Created attachment 89 [details] Patch for the Snort configuration file Hi all, i have updated Snort to 2.9.3.1 and daq to 1.1.1 . Snort´s configuration file was also extend with the new version so i have updated the snort.conf. Explanations for the new GTP decoder and preprocessors can be found in here --> http://blog.snort.org/2012/01/gtp-decoder-and-preprocessor.html . Also i have extend "portvar FILE_DATA_PORTS [$HTTP_PORTS,110,143]" cause it was mentioned in the forum that some functions of Snort only works with this additionals. There are a couple of other things, i have added the patches for them in the attachment. I have tested it also for a little while now and it works for me with, also with the new rulesets and the new configuration file. But nevertheless a deeper testing round should be done. I have heard that the comming new ruleset won´t be compatible with the old 2.9.1.2 version. So that´s why i have give this Bug a "higher priority" . Greetings Erik
Created attachment 90 [details] Snort rootfile patch
Created attachment 91 [details] Snort lfs patch
Created attachment 92 [details] daq rootfile patch
Created attachment 93 [details] Snort lfs patch
For potential testers, i have uploaded an image from Core62 with the updated version of daq and snort with the new config file. ---> http://people.ipfire.org/~ummeegge/ipfire-2.11.i586-full-core62.iso Greetings Erik
I have commit now the update from Snort and daq. http://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=shortlog;h=refs/heads/snort-update http://git.ipfire.org/?p=people/ummeegge/ipfire-2.x.git;a=shortlog;h=refs/heads/daq-update Please go for testing cause there are also some changes on the Snort config file and also some new rules available. Greetings Erik
An .iso Image with the updated version can also be found in here --> http://people.ipfire.org/~ummeegge/IPFire-SnortUpdate/
Changes have been applied and released with IPFire Core Update 64.