summaryrefslogtreecommitdiff
blob: 39900f601479fb1a2ddaf79d2de4dd3e3ae56a48 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<maintainer type="person">
		<email>patrick@gentoo.org</email>
		<name>Patrick Lauer</name>
	</maintainer>
	<maintainer type="project">
		<email>netmon@gentoo.org</email>
		<name>Gentoo network monitoring and analysis project</name>
	</maintainer>
	<longdescription>
		Snort is an open source network intrusion prevention and detection
		system (IDS/IPS) developed by Sourcefire. Combining the benefits of
		signature, protocol, and anomaly-based inspection, Snort is the most
		widely deployed IDS/IPS technology worldwide. With millions of downloads
		and approximately 300,000 registered users, Snort has become the de facto
		standard for IPS.
	</longdescription>
	<upstream>
		<maintainer>
			<email>snort-team@sourcefire.com</email>
			<name>Snort Team</name>
		</maintainer>
		<changelog>http://www.snort.org/snort-downloads</changelog>
		<doc>https://snort.org/documents#OfficialDocumentation</doc>
		<bugs-to>https://snort.org/community#bugs</bugs-to>
	</upstream>
	<use>
		<flag name="control-socket">
			Enables Snort's control socket.
		</flag>
		<flag name="file-inspect">
			Enables extended file inspection capabilities.
		</flag>
		<flag name="gre">
			Enable support for inspecting and processing Generic Routing
			Encapsulation (GRE) packet headers. Only needed if you are
			monitoring GRE tunnels.
		</flag>
		<flag name="high-availability">
			Enables high-availability state sharing.
		</flag>
		<flag name="inline-init-failopen">
			Enables support to allow traffic to pass (fail-open) through
			inline deployments while snort is starting and not ready to begin
			inspecting traffic. If this option is not enabled, network
			traffic will not pass (fail-closed) until snort has fully started
			and is ready to perform packet inspection.
		</flag>
		<flag name="linux-smp-stats">
			Enable accurate statistics reporting through /proc on systems with
			multiple processors.
		</flag>
		<flag name="non-ether-decoders">
			Enable decoding of non-ethernet protocols such as TokenRing, FDDI,
			IPX, etc.
		</flag>
		<flag name="open-appid">
			Enable OpenAppID, an open, application-focused detection language
			and processing module for Snort that enables users to create, share,
			and implement application detection. Requires <pkg>dev-lang/luajit</pkg>.
		</flag>
		<flag name="perfprofiling">
			Enables support for preprocessor and rule performance profiling
			using the perfmonitor preprocessor.
		</flag>
		<flag name="ppm">
			Enables support for setting per rule or per packet latency limits.
			Helps protect against introducing network latency with inline
			deployments.
		</flag>
		<flag name="react">
			Enables support for the react rule keyword. Supports interception,
			termination, and redirection of HTTP connections.
		</flag>
		<flag name="shared-rep">
			Enables the use of shared memory for the Reputation Preprocessor
			(Only available on Linux systems)
		</flag>
		<flag name="side-channel">
			Enables Snort's side channel.
		</flag>
		<flag name="sourcefire">
			Enables Sourcefire specific build options, which include
			--enable-perfprofiling and --enable-ppm.
		</flag>
		<flag name="reload-error-restart">
			Enables support for completely restarting snort if an error is
			detected during a reload.
		</flag>
		<flag name="active-response">
			Enables support for automatically sending TCP resets and ICMP
			unreachable messages to terminate connections. Used with inline
			deployments.
		</flag>
		<flag name="flexresp3">
			Enables support for new flexable response preprocessor for enabling
			connection tearing for inline deployments. Replaces flexresp and
			flexresp2.
		</flag>
		<flag name="large-pcap-64bit">
			Allows Snort to read pcap files that are larger than 2 GB. ONLY
			VALID FOR 64bit SYSTEMS!
		</flag>
		<flag name="libtirpc">
			Build against <pkg>net-libs/libtirpc</pkg> for RPC support
		</flag>
	</use>
</pkgmetadata>