- Update to 2.0.4.

- Add dependency on bpf for the server.
- Add "client only" knob.

PR:		ports/51125
Submitted by:	maintainer

3 files changed, 85 insertions, 2 deletions

diff --git a/security/nessus-libraries-devel/Makefile b/security/nessus-libraries-devel/Makefile
index 5f638f883fd5..1bf38c519980 100644
--- a/security/nessus-libraries-devel/Makefile
+++ b/security/nessus-libraries-devel/Makefile
@@ -3,8 +3,11 @@
 # $FreeBSD$
 #
 
+# Define NESSUS_CLIENT_ONLY if you only want to build this for the nessus
+# client.
+
 PORTNAME=	nessus-libraries-devel
-PORTVERSION=	2.0.3
+PORTVERSION=	2.0.4
 CATEGORIES=	security
 MASTER_SITES=	ftp://ftp.nessus.org/pub/nessus/nessus-${PORTVERSION}/src/ \
 		ftp://ftp.gwdg.de/pub/linux/misc/nessus/nessus-${PORTVERSION}/src/ \
@@ -24,9 +27,43 @@ USE_BISON=	YES
 USE_LIBTOOL=	YES
 CONFIGURE_ARGS=	--enable-cipher --sharedstatedir=${PREFIX}/etc/nessus/com \
 		--localstatedir=${PREFIX}/etc/nessus/var
+.if defined(WITH_NESSUS_BPF_SHARE)
+CONFIGURE_ARGS+=	--enable-bpf-sharing
+.endif
 
 INSTALLS_SHLIB=	YES
 
 MAN1=		nessus-config.1
 
+.if ! defined(NESSUS_CLIENT_ONLY)
+pre-configure:
+	@if [ ! -c /dev/bpf1 ]; then \
+	    ${ECHO} "********************************************************";\
+	    ${ECHO} "*                   W a r n i n g                      *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Nessus needs Berkeley Packet Filter (bpf).           *";\
+	    ${ECHO} "* To use nessus, your kernel must be rebuilt with bpf, *";\
+	    ${ECHO} "* and make bpf devices on /dev directory.              *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Be sure to build as many bpf devices as you need.    *";\
+	    ${ECHO} "* For more info on this read files/README.BPF          *";\
+	    ${ECHO} "********************************************************";\
+	    ${FALSE}; \
+	fi
+.if ! defined(WITH_NESSUS_BPF_SHARE)
+	@if [ ! -c /dev/bpf40 ]; then \
+	    ${ECHO} "********************************************************";\
+	    ${ECHO} "*                   W a r n i n g                      *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "* Nessus needs many bpf devices. If you can't rebuild  *";\
+	    ${ECHO} "* your kernel with more than 40 bpf devices (as        *";\
+	    ${ECHO} "* described in files/README.BPF) then build this port  *";\
+	    ${ECHO} "* with \"make -DWITH_NESSUS_BPF_SHARE\"                  *";\
+	    ${ECHO} "*                                                      *";\
+	    ${ECHO} "********************************************************";\
+	    ${FALSE}; \
+	fi
+.endif
+.endif
+
 .include <bsd.port.mk>
diff --git a/security/nessus-libraries-devel/distinfo b/security/nessus-libraries-devel/distinfo
index 1317879a2adb..8e3990d258fd 100644
--- a/security/nessus-libraries-devel/distinfo
+++ b/security/nessus-libraries-devel/distinfo
@@ -1 +1 @@
-MD5 (nessus/nessus-libraries-2.0.3.tar.gz) = 9351c2cbfda17eae86e06bd23c80df20
+MD5 (nessus/nessus-libraries-2.0.4.tar.gz) = bc33f4c5aeddc82a3443c5191f1b680b
diff --git a/security/nessus-libraries-devel/files/README.BPF b/security/nessus-libraries-devel/files/README.BPF
new file mode 100644
index 000000000000..90185da60834
--- /dev/null
+++ b/security/nessus-libraries-devel/files/README.BPF
@@ -0,0 +1,46 @@
+Nessus uses the pcap library, which uses the
+berkeley packet filter (bpf) to do its job.
+
+Since Nessus used multiple processes, several pcap-aware plugins will
+need to access the the bpf at the same time. 
+
+This means that you need to recompile your kernel with the
+following option :
+
+For FreeBSD 5.x:
+pseudo-device   bpfilter
+
+For FreeBSD 4.x:
+pseudo-device   bpfilter NUM
+
+Where 'NUM' is the number of bpf you want -- it should be equal to
+the 'max hosts number' option you enter in nessusd x the
+'max plugins' option.
+	   
+If for instance you want to have 10 nessusd running at the same time,
+each running 5 plugins in parallel, you should create 50 (10 * 5) bpfs
+(as nessusd is extremely lightweight, you can expect to have this amount
+ of processes running at the same time)
+
+If you plan to scan a whole network, we recommand you create at least
+100 of them.
+
+Once your kernel has been rebuilt, get root, cd to /dev
+and do  :
+
+  i=0; while [ $i -lt 100];
+  do
+  ./MAKEDEV bpf$i
+  let i=$i+1
+  done
+
+On FreeBSD, you can directly do :
+      ./MAKEDEV bpf+100
+
+(For FreeBSD 5.x this is not needed since the devfs creates devices when needed)
+
+If you can not recompile your kernel, you can try to run the configure
+script with the option --enable-bpf-sharing. In this case, nessusd will
+try to share one /dev/bpf among multiple processes and do the filtering
+in userland. NOTE THAT THIS OPTION IS HIGHLY EXPERIMENTAL AND WE DO 
+NOT RECOMMAND ENABLING IT.