Updated snort to Version 2.8.4

2026-04-09 18:45:54 +02:00 · 2009-04-24 12:01:17 +02:00
parent 4fafa702e8
commit 8581d1ef9e
5 changed files with 712 additions and 148 deletions
--- a/config/rootfiles/common/snort
+++ b/config/rootfiles/common/snort
@@ -691,6 +691,11 @@ usr/lib/snort_dynamicrules
 #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so
 #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0
 #usr/lib/snort_dynamicrules/lib_sfdynamic_example_rule.so.0.0.0
+#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so.0.0.0
 usr/sbin/snort
 #usr/share/doc/snort
 #usr/share/doc/snort/AUTHORS
@@ -714,6 +719,7 @@ usr/sbin/snort
 #usr/share/doc/snort/README.csv
 #usr/share/doc/snort/README.database
 #usr/share/doc/snort/README.dcerpc
+#usr/share/doc/snort/README.dcerpc2
 #usr/share/doc/snort/README.decode
 #usr/share/doc/snort/README.decoder_preproc_rules
 #usr/share/doc/snort/README.dns
--- a/config/rootfiles/snort
+++ b/config/rootfiles/snort
@@ -0,0 +1,680 @@
+#etc/snort
+#etc/snort/docs
+#etc/snort/docs/100000100.txt
+#etc/snort/docs/100000101.txt
+#etc/snort/docs/100000102.txt
+#etc/snort/docs/100000103.txt
+#etc/snort/docs/100000104.txt
+#etc/snort/docs/100000105.txt
+#etc/snort/docs/100000106.txt
+#etc/snort/docs/100000107.txt
+#etc/snort/docs/100000108.txt
+#etc/snort/docs/100000109.txt
+#etc/snort/docs/100000110.txt
+#etc/snort/docs/100000111.txt
+#etc/snort/docs/100000112.txt
+#etc/snort/docs/100000113.txt
+#etc/snort/docs/100000114.txt
+#etc/snort/docs/100000115.txt
+#etc/snort/docs/100000116.txt
+#etc/snort/docs/100000117.txt
+#etc/snort/docs/100000118.txt
+#etc/snort/docs/100000119.txt
+#etc/snort/docs/100000121.txt
+#etc/snort/docs/100000122.txt
+#etc/snort/docs/100000123.txt
+#etc/snort/docs/100000124.txt
+#etc/snort/docs/100000125.txt
+#etc/snort/docs/100000126.txt
+#etc/snort/docs/100000127.txt
+#etc/snort/docs/100000128.txt
+#etc/snort/docs/100000129.txt
+#etc/snort/docs/100000130.txt
+#etc/snort/docs/100000131.txt
+#etc/snort/docs/100000132.txt
+#etc/snort/docs/100000133.txt
+#etc/snort/docs/100000134.txt
+#etc/snort/docs/100000135.txt
+#etc/snort/docs/100000136.txt
+#etc/snort/docs/100000138.txt
+#etc/snort/docs/100000139.txt
+#etc/snort/docs/100000140.txt
+#etc/snort/docs/100000141.txt
+#etc/snort/docs/100000142.txt
+#etc/snort/docs/100000143.txt
+#etc/snort/docs/100000144.txt
+#etc/snort/docs/100000145.txt
+#etc/snort/docs/100000146.txt
+#etc/snort/docs/100000148.txt
+#etc/snort/docs/100000152.txt
+#etc/snort/docs/100000153.txt
+#etc/snort/docs/100000154.txt
+#etc/snort/docs/100000155.txt
+#etc/snort/docs/100000158.txt
+#etc/snort/docs/100000159.txt
+#etc/snort/docs/100000160.txt
+#etc/snort/docs/100000161.txt
+#etc/snort/docs/100000162.txt
+#etc/snort/docs/100000163.txt
+#etc/snort/docs/100000164.txt
+#etc/snort/docs/100000165.txt
+#etc/snort/docs/100000166.txt
+#etc/snort/docs/100000167.txt
+#etc/snort/docs/100000168.txt
+#etc/snort/docs/100000169.txt
+#etc/snort/docs/100000170.txt
+#etc/snort/docs/100000171.txt
+#etc/snort/docs/100000172.txt
+#etc/snort/docs/100000173.txt
+#etc/snort/docs/100000174.txt
+#etc/snort/docs/100000175.txt
+#etc/snort/docs/100000176.txt
+#etc/snort/docs/100000177.txt
+#etc/snort/docs/100000178.txt
+#etc/snort/docs/100000179.txt
+#etc/snort/docs/100000226.txt
+#etc/snort/docs/100000315.txt
+#etc/snort/docs/100000316.txt
+#etc/snort/docs/100000317.txt
+#etc/snort/docs/100000318.txt
+#etc/snort/docs/100000319.txt
+#etc/snort/docs/100000320.txt
+#etc/snort/docs/100000321.txt
+#etc/snort/docs/100000322.txt
+#etc/snort/docs/100000323.txt
+#etc/snort/docs/100000324.txt
+#etc/snort/docs/100000325.txt
+#etc/snort/docs/100000326.txt
+#etc/snort/docs/100000327.txt
+#etc/snort/docs/100000328.txt
+#etc/snort/docs/100000329.txt
+#etc/snort/docs/100000330.txt
+#etc/snort/docs/100000331.txt
+#etc/snort/docs/100000332.txt
+#etc/snort/docs/100000333.txt
+#etc/snort/docs/100000334.txt
+#etc/snort/docs/100000335.txt
+#etc/snort/docs/100000336.txt
+#etc/snort/docs/100000337.txt
+#etc/snort/docs/100000338.txt
+#etc/snort/docs/100000339.txt
+#etc/snort/docs/100000340.txt
+#etc/snort/docs/100000341.txt
+#etc/snort/docs/100000342.txt
+#etc/snort/docs/100000343.txt
+#etc/snort/docs/100000344.txt
+#etc/snort/docs/100000345.txt
+#etc/snort/docs/100000346.txt
+#etc/snort/docs/100000347.txt
+#etc/snort/docs/100000348.txt
+#etc/snort/docs/100000349.txt
+#etc/snort/docs/100000350.txt
+#etc/snort/docs/100000351.txt
+#etc/snort/docs/100000352.txt
+#etc/snort/docs/100000353.txt
+#etc/snort/docs/100000354.txt
+#etc/snort/docs/100000355.txt
+#etc/snort/docs/100000356.txt
+#etc/snort/docs/100000357.txt
+#etc/snort/docs/100000358.txt
+#etc/snort/docs/100000359.txt
+#etc/snort/docs/100000360.txt
+#etc/snort/docs/100000361.txt
+#etc/snort/docs/100000362.txt
+#etc/snort/docs/100000363.txt
+#etc/snort/docs/100000364.txt
+#etc/snort/docs/100000365.txt
+#etc/snort/docs/100000366.txt
+#etc/snort/docs/100000367.txt
+#etc/snort/docs/100000368.txt
+#etc/snort/docs/100000369.txt
+#etc/snort/docs/100000370.txt
+#etc/snort/docs/100000371.txt
+#etc/snort/docs/100000372.txt
+#etc/snort/docs/100000373.txt
+#etc/snort/docs/100000374.txt
+#etc/snort/docs/100000375.txt
+#etc/snort/docs/100000376.txt
+#etc/snort/docs/100000377.txt
+#etc/snort/docs/100000378.txt
+#etc/snort/docs/100000379.txt
+#etc/snort/docs/100000380.txt
+#etc/snort/docs/100000381.txt
+#etc/snort/docs/100000382.txt
+#etc/snort/docs/100000383.txt
+#etc/snort/docs/100000384.txt
+#etc/snort/docs/100000385.txt
+#etc/snort/docs/100000386.txt
+#etc/snort/docs/100000387.txt
+#etc/snort/docs/100000388.txt
+#etc/snort/docs/100000389.txt
+#etc/snort/docs/100000390.txt
+#etc/snort/docs/100000391.txt
+#etc/snort/docs/100000392.txt
+#etc/snort/docs/100000393.txt
+#etc/snort/docs/100000394.txt
+#etc/snort/docs/100000395.txt
+#etc/snort/docs/100000396.txt
+#etc/snort/docs/100000397.txt
+#etc/snort/docs/100000398.txt
+#etc/snort/docs/100000399.txt
+#etc/snort/docs/100000400.txt
+#etc/snort/docs/100000401.txt
+#etc/snort/docs/100000402.txt
+#etc/snort/docs/100000403.txt
+#etc/snort/docs/100000404.txt
+#etc/snort/docs/100000405.txt
+#etc/snort/docs/100000406.txt
+#etc/snort/docs/100000407.txt
+#etc/snort/docs/100000408.txt
+#etc/snort/docs/100000409.txt
+#etc/snort/docs/100000410.txt
+#etc/snort/docs/100000411.txt
+#etc/snort/docs/100000412.txt
+#etc/snort/docs/100000413.txt
+#etc/snort/docs/100000414.txt
+#etc/snort/docs/100000415.txt
+#etc/snort/docs/100000416.txt
+#etc/snort/docs/100000417.txt
+#etc/snort/docs/100000418.txt
+#etc/snort/docs/100000419.txt
+#etc/snort/docs/100000420.txt
+#etc/snort/docs/100000421.txt
+#etc/snort/docs/100000422.txt
+#etc/snort/docs/100000423.txt
+#etc/snort/docs/100000424.txt
+#etc/snort/docs/100000425.txt
+#etc/snort/docs/100000426.txt
+#etc/snort/docs/100000430.txt
+#etc/snort/docs/100000431.txt
+#etc/snort/docs/100000432.txt
+#etc/snort/docs/100000433.txt
+#etc/snort/docs/100000434.txt
+#etc/snort/docs/100000435.txt
+#etc/snort/docs/100000436.txt
+#etc/snort/docs/100000437.txt
+#etc/snort/docs/100000438.txt
+#etc/snort/docs/100000439.txt
+#etc/snort/docs/100000440.txt
+#etc/snort/docs/100000441.txt
+#etc/snort/docs/100000442.txt
+#etc/snort/docs/100000443.txt
+#etc/snort/docs/100000444.txt
+#etc/snort/docs/100000445.txt
+#etc/snort/docs/100000446.txt
+#etc/snort/docs/100000448.txt
+#etc/snort/docs/100000449.txt
+#etc/snort/docs/100000450.txt
+#etc/snort/docs/100000451.txt
+#etc/snort/docs/100000452.txt
+#etc/snort/docs/100000453.txt
+#etc/snort/docs/100000454.txt
+#etc/snort/docs/100000455.txt
+#etc/snort/docs/100000456.txt
+#etc/snort/docs/100000457.txt
+#etc/snort/docs/100000458.txt
+#etc/snort/docs/100000459.txt
+#etc/snort/docs/100000461.txt
+#etc/snort/docs/100000462.txt
+#etc/snort/docs/100000463.txt
+#etc/snort/docs/100000464.txt
+#etc/snort/docs/100000465.txt
+#etc/snort/docs/100000466.txt
+#etc/snort/docs/100000467.txt
+#etc/snort/docs/100000468.txt
+#etc/snort/docs/100000469.txt
+#etc/snort/docs/100000470.txt
+#etc/snort/docs/100000471.txt
+#etc/snort/docs/100000472.txt
+#etc/snort/docs/100000473.txt
+#etc/snort/docs/100000474.txt
+#etc/snort/docs/100000475.txt
+#etc/snort/docs/100000476.txt
+#etc/snort/docs/100000477.txt
+#etc/snort/docs/100000478.txt
+#etc/snort/docs/100000479.txt
+#etc/snort/docs/100000480.txt
+#etc/snort/docs/100000481.txt
+#etc/snort/docs/100000482.txt
+#etc/snort/docs/100000483.txt
+#etc/snort/docs/100000484.txt
+#etc/snort/docs/100000485.txt
+#etc/snort/docs/100000486.txt
+#etc/snort/docs/100000487.txt
+#etc/snort/docs/100000488.txt
+#etc/snort/docs/100000489.txt
+#etc/snort/docs/100000490.txt
+#etc/snort/docs/100000491.txt
+#etc/snort/docs/100000492.txt
+#etc/snort/docs/100000493.txt
+#etc/snort/docs/100000494.txt
+#etc/snort/docs/100000495.txt
+#etc/snort/docs/100000496.txt
+#etc/snort/docs/100000497.txt
+#etc/snort/docs/100000498.txt
+#etc/snort/docs/100000499.txt
+#etc/snort/docs/100000500.txt
+#etc/snort/docs/100000501.txt
+#etc/snort/docs/100000502.txt
+#etc/snort/docs/100000503.txt
+#etc/snort/docs/100000504.txt
+#etc/snort/docs/100000505.txt
+#etc/snort/docs/100000506.txt
+#etc/snort/docs/100000507.txt
+#etc/snort/docs/100000508.txt
+#etc/snort/docs/100000509.txt
+#etc/snort/docs/100000510.txt
+#etc/snort/docs/100000511.txt
+#etc/snort/docs/100000512.txt
+#etc/snort/docs/100000513.txt
+#etc/snort/docs/100000514.txt
+#etc/snort/docs/100000515.txt
+#etc/snort/docs/100000516.txt
+#etc/snort/docs/100000517.txt
+#etc/snort/docs/100000518.txt
+#etc/snort/docs/100000519.txt
+#etc/snort/docs/100000520.txt
+#etc/snort/docs/100000521.txt
+#etc/snort/docs/100000522.txt
+#etc/snort/docs/100000523.txt
+#etc/snort/docs/100000524.txt
+#etc/snort/docs/100000525.txt
+#etc/snort/docs/100000526.txt
+#etc/snort/docs/100000527.txt
+#etc/snort/docs/100000528.txt
+#etc/snort/docs/100000529.txt
+#etc/snort/docs/100000530.txt
+#etc/snort/docs/100000531.txt
+#etc/snort/docs/100000532.txt
+#etc/snort/docs/100000533.txt
+#etc/snort/docs/100000534.txt
+#etc/snort/docs/100000535.txt
+#etc/snort/docs/100000536.txt
+#etc/snort/docs/100000537.txt
+#etc/snort/docs/100000538.txt
+#etc/snort/docs/100000539.txt
+#etc/snort/docs/100000540.txt
+#etc/snort/docs/100000541.txt
+#etc/snort/docs/100000542.txt
+#etc/snort/docs/100000543.txt
+#etc/snort/docs/100000544.txt
+#etc/snort/docs/100000545.txt
+#etc/snort/docs/100000546.txt
+#etc/snort/docs/100000547.txt
+#etc/snort/docs/100000548.txt
+#etc/snort/docs/100000549.txt
+#etc/snort/docs/100000550.txt
+#etc/snort/docs/100000551.txt
+#etc/snort/docs/100000552.txt
+#etc/snort/docs/100000553.txt
+#etc/snort/docs/100000554.txt
+#etc/snort/docs/100000555.txt
+#etc/snort/docs/100000556.txt
+#etc/snort/docs/100000557.txt
+#etc/snort/docs/100000558.txt
+#etc/snort/docs/100000559.txt
+#etc/snort/docs/100000560.txt
+#etc/snort/docs/100000561.txt
+#etc/snort/docs/100000562.txt
+#etc/snort/docs/100000563.txt
+#etc/snort/docs/100000564.txt
+#etc/snort/docs/100000565.txt
+#etc/snort/docs/100000566.txt
+#etc/snort/docs/100000567.txt
+#etc/snort/docs/100000568.txt
+#etc/snort/docs/100000569.txt
+#etc/snort/docs/100000570.txt
+#etc/snort/docs/100000571.txt
+#etc/snort/docs/100000572.txt
+#etc/snort/docs/100000573.txt
+#etc/snort/docs/100000574.txt
+#etc/snort/docs/100000575.txt
+#etc/snort/docs/100000576.txt
+#etc/snort/docs/100000577.txt
+#etc/snort/docs/100000578.txt
+#etc/snort/docs/100000579.txt
+#etc/snort/docs/100000580.txt
+#etc/snort/docs/100000581.txt
+#etc/snort/docs/100000582.txt
+#etc/snort/docs/100000583.txt
+#etc/snort/docs/100000584.txt
+#etc/snort/docs/100000585.txt
+#etc/snort/docs/100000586.txt
+#etc/snort/docs/100000587.txt
+#etc/snort/docs/100000588.txt
+#etc/snort/docs/100000589.txt
+#etc/snort/docs/100000590.txt
+#etc/snort/docs/100000591.txt
+#etc/snort/docs/100000592.txt
+#etc/snort/docs/100000593.txt
+#etc/snort/docs/100000594.txt
+#etc/snort/docs/100000595.txt
+#etc/snort/docs/100000596.txt
+#etc/snort/docs/100000597.txt
+#etc/snort/docs/100000598.txt
+#etc/snort/docs/100000599.txt
+#etc/snort/docs/100000600.txt
+#etc/snort/docs/100000601.txt
+#etc/snort/docs/100000602.txt
+#etc/snort/docs/100000603.txt
+#etc/snort/docs/100000604.txt
+#etc/snort/docs/100000605.txt
+#etc/snort/docs/100000606.txt
+#etc/snort/docs/100000607.txt
+#etc/snort/docs/100000608.txt
+#etc/snort/docs/100000609.txt
+#etc/snort/docs/100000610.txt
+#etc/snort/docs/100000611.txt
+#etc/snort/docs/100000612.txt
+#etc/snort/docs/100000613.txt
+#etc/snort/docs/100000614.txt
+#etc/snort/docs/100000615.txt
+#etc/snort/docs/100000616.txt
+#etc/snort/docs/100000617.txt
+#etc/snort/docs/100000618.txt
+#etc/snort/docs/100000619.txt
+#etc/snort/docs/100000620.txt
+#etc/snort/docs/100000621.txt
+#etc/snort/docs/100000622.txt
+#etc/snort/docs/100000623.txt
+#etc/snort/docs/100000624.txt
+#etc/snort/docs/100000625.txt
+#etc/snort/docs/100000626.txt
+#etc/snort/docs/100000627.txt
+#etc/snort/docs/100000628.txt
+#etc/snort/docs/100000629.txt
+#etc/snort/docs/100000630.txt
+#etc/snort/docs/100000631.txt
+#etc/snort/docs/100000632.txt
+#etc/snort/docs/100000633.txt
+#etc/snort/docs/100000634.txt
+#etc/snort/docs/100000635.txt
+#etc/snort/docs/100000636.txt
+#etc/snort/docs/100000637.txt
+#etc/snort/docs/100000638.txt
+#etc/snort/docs/100000639.txt
+#etc/snort/docs/100000640.txt
+#etc/snort/docs/100000641.txt
+#etc/snort/docs/100000642.txt
+#etc/snort/docs/100000643.txt
+#etc/snort/docs/100000644.txt
+#etc/snort/docs/100000645.txt
+#etc/snort/docs/100000646.txt
+#etc/snort/docs/100000647.txt
+#etc/snort/docs/100000648.txt
+#etc/snort/docs/100000649.txt
+#etc/snort/docs/100000650.txt
+#etc/snort/docs/100000651.txt
+#etc/snort/docs/100000652.txt
+#etc/snort/docs/100000653.txt
+#etc/snort/docs/100000654.txt
+#etc/snort/docs/100000655.txt
+#etc/snort/docs/100000656.txt
+#etc/snort/docs/100000657.txt
+#etc/snort/docs/100000658.txt
+#etc/snort/docs/100000659.txt
+#etc/snort/docs/100000660.txt
+#etc/snort/docs/100000661.txt
+#etc/snort/docs/100000662.txt
+#etc/snort/docs/100000663.txt
+#etc/snort/docs/100000664.txt
+#etc/snort/docs/100000665.txt
+#etc/snort/docs/100000666.txt
+#etc/snort/docs/100000667.txt
+#etc/snort/docs/100000668.txt
+#etc/snort/docs/100000669.txt
+#etc/snort/docs/100000670.txt
+#etc/snort/docs/100000671.txt
+#etc/snort/docs/100000672.txt
+#etc/snort/docs/100000673.txt
+#etc/snort/docs/100000674.txt
+#etc/snort/docs/100000675.txt
+#etc/snort/docs/100000676.txt
+#etc/snort/docs/100000677.txt
+#etc/snort/docs/100000678.txt
+#etc/snort/docs/100000679.txt
+#etc/snort/docs/100000680.txt
+#etc/snort/docs/100000681.txt
+#etc/snort/docs/100000682.txt
+#etc/snort/docs/100000683.txt
+#etc/snort/docs/100000686.txt
+#etc/snort/docs/100000687.txt
+#etc/snort/docs/100000690.txt
+#etc/snort/docs/100000691.txt
+#etc/snort/docs/100000694.txt
+#etc/snort/docs/100000695.txt
+#etc/snort/docs/100000696.txt
+#etc/snort/docs/100000697.txt
+#etc/snort/docs/100000698.txt
+#etc/snort/docs/100000699.txt
+#etc/snort/docs/100000700.txt
+#etc/snort/docs/100000701.txt
+#etc/snort/docs/100000702.txt
+#etc/snort/docs/100000704.txt
+#etc/snort/docs/100000705.txt
+#etc/snort/docs/100000706.txt
+#etc/snort/docs/100000707.txt
+#etc/snort/docs/100000708.txt
+#etc/snort/docs/100000709.txt
+#etc/snort/docs/100000710.txt
+#etc/snort/docs/100000711.txt
+#etc/snort/docs/100000712.txt
+#etc/snort/docs/100000713.txt
+#etc/snort/docs/100000714.txt
+#etc/snort/docs/100000715.txt
+#etc/snort/docs/100000716.txt
+#etc/snort/docs/100000717.txt
+#etc/snort/docs/100000718.txt
+#etc/snort/docs/100000719.txt
+#etc/snort/docs/100000720.txt
+#etc/snort/docs/100000721.txt
+#etc/snort/docs/100000722.txt
+#etc/snort/docs/100000723.txt
+#etc/snort/docs/100000724.txt
+#etc/snort/docs/100000725.txt
+#etc/snort/docs/100000726.txt
+#etc/snort/docs/100000727.txt
+#etc/snort/docs/100000728.txt
+#etc/snort/docs/100000729.txt
+#etc/snort/docs/100000730.txt
+#etc/snort/docs/100000731.txt
+#etc/snort/docs/100000732.txt
+#etc/snort/docs/100000733.txt
+#etc/snort/docs/100000734.txt
+#etc/snort/docs/100000735.txt
+#etc/snort/docs/100000736.txt
+#etc/snort/docs/100000737.txt
+#etc/snort/docs/100000738.txt
+#etc/snort/docs/100000739.txt
+#etc/snort/docs/100000740.txt
+#etc/snort/docs/100000741.txt
+#etc/snort/docs/100000742.txt
+#etc/snort/docs/100000743.txt
+#etc/snort/docs/100000744.txt
+#etc/snort/docs/100000745.txt
+#etc/snort/docs/100000746.txt
+#etc/snort/docs/100000747.txt
+#etc/snort/docs/100000748.txt
+#etc/snort/docs/100000749.txt
+#etc/snort/docs/100000750.txt
+#etc/snort/docs/100000751.txt
+#etc/snort/docs/100000752.txt
+#etc/snort/docs/100000753.txt
+#etc/snort/docs/100000754.txt
+#etc/snort/docs/100000755.txt
+#etc/snort/docs/100000756.txt
+#etc/snort/docs/100000757.txt
+#etc/snort/docs/100000758.txt
+#etc/snort/docs/100000759.txt
+#etc/snort/docs/100000760.txt
+#etc/snort/docs/100000761.txt
+#etc/snort/docs/100000762.txt
+#etc/snort/docs/100000763.txt
+#etc/snort/docs/100000764.txt
+#etc/snort/docs/100000765.txt
+#etc/snort/docs/100000766.txt
+#etc/snort/docs/100000767.txt
+#etc/snort/docs/100000768.txt
+#etc/snort/docs/100000769.txt
+#etc/snort/docs/100000770.txt
+#etc/snort/docs/100000771.txt
+#etc/snort/docs/100000772.txt
+#etc/snort/docs/100000773.txt
+#etc/snort/docs/100000774.txt
+#etc/snort/docs/100000775.txt
+#etc/snort/docs/100000776.txt
+#etc/snort/docs/100000777.txt
+#etc/snort/docs/100000778.txt
+#etc/snort/docs/100000779.txt
+#etc/snort/docs/100000780.txt
+#etc/snort/docs/100000781.txt
+#etc/snort/docs/100000782.txt
+#etc/snort/docs/100000783.txt
+#etc/snort/docs/100000784.txt
+#etc/snort/docs/100000785.txt
+#etc/snort/docs/100000786.txt
+#etc/snort/docs/100000787.txt
+#etc/snort/docs/100000788.txt
+#etc/snort/docs/100000789.txt
+#etc/snort/docs/100000790.txt
+#etc/snort/docs/100000791.txt
+#etc/snort/docs/100000792.txt
+#etc/snort/docs/100000793.txt
+#etc/snort/docs/100000794.txt
+#etc/snort/docs/100000795.txt
+#etc/snort/docs/100000796.txt
+#etc/snort/docs/100000797.txt
+#etc/snort/docs/100000798.txt
+#etc/snort/docs/100000799.txt
+#etc/snort/docs/100000800.txt
+#etc/snort/docs/100000801.txt
+#etc/snort/docs/100000802.txt
+#etc/snort/docs/100000803.txt
+#etc/snort/docs/100000804.txt
+#etc/snort/docs/100000805.txt
+#etc/snort/docs/100000806.txt
+#etc/snort/docs/100000807.txt
+#etc/snort/docs/100000808.txt
+#etc/snort/docs/100000809.txt
+#etc/snort/docs/100000810.txt
+#etc/snort/docs/100000811.txt
+#etc/snort/docs/100000812.txt
+#etc/snort/docs/100000813.txt
+#etc/snort/docs/100000814.txt
+#etc/snort/docs/100000815.txt
+#etc/snort/docs/100000816.txt
+#etc/snort/docs/100000817.txt
+#etc/snort/docs/100000818.txt
+#etc/snort/docs/100000820.txt
+#etc/snort/docs/100000821.txt
+#etc/snort/docs/100000822.txt
+#etc/snort/docs/100000823.txt
+#etc/snort/docs/100000824.txt
+#etc/snort/docs/100000825.txt
+#etc/snort/docs/100000826.txt
+#etc/snort/docs/100000827.txt
+#etc/snort/docs/100000828.txt
+#etc/snort/docs/100000829.txt
+#etc/snort/docs/100000830.txt
+#etc/snort/docs/100000831.txt
+#etc/snort/docs/100000832.txt
+#etc/snort/docs/100000833.txt
+#etc/snort/docs/100000834.txt
+#etc/snort/docs/100000835.txt
+#etc/snort/docs/100000836.txt
+#etc/snort/docs/100000837.txt
+#etc/snort/docs/100000838.txt
+#etc/snort/docs/100000839.txt
+#etc/snort/docs/100000840.txt
+#etc/snort/docs/100000841.txt
+#etc/snort/docs/100000842.txt
+#etc/snort/docs/100000843.txt
+#etc/snort/docs/100000844.txt
+#etc/snort/docs/100000845.txt
+#etc/snort/docs/100000846.txt
+#etc/snort/docs/100000847.txt
+#etc/snort/docs/100000848.txt
+#etc/snort/docs/100000849.txt
+#etc/snort/docs/100000850.txt
+#etc/snort/docs/100000851.txt
+#etc/snort/docs/100000852.txt
+#etc/snort/docs/100000853.txt
+#etc/snort/docs/100000854.txt
+#etc/snort/docs/100000855.txt
+#etc/snort/docs/100000856.txt
+#etc/snort/docs/100000857.txt
+#etc/snort/docs/100000858.txt
+#etc/snort/docs/100000859.txt
+#etc/snort/docs/100000860.txt
+#etc/snort/docs/100000861.txt
+#etc/snort/docs/100000862.txt
+#etc/snort/docs/100000863.txt
+#etc/snort/docs/100000923.txt
+#etc/snort/docs/100000927.txt
+etc/snort/rules
+#etc/snort/rules/LICENSE
+#etc/snort/rules/classification.config
+#etc/snort/rules/community-bot.rules
+#etc/snort/rules/community-deleted.rules
+#etc/snort/rules/community-dos.rules
+#etc/snort/rules/community-exploit.rules
+#etc/snort/rules/community-ftp.rules
+#etc/snort/rules/community-game.rules
+#etc/snort/rules/community-icmp.rules
+#etc/snort/rules/community-imap.rules
+#etc/snort/rules/community-inappropriate.rules
+#etc/snort/rules/community-mail-client.rules
+#etc/snort/rules/community-misc.rules
+#etc/snort/rules/community-nntp.rules
+#etc/snort/rules/community-oracle.rules
+#etc/snort/rules/community-policy.rules
+#etc/snort/rules/community-sid-msg.map
+#etc/snort/rules/community-sip.rules
+#etc/snort/rules/community-smtp.rules
+#etc/snort/rules/community-sql-injection.rules
+#etc/snort/rules/community-virus.rules
+#etc/snort/rules/community-web-attacks.rules
+#etc/snort/rules/community-web-cgi.rules
+#etc/snort/rules/community-web-client.rules
+#etc/snort/rules/community-web-dos.rules
+#etc/snort/rules/community-web-iis.rules
+#etc/snort/rules/community-web-misc.rules
+#etc/snort/rules/community-web-php.rules
+#etc/snort/rules/reference.config
+etc/snort/snort.conf
+etc/snort/unicode.map
+usr/lib/snort_dynamicengine
+#usr/lib/snort_dynamicengine/libsf_engine.a
+#usr/lib/snort_dynamicengine/libsf_engine.la
+#usr/lib/snort_dynamicengine/libsf_engine.so
+#usr/lib/snort_dynamicengine/libsf_engine.so.0
+#usr/lib/snort_dynamicengine/libsf_engine.so.0.0.0
+usr/lib/snort_dynamicpreprocessor
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.a
+usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_dcerpc_preproc.so.0.0.0
+#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_dns_preproc.so.0.0.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so.0.0.0
+#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_smtp_preproc.so.0.0.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.a
+#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.la
+#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
+#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0
+#usr/lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so.0.0.0
+#usr/man/man8/snort.8
+usr/sbin/snort
+var/log/snort
--- a/config/snort/snort.conf
+++ b/config/snort/snort.conf
@@ -1,5 +1,5 @@
 #--------------------------------------------------
-#   http://www.snort.org     Snort 2.8.3.2 Ruleset
+#   http://www.snort.org     Snort 2.8.4 Ruleset
 #     Contact: snort-sigs@lists.sourceforge.net
 #--------------------------------------------------
 # $Id$
@@ -221,19 +221,6 @@ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
 # the form
 # preprocessor <name_of_processor>: <configuration_options>

-# Configure Flow tracking module
-# -------------------------------
-#
-# The Flow tracking module is meant to start unifying the state keeping
-# mechanisms of snort into a single place. Right now, only a portscan detector
-# is implemented but in the long term,  many of the stateful subsystems of
-# snort will be migrated over to becoming flow plugins. This must be enabled
-# for flow-portscan to work correctly.
-#
-# See README.flow for additional information
-#
-#preprocessor flow: stats_interval 0 hash 2
-
 # frag3: Target-based IP defragmentation 
 # --------------------------------------
 #
@@ -294,131 +281,14 @@ dynamicengine /usr/lib/snort_dynamicengine/libsf_engine.so
 preprocessor frag3_global: max_frags 65536
 preprocessor frag3_engine: policy first detect_anomalies

-
-# stream4: stateful inspection/stream reassembly for Snort
-#----------------------------------------------------------------------
-# Use in concert with the -z [all|est] command line switch to defeat stick/snot
-# against TCP rules.  Also performs full TCP stream reassembly, stateful
-# inspection of TCP streams, etc.  Can statefully detect various portscan
-# types, fingerprinting, ECN, etc.
-
-# stateful inspection directive
-# no arguments loads the defaults (timeout 30, memcap 8388608)
-# options (options are comma delimited):
-#   detect_scans - stream4 will detect stealth portscans and generate alerts
-#                  when it sees them when this option is set
-#   detect_state_problems - detect TCP state problems, this tends to be very
-#                           noisy because there are a lot of crappy ip stack
-#                           implementations out there
-#
-#   disable_evasion_alerts - turn off the possibly noisy mitigation of
-#                            overlapping sequences.
-#
-#   ttl_limit [number]     - differential of the initial ttl on a session versus
-#                             the normal that someone may be playing games.
-#                             Routing flap may cause lots of false positives.
-# 
-#   keepstats [machine|binary] - keep session statistics, add "machine" to 
-#                         get them in a flat format for machine reading, add
-#                         "binary" to get them in a unified binary output 
-#                         format
-#   noinspect - turn off stateful inspection only
-#   timeout [number] - set the session timeout counter to [number] seconds,
-#                      default is 30 seconds
-#   max_sessions [number] - limit the number of sessions stream4 keeps
-#                         track of
-#   memcap [number] - limit stream4 memory usage to [number] bytes (does
-#                     not include session tracking, which is set by the
-#                     max_sessions option)
-#   log_flushed_streams - if an event is detected on a stream this option will
-#                         cause all packets that are stored in the stream4
-#                         packet buffers to be flushed to disk.  This only 
-#                         works when logging in pcap mode!
-#   server_inspect_limit [bytes] - Byte limit on server side inspection.
-#   enable_udp_sessions - turn on tracking of "sessions" over UDP.  Requires
-#                         configure --enable-stream4udp.  UDP sessions are
-#                         only created when there is a rule for the sender or
-#                         responder that has a flow or flowbits keyword.
-#   max_udp_sessions [number] - limit the number of simultaneous UDP sessions
-#                               to track
-#   udp_ignore_any - Do not inspect UDP packets unless there is a port specific
-#                    rule for a given port.  This is a performance improvement
-#                    and turns off inspection for udp xxx any -> xxx any rules
-#   cache_clean_sessions [number] - Cleanup the session cache by number sessions
-#                                   at a time.  The larger the value, the
-#                                   more sessions are purged from the cache when
-#                                   the session limit or memcap is reached.
-#                                   Defaults to 5.
-#   
-#   
-#
-# Stream4 uses Generator ID 111 and uses the following SIDS 
-# for that GID:
-#  SID     Event description
-# -----   -------------------
-#   1       Stealth activity
-#   2       Evasive RST packet
-#   3       Evasive TCP packet retransmission
-#   4       TCP Window violation
-#   5       Data on SYN packet
-#   6       Stealth scan: full XMAS
-#   7       Stealth scan: SYN-ACK-PSH-URG
-#   8       Stealth scan: FIN scan
-#   9       Stealth scan: NULL scan
-#   10      Stealth scan: NMAP XMAS scan
-#   11      Stealth scan: Vecna scan
-#   12      Stealth scan: NMAP fingerprint scan stateful detect
-#   13      Stealth scan: SYN-FIN scan
-#   14      TCP forward overlap
-
-#preprocessor stream4: disable_evasion_alerts
-
-# tcp stream reassembly directive
-# no arguments loads the default configuration 
-#   Only reassemble the client,
-#   Only reassemble the default list of ports (See below),  
-#   Give alerts for "bad" streams
-#
-# Available options (comma delimited):
-#   clientonly - reassemble traffic for the client side of a connection only
-#   serveronly - reassemble traffic for the server side of a connection only
-#   both - reassemble both sides of a session
-#   noalerts - turn off alerts from the stream reassembly stage of stream4
-#   ports [list] - use the space separated list of ports in [list], "all" 
-#                  will turn on reassembly for all ports, "default" will turn
-#                  on reassembly for ports 21, 23, 25, 42, 53, 80, 110,
-#                  111, 135, 136, 137, 139, 143, 445, 513, 514, 1433, 1521,
-#                  2401, and 3306
-#   favor_old - favor an old segment (based on sequence number) over a new one.
-#               This is the default.
-#   favor_new - favor an new segment (based on sequence number) over an old one.
-#   overlap_limit [number] - limit on overlaping segments for a session.
-#   flush_on_alert - flushes stream when an alert is generated for a session.
-#   flush_behavior [mode] -
-#           default      - use old static flushpoints (default)
-#           large_window - use new larger static flushpoints
-#           random       - use random flushpoints defined by flush_base, 
-#                          flush_seed and flush_range
-#   flush_base [number] - lowest allowed random flushpoint (512 by default)
-#   flush_range [number] - number is the space within which random flushpoints
-#                          are generated (default 1213)
-#   flush_seed [number] - seed for the random number generator, defaults to 
-#                         Snort PID + time
-#
-# Using the default random flushpoints, the smallest flushpoint is 512,
-# and the largest is 1725 bytes.
-#preprocessor stream4_reassemble
-
 # stream5: Target Based stateful inspection/stream reassembly for Snort
 # ---------------------------------------------------------------------
-# Stream5 is a target-based stream engine for Snort.  Its functionality
-# replaces that of Stream4.  Consequently, BOTH Stream4 and Stream5
-# cannot be used simultaneously.  Comment out the stream4 configurations
-# above to use Stream5.
+# Stream5 is a target-based stream engine for Snort.  It handles both
+# TCP and UDP connection tracking as well as TCP reassembly.
 # 
 # See README.stream5 for details on the configuration options.
 #
-# Example config (that emulates Stream4 with UDP support compiled in)
+# Example config
 preprocessor stream5_global: max_tcp 8192, track_tcp yes, \
                              track_udp no
 preprocessor stream5_tcp: policy first, use_static_footprint_sizes
@@ -723,11 +593,21 @@ preprocessor sfportscan: proto  { all } \
 # dynamicpreprocessor file <full path to libsf_dcerpc_preproc.so>
 # or use commandline option
 # --dynamic-preprocessor-lib <full path to libsf_dcerpc_preproc.so>
+#
+#preprocessor dcerpc: \
+#    autodetect \
+#    max_frag_size 3000 \
+#    memcap 100000
+
+
+# DCE/RPC 2
+#----------------------------------------
+# See doc/README.dcerpc2 for explanations of what the
+# preprocessor does and how to configure it.
+#
+preprocessor dcerpc2
+preprocessor dcerpc2_server: default

-preprocessor dcerpc: \
-    autodetect \
-    max_frag_size 3000 \
-    memcap 100000

 # DNS
 #----------------------------------------
@@ -759,14 +639,17 @@ preprocessor dns: \
 # inspected.  Once the traffic is determined to be encrypted, no further
 # inspection of the data on the connection is made.
 #
-#   Important note: Stream4 or Stream5 should be explicitly told to reassemble
+# If you don't necessarily trust all of the SSL capable servers on your
+# network, you should remove the "trustservers" option from the configuration.
+#
+#   Important note: Stream5 should be explicitly told to reassemble
 #                   traffic on the ports that you intend to inspect SSL
 #                   encrypted traffic on.
 #
 #   To add reassembly on port 443 to Stream5, use 'port both 443' in the 
 #   Stream5 configuration.

-preprocessor ssl: noinspect_encrypted
+preprocessor ssl: noinspect_encrypted, trustservers


 ####################################################################
@@ -937,7 +820,6 @@ include /etc/snort/rules/reference.config
 #include $RULE_PATH/ddos.rules
 #include $RULE_PATH/dns.rules
 #include $RULE_PATH/tftp.rules
-
 #include $RULE_PATH/web-cgi.rules
 #include $RULE_PATH/web-coldfusion.rules
 #include $RULE_PATH/web-iis.rules
@@ -945,7 +827,6 @@ include /etc/snort/rules/reference.config
 #include $RULE_PATH/web-misc.rules
 #include $RULE_PATH/web-client.rules
 #include $RULE_PATH/web-php.rules
-
 #include $RULE_PATH/sql.rules
 #include $RULE_PATH/x11.rules
 #include $RULE_PATH/icmp.rules
@@ -955,12 +836,10 @@ include /etc/snort/rules/reference.config
 #include $RULE_PATH/oracle.rules
 #include $RULE_PATH/mysql.rules
 #include $RULE_PATH/snmp.rules
-
 #include $RULE_PATH/smtp.rules
 #include $RULE_PATH/imap.rules
 #include $RULE_PATH/pop2.rules
 #include $RULE_PATH/pop3.rules
-
 #include $RULE_PATH/nntp.rules
 #include $RULE_PATH/other-ids.rules
 # include $RULE_PATH/web-attacks.rules
@@ -977,7 +856,6 @@ include /etc/snort/rules/reference.config
 # include $RULE_PATH/spyware-put.rules
 # include $RULE_PATH/specific-threats.rules
 #include $RULE_PATH/experimental.rules
-
 # include $PREPROC_RULE_PATH/preprocessor.rules
 # include $PREPROC_RULE_PATH/decoder.rules

--- a/doc/packages-list.txt
+++ b/doc/packages-list.txt
@@ -270,7 +270,7 @@
 * shadow-4.0.15
 * slang-1.4.9
 * smartmontools-5.36
-* snort-2.8.3.2
+* snort-2.8.4
 * sox-12.18.1
 * spandsp-0.0.4pre15
 * splix-2.0.0-rc2
--- a/lfs/snort
+++ b/lfs/snort
@@ -24,7 +24,7 @@

 include Config

-VER        = 2.8.3.2
+VER        = 2.8.4

 THISAPP    = snort-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -42,7 +42,7 @@ objects = $(DL_FILE) \
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 Community-Rules-20070503.tar.gz = $(DL_FROM)/Community-Rules-20070503.tar.gz

-$(DL_FILE)_MD5 = f75547da33446ddb4ca07eefd9ce31dc
+$(DL_FILE)_MD5 = 193179da8db8aac5ee6b0a751ce7b76d
 Community-Rules-20070503.tar.gz_MD5 = f236b8a4ac12e99d3e7bd81bf3b5a482

 install : $(TARGET)