Message ID | B21730BB6DA1D24B83348D9301EA417E10491537@039-SN2MPN1-022.039d.mgd.msft.net |
---|---|
State | Superseded, archived |
Headers | show |
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb new file mode 100644 index 0000000..8639639 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb @@ -0,0 +1,64 @@ +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." +HOMEPAGE = "http://www.snort.org/" +LICENSE = "GPL-2.0" +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" + +DEPENDS = "libpcap libpcre daq libdnet" + + +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ + file://disable-inaddr-none.patch \ + file://disable-dap-address-space-id.patch " + +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" + +inherit autotools gettext + +EXTRA_OECONF = " \ + --enable-gre \ + --enable-linux-smp-stats \ + --enable-reload \ + --enable-reload-error-restart \ + --enable-targetbased \ + --disable-static-daq \ + " + +do_install_append() { + install -d ${D}/${sysconfdir}/snort/rules + install -d ${D}/${sysconfdir}/snort/preproc_rules + for i in map config conf dtd; do + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ + done + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ + mkdir -p ${D}/${localstatedir}/log/snort } + +FILES_${PN} += " \ + ${libdir}/snort_dynamicengine/*.so.* \ + ${libdir}/snort_dynamicpreprocessor/*.so.* \ + ${libdir}/snort_dynamicrules/*.so.* \ + " +FILES_${PN}-dbg += " \ + ${libdir}/snort_dynamicengine/.debug \ + ${libdir}/snort_dynamicpreprocessor/.debug \ + ${libdir}/snort_dynamicrules/.debug \ + " +FILES_${PN}-staticdev += " \ + ${libdir}/snort_dynamicengine/*.a \ + ${libdir}/snort_dynamicpreprocessor/*.a \ + ${libdir}/snort_dynamicrules/*.a \ + ${libdir}/snort/dynamic_preproc/*.a \ + ${libdir}/snort/dynamic_output/*.a \ + " +FILES_${PN}-dev += " \ + ${libdir}/snort_dynamicengine/*.la \ + ${libdir}/snort_dynamicpreprocessor/*.la \ + ${libdir}/snort_dynamicrules/*.la \ + ${libdir}/snort_dynamicengine/*.so \ + ${libdir}/snort_dynamicpreprocessor/*.so \ + ${libdir}/snort_dynamicrules/*.so \ + ${prefix}/src/snort_dynamicsrc \ + " + +RRECOMMENDS_${PN} += "barnyard" -- 1.7.5.4
Hi Chunrong, Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought. I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard. I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely. Was that due to problems inheriting update-rc.d as Koen suggested? (Or perhaps the current snort simply doesn't have a functional sysvinit config? I hope that's not the case.) I'm probably not the only one still making use of sysvinit stuff in some scenarios. :-) -J. [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote: > pings > > -----Original Message----- > From: Guo Chunrong-B40290 > Sent: Friday, October 18, 2013 4:22 PM > To: openembedded-devel@lists.openembedded.org > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290 > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe > > From: Chunrong Guo <B40290@freescale.com> > > *snort - a free lightweight network intrusion detection > system for UNIX and Windows > > Signed-off-by: Chunrong Guo <B40290@freescale.com> > --- > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++ > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++ > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++ > 3 files changed, 191 insertions(+), 0 deletions(-) create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch > new file mode 100644 > index 0000000..39e5c9c > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre > +++ ss-space-id.patch > @@ -0,0 +1,52 @@ > +Upstream-Status:Inappropriate [embedded specific] > + > +fix the below error: > +checking for dap address space id... configure: > +configure: error: cannot run test program while cross compiling > + > + > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > + > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > +@@ -679,23 +679,23 @@ > + > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > + > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[ > +- DAQ_PktHdr_t hdr; > +- hdr.address_space_id = 0; > +-]])], > +-[have_daq_address_space_id="yes"], > +-[have_daq_address_space_id="no"]) > +-AC_MSG_RESULT($have_daq_address_space_id) > +-if test "x$have_daq_address_space_id" = "xyes"; then > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > +- [DAQ version supports address space ID in header.]) > +-fi > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[ > ++# DAQ_PktHdr_t hdr; > ++# hdr.address_space_id = 0; > ++#]])], > ++have_daq_address_space_id="yes" > ++#[have_daq_address_space_id="no"]) > ++#AC_MSG_RESULT($have_daq_address_space_id) > ++#if test "x$have_daq_address_space_id" = "xyes"; then > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > ++# [DAQ version supports address space ID in header.]) > ++#fi > + > + # any sparc platform has to have this one defined. > + AC_MSG_CHECKING(for sparc) > diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch > new file mode 100644 > index 0000000..9dafe63 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no > +++ ne.patch > @@ -0,0 +1,75 @@ > +Upstream-Status: Inappropriate [embedded specific] > + > +fix the below error: > +checking for INADDR_NONE... configure: > +configure: error: cannot run test program while cross compiling > + > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > + > + > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > +@@ -281,25 +281,7 @@ > + AC_CHECK_TYPES([boolean]) > + > + # In case INADDR_NONE is not defined (like on Solaris) > +-have_inaddr_none="no" > +-AC_MSG_CHECKING([for INADDR_NONE]) > +-AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( > +-[[ > +-#include <sys/types.h> > +-#include <netinet/in.h> > +-#include <arpa/inet.h> > +-]], > +-[[ > +- if (inet_addr("10,5,2") == INADDR_NONE); > +- return 0; > +-]])], > +-[have_inaddr_none="yes"], > +-[have_inaddr_none="no"]) > +-AC_MSG_RESULT($have_inaddr_none) > +-if test "x$have_inaddr_none" = "xno"; then > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > +-fi > ++have_inaddr_none="yes" > + > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > + #include <stdio.h> > +@@ -397,21 +379,21 @@ > + fi > + fi > + > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[ > +- pcap_lex_destroy(); > +-]])], > +-[have_pcap_lex_destroy="yes"], > +-[have_pcap_lex_destroy="no"]) > +-AC_MSG_RESULT($have_pcap_lex_destroy) > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > +-fi > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[ > ++# pcap_lex_destroy(); > ++#]])], > ++have_pcap_lex_destroy="yes" > ++#[have_pcap_lex_destroy="no"]) > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > ++#fi > + > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE( > diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > new file mode 100644 > index 0000000..8639639 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > @@ -0,0 +1,64 @@ > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." > +HOMEPAGE = "http://www.snort.org/" > +LICENSE = "GPL-2.0" > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > + > +DEPENDS = "libpcap libpcre daq libdnet" > + > + > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > + file://disable-inaddr-none.patch \ > + file://disable-dap-address-space-id.patch " > + > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > + > +inherit autotools gettext > + > +EXTRA_OECONF = " \ > + --enable-gre \ > + --enable-linux-smp-stats \ > + --enable-reload \ > + --enable-reload-error-restart \ > + --enable-targetbased \ > + --disable-static-daq \ > + " > + > +do_install_append() { > + install -d ${D}/${sysconfdir}/snort/rules > + install -d ${D}/${sysconfdir}/snort/preproc_rules > + for i in map config conf dtd; do > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > + done > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > + mkdir -p ${D}/${localstatedir}/log/snort } > + > +FILES_${PN} += " \ > + ${libdir}/snort_dynamicengine/*.so.* \ > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > + ${libdir}/snort_dynamicrules/*.so.* \ > + " > +FILES_${PN}-dbg += " \ > + ${libdir}/snort_dynamicengine/.debug \ > + ${libdir}/snort_dynamicpreprocessor/.debug \ > + ${libdir}/snort_dynamicrules/.debug \ > + " > +FILES_${PN}-staticdev += " \ > + ${libdir}/snort_dynamicengine/*.a \ > + ${libdir}/snort_dynamicpreprocessor/*.a \ > + ${libdir}/snort_dynamicrules/*.a \ > + ${libdir}/snort/dynamic_preproc/*.a \ > + ${libdir}/snort/dynamic_output/*.a \ > + " > +FILES_${PN}-dev += " \ > + ${libdir}/snort_dynamicengine/*.la \ > + ${libdir}/snort_dynamicpreprocessor/*.la \ > + ${libdir}/snort_dynamicrules/*.la \ > + ${libdir}/snort_dynamicengine/*.so \ > + ${libdir}/snort_dynamicpreprocessor/*.so \ > + ${libdir}/snort_dynamicrules/*.so \ > + ${prefix}/src/snort_dynamicsrc \ > + " > + > +RRECOMMENDS_${PN} += "barnyard" > -- > 1.7.5.4 > > > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
Hi, Joe MacDonald Thank you for your comments. The current snort simply do not need sysvinit config. Thanks, Chunrong -----Original Message----- From: Joe MacDonald [mailto:joe@deserted.net] Sent: Wednesday, October 30, 2013 3:20 AM To: openembedded-devel@lists.openembedded.org Cc: Guo Chunrong-B40290 Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe Hi Chunrong, Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought. I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard. I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely. Was that due to problems inheriting update-rc.d as Koen suggested? (Or perhaps the current snort simply doesn't have a functional sysvinit config? I hope that's not the case.) I'm probably not the only one still making use of sysvinit stuff in some scenarios. :-) -J. [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote: > pings > > -----Original Message----- > From: Guo Chunrong-B40290 > Sent: Friday, October 18, 2013 4:22 PM > To: openembedded-devel@lists.openembedded.org > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290 > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe > > From: Chunrong Guo <B40290@freescale.com> > > *snort - a free lightweight network intrusion detection > system for UNIX and Windows > > Signed-off-by: Chunrong Guo <B40290@freescale.com> > --- > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++ > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++ > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++ > 3 files changed, 191 insertions(+), 0 deletions(-) create mode > 100644 > meta-networking/recipes-connectivity/snort/files/disable-dap-address-s > pace-id.patch create mode 100644 > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.p > atch create mode 100644 > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > diff --git > a/meta-networking/recipes-connectivity/snort/files/disable-dap-address > -space-id.patch > b/meta-networking/recipes-connectivity/snort/files/disable-dap-address > -space-id.patch > new file mode 100644 > index 0000000..39e5c9c > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-add > +++ re > +++ ss-space-id.patch > @@ -0,0 +1,52 @@ > +Upstream-Status:Inappropriate [embedded specific] > + > +fix the below error: > +checking for dap address space id... configure: > +configure: error: cannot run test program while cross compiling > + > + > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > + > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > +@@ -679,23 +679,23 @@ > + > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > + > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[ > +- DAQ_PktHdr_t hdr; > +- hdr.address_space_id = 0; > +-]])], > +-[have_daq_address_space_id="yes"], > +-[have_daq_address_space_id="no"]) > +-AC_MSG_RESULT($have_daq_address_space_id) > +-if test "x$have_daq_address_space_id" = "xyes"; then > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > +- [DAQ version supports address space ID in header.]) > +-fi > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[ > ++# DAQ_PktHdr_t hdr; > ++# hdr.address_space_id = 0; > ++#]])], > ++have_daq_address_space_id="yes" > ++#[have_daq_address_space_id="no"]) > ++#AC_MSG_RESULT($have_daq_address_space_id) > ++#if test "x$have_daq_address_space_id" = "xyes"; then > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > ++# [DAQ version supports address space ID in header.]) > ++#fi > + > + # any sparc platform has to have this one defined. > + AC_MSG_CHECKING(for sparc) > diff --git > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > .patch > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > .patch > new file mode 100644 > index 0000000..9dafe63 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr- > +++ no > +++ ne.patch > @@ -0,0 +1,75 @@ > +Upstream-Status: Inappropriate [embedded specific] > + > +fix the below error: > +checking for INADDR_NONE... configure: > +configure: error: cannot run test program while cross compiling > + > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > + > + > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > +@@ -281,25 +281,7 @@ > + AC_CHECK_TYPES([boolean]) > + > + # In case INADDR_NONE is not defined (like on Solaris) > +-have_inaddr_none="no" > +-AC_MSG_CHECKING([for INADDR_NONE]) > +-AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( > +-[[ > +-#include <sys/types.h> > +-#include <netinet/in.h> > +-#include <arpa/inet.h> > +-]], > +-[[ > +- if (inet_addr("10,5,2") == INADDR_NONE); > +- return 0; > +-]])], > +-[have_inaddr_none="yes"], > +-[have_inaddr_none="no"]) > +-AC_MSG_RESULT($have_inaddr_none) > +-if test "x$have_inaddr_none" = "xno"; then > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > +-fi > ++have_inaddr_none="yes" > + > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > + #include <stdio.h> > +@@ -397,21 +379,21 @@ > + fi > + fi > + > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[ > +- pcap_lex_destroy(); > +-]])], > +-[have_pcap_lex_destroy="yes"], > +-[have_pcap_lex_destroy="no"]) > +-AC_MSG_RESULT($have_pcap_lex_destroy) > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > +-fi > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[ > ++# pcap_lex_destroy(); > ++#]])], > ++have_pcap_lex_destroy="yes" > ++#[have_pcap_lex_destroy="no"]) > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > ++#fi > + > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE( > diff --git > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > new file mode 100644 > index 0000000..8639639 > --- /dev/null > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > @@ -0,0 +1,64 @@ > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." > +HOMEPAGE = "http://www.snort.org/" > +LICENSE = "GPL-2.0" > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > + > +DEPENDS = "libpcap libpcre daq libdnet" > + > + > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > + file://disable-inaddr-none.patch \ > + file://disable-dap-address-space-id.patch " > + > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > + > +inherit autotools gettext > + > +EXTRA_OECONF = " \ > + --enable-gre \ > + --enable-linux-smp-stats \ > + --enable-reload \ > + --enable-reload-error-restart \ > + --enable-targetbased \ > + --disable-static-daq \ > + " > + > +do_install_append() { > + install -d ${D}/${sysconfdir}/snort/rules > + install -d ${D}/${sysconfdir}/snort/preproc_rules > + for i in map config conf dtd; do > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > + done > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > + mkdir -p ${D}/${localstatedir}/log/snort } > + > +FILES_${PN} += " \ > + ${libdir}/snort_dynamicengine/*.so.* \ > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > + ${libdir}/snort_dynamicrules/*.so.* \ > + " > +FILES_${PN}-dbg += " \ > + ${libdir}/snort_dynamicengine/.debug \ > + ${libdir}/snort_dynamicpreprocessor/.debug \ > + ${libdir}/snort_dynamicrules/.debug \ > + " > +FILES_${PN}-staticdev += " \ > + ${libdir}/snort_dynamicengine/*.a \ > + ${libdir}/snort_dynamicpreprocessor/*.a \ > + ${libdir}/snort_dynamicrules/*.a \ > + ${libdir}/snort/dynamic_preproc/*.a \ > + ${libdir}/snort/dynamic_output/*.a \ > + " > +FILES_${PN}-dev += " \ > + ${libdir}/snort_dynamicengine/*.la \ > + ${libdir}/snort_dynamicpreprocessor/*.la \ > + ${libdir}/snort_dynamicrules/*.la \ > + ${libdir}/snort_dynamicengine/*.so \ > + ${libdir}/snort_dynamicpreprocessor/*.so \ > + ${libdir}/snort_dynamicrules/*.so \ > + ${prefix}/src/snort_dynamicsrc \ > + " > + > +RRECOMMENDS_${PN} += "barnyard" > -- > 1.7.5.4 > > > _______________________________________________ > Openembedded-devel mailing list > Openembedded-devel@lists.openembedded.org > http://lists.openembedded.org/mailman/listinfo/openembedded-devel -- -Joe MacDonald. :wq
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote: > Hi, Joe MacDonald > > Thank you for your comments. > > The current snort simply do not need sysvinit config. I apologize, I don't mean to belabor the point, but can you point me at that information? http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions. Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking. Also, please don't forget about the include path and barnyard questions. Thanks. -J. > > > Thanks, > Chunrong > > -----Original Message----- > From: Joe MacDonald [mailto:joe@deserted.net] > Sent: Wednesday, October 30, 2013 3:20 AM > To: openembedded-devel@lists.openembedded.org > Cc: Guo Chunrong-B40290 > Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe > > Hi Chunrong, > > Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought. > > I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard. > > I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely. Was that due to problems inheriting update-rc.d as Koen suggested? (Or perhaps the current snort simply doesn't have a functional sysvinit config? I hope that's not the case.) I'm probably not the only one still making use of sysvinit stuff in some scenarios. :-) > > -J. > > [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote: > > > pings > > > > -----Original Message----- > > From: Guo Chunrong-B40290 > > Sent: Friday, October 18, 2013 4:22 PM > > To: openembedded-devel@lists.openembedded.org > > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290 > > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe > > > > From: Chunrong Guo <B40290@freescale.com> > > > > *snort - a free lightweight network intrusion detection > > system for UNIX and Windows > > > > Signed-off-by: Chunrong Guo <B40290@freescale.com> > > --- > > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++ > > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++ > > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++ > > 3 files changed, 191 insertions(+), 0 deletions(-) create mode > > 100644 > > meta-networking/recipes-connectivity/snort/files/disable-dap-address-s > > pace-id.patch create mode 100644 > > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.p > > atch create mode 100644 > > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > > diff --git > > a/meta-networking/recipes-connectivity/snort/files/disable-dap-address > > -space-id.patch > > b/meta-networking/recipes-connectivity/snort/files/disable-dap-address > > -space-id.patch > > new file mode 100644 > > index 0000000..39e5c9c > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-add > > +++ re > > +++ ss-space-id.patch > > @@ -0,0 +1,52 @@ > > +Upstream-Status:Inappropriate [embedded specific] > > + > > +fix the below error: > > +checking for dap address space id... configure: > > +configure: error: cannot run test program while cross compiling > > + > > + > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > + > > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > > +@@ -679,23 +679,23 @@ > > + > > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > > + > > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[ > > +- DAQ_PktHdr_t hdr; > > +- hdr.address_space_id = 0; > > +-]])], > > +-[have_daq_address_space_id="yes"], > > +-[have_daq_address_space_id="no"]) > > +-AC_MSG_RESULT($have_daq_address_space_id) > > +-if test "x$have_daq_address_space_id" = "xyes"; then > > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > +- [DAQ version supports address space ID in header.]) > > +-fi > > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( > > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[ > > ++# DAQ_PktHdr_t hdr; > > ++# hdr.address_space_id = 0; > > ++#]])], > > ++have_daq_address_space_id="yes" > > ++#[have_daq_address_space_id="no"]) > > ++#AC_MSG_RESULT($have_daq_address_space_id) > > ++#if test "x$have_daq_address_space_id" = "xyes"; then > > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > ++# [DAQ version supports address space ID in header.]) > > ++#fi > > + > > + # any sparc platform has to have this one defined. > > + AC_MSG_CHECKING(for sparc) > > diff --git > > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > > .patch > > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > > .patch > > new file mode 100644 > > index 0000000..9dafe63 > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr- > > +++ no > > +++ ne.patch > > @@ -0,0 +1,75 @@ > > +Upstream-Status: Inappropriate [embedded specific] > > + > > +fix the below error: > > +checking for INADDR_NONE... configure: > > +configure: error: cannot run test program while cross compiling > > + > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > + > > + > > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > > +@@ -281,25 +281,7 @@ > > + AC_CHECK_TYPES([boolean]) > > + > > + # In case INADDR_NONE is not defined (like on Solaris) > > +-have_inaddr_none="no" > > +-AC_MSG_CHECKING([for INADDR_NONE]) > > +-AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( > > +-[[ > > +-#include <sys/types.h> > > +-#include <netinet/in.h> > > +-#include <arpa/inet.h> > > +-]], > > +-[[ > > +- if (inet_addr("10,5,2") == INADDR_NONE); > > +- return 0; > > +-]])], > > +-[have_inaddr_none="yes"], > > +-[have_inaddr_none="no"]) > > +-AC_MSG_RESULT($have_inaddr_none) > > +-if test "x$have_inaddr_none" = "xno"; then > > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > > +-fi > > ++have_inaddr_none="yes" > > + > > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > > + #include <stdio.h> > > +@@ -397,21 +379,21 @@ > > + fi > > + fi > > + > > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[ > > +- pcap_lex_destroy(); > > +-]])], > > +-[have_pcap_lex_destroy="yes"], > > +-[have_pcap_lex_destroy="no"]) > > +-AC_MSG_RESULT($have_pcap_lex_destroy) > > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > +-fi > > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( > > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[ > > ++# pcap_lex_destroy(); > > ++#]])], > > ++have_pcap_lex_destroy="yes" > > ++#[have_pcap_lex_destroy="no"]) > > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > ++#fi > > + > > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE( > > diff --git > > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > new file mode 100644 > > index 0000000..8639639 > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > @@ -0,0 +1,64 @@ > > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." > > +HOMEPAGE = "http://www.snort.org/" > > +LICENSE = "GPL-2.0" > > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > > + > > +DEPENDS = "libpcap libpcre daq libdnet" > > + > > + > > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > > + file://disable-inaddr-none.patch \ > > + file://disable-dap-address-space-id.patch " > > + > > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > > + > > +inherit autotools gettext > > + > > +EXTRA_OECONF = " \ > > + --enable-gre \ > > + --enable-linux-smp-stats \ > > + --enable-reload \ > > + --enable-reload-error-restart \ > > + --enable-targetbased \ > > + --disable-static-daq \ > > + " > > + > > +do_install_append() { > > + install -d ${D}/${sysconfdir}/snort/rules > > + install -d ${D}/${sysconfdir}/snort/preproc_rules > > + for i in map config conf dtd; do > > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > > + done > > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > > + mkdir -p ${D}/${localstatedir}/log/snort } > > + > > +FILES_${PN} += " \ > > + ${libdir}/snort_dynamicengine/*.so.* \ > > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > > + ${libdir}/snort_dynamicrules/*.so.* \ > > + " > > +FILES_${PN}-dbg += " \ > > + ${libdir}/snort_dynamicengine/.debug \ > > + ${libdir}/snort_dynamicpreprocessor/.debug \ > > + ${libdir}/snort_dynamicrules/.debug \ > > + " > > +FILES_${PN}-staticdev += " \ > > + ${libdir}/snort_dynamicengine/*.a \ > > + ${libdir}/snort_dynamicpreprocessor/*.a \ > > + ${libdir}/snort_dynamicrules/*.a \ > > + ${libdir}/snort/dynamic_preproc/*.a \ > > + ${libdir}/snort/dynamic_output/*.a \ > > + " > > +FILES_${PN}-dev += " \ > > + ${libdir}/snort_dynamicengine/*.la \ > > + ${libdir}/snort_dynamicpreprocessor/*.la \ > > + ${libdir}/snort_dynamicrules/*.la \ > > + ${libdir}/snort_dynamicengine/*.so \ > > + ${libdir}/snort_dynamicpreprocessor/*.so \ > > + ${libdir}/snort_dynamicrules/*.so \ > > + ${prefix}/src/snort_dynamicsrc \ > > + " > > + > > +RRECOMMENDS_${PN} += "barnyard" > > -- > > 1.7.5.4 > > > > > > _______________________________________________ > > Openembedded-devel mailing list > > Openembedded-devel@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > -- > -Joe MacDonald. > :wq >
Hello?joe I investigate barnyard2 and barnyard . I have the following conclusions: 1) Barnyard2 maintains majority of the command syntax of barnyard. 2) Barnyard has not seen an updated in over 4 years and is not going to be maintained by the original developers. 3) Barnyard2 is a very popular plugin . I will submit new patch about " snort + Barnyard2". Thanks, chunrong -----Original Message----- From: Joe MacDonald [mailto:joe@deserted.net] Sent: Wednesday, October 30, 2013 8:49 PM To: Guo Chunrong-B40290 Cc: openembedded-devel@lists.openembedded.org Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe [RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote: > Hi, Joe MacDonald > > Thank you for your comments. > > The current snort simply do not need sysvinit config. I apologize, I don't mean to belabor the point, but can you point me at that information? http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions. Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking. Also, please don't forget about the include path and barnyard questions. Thanks. -J. > > > Thanks, > Chunrong > > -----Original Message----- > From: Joe MacDonald [mailto:joe@deserted.net] > Sent: Wednesday, October 30, 2013 3:20 AM > To: openembedded-devel@lists.openembedded.org > Cc: Guo Chunrong-B40290 > Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe > > Hi Chunrong, > > Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought. > > I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard. > > I also noticed that in the most recent version of the snort recipe the > sysvinit components have been dropped entirely. Was that due to > problems inheriting update-rc.d as Koen suggested? (Or perhaps the > current snort simply doesn't have a functional sysvinit config? I > hope that's not the case.) I'm probably not the only one still making > use of sysvinit stuff in some scenarios. :-) > > -J. > > [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote: > > > pings > > > > -----Original Message----- > > From: Guo Chunrong-B40290 > > Sent: Friday, October 18, 2013 4:22 PM > > To: openembedded-devel@lists.openembedded.org > > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290 > > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe > > > > From: Chunrong Guo <B40290@freescale.com> > > > > *snort - a free lightweight network intrusion detection > > system for UNIX and Windows > > > > Signed-off-by: Chunrong Guo <B40290@freescale.com> > > --- > > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++ > > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++ > > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++ > > 3 files changed, 191 insertions(+), 0 deletions(-) create mode > > 100644 > > meta-networking/recipes-connectivity/snort/files/disable-dap-address > > -s > > pace-id.patch create mode 100644 > > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > > .p > > atch create mode 100644 > > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > > diff --git > > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre > > ss > > -space-id.patch > > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre > > ss > > -space-id.patch > > new file mode 100644 > > index 0000000..39e5c9c > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a > > +++ dd > > +++ re > > +++ ss-space-id.patch > > @@ -0,0 +1,52 @@ > > +Upstream-Status:Inappropriate [embedded specific] > > + > > +fix the below error: > > +checking for dap address space id... configure: > > +configure: error: cannot run test program while cross compiling > > + > > + > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > + > > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > > +@@ -679,23 +679,23 @@ > > + > > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > > + > > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[ > > +- DAQ_PktHdr_t hdr; > > +- hdr.address_space_id = 0; > > +-]])], > > +-[have_daq_address_space_id="yes"], > > +-[have_daq_address_space_id="no"]) > > +-AC_MSG_RESULT($have_daq_address_space_id) > > +-if test "x$have_daq_address_space_id" = "xyes"; then > > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > +- [DAQ version supports address space ID in header.]) > > +-fi > > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( > > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[ > > ++# DAQ_PktHdr_t hdr; > > ++# hdr.address_space_id = 0; > > ++#]])], > > ++have_daq_address_space_id="yes" > > ++#[have_daq_address_space_id="no"]) > > ++#AC_MSG_RESULT($have_daq_address_space_id) > > ++#if test "x$have_daq_address_space_id" = "xyes"; then > > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > ++# [DAQ version supports address space ID in header.]) > > ++#fi > > + > > + # any sparc platform has to have this one defined. > > + AC_MSG_CHECKING(for sparc) > > diff --git > > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no > > ne > > .patch > > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no > > ne > > .patch > > new file mode 100644 > > index 0000000..9dafe63 > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd > > +++ r- > > +++ no > > +++ ne.patch > > @@ -0,0 +1,75 @@ > > +Upstream-Status: Inappropriate [embedded specific] > > + > > +fix the below error: > > +checking for INADDR_NONE... configure: > > +configure: error: cannot run test program while cross compiling > > + > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > + > > + > > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > > +@@ -281,25 +281,7 @@ > > + AC_CHECK_TYPES([boolean]) > > + > > + # In case INADDR_NONE is not defined (like on Solaris) > > +-have_inaddr_none="no" > > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include > > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[ > > +- if (inet_addr("10,5,2") == INADDR_NONE); > > +- return 0; > > +-]])], > > +-[have_inaddr_none="yes"], > > +-[have_inaddr_none="no"]) > > +-AC_MSG_RESULT($have_inaddr_none) > > +-if test "x$have_inaddr_none" = "xno"; then > > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > > +-fi > > ++have_inaddr_none="yes" > > + > > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > > + #include <stdio.h> > > +@@ -397,21 +379,21 @@ > > + fi > > + fi > > + > > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( > > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[ > > +- pcap_lex_destroy(); > > +-]])], > > +-[have_pcap_lex_destroy="yes"], > > +-[have_pcap_lex_destroy="no"]) > > +-AC_MSG_RESULT($have_pcap_lex_destroy) > > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > +-fi > > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( > > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[ > > ++# pcap_lex_destroy(); > > ++#]])], > > ++have_pcap_lex_destroy="yes" > > ++#[have_pcap_lex_destroy="no"]) > > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > ++#fi > > + > > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE( > > diff --git > > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > new file mode 100644 > > index 0000000..8639639 > > --- /dev/null > > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > @@ -0,0 +1,64 @@ > > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." > > +HOMEPAGE = "http://www.snort.org/" > > +LICENSE = "GPL-2.0" > > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > > + > > +DEPENDS = "libpcap libpcre daq libdnet" > > + > > + > > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > > + file://disable-inaddr-none.patch \ > > + file://disable-dap-address-space-id.patch " > > + > > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > > + > > +inherit autotools gettext > > + > > +EXTRA_OECONF = " \ > > + --enable-gre \ > > + --enable-linux-smp-stats \ > > + --enable-reload \ > > + --enable-reload-error-restart \ > > + --enable-targetbased \ > > + --disable-static-daq \ > > + " > > + > > +do_install_append() { > > + install -d ${D}/${sysconfdir}/snort/rules > > + install -d ${D}/${sysconfdir}/snort/preproc_rules > > + for i in map config conf dtd; do > > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > > + done > > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > > + mkdir -p ${D}/${localstatedir}/log/snort } > > + > > +FILES_${PN} += " \ > > + ${libdir}/snort_dynamicengine/*.so.* \ > > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > > + ${libdir}/snort_dynamicrules/*.so.* \ > > + " > > +FILES_${PN}-dbg += " \ > > + ${libdir}/snort_dynamicengine/.debug \ > > + ${libdir}/snort_dynamicpreprocessor/.debug \ > > + ${libdir}/snort_dynamicrules/.debug \ > > + " > > +FILES_${PN}-staticdev += " \ > > + ${libdir}/snort_dynamicengine/*.a \ > > + ${libdir}/snort_dynamicpreprocessor/*.a \ > > + ${libdir}/snort_dynamicrules/*.a \ > > + ${libdir}/snort/dynamic_preproc/*.a \ > > + ${libdir}/snort/dynamic_output/*.a \ > > + " > > +FILES_${PN}-dev += " \ > > + ${libdir}/snort_dynamicengine/*.la \ > > + ${libdir}/snort_dynamicpreprocessor/*.la \ > > + ${libdir}/snort_dynamicrules/*.la \ > > + ${libdir}/snort_dynamicengine/*.so \ > > + ${libdir}/snort_dynamicpreprocessor/*.so \ > > + ${libdir}/snort_dynamicrules/*.so \ > > + ${prefix}/src/snort_dynamicsrc \ > > + " > > + > > +RRECOMMENDS_${PN} += "barnyard" > > -- > > 1.7.5.4 > > > > > > _______________________________________________ > > Openembedded-devel mailing list > > Openembedded-devel@lists.openembedded.org > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > -- > -Joe MacDonald. > :wq > -- -Joe MacDonald. :wq
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.11.01 (Fri 07:15) Chunrong Guo wrote: > Hello?joe > > I investigate barnyard2 and barnyard . > I have the following conclusions: > 1) Barnyard2 maintains majority of the command syntax of barnyard. > 2) Barnyard has not seen an updated in over 4 years and is not going to be maintained by the original developers. > 3) Barnyard2 is a very popular plugin . > > I will submit new patch about " snort + Barnyard2". Thanks. That was my read on barnyard v. barnyard2 as well but it is good to know you've verified my impression. I saw the latest version (please do try to ensure you tag them with meta-networking in the subject) and I'll have a look at them and try them out later this morning. -J. > > Thanks, > chunrong > > -----Original Message----- > From: Joe MacDonald [mailto:joe@deserted.net] > Sent: Wednesday, October 30, 2013 8:49 PM > To: Guo Chunrong-B40290 > Cc: openembedded-devel@lists.openembedded.org > Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe > > [RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote: > > > Hi, Joe MacDonald > > > > Thank you for your comments. > > > > The current snort simply do not need sysvinit config. > > I apologize, I don't mean to belabor the point, but can you point me at that information? http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions. Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking. > > Also, please don't forget about the include path and barnyard questions. > > Thanks. > > -J. > > > > > > > Thanks, > > Chunrong > > > > -----Original Message----- > > From: Joe MacDonald [mailto:joe@deserted.net] > > Sent: Wednesday, October 30, 2013 3:20 AM > > To: openembedded-devel@lists.openembedded.org > > Cc: Guo Chunrong-B40290 > > Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe > > > > Hi Chunrong, > > > > Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought. > > > > I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard. > > > > I also noticed that in the most recent version of the snort recipe the > > sysvinit components have been dropped entirely. Was that due to > > problems inheriting update-rc.d as Koen suggested? (Or perhaps the > > current snort simply doesn't have a functional sysvinit config? I > > hope that's not the case.) I'm probably not the only one still making > > use of sysvinit stuff in some scenarios. :-) > > > > -J. > > > > [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote: > > > > > pings > > > > > > -----Original Message----- > > > From: Guo Chunrong-B40290 > > > Sent: Friday, October 18, 2013 4:22 PM > > > To: openembedded-devel@lists.openembedded.org > > > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290 > > > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe > > > > > > From: Chunrong Guo <B40290@freescale.com> > > > > > > *snort - a free lightweight network intrusion detection > > > system for UNIX and Windows > > > > > > Signed-off-by: Chunrong Guo <B40290@freescale.com> > > > --- > > > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++ > > > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++ > > > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++ > > > 3 files changed, 191 insertions(+), 0 deletions(-) create mode > > > 100644 > > > meta-networking/recipes-connectivity/snort/files/disable-dap-address > > > -s > > > pace-id.patch create mode 100644 > > > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none > > > .p > > > atch create mode 100644 > > > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > > > > diff --git > > > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre > > > ss > > > -space-id.patch > > > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre > > > ss > > > -space-id.patch > > > new file mode 100644 > > > index 0000000..39e5c9c > > > --- /dev/null > > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a > > > +++ dd > > > +++ re > > > +++ ss-space-id.patch > > > @@ -0,0 +1,52 @@ > > > +Upstream-Status:Inappropriate [embedded specific] > > > + > > > +fix the below error: > > > +checking for dap address space id... configure: > > > +configure: error: cannot run test program while cross compiling > > > + > > > + > > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > > + > > > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500 > > > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500 > > > +@@ -679,23 +679,23 @@ > > > + > > > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta]) > > > + > > > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( > > > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[ > > > +- DAQ_PktHdr_t hdr; > > > +- hdr.address_space_id = 0; > > > +-]])], > > > +-[have_daq_address_space_id="yes"], > > > +-[have_daq_address_space_id="no"]) > > > +-AC_MSG_RESULT($have_daq_address_space_id) > > > +-if test "x$have_daq_address_space_id" = "xyes"; then > > > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > > +- [DAQ version supports address space ID in header.]) > > > +-fi > > > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( > > > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[ > > > ++# DAQ_PktHdr_t hdr; > > > ++# hdr.address_space_id = 0; > > > ++#]])], > > > ++have_daq_address_space_id="yes" > > > ++#[have_daq_address_space_id="no"]) > > > ++#AC_MSG_RESULT($have_daq_address_space_id) > > > ++#if test "x$have_daq_address_space_id" = "xyes"; then > > > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], > > > ++# [DAQ version supports address space ID in header.]) > > > ++#fi > > > + > > > + # any sparc platform has to have this one defined. > > > + AC_MSG_CHECKING(for sparc) > > > diff --git > > > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no > > > ne > > > .patch > > > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no > > > ne > > > .patch > > > new file mode 100644 > > > index 0000000..9dafe63 > > > --- /dev/null > > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd > > > +++ r- > > > +++ no > > > +++ ne.patch > > > @@ -0,0 +1,75 @@ > > > +Upstream-Status: Inappropriate [embedded specific] > > > + > > > +fix the below error: > > > +checking for INADDR_NONE... configure: > > > +configure: error: cannot run test program while cross compiling > > > + > > > +Signed-off-by: Chunrong Guo <B40290@freescale.com> > > > + > > > + > > > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500 > > > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500 > > > +@@ -281,25 +281,7 @@ > > > + AC_CHECK_TYPES([boolean]) > > > + > > > + # In case INADDR_NONE is not defined (like on Solaris) > > > +-have_inaddr_none="no" > > > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE( > > > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include > > > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[ > > > +- if (inet_addr("10,5,2") == INADDR_NONE); > > > +- return 0; > > > +-]])], > > > +-[have_inaddr_none="yes"], > > > +-[have_inaddr_none="no"]) > > > +-AC_MSG_RESULT($have_inaddr_none) > > > +-if test "x$have_inaddr_none" = "xno"; then > > > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) > > > +-fi > > > ++have_inaddr_none="yes" > > > + > > > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ > > > + #include <stdio.h> > > > +@@ -397,21 +379,21 @@ > > > + fi > > > + fi > > > + > > > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( > > > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[ > > > +- pcap_lex_destroy(); > > > +-]])], > > > +-[have_pcap_lex_destroy="yes"], > > > +-[have_pcap_lex_destroy="no"]) > > > +-AC_MSG_RESULT($have_pcap_lex_destroy) > > > +-if test "x$have_pcap_lex_destroy" = "xyes"; then > > > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > > +-fi > > > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( > > > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[ > > > ++# pcap_lex_destroy(); > > > ++#]])], > > > ++have_pcap_lex_destroy="yes" > > > ++#[have_pcap_lex_destroy="no"]) > > > ++#AC_MSG_RESULT($have_pcap_lex_destroy) > > > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then > > > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) > > > ++#fi > > > + > > > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE( > > > diff --git > > > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > new file mode 100644 > > > index 0000000..8639639 > > > --- /dev/null > > > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb > > > @@ -0,0 +1,64 @@ > > > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." > > > +HOMEPAGE = "http://www.snort.org/" > > > +LICENSE = "GPL-2.0" > > > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" > > > + > > > +DEPENDS = "libpcap libpcre daq libdnet" > > > + > > > + > > > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ > > > + file://disable-inaddr-none.patch \ > > > + file://disable-dap-address-space-id.patch " > > > + > > > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd" > > > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc" > > > + > > > +inherit autotools gettext > > > + > > > +EXTRA_OECONF = " \ > > > + --enable-gre \ > > > + --enable-linux-smp-stats \ > > > + --enable-reload \ > > > + --enable-reload-error-restart \ > > > + --enable-targetbased \ > > > + --disable-static-daq \ > > > + " > > > + > > > +do_install_append() { > > > + install -d ${D}/${sysconfdir}/snort/rules > > > + install -d ${D}/${sysconfdir}/snort/preproc_rules > > > + for i in map config conf dtd; do > > > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/ > > > + done > > > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/ > > > + mkdir -p ${D}/${localstatedir}/log/snort } > > > + > > > +FILES_${PN} += " \ > > > + ${libdir}/snort_dynamicengine/*.so.* \ > > > + ${libdir}/snort_dynamicpreprocessor/*.so.* \ > > > + ${libdir}/snort_dynamicrules/*.so.* \ > > > + " > > > +FILES_${PN}-dbg += " \ > > > + ${libdir}/snort_dynamicengine/.debug \ > > > + ${libdir}/snort_dynamicpreprocessor/.debug \ > > > + ${libdir}/snort_dynamicrules/.debug \ > > > + " > > > +FILES_${PN}-staticdev += " \ > > > + ${libdir}/snort_dynamicengine/*.a \ > > > + ${libdir}/snort_dynamicpreprocessor/*.a \ > > > + ${libdir}/snort_dynamicrules/*.a \ > > > + ${libdir}/snort/dynamic_preproc/*.a \ > > > + ${libdir}/snort/dynamic_output/*.a \ > > > + " > > > +FILES_${PN}-dev += " \ > > > + ${libdir}/snort_dynamicengine/*.la \ > > > + ${libdir}/snort_dynamicpreprocessor/*.la \ > > > + ${libdir}/snort_dynamicrules/*.la \ > > > + ${libdir}/snort_dynamicengine/*.so \ > > > + ${libdir}/snort_dynamicpreprocessor/*.so \ > > > + ${libdir}/snort_dynamicrules/*.so \ > > > + ${prefix}/src/snort_dynamicsrc \ > > > + " > > > + > > > +RRECOMMENDS_${PN} += "barnyard" > > > -- > > > 1.7.5.4 > > > > > > > > > _______________________________________________ > > > Openembedded-devel mailing list > > > Openembedded-devel@lists.openembedded.org > > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel > > > > -- > > -Joe MacDonald. > > :wq > > > > -- > -Joe MacDonald. > :wq