security/suricata: Add rules files, netmap startup support

- Install missing rules files [1]
- Add netmap support and simplify pid file naming [2]

PR:		204838 [1], 204834 [2]
Submitted by:	Bill Meeks <bmeeks8 bellsouth net> [1]
Submitted by:	Franco Fichtner <franco opnsense org> [2]

3 files changed, 22 insertions, 7 deletions

diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index 15861288a481..26e70c61f666 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -116,7 +116,9 @@ LIBNET_CONFIG?=	${LOCALBASE}/bin/libnet11-config
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
 RULES_DIR=	${CONFIG_DIR}/rules
-RULES_FILES=	decoder-events.rules dns-events.rules files.rules http-events.rules smtp-events.rules stream-events.rules tls-events.rules
+RULES_FILES=	app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
+		http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
+		tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}
 
 .include <bsd.port.pre.mk>
diff --git a/security/suricata/files/suricata.in b/security/suricata/files/suricata.in
index 582e117c65e5..c96b61234d66 100644
--- a/security/suricata/files/suricata.in
+++ b/security/suricata/files/suricata.in
@@ -17,6 +17,8 @@
 #				Default: ${PREFIX}/etc/suricata/suricata.yaml
 # suricata_divertport (int):	Port to create divert socket (Inline Mode)
 #				Default: 8000
+# suricata_netmap (str):	Set to YES to enable netmap (Inline Mode)
+#				Default: NO
 
 
 . /etc/rc.subr
@@ -32,11 +34,20 @@ load_rc_config $name
 [ -z "$suricata_conf" ]		&& suricata_conf="%%PREFIX%%/etc/suricata/suricata.yaml"
 [ -z "$suricata_flags" ]	&& suricata_flags="-D"
 [ -z "$suricata_divertport" ]	&& suricata_divertport="8000"
+[ -z "$suricata_netmap" ]	&& suricata_netmap="NO"
 
-[ -n "$suricata_interface" ]	&& suricata_flags="$suricata_flags -i $suricata_interface --pidfile /var/run/suricata_${suricata_interface}.pid" \
-				&& pidfile="/var/run/suricata_${suricata_interface}.pid"
-[ -z "$suricata_interface" ]	&& suricata_flags="$suricata_flags -d $suricata_divertport --pidfile /var/run/suricata_inline.pid" \
-				&& pidfile="/var/run/suricata_inline.pid" && info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
-[ -n "$suricata_conf" ]		&& suricata_flags="$suricata_flags -c $suricata_conf"
+if [ -n "$suricata_interface" ]; then
+	suricata_flags="$suricata_flags -i $suricata_interface"
+elif [ "$suricata_netmap" != "NO" ]; then
+	suricata_flags="$suricata_flags --netmap"
+else
+	suricata_flags="$suricata_flags -d $suricata_divertport"
+	info "Inline Mode on divert port $suricata_divertport (suricata_interface not defined)"
+fi
+
+pidfile="/var/run/suricata.pid"
+suricata_flags="$suricata_flags --pidfile $pidfile"
+
+[ -n "$suricata_conf" ]	&& suricata_flags="$suricata_flags -c $suricata_conf"
 
 run_rc_command "$1"
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 3f22353bbdfa..894a09a52971 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -60,15 +60,17 @@ bin/suricata
 @sample %%ETCDIR%%/classification.config.sample
 @sample %%ETCDIR%%/reference.config.sample
 @sample %%ETCDIR%%/threshold.config.sample
+%%ETCDIR%%/rules/app-layer-events.rules
 %%ETCDIR%%/rules/decoder-events.rules
 %%ETCDIR%%/rules/dns-events.rules
 %%ETCDIR%%/rules/files.rules
 %%ETCDIR%%/rules/http-events.rules
+%%ETCDIR%%/rules/modbus-events.rules
 %%ETCDIR%%/rules/smtp-events.rules
 %%ETCDIR%%/rules/stream-events.rules
 %%ETCDIR%%/rules/tls-events.rules
 @dir etc/suricata/rules
 @dir etc/suricata
 @dir(root,wheel,0700) /var/log/suricata
-@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, you should do a ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove any configuration files left."; fi
+@unexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove configuration files."; fi
 @dir %%DOCSDIR%%