set name=pkg.fmri \
+    value=pkg:/diagnostic/[email protected]$(IPS_COMPONENT_VERSION),$(BUILD_VERSION)
 set name=pkg.summary value="snort - Network Intrusion and Protection Detector"
-set name=com.oracle.info.description value="snort, the network intrusion and protection detector"
+set name=com.oracle.info.description \
+    value="snort, the network intrusion and protection detector"
 set name=com.oracle.info.tpno value=9027
-set name=info.classification value="org.opensolaris.category.2008:Applications/Internet"
-set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
-set name=org.opensolaris.arc-caseid \
-    value=PSARC/2009/256
+set name=info.classification \
+    value=org.opensolaris.category.2008:Applications/Internet
 set name=info.source-url value=$(COMPONENT_ARCHIVE_URL)
+set name=info.upstream-url value=$(COMPONENT_PROJECT_URL)
+set name=org.opensolaris.arc-caseid value=PSARC/2009/256 value=PSARC/2013/113
 set name=org.opensolaris.consolidation value=$(CONSOLIDATION)
-
-license snort.license license="GPLv2, BSD, LGPLv2.1"
-
 file path=etc/attribute_table.dtd
-file path=etc/classification.config mode=0644 overlay=allow preserve=renamenew \
-    original_name=SUNWsnort:etc/classification.config
+file path=etc/classification.config mode=0644 \
+    original_name=SUNWsnort:etc/classification.config overlay=allow \
+    preserve=renamenew
 file path=etc/gen-msg.map
-file path=etc/reference.config mode=0644 overlay=allow preserve=renamenew \
-    original_name=SUNWsnort:etc/reference.config
+file path=etc/reference.config mode=0644 \
+    original_name=SUNWsnort:etc/reference.config overlay=allow \
+    preserve=renamenew
 file Solaris/auth_attr path=etc/security/auth_attr.d/snort
 file Solaris/exec_attr path=etc/security/exec_attr.d/snort
-file path=etc/snort.conf mode=0644 overlay=allow preserve=renamenew \
-    original_name=SUNWsnort:etc/snort.conf
-file path=etc/threshold.conf mode=0644 overlay=allow preserve=renamenew \
-    original_name=SUNWsnort:etc/threshold.conf
+file path=etc/snort.conf mode=0644 original_name=SUNWsnort:etc/snort.conf \
+    overlay=allow preserve=renamenew
+file path=etc/threshold.conf mode=0644 \
+    original_name=SUNWsnort:etc/threshold.conf overlay=allow preserve=renamenew
 file path=etc/unicode.map
 file Solaris/snort.xml path=lib/svc/manifest/network/snort.xml
 file Solaris/snortd path=lib/svc/method/snortd
-file path=usr/bin/snort
-file path=usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
-file \
-    path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
-file path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
+file usr/bin/$(MACH64)/snort path=usr/bin/snort
+file path=usr/include/snort/dynamic_preproc/attribute_table_api.h
+file path=usr/include/snort/dynamic_preproc/bitop.h
+file path=usr/include/snort/dynamic_preproc/cpuclock.h
+file path=usr/include/snort/dynamic_preproc/idle_processing.h
+file path=usr/include/snort/dynamic_preproc/ipv6_port.h
+file path=usr/include/snort/dynamic_preproc/mempool.h
+file path=usr/include/snort/dynamic_preproc/obfuscation.h
+file path=usr/include/snort/dynamic_preproc/preprocids.h
+file path=usr/include/snort/dynamic_preproc/profiler.h
+file path=usr/include/snort/dynamic_preproc/segment_mem.h
+file path=usr/include/snort/dynamic_preproc/sfPolicy.h
+file path=usr/include/snort/dynamic_preproc/sfPolicyUserData.h
+file path=usr/include/snort/dynamic_preproc/sf_decompression.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_common.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_define.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_engine.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_meta.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_preproc_lib.h
+file path=usr/include/snort/dynamic_preproc/sf_dynamic_preprocessor.h
+file path=usr/include/snort/dynamic_preproc/sf_ip.h
+file path=usr/include/snort/dynamic_preproc/sf_preproc_info.h
+file path=usr/include/snort/dynamic_preproc/sf_protocols.h
+file path=usr/include/snort/dynamic_preproc/sf_sdlist_types.h
+file path=usr/include/snort/dynamic_preproc/sf_snort_packet.h
+file path=usr/include/snort/dynamic_preproc/sf_snort_plugin_api.h
+file path=usr/include/snort/dynamic_preproc/sfcommon.h
+file path=usr/include/snort/dynamic_preproc/sfcontrol.h
+file path=usr/include/snort/dynamic_preproc/sfrt.h
+file path=usr/include/snort/dynamic_preproc/sfrt_dir.h
+file path=usr/include/snort/dynamic_preproc/sfrt_flat.h
+file path=usr/include/snort/dynamic_preproc/sfrt_flat_dir.h
+file path=usr/include/snort/dynamic_preproc/sfrt_trie.h
+file path=usr/include/snort/dynamic_preproc/snort_bounds.h
+file path=usr/include/snort/dynamic_preproc/snort_debug.h
+file path=usr/include/snort/dynamic_preproc/ssl.h
+file path=usr/include/snort/dynamic_preproc/str_search.h
+file path=usr/include/snort/dynamic_preproc/stream_api.h
+file Solaris/snort.pc path=usr/lib/$(MACH64)/pkgconfig/snort.pc
+file Solaris/snort_preproc.pc path=usr/lib/$(MACH64)/pkgconfig/snort_preproc.pc
+#
+link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so \
+    target=libsf_engine.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so.0 \
+    target=libsf_engine.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicengine/libsf_engine.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so \
+    target=libsf_dce2_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 \
+    target=libsf_dce2_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so \
+    target=libsf_dnp3_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0 \
+    target=libsf_dnp3_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dnp3_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so \
+    target=libsf_dns_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 \
+    target=libsf_dns_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
+#
+link \
+    path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so \
+    target=libsf_ftptelnet_preproc.so.0.0.0
+link \
+    path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 \
+    target=libsf_ftptelnet_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so \
+    target=libsf_gtp_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0 \
+    target=libsf_gtp_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_gtp_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so \
+    target=libsf_imap_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so.0 \
+    target=libsf_imap_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_imap_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so \
+    target=libsf_modbus_preproc.so.0.0.0
+link \
+    path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0 \
+    target=libsf_modbus_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_modbus_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so \
+    target=libsf_pop_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so.0 \
+    target=libsf_pop_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_pop_preproc.so.0.0.0
+#
+link \
+    path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so \
+    target=libsf_reputation_preproc.so.0.0.0
+link \
+    path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0 \
+    target=libsf_reputation_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_reputation_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so \
+    target=libsf_sdf_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0 \
+    target=libsf_sdf_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sdf_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so \
+    target=libsf_sip_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so.0 \
+    target=libsf_sip_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_sip_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so \
+    target=libsf_smtp_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 \
+    target=libsf_smtp_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so \
+    target=libsf_ssh_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 \
+    target=libsf_ssh_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
+#
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so \
+    target=libsf_ssl_preproc.so.0.0.0
+link path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 \
+    target=libsf_ssl_preproc.so.0.0.0
+file path=usr/lib/$(MACH64)/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0.0.0
+#
+# Directory for containing dynamic rules libraries.
+dir  path=usr/lib/$(MACH64)/snort_dynamicrules
+#
 file path=usr/share/doc/snort/AUTHORS
 file path=usr/share/doc/snort/BUGS
 file path=usr/share/doc/snort/CREDITS
@@ -71,82 +198,57 @@
 file path=usr/share/doc/snort/PROBLEMS
 file path=usr/share/doc/snort/README
 file path=usr/share/doc/snort/README.ARUBA
-file path=usr/share/doc/snort/README.FLEXRESP
-file path=usr/share/doc/snort/README.FLEXRESP2
-file path=usr/share/doc/snort/README.INLINE
+file path=usr/share/doc/snort/README.GTP
 file path=usr/share/doc/snort/README.PLUGINS
 file path=usr/share/doc/snort/README.PerfProfiling
 file path=usr/share/doc/snort/README.SMTP
 file path=usr/share/doc/snort/README.UNSOCK
+file path=usr/share/doc/snort/README.WIN32
+file path=usr/share/doc/snort/README.active
 file path=usr/share/doc/snort/README.alert_order
 file path=usr/share/doc/snort/README.asn1
+file path=usr/share/doc/snort/README.counts
 file path=usr/share/doc/snort/README.csv
+file path=usr/share/doc/snort/README.daq
 file path=usr/share/doc/snort/README.database
-file path=usr/share/doc/snort/README.dcerpc
 file path=usr/share/doc/snort/README.dcerpc2
 file path=usr/share/doc/snort/README.decode
 file path=usr/share/doc/snort/README.decoder_preproc_rules
+file path=usr/share/doc/snort/README.dnp3
 file path=usr/share/doc/snort/README.dns
 file path=usr/share/doc/snort/README.event_queue
+file path=usr/share/doc/snort/README.filters
 file path=usr/share/doc/snort/README.flowbits
 file path=usr/share/doc/snort/README.frag3
 file path=usr/share/doc/snort/README.ftptelnet
 file path=usr/share/doc/snort/README.gre
 file path=usr/share/doc/snort/README.http_inspect
+file path=usr/share/doc/snort/README.imap
 file path=usr/share/doc/snort/README.ipip
 file path=usr/share/doc/snort/README.ipv6
+file path=usr/share/doc/snort/README.modbus
+file path=usr/share/doc/snort/README.multipleconfigs
+file path=usr/share/doc/snort/README.normalize
 file path=usr/share/doc/snort/README.pcap_readmode
+file path=usr/share/doc/snort/README.pop
 file path=usr/share/doc/snort/README.ppm
+file path=usr/share/doc/snort/README.reload
+file path=usr/share/doc/snort/README.reputation
+file path=usr/share/doc/snort/README.rzb_saac
+file path=usr/share/doc/snort/README.sensitive_data
 file path=usr/share/doc/snort/README.sfportscan
+file path=usr/share/doc/snort/README.sip
 file path=usr/share/doc/snort/README.ssh
 file path=usr/share/doc/snort/README.ssl
 file path=usr/share/doc/snort/README.stream5
 file path=usr/share/doc/snort/README.tag
 file path=usr/share/doc/snort/README.thresholding
+file path=usr/share/doc/snort/README.u2boat
 file path=usr/share/doc/snort/README.variables
-file path=usr/share/doc/snort/README.wireless
+file path=usr/share/doc/snort/TODO
 file path=usr/share/doc/snort/USAGE
+file path=usr/share/doc/snort/WISHLIST
 file path=usr/share/doc/snort/generators
 file usr/share/man/man8/snort.8 path=usr/share/man/man1m/snort.1m
-link path=usr/lib/snort_dynamicengine/libsf_engine.so \
-    target=libsf_engine.so.0.0.0
-link path=usr/lib/snort_dynamicengine/libsf_engine.so.0 \
-    target=libsf_engine.so.0.0.0
-link \
-    path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so \
-    target=lib_sfdynamic_preprocessor_example.so.0.0.0
-link \
-    path=usr/lib/snort_dynamicpreprocessor/lib_sfdynamic_preprocessor_example.so.0 \
-    target=lib_sfdynamic_preprocessor_example.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so \
-    target=libsf_dce2_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0 \
-    target=libsf_dce2_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so \
-    target=libsf_dcerpc_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0 \
-    target=libsf_dcerpc_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so \
-    target=libsf_dns_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0 \
-    target=libsf_dns_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so \
-    target=libsf_ftptelnet_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0 \
-    target=libsf_ftptelnet_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so \
-    target=libsf_smtp_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0 \
-    target=libsf_smtp_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so \
-    target=libsf_ssh_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0 \
-    target=libsf_ssh_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so \
-    target=libsf_ssl_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so.0 \
-    target=libsf_ssl_preproc.so.0.0.0
-link path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so \
-    target=lib_sfdynamic_example_rule.so.0.0.0
-link path=usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0 \
-    target=lib_sfdynamic_example_rule.so.0.0.0
+dir  path=var/log/snort owner=noaccess group=noaccess
+license snort.license license="GPLv2, BSD, LGPLv2.1"