security/suricata: Add rules files, netmap startup support

- Install missing rules files [1] - Add netmap support and simplify pid file naming [2] PR: 204838 [1], 204834 [2] Submitted by: Bill Meeks <bmeeks8 bellsouth net> [1] Submitted by: Franco Fichtner <franco opnsense org> [2]
svn path=/head/; revision=402907
2024-11-30 01:15:52 +00:00 · 2015-12-04 05:42:17 +00:00 · 2015-12-04 05:42:17 +00:00 · fda823b11c · 2021-03-31 03:12:20 +00:00
commit fda823b11c
parent 55f4db9b5a
3 changed files with 22 additions and 7 deletions
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@ -116,7 +116,9 @@ LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
 RULES_DIR=	${CONFIG_DIR}/rules
-RULES_FILES=	decoder-events.rules dns-events.rules files.rules http-events.rules smtp-events.rules stream-events.rules tls-events.rules
+RULES_FILES=	app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
+		http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
+		tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}

 .include <bsd.port.pre.mk>
--- a/security/suricata/files/suricata.in
+++ b/security/suricata/files/suricata.in
@ -17,6 +17,8 @@
 #				Default: ${PREFIX}/etc/suricata/suricata.yaml
 # suricata_divertport (int):	Port to create divert socket (Inline Mode)
 #				Default: 8000
+# suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
+#				Default: NO


 . /etc/rc.subr
@ -32,11 +34,20 @@ load_rc_config $name
 [ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
 [ -z "$suricata_flags" ]	&& suricata_flags="-D"
 [ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
+[ -z "$suricata_netmap" ]	&& suricata_netmap="NO"

-[ -n "$suricata_interface" ]	&& suricata_flags="$suricata_flags -i $suricata_interface --pidfile /var/run/suricata_${suricata_interface}.pid" \
-				&& pidfile="/var/run/suricata_${suricata_interface}.pid"
-[ -z "$suricata_interface" ]	&& suricata_flags="$suricata_flags -d $suricata_divertport --pidfile /var/run/suricata_inline.pid" \
-				&& pidfile="/var/run/suricata_inline.pid" && info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
-[ -n "$suricata_conf" ]		&& suricata_flags="$suricata_flags -c $suricata_conf"
+if [ -n "$suricata_interface" ]; then
+	suricata_flags="$suricata_flags -i $suricata_interface"
+elif [ "$suricata_netmap" != "NO" ]; then
+	suricata_flags="$suricata_flags --netmap"
+else
+	suricata_flags="$suricata_flags -d $suricata_divertport"
+	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
+fi
+
+pidfile="/var/run/suricata.pid"
+suricata_flags="$suricata_flags --pidfile $pidfile"
+
+[ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"

 run_rc_command "$1"
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@ -60,15 +60,17 @@ bin/suricata
@sample %%ETCDIR%%/classification.config.sample
@sample %%ETCDIR%%/reference.config.sample
@sample %%ETCDIR%%/threshold.config.sample
+%%ETCDIR%%/rules/app-layer-events.rules
 %%ETCDIR%%/rules/decoder-events.rules
 %%ETCDIR%%/rules/dns-events.rules
 %%ETCDIR%%/rules/files.rules
 %%ETCDIR%%/rules/http-events.rules
+%%ETCDIR%%/rules/modbus-events.rules
 %%ETCDIR%%/rules/smtp-events.rules
 %%ETCDIR%%/rules/stream-events.rules
 %%ETCDIR%%/rules/tls-events.rules
@dir etc/suricata/rules
@dir etc/suricata
@dir(root,wheel,0700) /var/log/suricata
-@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove any configuration files left."; fi
+@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove configuration files."; fi
@dir %%DOCSDIR%%