git.openwrt.org Git - feed/packages.git/commit

author	Eric Fahlgren <ericfahlgren@gmail.com>
	Wed, 10 Jan 2024 16:10:05 +0000 (08:10 -0800)
committer	Rosen Penev <rosenp@gmail.com>
	Mon, 5 Feb 2024 00:21:11 +0000 (16:21 -0800)
commit	203e9413e28defd62e376406b523eb7d9ac05d58
tree	baa539cf5d8fee315177f1243d881d0db6016644	tree \| snapshot
parent	800218561dd235b6b9339ede3dbb981c1d4b9ea8	commit \| diff

snort3: finish up several incomplete capabilities

Reporting
- Use json alert data for 10x speed improvement in report generation
- Include both gid and sid, plus packet direction in report output
- Add by-date incident filtering
- Add verbose mode which displays actual rules triggered and their source
- Attempt to look up host names from IPs in verbose mode
- Clean up display of port number involved in incidents

Rules
- Complete downloader for subscription rules using oinkcode (only tested
with snort.org's "free" tier subscription)
- Auto-detect multiple rules files and include them in lua 'ips.rules'
- Add '--backup' option to copy out current rules before installing new
- Add '--persistent' option to 'snort-rules', storing in persistent location

CLI interface
- Completely rework command line option parsing in all user scripts
- Allow options and commands to be in any order on command line
- Add long-form names for all options ('--help' for '-h' and so on)
- Detect errors properly in options, enhance help pages

Bug fixes
- Use 'mkdir -p' on all directory creation
- Use proper tmp directory from 'snort.snort.temp_dir' everywhere

Signed-off-by: Eric Fahlgren <ericfahlgren@gmail.com>

net/snort3/Makefile		diff \| blob \| history
net/snort3/files/main.uc		diff \| blob \| history
net/snort3/files/nftables.uc		diff \| blob \| history
net/snort3/files/snort-mgr		diff \| blob \| history
net/snort3/files/snort-rules		diff \| blob \| history
net/snort3/files/snort.uc		diff \| blob \| history