From owner-svn-ports-all@freebsd.org  Fri Sep  6 11:54:19 2019
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 30C9DF1447;
 Fri,  6 Sep 2019 11:54:19 +0000 (UTC)
 (envelope-from bofh@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 46Pwvb15Kdz4G0x;
 Fri,  6 Sep 2019 11:54:19 +0000 (UTC)
 (envelope-from bofh@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E283E1C634;
 Fri,  6 Sep 2019 11:54:18 +0000 (UTC)
 (envelope-from bofh@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id x86BsIA8088760;
 Fri, 6 Sep 2019 11:54:18 GMT (envelope-from bofh@FreeBSD.org)
Received: (from bofh@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id x86BsHFt088749;
 Fri, 6 Sep 2019 11:54:17 GMT (envelope-from bofh@FreeBSD.org)
Message-Id: <201909061154.x86BsHFt088749@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: bofh set sender to
 bofh@FreeBSD.org using -f
From: Muhammad Moinur Rahman <bofh@FreeBSD.org>
Date: Fri, 6 Sep 2019 11:54:17 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r511306 - in head/security: . suricata5 suricata5/files
X-SVN-Group: ports-head
X-SVN-Commit-Author: bofh
X-SVN-Commit-Paths: in head/security: . suricata5 suricata5/files
X-SVN-Commit-Revision: 511306
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Sep 2019 11:54:19 -0000

Author: bofh
Date: Fri Sep  6 11:54:16 2019
New Revision: 511306
URL: https://svnweb.freebsd.org/changeset/ports/511306

Log:
  [NEW] security/suricata5: High Performance Network IDS, IPS and Security Monitoring engine(v5)
  
  The Suricata Engine is an Open Source Next Generation Intrusion Detection and
  Prevention Engine developed by the Open Information Security Foundation (OISF).
  
  This engine is not intended to just replace or emulate the existing tools in
  the industry, but will bring new ideas and technologies to the field.
  
  OISF is part of and funded by the Department of Homeland Security's Directorate
  for Science and Technology HOST program (Homeland Open Security Technology),
  by the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
  through the very generous support of the members of the OISF Consortium.
  
  More information about the Consortium is available, as well as a list of our
  current Consortium Members.
  
  This is upcoming version 5.
  
  WWW: https://suricata-ids.org

Added:
  head/security/suricata5/
  head/security/suricata5/Makefile   (contents, props changed)
  head/security/suricata5/distinfo   (contents, props changed)
  head/security/suricata5/files/
  head/security/suricata5/files/ax_check_compile_flag.m4   (contents, props changed)
  head/security/suricata5/files/patch-configure.ac   (contents, props changed)
  head/security/suricata5/files/pkg-message.in   (contents, props changed)
  head/security/suricata5/files/suricata.in   (contents, props changed)
  head/security/suricata5/pkg-descr   (contents, props changed)
  head/security/suricata5/pkg-plist   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Fri Sep  6 11:49:55 2019	(r511305)
+++ head/security/Makefile	Fri Sep  6 11:54:16 2019	(r511306)
@@ -1261,6 +1261,7 @@
     SUBDIR += sudoscript
     SUBDIR += super
     SUBDIR += suricata
+    SUBDIR += suricata5
     SUBDIR += swatch
     SUBDIR += switzerland
     SUBDIR += symbion-sslproxy

Added: head/security/suricata5/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/Makefile	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,121 @@
+# Created by: Muhammad Moinur Rahman <bofh@FreeBSD.org>
+# $FreeBSD$
+
+PORTNAME=	suricata
+DISTVERSION=	5.0.0-beta1
+CATEGORIES=	security
+MASTER_SITES=	https://www.openinfosecfoundation.org/download/
+PKGNAMESUFFIX=	5
+
+MAINTAINER=	bofh@FreeBSD.org
+COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine(v5)
+
+LICENSE=	GPLv2
+LICENSE_FILE=	${WRKSRC}/LICENSE
+
+BUILD_DEPENDS=	rustc:lang/${RUST_DEFAULT} \
+		${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
+LIB_DEPENDS=	libjansson.so:devel/jansson \
+		liblz4.so:archivers/liblz4 \
+		libnet.so:net/libnet \
+		libpcre.so:devel/pcre \
+		libyaml.so:textproc/libyaml
+RUN_DEPENDS=	${PYTHON_PKGNAMEPREFIX}yaml>0:devel/py-yaml@${PY_FLAVOR}
+
+USES=		autoreconf cpe libtool pkgconfig python
+USE_LDCONFIG=	yes
+USE_PYTHON=	py3kplist
+USE_RC_SUBR=	${PORTNAME}
+
+CONFLICTS_INSTALL=libhtp
+
+GNU_CONFIGURE=	yes
+
+CPE_VENDOR=	openinfosecfoundation
+
+INSTALL_TARGET=	install-strip
+TEST_TARGET=		check
+
+OPTIONS_DEFINE=		GEOIP IPFW NSS PORTS_PCAP PRELUDE REDIS TESTS
+OPTIONS_DEFINE_amd64=	HYPERSCAN
+OPTIONS_DEFAULT=	IPFW HYPERSCAN
+OPTIONS_SUB=		yes
+
+OPTIONS_RADIO=		SCRIPTS
+OPTIONS_RADIO_SCRIPTS=	LUA LUAJIT
+
+SCRIPTS_DESC=		Scripting
+HYPERSCAN_DESC=		Hyperscan support
+IPFW_DESC=		IPFW and IP Divert support for inline IDP
+LUAJIT_DESC=		LuaJIT scripting support
+LUA_DESC=		LUA scripting support
+NSS_DESC=		File checksums and SSL/TLS fingerprinting
+PORTS_PCAP_DESC=	Use libpcap from ports
+PRELUDE_DESC=		Prelude support for NIDS alerts
+REDIS_DESC=		Redis output support
+TESTS_DESC=		Unit tests in suricata binary
+
+GEOIP_LIB_DEPENDS=	libmaxminddb.so:net/libmaxminddb
+GEOIP_CONFIGURE_ENABLE=	geoip
+HYPERSCAN_LIB_DEPENDS=	libhs.so:devel/hyperscan
+IPFW_CONFIGURE_ON=	--enable-ipfw
+LUA_USES=		lua:51
+LUA_CONFIGURE_ENABLE=	lua
+LUAJIT_LIB_DEPENDS=	libluajit-5.1.so:lang/luajit
+LUAJIT_CONFIGURE_ENABLE=luajit
+NSS_LIB_DEPENDS=		libnss3.so:security/nss \
+				libnspr4.so:devel/nspr
+NSS_CONFIGURE_ENABLE=		nss nspr
+PORTS_PCAP_LIB_DEPENDS=		libpcap.so.1:net/libpcap
+PORTS_PCAP_CONFIGURE_ON=	--with-libpcap-includes=${LOCALBASE}/include \
+				--with-libpcap-libraries=${LOCALBASE}/lib
+PORTS_PCAP_CONFIGURE_OFF=	--with-libpcap-includes=/usr/include \
+				--with-libpcap-libraries=/usr/lib
+PRELUDE_LIB_DEPENDS=		libprelude.so:security/libprelude \
+				libgnutls.so:security/gnutls \
+				libgcrypt.so:security/libgcrypt \
+				libgpg-error.so:security/libgpg-error \
+				libltdl.so:devel/libltdl
+PRELUDE_CONFIGURE_ENABLE=	prelude
+REDIS_LIB_DEPENDS=		libhiredis.so:databases/hiredis
+REDIS_CONFIGURE_ENABLE=		hiredis
+TESTS_CONFIGURE_ENABLE=		unittests
+
+SUB_FILES=	pkg-message
+
+CONFIGURE_ARGS+=--enable-gccprotect \
+		--enable-bundled-htp \
+	        --disable-gccmarch-native \
+		--enable-netmap \
+		--disable-af-packet \
+		--disable-nflog \
+		--disable-nfqueue \
+		--disable-pfring \
+		--disable-windivert \
+		--disable-ebpf-build \
+		--disable-ebpf
+
+CONFIG_DIR?=	${ETCDIR}
+CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
+LOGS_DIR?=	/var/log/${PORTNAME}
+
+pre-patch:
+	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
+
+post-patch:
+	@${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \
+		${WRKSRC}/configure.ac
+	@${REINPLACE_CMD} -e "s|GeoIP.h|maxminddb.h|g" \
+		${WRKSRC}/configure.ac
+
+post-install:
+	@${MKDIR} ${STAGEDIR}${CONFIG_DIR}
+	@${MKDIR} ${STAGEDIR}${LOGS_DIR}
+.for f in ${CONFIG_FILES}
+	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
+.endfor
+	(cd ${STAGEDIR}${PREFIX} \
+	&& ${PYTHON_CMD} ${PYTHON_LIBDIR}/compileall.py \
+	-d ${PYTHONPREFIX_SITELIBDIR} -f ${PYTHONPREFIX_SITELIBDIR:S;${PREFIX}/;;})
+
+.include <bsd.port.mk>

Added: head/security/suricata5/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/distinfo	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1567633319
+SHA256 (suricata-5.0.0-beta1.tar.gz) = 5b8398676a598caf003dd2d8573d276385594277f4c5f09e26059a8252d993d5
+SIZE (suricata-5.0.0-beta1.tar.gz) = 15649004

Added: head/security/suricata5/files/ax_check_compile_flag.m4
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/files/ax_check_compile_flag.m4	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,74 @@
+# ===========================================================================
+#   http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+#   AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+#   Check whether the given FLAG works with the current language's compiler
+#   or gives an error.  (Warnings, however, are ignored)
+#
+#   ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+#   success/failure.
+#
+#   If EXTRA-FLAGS is defined, it is added to the current language's default
+#   flags (e.g. CFLAGS) when the check is done.  The check is thus made with
+#   the flags: "CFLAGS EXTRA-FLAGS FLAG".  This can for example be used to
+#   force the compiler to issue an error when a bad flag is given.
+#
+#   INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+#   NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+#   macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+#   Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+#   Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+#   This program is free software: you can redistribute it and/or modify it
+#   under the terms of the GNU General Public License as published by the
+#   Free Software Foundation, either version 3 of the License, or (at your
+#   option) any later version.
+#
+#   This program is distributed in the hope that it will be useful, but
+#   WITHOUT ANY WARRANTY; without even the implied warranty of
+#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+#   Public License for more details.
+#
+#   You should have received a copy of the GNU General Public License along
+#   with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#   As a special exception, the respective Autoconf Macro's copyright owner
+#   gives unlimited permission to copy, distribute and modify the configure
+#   scripts that are the output of Autoconf when processing the Macro. You
+#   need not follow the terms of the GNU General Public License when using
+#   or distributing such scripts, even though portions of the text of the
+#   Macro appear in them. The GNU General Public License (GPL) does govern
+#   all other use of the material that constitutes the Autoconf Macro.
+#
+#   This special exception to the GPL applies to versions of the Autoconf
+#   Macro released by the Autoconf Archive. When you make and distribute a
+#   modified version of the Autoconf Macro, you may extend this special
+#   exception to the GPL to apply to your modified version as well.
+
+#serial 3
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.59)dnl for _AC_LANG_PREFIX
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+  ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+  _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+  AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+    [AS_VAR_SET(CACHEVAR,[yes])],
+    [AS_VAR_SET(CACHEVAR,[no])])
+  _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_IF([test x"AS_VAR_GET(CACHEVAR)" = xyes],
+  [m4_default([$2], :)],
+  [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS

Added: head/security/suricata5/files/patch-configure.ac
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/files/patch-configure.ac	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,15 @@
+--- configure.ac.orig	2017-02-15 07:54:17 UTC
++++ configure.ac
+@@ -935,8 +935,10 @@
+             AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),,[enable_prelude=no])
+     # Prelude doesn't work with -Werror
+     STORECFLAGS="${CFLAGS}"
+-    CFLAGS="${CFLAGS} -Wno-error=unused-result"
+-
++    AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result], 
++        [CFLAGS="${CFLAGS} -Wno-error=unused-result"],
++        [])
++       
+     AS_IF([test "x$enable_prelude" = "xyes"], [
+         AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
+         if test "x${LIBPRELUDE_CFLAGS}" != "x"; then

Added: head/security/suricata5/files/pkg-message.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/files/pkg-message.in	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,46 @@
+[
+{ type: install
+  message: <<EOM
+If you want to run Suricata in IDS mode, add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_interface="<if>"
+
+NOTE: Declaring suricata_interface is MANDATORY for Suricata in IDS Mode.
+
+However, if you want to run Suricata in Inline IPS Mode in divert(4) mode,
+add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_divertport="8000"
+
+NOTE:
+	Suricata won't start in IDS mode without an interface configured.
+	Therefore if you omit suricata_interface from rc.conf, FreeBSD's
+	rc.d/suricata will automatically try to start Suricata in IPS Mode
+	(on divert port 8000, by default).
+
+Alternatively, if you want to run Suricata in Inline IPS Mode in high-speed
+netmap(4) mode, add to /etc/rc.conf:
+
+	suricata_enable="YES"
+	suricata_netmap="YES"
+
+NOTE:
+	Suricata requires additional interface settings in the configuration
+	file to run in netmap(4) mode.
+
+RULES: Suricata IDS/IPS Engine comes without rules by default. You should
+add rules by yourself and set an updating strategy. To do so, please visit:
+
+ http://www.openinfosecfoundation.org/documentation/rules.html
+ http://www.openinfosecfoundation.org/documentation/emerging-threats.html
+
+You may want to try BPF in zerocopy mode to test performance improvements:
+
+	sysctl -w net.bpf.zerocopy_enable=1
+
+Don't forget to add net.bpf.zerocopy_enable=1 to /etc/sysctl.conf
+EOM
+}
+]

Added: head/security/suricata5/files/suricata.in
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/files/suricata.in	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,68 @@
+#!/bin/sh
+# $FreeBSD: head/security/suricata/files/suricata.in 454649 2017-11-21 18:55:28Z zeising $
+
+# PROVIDE: suricata
+# REQUIRE: DAEMON
+# BEFORE: LOGIN
+# KEYWORD: shutdown
+
+# Add the following lines to /etc/rc.conf to enable suricata:
+# suricata_enable (bool):	Set to YES to enable suricata
+# 				Default: NO
+# suricata_flags (str):		Extra flags passed to suricata
+#				Default: -D
+# suricata_interface (str):	Network interface(s) to sniff
+#				Default: "" 
+# suricata_conf (str):		Suricata configuration file
+#				Default: ${PREFIX}/etc/suricata/suricata.yaml
+# suricata_divertport (int):	Port to create divert socket (Inline Mode)
+#				Default: 8000
+# suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
+#				Default: NO
+# suricata_user (str):		Set the user to run suricata as
+#				Default: root
+# suricata_pidfile (str):	Pidfile to store pid of suricata process
+#				Default: /var/run/suricata.pid
+
+. /etc/rc.subr
+
+name="suricata"
+rcvar=suricata_enable
+
+start_precmd="suricata_prestart"
+command="%%PREFIX%%/bin/suricata"
+
+load_rc_config $name
+
+[ -z "$suricata_enable" ]	&& suricata_enable="NO"
+[ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
+[ -z "$suricata_flags" ]	&& suricata_flags="-D"
+[ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
+[ -z "$suricata_netmap" ]	&& suricata_netmap="NO"
+[ -z "$suricata_user" ]		&& suricata_user="root"
+[ -z "$suricata_pidfile" ]	&& suricata_pidfile="/var/run/suricata.pid"
+
+if [ -n "$suricata_interface" ]; then
+	for interface in $suricata_interface; do
+		suricata_flags="$suricata_flags --pcap=$interface"
+	done
+elif [ "$suricata_netmap" != "NO" ]; then
+	suricata_flags="$suricata_flags --netmap"
+else
+	suricata_flags="$suricata_flags -d $suricata_divertport"
+	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
+fi
+
+pidfile=$suricata_pidfile
+suricata_flags="$suricata_flags --pidfile $pidfile"
+
+[ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"
+
+suricata_prestart()
+{
+	if ! run_rc_command status > /dev/null; then
+		rm -f "$pidfile"
+	fi
+}
+
+run_rc_command "$1"

Added: head/security/suricata5/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/pkg-descr	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,17 @@
+The Suricata Engine is an Open Source Next Generation Intrusion Detection and
+Prevention Engine developed by the Open Information Security Foundation (OISF).
+
+This engine is not intended to just replace or emulate the existing tools in
+the industry, but will bring new ideas and technologies to the field.
+
+OISF is part of and funded by the Department of Homeland Security's Directorate
+for Science and Technology HOST program (Homeland Open Security Technology),
+by the Navy's Space and Naval Warfare Systems Command (SPAWAR), as well as
+through the very generous support of the members of the OISF Consortium.
+
+More information about the Consortium is available, as well as a list of our
+current Consortium Members.
+
+This is upcoming version 5.
+
+WWW: https://suricata-ids.org

Added: head/security/suricata5/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/suricata5/pkg-plist	Fri Sep  6 11:54:16 2019	(r511306)
@@ -0,0 +1,154 @@
+bin/suricata
+bin/suricata-update
+bin/suricatactl
+bin/suricatasc
+include/htp/bstr.h
+include/htp/bstr_builder.h
+include/htp/htp.h
+include/htp/htp_base64.h
+include/htp/htp_config.h
+include/htp/htp_connection_parser.h
+include/htp/htp_core.h
+include/htp/htp_decompressors.h
+include/htp/htp_hooks.h
+include/htp/htp_list.h
+include/htp/htp_multipart.h
+include/htp/htp_table.h
+include/htp/htp_transaction.h
+include/htp/htp_urlencoded.h
+include/htp/htp_utf8_decoder.h
+include/htp/htp_version.h
+lib/libhtp.a
+lib/libhtp.so
+lib/libhtp.so.2
+lib/libhtp.so.2.0.0
+libdata/pkgconfig/htp.pc
+man/man1/suricata.1.gz
+%%DOCSDIR%%/AUTHORS
+%%DOCSDIR%%/Basic_Setup.txt
+%%DOCSDIR%%/GITGUIDE
+%%DOCSDIR%%/INSTALL
+%%DOCSDIR%%/INSTALL.PF_RING
+%%DOCSDIR%%/INSTALL.WINDOWS
+%%DOCSDIR%%/NEWS
+%%DOCSDIR%%/README
+%%DOCSDIR%%/Setting_up_IPSinline_for_Linux.txt
+%%DOCSDIR%%/TODO
+%%DOCSDIR%%/Third_Party_Installation_Guides.txt
+%%PYTHON_SITELIBDIR%%/suricata-5.0.0_beta1-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/suricata/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/config/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/config/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/config/defaults.py
+%%PYTHON_SITELIBDIR%%/suricata/config/defaults.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/filestore.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/filestore.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/loghandler.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/loghandler.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/main.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/main.pyc
+%%PYTHON_SITELIBDIR%%/suricata/ctl/test_filestore.py
+%%PYTHON_SITELIBDIR%%/suricata/ctl/test_filestore.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/__pycache__/specs.cpython-36.pyc
+%%PYTHON_SITELIBDIR%%/suricata/sc/specs.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/suricatasc.py
+%%PYTHON_SITELIBDIR%%/suricata/sc/suricatasc.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/addsource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/addsource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/disablesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/disablesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/enablesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/enablesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listenabledsources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listenabledsources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listsources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/listsources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/removesource.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/removesource.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/updatesources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/commands/updatesources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/argparse.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/argparse/argparse.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/ordereddict.py
+%%PYTHON_SITELIBDIR%%/suricata/update/compat/ordereddict.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/config.py
+%%PYTHON_SITELIBDIR%%/suricata/update/config.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/disable.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/drop.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/enable.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/modify.conf
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/threshold.in
+%%PYTHON_SITELIBDIR%%/suricata/update/configs/update.yaml
+%%PYTHON_SITELIBDIR%%/suricata/update/data/__init__.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/__init__.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/data/index.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/index.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/data/update.py
+%%PYTHON_SITELIBDIR%%/suricata/update/data/update.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/engine.py
+%%PYTHON_SITELIBDIR%%/suricata/update/engine.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/exceptions.py
+%%PYTHON_SITELIBDIR%%/suricata/update/exceptions.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/extract.py
+%%PYTHON_SITELIBDIR%%/suricata/update/extract.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/loghandler.py
+%%PYTHON_SITELIBDIR%%/suricata/update/loghandler.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/main.py
+%%PYTHON_SITELIBDIR%%/suricata/update/main.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/maps.py
+%%PYTHON_SITELIBDIR%%/suricata/update/maps.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/net.py
+%%PYTHON_SITELIBDIR%%/suricata/update/net.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/notes.py
+%%PYTHON_SITELIBDIR%%/suricata/update/notes.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/rule.py
+%%PYTHON_SITELIBDIR%%/suricata/update/rule.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/sources.py
+%%PYTHON_SITELIBDIR%%/suricata/update/sources.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/util.py
+%%PYTHON_SITELIBDIR%%/suricata/update/util.pyc
+%%PYTHON_SITELIBDIR%%/suricata/update/version.py
+%%PYTHON_SITELIBDIR%%/suricata/update/version.pyc
+%%PYTHON_SITELIBDIR%%/suricata_update-1.0.5-py%%PYTHON_VER%%.egg-info
+%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
+%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
+@sample %%ETCDIR%%/classification.config.sample
+@sample %%ETCDIR%%/reference.config.sample
+@sample %%ETCDIR%%/suricata.yaml.sample
+@sample %%ETCDIR%%/threshold.config.sample
+%%DATADIR%%/rules/app-layer-events.rules
+%%DATADIR%%/rules/decoder-events.rules
+%%DATADIR%%/rules/dnp3-events.rules
+%%DATADIR%%/rules/dns-events.rules
+%%DATADIR%%/rules/files.rules
+%%DATADIR%%/rules/http-events.rules
+%%DATADIR%%/rules/ipsec-events.rules
+%%DATADIR%%/rules/kerberos-events.rules
+%%DATADIR%%/rules/modbus-events.rules
+%%DATADIR%%/rules/nfs-events.rules
+%%DATADIR%%/rules/ntp-events.rules
+%%DATADIR%%/rules/smb-events.rules
+%%DATADIR%%/rules/smtp-events.rules
+%%DATADIR%%/rules/stream-events.rules
+%%DATADIR%%/rules/tls-events.rules
+@dir %%DATADIR%%
+@dir %%ETCDIR%%
+@dir include/htp
+@dir(root,wheel,0700) /var/log/suricata
+@postunexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/%%ETCDIR%%`` to remove configuration files."; fi
+@dir %%DOCSDIR%%