Re: [meta-networking][PATCH v3 1/3] snort: add recipe

[Joe MacDonald <joe@deserted.net>]

[-- Attachment #1: Type: text/plain, Size: 11751 bytes --]

Just FYI.  This and the other two are in the queue, I'll look at them
later today or tomorrow at the latest.  I just didn't want you to be
concerned something was lost.

-J.

[[oe] [meta-networking][PATCH v3 1/3] snort: add recipe] On 13.11.04 (Mon 10:39) b40290@freescale.com wrote:

> From: Chunrong Guo <B40290@freescale.com>
> 
>   *snort - a free lightweight network intrusion detection
>          system for UNIX and Windows
> 
> Signed-off-by: Chunrong Guo <B40290@freescale.com>
> ---
>  .../snort/files/disable-dap-address-space-id.patch |   52 +++++++++
>  .../snort/files/disable-inaddr-none.patch          |   75 ++++++++++++++
>  .../recipes-connectivity/snort/files/snort.init    |  109 ++++++++++++++++++++
>  .../recipes-connectivity/snort/snort_2.9.4.6.bb    |   71 +++++++++++++
>  4 files changed, 307 insertions(+), 0 deletions(-)
>  create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
>  create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
>  create mode 100644 meta-networking/recipes-connectivity/snort/files/snort.init
>  create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> 
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> new file mode 100644
> index 0000000..39e5c9c
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status:Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for dap address space id... configure: 
> +configure: error: cannot run test program while cross compiling
> +
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +--- a/configure.in	2013-08-23 00:06:37.239361932 -0500
> ++++ b/configure.in	2013-08-23 00:07:32.860266534 -0500
> +@@ -679,23 +679,23 @@
> + 
> + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> + 
> +-AC_MSG_CHECKING([for daq address space ID])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <daq.h>
> +-]],
> +-[[
> +-   DAQ_PktHdr_t hdr;
> +-   hdr.address_space_id = 0;
> +-]])],
> +-[have_daq_address_space_id="yes"],
> +-[have_daq_address_space_id="no"])
> +-AC_MSG_RESULT($have_daq_address_space_id)
> +-if test "x$have_daq_address_space_id" = "xyes"; then
> +-    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> +-        [DAQ version supports address space ID in header.])
> +-fi
> ++#AC_MSG_CHECKING([for daq address space ID])
> ++#AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM(
> ++#[[
> ++##include <daq.h>
> ++#]],
> ++#[[
> ++#   DAQ_PktHdr_t hdr;
> ++#   hdr.address_space_id = 0;
> ++#]])],
> ++have_daq_address_space_id="yes"
> ++#[have_daq_address_space_id="no"])
> ++#AC_MSG_RESULT($have_daq_address_space_id)
> ++#if test "x$have_daq_address_space_id" = "xyes"; then
> ++#    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> ++#        [DAQ version supports address space ID in header.])
> ++#fi
> + 
> + # any sparc platform has to have this one defined.
> + AC_MSG_CHECKING(for sparc)
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> new file mode 100644
> index 0000000..9dafe63
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> @@ -0,0 +1,75 @@
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for INADDR_NONE... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +
> +--- a/configure.in	2013-08-21 03:56:17.197414789 -0500
> ++++ b/configure.in	2013-08-21 23:19:05.298553560 -0500
> +@@ -281,25 +281,7 @@
> + AC_CHECK_TYPES([boolean])
> + 
> + # In case INADDR_NONE is not defined (like on Solaris)
> +-have_inaddr_none="no"
> +-AC_MSG_CHECKING([for INADDR_NONE])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <sys/types.h>
> +-#include <netinet/in.h>
> +-#include <arpa/inet.h>
> +-]],
> +-[[
> +-	if (inet_addr("10,5,2") == INADDR_NONE);
> +-    return 0;
> +-]])],
> +-[have_inaddr_none="yes"],
> +-[have_inaddr_none="no"])
> +-AC_MSG_RESULT($have_inaddr_none)
> +-if test "x$have_inaddr_none" = "xno"; then
> +-	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> +-fi
> ++have_inaddr_none="yes"
> + 
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> + #include <stdio.h>
> +@@ -397,21 +379,21 @@
> +   fi
> + fi
> + 
> +-AC_MSG_CHECKING([for pcap_lex_destroy])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <pcap.h>
> +-]],
> +-[[
> +-   pcap_lex_destroy();
> +-]])],
> +-[have_pcap_lex_destroy="yes"],
> +-[have_pcap_lex_destroy="no"])
> +-AC_MSG_RESULT($have_pcap_lex_destroy)
> +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> +-    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> +-fi
> ++#AC_MSG_CHECKING([for pcap_lex_destroy])
> ++#AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM(
> ++#[[
> ++##include <pcap.h>
> ++#]],
> ++#[[
> ++#   pcap_lex_destroy();
> ++#]])],
> ++have_pcap_lex_destroy="yes"
> ++#[have_pcap_lex_destroy="no"])
> ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> ++#    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> ++#fi
> + 
> + AC_MSG_CHECKING([for pcap_lib_version])
> + AC_LINK_IFELSE(
> diff --git a/meta-networking/recipes-connectivity/snort/files/snort.init b/meta-networking/recipes-connectivity/snort/files/snort.init
> new file mode 100644
> index 0000000..91cb343
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/snort.init
> @@ -0,0 +1,109 @@
> +#!/bin/sh
> +#
> +#   Snort Startup Script modified for OpenEmbedded
> +#
> +
> +# Script variables
> +
> +LAN_INTERFACE="$2"
> +RETURN_VAL=0
> +BINARY=/usr/bin/snort
> +PATH=/bin:/usr/bin
> +PID=/var/run/snort_${LAN_INTERFACE}_ids.pid
> +DEL_PID=$PID
> +LOGDIR="/var/log/snort"
> +DATE=`/bin/date +%Y%m%d`
> +CONFIG_FILE=/etc/snort/snort.conf
> +PROG=snort
> +USER=root
> +GROUP=root
> +
> +if [ ! -x "$BINARY" ]; then
> +    echo "ERROR: $BINARY not found."
> +    exit 1
> +fi
> +                                                                                
> +if [ ! -r "$CONFIG_FILE" ]; then
> +    echo "ERROR: $CONFIG_FILE not found."
> +    exit 1
> +fi
> +
> +start()
> +{
> +     
> +    [ -n "$LAN_INTERFACE" ] || return 0
> +    # Check if log diratory is present. Otherwise, create it.
> +    if [ ! -d $LOGDIR/$DATE ]; then 
> +        mkdir -d $LOGDIR/$DATE
> +        /bin/chown -R $USER:$USER $LOGDIR/$DATE
> +    /bin/chmod -R 700 $LOGDIR/$DATE
> +    fi
> +
> +    /bin/echo "Starting $PROG: "
> +    # Snort parameters
> +    # -D Run Snort in background (daemon) mode
> +    # -i <if> Listen on interface <if> 
> +    # -u <uname> Run snort uid as <uname> user (or uid)
> +    # -g <gname> Run snort uid as <gname> group (or gid)
> +    # -c Load configuration file
> +    # -N Turn off logging (alerts still work) (removed to enable logging) :)
> +    # -l Log to directory
> +    # -t Chroots process to directory after initialization
> +    # -R <id> Include 'id' in snort_intf<id>.pid file name
> +    
> +    $BINARY -D -i $LAN_INTERFACE -u $USER -g $GROUP -c $CONFIG_FILE -l $LOGDIR/$DATE -t $LOGDIR/$DATE -R _ids
> +    /bin/echo "$PROG startup complete."
> +    return $RETURN_VAL
> +}
> +
> +stop()
> +{
> +    if [ -s $PID ]; then
> +        /bin/echo "Stopping $PROG with PID `cat $PID`: "
> +        kill -TERM `cat $PID` 2>/dev/null
> +        RETURN_VAL=$?
> +        /bin/echo "$PROG shutdown complete."
> +        [ -e $DEL_PID ] && rm -f $DEL_PID
> +    [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck
> +    else
> +        /bin/echo "ERROR: PID in $PID file not found."
> +        RETURN_VAL=1
> +    fi
> +    return $RETURN_VAL
> +}
> +
> +status() {
> +        if [ -s $PID ]; then
> +                echo "$PROG is running as pid `cat $PID`:"
> +        else
> +                echo "$PROG is not running."
> +        fi
> +}
> +
> +restart()
> +{
> +    stop
> +    start
> +    RETURN_VAL=$?
> +    return $RETURN_VAL
> +}
> +
> +case "$1" in
> + start)
> +       start
> +    ;;
> + stop)
> +       stop
> +    ;;
> + status)
> +       status
> +    ;;
> + restart|reload)
> +       restart
> +    ;;
> + *)
> +    /bin/echo "Usage: $0 {start|stop|status|restart|reload}"
> +    RETURN_VAL=1
> +esac
> +
> +exit $RETURN_VAL 
> diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> new file mode 100644
> index 0000000..829146d
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> @@ -0,0 +1,71 @@
> +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> +HOMEPAGE = "http://www.snort.org/"
> +LICENSE = "GPL-2.0"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> +
> +DEPENDS = "libpcap libpcre daq libdnet"
> +
> +
> +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> +            file://snort.init \
> +            file://disable-inaddr-none.patch \
> +            file://disable-dap-address-space-id.patch "
> +
> +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> +
> +inherit autotools  gettext  update-rc.d
> +
> +INITSCRIPT_NAME = "snort"
> +INITSCRIPT_PARAMS = "defaults"
> +
> +EXTRA_OECONF = " \
> +	--enable-gre \    
> +	--enable-linux-smp-stats \
> +	--enable-reload \
> +	--enable-reload-error-restart \
> +	--enable-targetbased \
> +	--disable-static-daq \
> +	"
> +
> +do_install_append() {
> +	install -d ${D}/${sysconfdir}/snort/rules
> +	install -d ${D}/${sysconfdir}/snort/preproc_rules
> +    install -d ${D}${sysconfdir}/init.d
> +	for i in map config conf dtd; do
> +		cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> +	done
> +	cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> +    install -m 755 ${WORKDIR}/snort.init ${D}/${sysconfdir}/init.d/snort
> +	mkdir -p ${D}/${localstatedir}/log/snort
> +    install -d ${D}/var/log/snort
> +}
> +
> +FILES_${PN} += " \
> +	${libdir}/snort_dynamicengine/*.so.* \
> +	${libdir}/snort_dynamicpreprocessor/*.so.* \
> +	${libdir}/snort_dynamicrules/*.so.* \
> +	"
> +FILES_${PN}-dbg += " \
> +	${libdir}/snort_dynamicengine/.debug \
> +	${libdir}/snort_dynamicpreprocessor/.debug \
> +	${libdir}/snort_dynamicrules/.debug \
> +	"
> +FILES_${PN}-staticdev += " \
> +	${libdir}/snort_dynamicengine/*.a \
> +	${libdir}/snort_dynamicpreprocessor/*.a \
> +	${libdir}/snort_dynamicrules/*.a \
> +	${libdir}/snort/dynamic_preproc/*.a \
> +	${libdir}/snort/dynamic_output/*.a \
> +	"
> +FILES_${PN}-dev += " \
> +	${libdir}/snort_dynamicengine/*.la \
> +	${libdir}/snort_dynamicpreprocessor/*.la \
> +	${libdir}/snort_dynamicrules/*.la \
> +	${libdir}/snort_dynamicengine/*.so \
> +	${libdir}/snort_dynamicpreprocessor/*.so \
> +	${libdir}/snort_dynamicrules/*.so \
> +	${prefix}/src/snort_dynamicsrc \
> +	"
> +
> +RRECOMMENDS_${PN} += "barnyard2"
-- 
-Joe MacDonald.
:wq

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]