- Use the preferred way of setting default rc parameters

- Move startup options to rc script
- Bump PORTREVISION

PR:		ports/123916 (based on)
Submitted by:	Paul Schmehl <pauls at utdallas.edu> (maintainer)

3 files changed, 56 insertions, 21 deletions

diff --git a/security/sancp/Makefile b/security/sancp/Makefile
index 5b16e9cf91bd..aae5fb51dd04 100644
--- a/security/sancp/Makefile
+++ b/security/sancp/Makefile
@@ -8,7 +8,7 @@
 PORTNAME=	sancp
 PORTVERSION=	1.6.1
 DISTVERSIONSUFFIX=	-stable
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	security
 MASTER_SITES=	SF
 
diff --git a/security/sancp/files/pkg-message.in b/security/sancp/files/pkg-message.in
index b9cc18b8a51a..d92838d7d094 100644
--- a/security/sancp/files/pkg-message.in
+++ b/security/sancp/files/pkg-message.in
@@ -20,18 +20,9 @@ sancp.conf has been altered (you used sancp for something else) a
 new conf file, named sguil-sancp.conf-sample will be installed in the
 %%PREFIX%%/etc directory.  You should use that one for sguil.
 
-Some of the configuration options for sancp are:
+All of the configuration options for sancp are documented in the 
+startup script in %%PREFIX%%/etc/rc.d (don't forget to specify interface
+in /etc/rc.conf)
 
--? or -h  this help screen
--c <filename>  specify the configuration/rules filename
--d <directory>  specify the directory for output files
--i <device>  set the network device to listen on (default: 'any')
--g <gid>   set a group identity
--u <uid>   set a user identity
--D (daemon) forks, prints msgs to syslog only and overrides -C option
--F <bpf filename>  file containing a bpf filter expression, overrides (alternative to -B)
--V  display version
-
-If you're running sguil, you probably want to use the following flags:
+If you're running sguil, you probably want to use at least the following flags:
 sancp_flags="-D -P -R -u sancp -g sancp -d /var/log/sancp"
-(don't forget to specify the conf file and interface as well)
diff --git a/security/sancp/files/sancp.sh.in b/security/sancp/files/sancp.sh.in
index 3ee718aec6e4..9a91e99910d6 100644
--- a/security/sancp/files/sancp.sh.in
+++ b/security/sancp/files/sancp.sh.in
@@ -11,11 +11,45 @@
 # 				Default: NO
 # sancp_flags (str):		Extra flags passed to sancp
 #				Default: -D
-# sancp_interface (str):        Network interface to sniff
-#                               Default: ""
 # sancp_conf (str):		Sancp configuration file
 #				Default: %%PREFIX%%/etc/sancp.conf
+# sancp_interface (str):	Default: none - MUST BE SET
 #
+# Command Line Options: (cmdline)
+#   ---------------------
+#
+#	-? or -h  this help screen
+#	-c <filename>  specify the configuration/rules filename
+#	-d <directory>  specify the directory for output files
+#	-i <device>  set the network device to listen on (default: 'any')
+#	-g <gid>   set a group identity
+#	-u <uid>   set a user identity
+#	-r <pcapfile>  pcap file to read (overrides -i)
+#	-B "<bpf expression>"  set a bpf expression (alternative to -F <filename>)
+#	-D (daemon) forks, prints msgs to syslog only and overrides -C option
+#	-K (console) enable additional printing of 'realtimes' to stdout (suppressed by option -D)
+#	-F <bpf filename>  file containing a bpf filter expression, overrides (alternative to -B)
+#	-H --human-readable  write IP addresses in dotted notation and TCPflag fields in hex 
+#	-R  Set default for realtime to 'pass' (default is 'log') disables realtime, but rules can override
+#	-S  Set default for stats to 'pass' (default is 'log') disables stats, but rules can override
+#	-P  Set default for pcap to 'pass' (default is 'log') disables pcap, but rules can override
+#	-I or --enable_icmp_mixed  record 'code' and 'type' fields for ICMP
+#		to the fields 's_port' and 'd_port'.
+#		note: affects how related icmp packets are correlated 
+#	-V  display version
+#    --shift  (debug) force interpretation of packet starting at byte[2] 
+#                    normally performed when reading from the 'any' interface
+#	--strip-80211  strip 802.1Q headers from 802.1Q packets; used to 
+# 	  decode 802.1Q encapsulated packets - affects -A option, 
+#	--log-facility <facility>  where facility can be 'LOCAL1' - 'LOCAL7'
+#		The default log facility used by SANCP is LOG_DAEMON 
+#
+#      Debug mode for pcap data logging
+#	-A  records ALL traffic frames to a pcap file named 'debug_pcap_raw'
+#	  (despite rules). Packets are logged here prior to decoding or handling. 
+#	  Use -F or -B option to restrict what is collectedi.
+#	  Pcap data logged using this option is affected by the --strip-80211 cmdline option
+#	  The configuration file equivalent to this is 'default debug_pcap_raw enable'
 
 . %%RC_SUBR%%
 
@@ -24,13 +58,23 @@ rcvar=`set_rcvar`
 
 command="%%PREFIX%%/bin/sancp"
 
+start_precmd=start_precmd
+
+start_precmd()
+{
+	if [ -z "${sancp_interface}" ]; then
+		err 1 "sancp_interface must set."
+	fi
+}
+
+# set some defaults
 load_rc_config $name
 
-[ -z "$sancp_enable" ]    && sancp_enable="NO"
-[ -z "$sancp_conf" ]      && sancp_conf="%%PREFIX%%/etc/sancp.conf"
-[ -z "$sancp_flags" ]     && sancp_flags="-D"
+: ${sancp_enable="NO"}
+: ${sancp_flags="-D"}
+: ${sancp_conf="%%PREFIX%%/etc/sancp.conf"}
+: ${sancp_interface=""}
 
-[ -n "$sancp_interface" ] && sancp_flags="$sancp_flags -i $sancp_interface"
-[ -n "$sancp_conf" ]      && sancp_flags="$sancp_flags -c $sancp_conf"
+command_args="${sancp_flags} -c ${sancp_conf} -i ${sancp_interface}"
 
 run_rc_command "$1"