From 2fbc6884d4aa24eeea690b2afeb2e182feeabc8e Mon Sep 17 00:00:00 2001
From: Michele Di Maria <michele@nt2.it>
Date: Mon, 5 Dec 2011 22:49:15 +0100
Subject: Adds two variables for SIP services in the "Define Servers"
 interface: SIP_SERVERS, default=$HOME_NET SIP_PORTS,
 default=[5060:5090,16384:32768]

Reference: http://redmine.pfsense.org/issues/2033
---
 config/snort/snort.inc                 | 16 ++++++++++++++++
 config/snort/snort_define_servers.php  | 20 ++++++++++++++++++++
 config/snort/snort_interfaces_edit.php |  4 ++++
 pkg_config.8.xml                       |  2 +-
 pkg_config.8.xml.amd64                 |  2 +-
 5 files changed, 42 insertions(+), 2 deletions(-)

diff --git a/config/snort/snort.inc b/config/snort/snort.inc
index 0e624c7f..36f58760 100644
--- a/config/snort/snort.inc
+++ b/config/snort/snort.inc
@@ -1581,6 +1581,20 @@ function generate_snort_conf($id, $if_real, $snort_uuid)
 		$def_sip_proxy_ports_type = "5060:5090,16384:32768";
 	else
 		$def_sip_proxy_ports_type = "$def_sip_proxy_ports_info_chk";
+		
+	/* def SIP_IP */
+	$def_sip_ip_info_chk = $snortcfg['def_sip_ip'];
+	if ($def_sip_ip_info_chk == "")
+		$def_sip_ip_type = "\$HOME_NET";
+	else
+		$def_sip_ip_type = "$def_sip_ip_info_chk";
+
+	/* def SIP_PORTS */
+	$def_sip_ports_info_chk = $snortcfg['def_sip_ports'];
+	if ($def_sip_ports_info_chk == "")
+		$def_sip_ports_type = "5060:5090,16384:32768";
+	else
+		$def_sip_ports_type = "$def_sip_ports_info_chk";
 
 	/* def AUTH_PORTS */
 	$def_auth_ports_info_chk = $snortcfg['def_auth_ports'];
@@ -1964,6 +1978,7 @@ var IMAP_SERVERS [{$def_imap_servers_type}]
 var RPC_SERVERS \$HOME_NET
 var WWW_SERVERS [{$def_www_servers_type}]
 var SIP_PROXY_IP [{$def_sip_proxy_ip_type}]
+var SIP_IP [{$def_sip_ip_type}]
 var AIM_SERVERS \
 [64.12.24.0/23,64.12.28.0/23,64.12.161.0/24,64.12.163.0/24,64.12.200.0/24,205.188.3.0/24,205.188.5.0/24,205.188.7.0/24,205.188.9.0/24,205.188.153.0/24,205.188.179.0/24,205.188.248.0/24]
 
@@ -1997,6 +2012,7 @@ portvar TELNET_PORTS [{$def_telnet_ports_type}]
 portvar MAIL_PORTS [{$def_mail_ports_type}]
 portvar SSL_PORTS [{$def_ssl_ports_type}]
 portvar SIP_PROXY_PORTS [{$def_sip_proxy_ports_type}]
+portvar SIP_PORTS [{$def_sip_ports_type}]
 
 # DCERPC NCACN-IP-TCP
 portvar DCERPC_NCACN_IP_TCP [139,445]
diff --git a/config/snort/snort_define_servers.php b/config/snort/snort_define_servers.php
index e3238ef7..45264995 100644
--- a/config/snort/snort_define_servers.php
+++ b/config/snort/snort_define_servers.php
@@ -88,6 +88,8 @@ if (isset($id) && $a_nat[$id]) {
 	$pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
 	$pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
 	$pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+	$pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip'];
+	$pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];
 	$pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
 	$pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
 	$pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
@@ -139,6 +141,8 @@ if ($_POST) {
 		if ($_POST['def_imap_ports'] != "") { $natent['def_imap_ports'] = $_POST['def_imap_ports']; }else{ $natent['def_imap_ports'] = ""; }
 		if ($_POST['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $_POST['def_sip_proxy_ip']; }else{ $natent['def_sip_proxy_ip'] = ""; }
 		if ($_POST['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $_POST['def_sip_proxy_ports']; }else{ $natent['def_sip_proxy_ports'] = ""; }
+		if ($_POST['def_sip_ip'] != "") { $natent['def_sip_ip'] = $_POST['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; }
+		if ($_POST['def_sip_ports'] != "") { $natent['def_sip_ports'] = $_POST['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }
 		if ($_POST['def_auth_ports'] != "") { $natent['def_auth_ports'] = $_POST['def_auth_ports']; }else{ $natent['def_auth_ports'] = ""; }
 		if ($_POST['def_finger_ports'] != "") { $natent['def_finger_ports'] = $_POST['def_finger_ports']; }else{ $natent['def_finger_ports'] = ""; }
 		if ($_POST['def_irc_ports'] != "") { $natent['def_irc_ports'] = $_POST['def_irc_ports']; }else{ $natent['def_irc_ports'] = ""; }
@@ -442,7 +446,23 @@ echo "{$snort_general_css}\n";
 					value="<?=htmlspecialchars($pconfig['def_sip_proxy_ports']);?>"> <br>
 				<span class="vexpl">Example: Specific ports "25,443" or All ports
 				betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+			</tr>			
+			<tr>
+				<td width="22%" valign="top" class="vncell2">Define SIP_SERVERS</td>
+				<td width="78%" class="vtable"><input name="def_sip_ip"
+					type="text" class="formfld" id="def_sip_ip" size="40"
+					value="<?=htmlspecialchars($pconfig['def_sip_ip']);?>"> <br>
+				<span class="vexpl">Example: "192.168.1.3/24,192.168.1.4/24". Leave
+				blank to scan all networks.</span></td>
 			</tr>
+			<tr>
+				<td width="22%" valign="top" class="vncell2">Define SIP_PORTS</td>
+				<td width="78%" class="vtable"><input name="def_sip_ports"
+					type="text" class="formfld" id="def_sip_ports" size="40"
+					value="<?=htmlspecialchars($pconfig['def_sip_ports']);?>"> <br>
+				<span class="vexpl">Example: Specific ports "25,443" or All ports
+				betwen "5060:5090 . Default is 5060:5090,16384:32768.</span></td>
+			</tr>						
 			<tr>
 				<td width="22%" valign="top" class="vncell2">Define AUTH_PORTS</td>
 				<td width="78%" class="vtable"><input name="def_auth_ports"
diff --git a/config/snort/snort_interfaces_edit.php b/config/snort/snort_interfaces_edit.php
index b1a091e7..a0e912cd 100644
--- a/config/snort/snort_interfaces_edit.php
+++ b/config/snort/snort_interfaces_edit.php
@@ -111,6 +111,8 @@ if (isset($id) && $a_nat[$id]) {
 		$pconfig['def_imap_servers'] = $a_nat[$id]['def_imap_servers'];
 		$pconfig['def_imap_ports'] = $a_nat[$id]['def_imap_ports'];
 		$pconfig['def_sip_proxy_ip'] = $a_nat[$id]['def_sip_proxy_ip'];
+		$pconfig['def_sip_servers_ip'] = $a_nat[$id]['def_sip_servers_ip'];
+		$pconfig['def_sip_ports'] = $a_nat[$id]['def_sip_ports'];		
 		$pconfig['def_sip_proxy_ports'] = $a_nat[$id]['def_sip_proxy_ports'];
 		$pconfig['def_auth_ports'] = $a_nat[$id]['def_auth_ports'];
 		$pconfig['def_finger_ports'] = $a_nat[$id]['def_finger_ports'];
@@ -253,6 +255,8 @@ if (isset($_GET['dup']))
 			if ($pconfig['def_imap_servers'] != "") { $natent['def_imap_servers'] = $pconfig['def_imap_servers']; }
 			if ($pconfig['def_imap_ports'] != "") { $natent['def_imap_ports'] = $pconfig['def_imap_ports']; }
 			if ($pconfig['def_sip_proxy_ip'] != "") { $natent['def_sip_proxy_ip'] = $pconfig['def_sip_proxy_ip']; }
+			if ($pconfig['def_sip_ip'] != "") { $natent['def_sip_ip'] = $pconfig['def_sip_ip']; }else{ $natent['def_sip_ip'] = ""; }
+			if ($pconfig['def_sip_ports'] != "") { $natent['def_sip_ports'] = $pconfig['def_sip_ports']; }else{ $natent['def_sip_ports'] = ""; }			
 			if ($pconfig['def_sip_proxy_ports'] != "") { $natent['def_sip_proxy_ports'] = $pconfig['def_sip_proxy_ports']; }
 			if ($pconfig['def_auth_ports'] != "") { $natent['def_auth_ports'] = $pconfig['def_auth_ports']; }
 			if ($pconfig['def_finger_ports'] != "") { $natent['def_finger_ports'] = $pconfig['def_finger_ports']; }
diff --git a/pkg_config.8.xml b/pkg_config.8.xml
index a52d1f6a..eaace036 100644
--- a/pkg_config.8.xml
+++ b/pkg_config.8.xml
@@ -317,7 +317,7 @@
 		<build_port_path>/usr/ports/security/snort</build_port_path>
 		<build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITHOUT_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true WITHOUT_PFSENSE=true</build_options>
 		<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
-		<version>2.9.1 pkg v. 2.0</version>
+		<version>2.9.1 pkg v. 2.0.1</version>
 		<required_version>2.0</required_version>
 		<status>Stable</status>
 		<configurationfile>/snort.xml</configurationfile>
diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64
index cdfaf618..b556fcf6 100644
--- a/pkg_config.8.xml.amd64
+++ b/pkg_config.8.xml.amd64
@@ -392,7 +392,7 @@
 		<build_port_path>/usr/ports/security/snort</build_port_path>
 		<build_options>WITH_THREADS=yes WITH_IPV6=true WITH_MPLS=true WITH_GRE=true WITHOUT_TARGETBASED=true WITH_DECODERPRE=true WITH_ZLIB=true WITH_NORMALIZER=true WITH_REACT=true WITH_PERFPROFILE=true WITH_FLEXRESP3=true WITHOUT_MYSQL=true WITHOUT_ODBC=true WITHOUT_POSTGRESQL=true WITHOUT_PRELUDE=true WITH_SNORTSAM=true WITHOUT_PFSENSE=true</build_options>
 		<config_file>http://www.pfsense.com/packages/config/snort/snort.xml</config_file>
-		<version>2.9.1 pkg v. 2.0</version>
+		<version>2.9.1 pkg v. 2.0.1</version>
 		<required_version>2.0</required_version>
 		<status>Stable</status>
 		<configurationfile>/snort.xml</configurationfile>
-- 
cgit v1.2.3