Bug 212192 - security/suricata: Add support for listening to multiple interfaces to rc.d script
Summary: security/suricata: Add support for listening to multiple interfaces to rc.d s...
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Kubilay Kocak
URL:
Keywords: easy, feature, needs-qa
Depends on: 220026
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-27 07:16 UTC by Mohammad S. Babaei
Modified: 2017-07-16 09:57 UTC (History)
2 users (show)

See Also:
koobs: maintainer-feedback+

Attachments
multiple pcap devices patch (556 bytes, patch)
2016-08-27 07:16 UTC, Mohammad S. Babaei 		no flags Details | Diff
enables multiple interface with netmap (1.02 KB, patch)
2016-08-27 08:03 UTC, Mohammad S. Babaei 		no flags Details | Diff
Enables multiple interfaces (1.15 KB, patch)
2016-08-27 08:04 UTC, Mohammad S. Babaei 		no flags Details | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mohammad S. Babaei 2016-08-27 07:16:56 UTC 
Created attachment 174110 [details]
multiple pcap devices patch

Hello,

I made a modification to the rc script in order to add support for listening on multiple interfaces with Suricata from ports.

I'll appreciate it if you accept the patch since it does make sense in many cases to listen on multiple interfaces.

Thanks
Comment 1 Mohammad S. Babaei 2016-08-27 07:18:54 UTC 
After that you'll be able to:

suricata_interface="xn0 xn1 xn2"

in /etc/rc.conf instead of just

suricata_interface="xn0"
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-27 08:01:48 UTC 
Thank you for the submission Mohammad. I'll put this through QA and look at landing it shortly if it passes
Comment 3 Mohammad S. Babaei 2016-08-27 08:03:51 UTC 
Created attachment 174111 [details]
enables multiple interface with netmap

Enables multiple interface with netmap (includes the last patch):

suricata_enable="YES"
suricata_interface="xn0 xn1"
suricata_netmap="YES"
suricata_flags="-D -v"
Comment 4 Mohammad S. Babaei 2016-08-27 08:04:53 UTC 
Created attachment 174112 [details]
Enables multiple interfaces

Enables multiple interface with netmap and supress pcap warning without netmap (includes the last two patch):

suricata_enable="YES"
suricata_interface="xn0 xn1"
suricata_pcap="YES"
suricata_flags="-D -v"
Comment 5 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-27 08:06:49 UTC 
@Mohammed please 'obsolete' previous versions of patches if the new version replaces them. This can be done via Attachment -> Details -> Edit Details -> [x] Obsolete
Comment 6 Kubilay Kocak freebsd_committer freebsd_triage 2016-08-27 08:08:05 UTC 
And if you could add a comment itemizing all changes in final version of the patch that would be great.
Comment 7 Mohammad S. Babaei 2016-08-27 09:33:06 UTC 
@Kubilay Thank you so much for the hints. I did not obsolete the older one because I was not sure if the maintainer accepts all the items.

These are the items that patch implements:

1. Allows listening on multiple interfaces using suricata_interface in /etc/rc.conf.
2. Allows listening on multiple interfaces using suricata_interface when netmap option is enabled. (both suricata_interface and suricata_netmap should be set)
3. Allows listening on multiple interfaces using suricata_interface but suppresses the Suricata warning by adding a new option in /etc/rc.conf: suricata_pcap="YES"
Comment 8 Franco Fichtner 2016-11-03 09:07:31 UTC 
Hi Mohammad,

$suricata_pcap is a cool addition to mute the "faster capture method available" warning!  Having it documented on top would be advisable.


Cheers,
Franco
Comment 9 Franco Fichtner 2016-12-05 07:05:53 UTC 
Any news here?


Cheers,
Franco
Comment 10 Franco Fichtner 2016-12-21 09:21:28 UTC 
Hi,

Can we please get this in?   Want me to provide a final patch?


Thanks,
Franco
Comment 11 Franco Fichtner 2017-07-16 09:50:32 UTC 
This should be closed.


Cheers,
Franco