* Fixed bug in route.c in FreeBSD, Darwin, OpenBSD and NetBSD
version of get_default_gateway. Allocated socket for route
manipulation is never freed so number of mbufs continuously
grow and exhaust system resources after a while (Jaroslav Klaus).
* Fixed bug where "--proto tcp-server --mode p2p --management
host port" would cause the management port to not respond until
the OpenVPN peer connects.
(This broke my bulk builds; it also appears that other directories
are precreated in Makefile's, just not include.)
TODO for non-root installs -- fix the hardcoded 111 mode which causes
binaries to be unreadable for packaging.
a builtin Berkeley DB 1.8x can now be used with option "bdb -gdbm"; no
dbm support at all can be selected with "-gdbm".)
- Specify --with/--without exactly once per option.
- Merge postgresql support to a single option (pgsql), and correspondingly
use pgsql.buildlink3.mk to pick the builder's desired implementation.
This aligns freeradius with the rest of pkgsrc, wrt pgsql support.
changes:
- New and improved nemesis
- New in nemesis 1.4: nemesis-ethernet and nemesis-ip
- Windows support (link-layer injection only)
- Useful man pages
- Single binary
- Improved cross-platform support via GNU autotools
- Easier to use
- Nemesis will attempt to fill in as many details as possible
in a packet, thus requiring fewer or even no command line switches.
- Each protocol builder attempts to build a proper packet by default.
- Organized code base
- The network header structures in libnet proved useful so nemesis
now uses them where appropriate.
- Code is re-used wherever possible resulting in a much more concise
code base.
- Full payload functionality
- Payloads can now contain NULLs within them and full-size packets
are available on all supported platforms except Windows.
- IP and TCP options support
- All nemesis injectors (excluding ARP and Ethernet) now support IP
options via -O <IP options file>.
- All nemesis injectors using TCP as a transport protocol now
support TCP options via -o <TCP options file>.
- Improved IP and TCP functionality
- Full IP fragmentation support via new -F command line semantics.
- ECN support in TCP with the addition of -fE (ECE) and -fC (CWR).
Defining STATFS_SVR4 sets the .h to use statsvfs(), which is fine, but it
probably helps if the .c file actually calls anything when STATFS_SVR4 is
defined. Fixes freespace being reported as zero in NetBSD 3.x and later.
Fixed tcpdump.c to trace IP packets buried under VLAN headers.
Changes 6.6.3:
Added a function MissingData() in trace.c to check if TCP segments were
missing or were truncated when the -e option is given to extract
contents.
Changes 6.6.4:
Adding in the INBOUNDS module into the main tcptrace development tree.
It is NOT built in by default though; you need to uncomment a line in
Makefile.in to enable it.
Changes 6.6.5:
* Josh fixed the file format searching order, putting tcpdump format to
the end in file_formats.h as a work around for libpcap brokenness.
* Fixed Mfopen() in mfiles.c to open content data files that we
generate in "binary" mode - by changing fopen mode from "w" to "wb+" and "a"
to "ab+". The 'b' is dummy in UNIX systems, but seems to have some
semantic in the Windows world.
* Fixed QuitSig() function in tcptrace.c by adding a call to
udptrace_done() so that we print out UDP connection stats too (if one
were piping live tcpdump traffic to tcptrace and "ctrl-c"-ed it in the
middle, for example). On the way, also fixed the arbitrary "buf[4096]"
declaration to be written correctly as "buf[COMP_HDR_SIZE]" in the
PipeFitting() function.
Changes 6.6.6:
Fixed the callback function in tcpdump.c to prevent garbage data from
getting into the ip_buf buffer.
Changes 6.6.7:
Fixed bugs found in the AVL search function that had major bugs /
complexity issues.
backslashes anymore. A single backslash is enough. Changed the
definition in all affected packages. For those that are not caught, an
additional check is placed into bsd.pkginstall.mk.
that these directories will be conditionally removed (based on reference
counts), regardless of the value of PKG_CONFIG. Bump the PKGREVISION
for packages that were modified as a result.
as the INSTALL and DEINSTALL scripts no longer distinguish between
the two types of files. Drop SUPPORT_FILES{,_PERMS} and modify the
packages in pkgsrc accordingly.
include:
Adding a highly scalable server for handling multiple TCP/UDP
clients over point-to-point TUN interfaces, all using a single
port number. The server has been designed so that it can run with
reduced privilege.
On the client side, "pull" has been added, which basically says
"accept certain config file options which the server pushes back
to you." The major win of the push/pull capability is that the
same client configuration file can be used on each client provided
each client has its own set of SSL/TLS keys which have been signed
by the master CA.
A management interface has been developed which can be used to
remotely control or centrally manage an OpenVPN daemon.
"remote" can now specify a set of machines, or a hostname can be
configured with multiple addresses in DNS. A server will be
randomly chosen from the list, and if the connect fails, another
will be tried (see the "remote-random" option)
A package for easy RSA key management (easy-rsa-2.0rc1) has been
included to aid in generating SSL keys and certificates for use
with OpenVPN.
If you are using this package make note of the distribution change
mentioned below. I have update the MESSAGE to inform users of this and
there is now also a net/snort-rules package with the community rules.
> [*] Distribution Change
> * Rules are no longer distributed as part of the Snort releases, they are
> available as a separate download from snort.org. This was done for
> three reasons:
> 1) To better manage the new rules licensing.
> 2) To reduce the size of the engine download.
> 3) To move the thousands of documentation files for the rules into
> the rules tarballs. If you've ever checked Snort out of CVS you'll
> know why this is a Good Thing.
>
> [*] New additions
> * Added new IP defragmentation preprocessor, Frag3. The frag3 preprocessor
> is a target-based IP defragmentation module, and is intended as a
> replacement for the frag2 module. Check out the README.frag3 for full
> info on this new preprocessor.
>
> * Libprelude support has been added (enable with --enable-prelude).
> Thanks Yoann Vandoorselaere!
>
> * An "ftpbounce" rule detection plugin was added for easier detection of
> FTP bounce attacks.
>
> * Added a new Snort config option, "ignore_ports," to ignore packets
> based on port number. This is similar to bpf filters, but done within
> snort.conf.
>
> [*] Improvements
> * Snort startup messages printed in syslog now contain a PID before each
> entry. Thanks Sekure for initially bringing this up.
>
> * Stream4: Performance improvements.
>
> * Stream4: Added 'max_session_limit' option which limits number of
> concurrent sessions tracked. Added favor_old/favor_new options that
> affect order in which packets are put together for reassembly.
>
> * Stream4: New configuration options to manage flushpoints for improved
> anti-evasion. The flush_behavior option selects flushpoint management
> mode. New flush_base, flush_range, and flush_seed manage randomized
> flushing. Check out the snort.conf file for full config data on the
> new flush options.
>
> * Added two more alerts for BackOrifice client and server packets. This
> allows specific alerts to be suppressed.
>
> * PerfMon preprocessor updated to include more detailed stats for rebuilt
> packets (applayer, wire, fragmented & TCP). Also added 'atexitonly'
> option that dumps stats at exit of snort, and command line -Z flag to
> specify the file to which stats are logged.
>
> * Added new Http Inspect config item, "tab_uri_delimiter," which if
> specified, lets a tab character (0x09) act as the delimiter for a URI.
>
> * Added a '-G' command line flag to snort that specifies the Snort
> instance log identifier. It takes a single argument that can be either
> hex (prefaced with 0x) or decimal. The unified log files will include
> the instance ID when the -G flag is used.
>
> * "Same SRC/DST" (sid 527) and "Loopback Traffic" (sid 528) are now
> handled in the IP decoder. Those sids are now considered obsolete.
>
> * Http_Inspect "flow_depth" option now accepts a -1 value which tells
> Snort to ignore all server-side traffic.
>
> * RPMs have been updated to be more portable, and also now include a
> "--with inline" option for those wanting to build Inline RPMs. Thanks
> Daniel Wittenberg and JP Vossen for your help!
>
> * Many, many bug fixes have also gone into this release, please see the
> ChangeLog for details.
community. While these rules are available as is, the VRT performs basic tests
to ensure that new rules will not break Snort. These rules are distributed
under the GPL and are freely available to all open source Snort users.
layers 2, 3, 4 and 7.
Basically, you forge each layer of a frame (Net::Packet::IPv4 for layer 3,
Net::Packet::TCP for layer 4 ; for example), and pack all of this into a
Net::Packet::Frame object. Then, you can send the frame to the network, and
receive it easily, since the response is automatically searched for and
matched against the request.
formats described by RFC1884. If Math::Base85 is installed, formats
described in RFC1924 are also valid. It will generate "IP6.INT."
strings (as described in RFC1886) if you are inclined to play with
DNS records.
in traditional address/netmask format and in the new CIDR format.
There are also methods for calculating the network and broadcast
address and also to see check if a given address is in a specific
network.
changes:
-Enabled code for shutting down idle sockd processes.
-Return immediate error if username/password is wrong
-better preserve TCP semantics across connections
-bugfixes
