* [meta-networking][PATCH v2 1/3] snort : add recipe
@ 2013-10-18 8:22 b40290
2013-10-28 2:23 ` Guo Chunrong-B40290
0 siblings, 1 reply; 7+ messages in thread
From: b40290 @ 2013-10-18 8:22 UTC (permalink / raw)
To: openembedded-devel
From: Chunrong Guo <B40290@freescale.com>
*snort - a free lightweight network intrusion detection
system for UNIX and Windows
Signed-off-by: Chunrong Guo <B40290@freescale.com>
---
.../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
.../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
.../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
3 files changed, 191 insertions(+), 0 deletions(-)
create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
new file mode 100644
index 0000000..39e5c9c
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
@@ -0,0 +1,52 @@
+Upstream-Status:Inappropriate [embedded specific]
+
+fix the below error:
+checking for dap address space id... configure:
+configure: error: cannot run test program while cross compiling
+
+
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+
+--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
+@@ -679,23 +679,23 @@
+
+ AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
+
+-AC_MSG_CHECKING([for daq address space ID])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <daq.h>
+-]],
+-[[
+- DAQ_PktHdr_t hdr;
+- hdr.address_space_id = 0;
+-]])],
+-[have_daq_address_space_id="yes"],
+-[have_daq_address_space_id="no"])
+-AC_MSG_RESULT($have_daq_address_space_id)
+-if test "x$have_daq_address_space_id" = "xyes"; then
+- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+- [DAQ version supports address space ID in header.])
+-fi
++#AC_MSG_CHECKING([for daq address space ID])
++#AC_RUN_IFELSE(
++#[AC_LANG_PROGRAM(
++#[[
++##include <daq.h>
++#]],
++#[[
++# DAQ_PktHdr_t hdr;
++# hdr.address_space_id = 0;
++#]])],
++have_daq_address_space_id="yes"
++#[have_daq_address_space_id="no"])
++#AC_MSG_RESULT($have_daq_address_space_id)
++#if test "x$have_daq_address_space_id" = "xyes"; then
++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
++# [DAQ version supports address space ID in header.])
++#fi
+
+ # any sparc platform has to have this one defined.
+ AC_MSG_CHECKING(for sparc)
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
new file mode 100644
index 0000000..9dafe63
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+fix the below error:
+checking for INADDR_NONE... configure:
+configure: error: cannot run test program while cross compiling
+
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+
+
+--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
+@@ -281,25 +281,7 @@
+ AC_CHECK_TYPES([boolean])
+
+ # In case INADDR_NONE is not defined (like on Solaris)
+-have_inaddr_none="no"
+-AC_MSG_CHECKING([for INADDR_NONE])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-#include <arpa/inet.h>
+-]],
+-[[
+- if (inet_addr("10,5,2") == INADDR_NONE);
+- return 0;
+-]])],
+-[have_inaddr_none="yes"],
+-[have_inaddr_none="no"])
+-AC_MSG_RESULT($have_inaddr_none)
+-if test "x$have_inaddr_none" = "xno"; then
+- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
+-fi
++have_inaddr_none="yes"
+
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <stdio.h>
+@@ -397,21 +379,21 @@
+ fi
+ fi
+
+-AC_MSG_CHECKING([for pcap_lex_destroy])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <pcap.h>
+-]],
+-[[
+- pcap_lex_destroy();
+-]])],
+-[have_pcap_lex_destroy="yes"],
+-[have_pcap_lex_destroy="no"])
+-AC_MSG_RESULT($have_pcap_lex_destroy)
+-if test "x$have_pcap_lex_destroy" = "xyes"; then
+- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
+-fi
++#AC_MSG_CHECKING([for pcap_lex_destroy])
++#AC_RUN_IFELSE(
++#[AC_LANG_PROGRAM(
++#[[
++##include <pcap.h>
++#]],
++#[[
++# pcap_lex_destroy();
++#]])],
++have_pcap_lex_destroy="yes"
++#[have_pcap_lex_destroy="no"])
++#AC_MSG_RESULT($have_pcap_lex_destroy)
++#if test "x$have_pcap_lex_destroy" = "xyes"; then
++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
++#fi
+
+ AC_MSG_CHECKING([for pcap_lib_version])
+ AC_LINK_IFELSE(
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
new file mode 100644
index 0000000..8639639
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
@@ -0,0 +1,64 @@
+DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
+HOMEPAGE = "http://www.snort.org/"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
+
+DEPENDS = "libpcap libpcre daq libdnet"
+
+
+SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
+ file://disable-inaddr-none.patch \
+ file://disable-dap-address-space-id.patch "
+
+SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
+SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
+
+inherit autotools gettext
+
+EXTRA_OECONF = " \
+ --enable-gre \
+ --enable-linux-smp-stats \
+ --enable-reload \
+ --enable-reload-error-restart \
+ --enable-targetbased \
+ --disable-static-daq \
+ "
+
+do_install_append() {
+ install -d ${D}/${sysconfdir}/snort/rules
+ install -d ${D}/${sysconfdir}/snort/preproc_rules
+ for i in map config conf dtd; do
+ cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
+ done
+ cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
+ mkdir -p ${D}/${localstatedir}/log/snort
+}
+
+FILES_${PN} += " \
+ ${libdir}/snort_dynamicengine/*.so.* \
+ ${libdir}/snort_dynamicpreprocessor/*.so.* \
+ ${libdir}/snort_dynamicrules/*.so.* \
+ "
+FILES_${PN}-dbg += " \
+ ${libdir}/snort_dynamicengine/.debug \
+ ${libdir}/snort_dynamicpreprocessor/.debug \
+ ${libdir}/snort_dynamicrules/.debug \
+ "
+FILES_${PN}-staticdev += " \
+ ${libdir}/snort_dynamicengine/*.a \
+ ${libdir}/snort_dynamicpreprocessor/*.a \
+ ${libdir}/snort_dynamicrules/*.a \
+ ${libdir}/snort/dynamic_preproc/*.a \
+ ${libdir}/snort/dynamic_output/*.a \
+ "
+FILES_${PN}-dev += " \
+ ${libdir}/snort_dynamicengine/*.la \
+ ${libdir}/snort_dynamicpreprocessor/*.la \
+ ${libdir}/snort_dynamicrules/*.la \
+ ${libdir}/snort_dynamicengine/*.so \
+ ${libdir}/snort_dynamicpreprocessor/*.so \
+ ${libdir}/snort_dynamicrules/*.so \
+ ${prefix}/src/snort_dynamicsrc \
+ "
+
+RRECOMMENDS_${PN} += "barnyard"
--
1.7.5.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-10-18 8:22 [meta-networking][PATCH v2 1/3] snort : add recipe b40290
@ 2013-10-28 2:23 ` Guo Chunrong-B40290
2013-10-29 19:20 ` Joe MacDonald
0 siblings, 1 reply; 7+ messages in thread
From: Guo Chunrong-B40290 @ 2013-10-28 2:23 UTC (permalink / raw)
To: Guo Chunrong-B40290, openembedded-devel
pings
-----Original Message-----
From: Guo Chunrong-B40290
Sent: Friday, October 18, 2013 4:22 PM
To: openembedded-devel@lists.openembedded.org
Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
From: Chunrong Guo <B40290@freescale.com>
*snort - a free lightweight network intrusion detection
system for UNIX and Windows
Signed-off-by: Chunrong Guo <B40290@freescale.com>
---
.../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
.../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
.../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
3 files changed, 191 insertions(+), 0 deletions(-) create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
new file mode 100644
index 0000000..39e5c9c
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
+++ ss-space-id.patch
@@ -0,0 +1,52 @@
+Upstream-Status:Inappropriate [embedded specific]
+
+fix the below error:
+checking for dap address space id... configure:
+configure: error: cannot run test program while cross compiling
+
+
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+
+--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
+@@ -679,23 +679,23 @@
+
+ AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
+
+-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
+- DAQ_PktHdr_t hdr;
+- hdr.address_space_id = 0;
+-]])],
+-[have_daq_address_space_id="yes"],
+-[have_daq_address_space_id="no"])
+-AC_MSG_RESULT($have_daq_address_space_id)
+-if test "x$have_daq_address_space_id" = "xyes"; then
+- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
+- [DAQ version supports address space ID in header.])
+-fi
++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
++# DAQ_PktHdr_t hdr;
++# hdr.address_space_id = 0;
++#]])],
++have_daq_address_space_id="yes"
++#[have_daq_address_space_id="no"])
++#AC_MSG_RESULT($have_daq_address_space_id)
++#if test "x$have_daq_address_space_id" = "xyes"; then
++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
++# [DAQ version supports address space ID in header.])
++#fi
+
+ # any sparc platform has to have this one defined.
+ AC_MSG_CHECKING(for sparc)
diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
new file mode 100644
index 0000000..9dafe63
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
+++ ne.patch
@@ -0,0 +1,75 @@
+Upstream-Status: Inappropriate [embedded specific]
+
+fix the below error:
+checking for INADDR_NONE... configure:
+configure: error: cannot run test program while cross compiling
+
+Signed-off-by: Chunrong Guo <B40290@freescale.com>
+
+
+--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
+@@ -281,25 +281,7 @@
+ AC_CHECK_TYPES([boolean])
+
+ # In case INADDR_NONE is not defined (like on Solaris)
+-have_inaddr_none="no"
+-AC_MSG_CHECKING([for INADDR_NONE])
+-AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM(
+-[[
+-#include <sys/types.h>
+-#include <netinet/in.h>
+-#include <arpa/inet.h>
+-]],
+-[[
+- if (inet_addr("10,5,2") == INADDR_NONE);
+- return 0;
+-]])],
+-[have_inaddr_none="yes"],
+-[have_inaddr_none="no"])
+-AC_MSG_RESULT($have_inaddr_none)
+-if test "x$have_inaddr_none" = "xno"; then
+- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
+-fi
++have_inaddr_none="yes"
+
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+ #include <stdio.h>
+@@ -397,21 +379,21 @@
+ fi
+ fi
+
+-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
+-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
+- pcap_lex_destroy();
+-]])],
+-[have_pcap_lex_destroy="yes"],
+-[have_pcap_lex_destroy="no"])
+-AC_MSG_RESULT($have_pcap_lex_destroy)
+-if test "x$have_pcap_lex_destroy" = "xyes"; then
+- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
+-fi
++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
++# pcap_lex_destroy();
++#]])],
++have_pcap_lex_destroy="yes"
++#[have_pcap_lex_destroy="no"])
++#AC_MSG_RESULT($have_pcap_lex_destroy)
++#if test "x$have_pcap_lex_destroy" = "xyes"; then
++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
++#fi
+
+ AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
new file mode 100644
index 0000000..8639639
--- /dev/null
+++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
@@ -0,0 +1,64 @@
+DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
+HOMEPAGE = "http://www.snort.org/"
+LICENSE = "GPL-2.0"
+LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
+
+DEPENDS = "libpcap libpcre daq libdnet"
+
+
+SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
+ file://disable-inaddr-none.patch \
+ file://disable-dap-address-space-id.patch "
+
+SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
+SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
+
+inherit autotools gettext
+
+EXTRA_OECONF = " \
+ --enable-gre \
+ --enable-linux-smp-stats \
+ --enable-reload \
+ --enable-reload-error-restart \
+ --enable-targetbased \
+ --disable-static-daq \
+ "
+
+do_install_append() {
+ install -d ${D}/${sysconfdir}/snort/rules
+ install -d ${D}/${sysconfdir}/snort/preproc_rules
+ for i in map config conf dtd; do
+ cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
+ done
+ cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
+ mkdir -p ${D}/${localstatedir}/log/snort }
+
+FILES_${PN} += " \
+ ${libdir}/snort_dynamicengine/*.so.* \
+ ${libdir}/snort_dynamicpreprocessor/*.so.* \
+ ${libdir}/snort_dynamicrules/*.so.* \
+ "
+FILES_${PN}-dbg += " \
+ ${libdir}/snort_dynamicengine/.debug \
+ ${libdir}/snort_dynamicpreprocessor/.debug \
+ ${libdir}/snort_dynamicrules/.debug \
+ "
+FILES_${PN}-staticdev += " \
+ ${libdir}/snort_dynamicengine/*.a \
+ ${libdir}/snort_dynamicpreprocessor/*.a \
+ ${libdir}/snort_dynamicrules/*.a \
+ ${libdir}/snort/dynamic_preproc/*.a \
+ ${libdir}/snort/dynamic_output/*.a \
+ "
+FILES_${PN}-dev += " \
+ ${libdir}/snort_dynamicengine/*.la \
+ ${libdir}/snort_dynamicpreprocessor/*.la \
+ ${libdir}/snort_dynamicrules/*.la \
+ ${libdir}/snort_dynamicengine/*.so \
+ ${libdir}/snort_dynamicpreprocessor/*.so \
+ ${libdir}/snort_dynamicrules/*.so \
+ ${prefix}/src/snort_dynamicsrc \
+ "
+
+RRECOMMENDS_${PN} += "barnyard"
--
1.7.5.4
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-10-28 2:23 ` Guo Chunrong-B40290
@ 2013-10-29 19:20 ` Joe MacDonald
2013-10-30 1:40 ` Guo Chunrong-B40290
0 siblings, 1 reply; 7+ messages in thread
From: Joe MacDonald @ 2013-10-29 19:20 UTC (permalink / raw)
To: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 9385 bytes --]
Hi Chunrong,
Sorry about the confusion here, there were still at least a couple of
outstanding questions / requests, I thought.
I had a quick look back at the latest barnyard recipe and it appears to
be removing the include path as opposed to using -I=/usr/include/pcap
that Khem suggested, I was hoping to hear back on the question I had as
well WRT barnyard versus barnyard2 (I could make the license tweak
myself since I'm confident that won't invalidate any of your work) and
the Gentoo mirror as the primary source for this version of Barnyard.
I also noticed that in the most recent version of the snort recipe the
sysvinit components have been dropped entirely. Was that due to
problems inheriting update-rc.d as Koen suggested? (Or perhaps the
current snort simply doesn't have a functional sysvinit config? I hope
that's not the case.) I'm probably not the only one still making use of
sysvinit stuff in some scenarios. :-)
-J.
[Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
> pings
>
> -----Original Message-----
> From: Guo Chunrong-B40290
> Sent: Friday, October 18, 2013 4:22 PM
> To: openembedded-devel@lists.openembedded.org
> Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
>
> From: Chunrong Guo <B40290@freescale.com>
>
> *snort - a free lightweight network intrusion detection
> system for UNIX and Windows
>
> Signed-off-by: Chunrong Guo <B40290@freescale.com>
> ---
> .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
> .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> 3 files changed, 191 insertions(+), 0 deletions(-) create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> create mode 100644 meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> create mode 100644 meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
>
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/files/disable-dap-address-space-id.patch
> new file mode 100644
> index 0000000..39e5c9c
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> +++ ss-space-id.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status:Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for dap address space id... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> +@@ -679,23 +679,23 @@
> +
> + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> +
> +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> +- DAQ_PktHdr_t hdr;
> +- hdr.address_space_id = 0;
> +-]])],
> +-[have_daq_address_space_id="yes"],
> +-[have_daq_address_space_id="no"])
> +-AC_MSG_RESULT($have_daq_address_space_id)
> +-if test "x$have_daq_address_space_id" = "xyes"; then
> +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> +- [DAQ version supports address space ID in header.])
> +-fi
> ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> ++# DAQ_PktHdr_t hdr;
> ++# hdr.address_space_id = 0;
> ++#]])],
> ++have_daq_address_space_id="yes"
> ++#[have_daq_address_space_id="no"])
> ++#AC_MSG_RESULT($have_daq_address_space_id)
> ++#if test "x$have_daq_address_space_id" = "xyes"; then
> ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> ++# [DAQ version supports address space ID in header.])
> ++#fi
> +
> + # any sparc platform has to have this one defined.
> + AC_MSG_CHECKING(for sparc)
> diff --git a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.patch
> new file mode 100644
> index 0000000..9dafe63
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> +++ ne.patch
> @@ -0,0 +1,75 @@
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for INADDR_NONE... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +
> +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> +@@ -281,25 +281,7 @@
> + AC_CHECK_TYPES([boolean])
> +
> + # In case INADDR_NONE is not defined (like on Solaris)
> +-have_inaddr_none="no"
> +-AC_MSG_CHECKING([for INADDR_NONE])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <sys/types.h>
> +-#include <netinet/in.h>
> +-#include <arpa/inet.h>
> +-]],
> +-[[
> +- if (inet_addr("10,5,2") == INADDR_NONE);
> +- return 0;
> +-]])],
> +-[have_inaddr_none="yes"],
> +-[have_inaddr_none="no"])
> +-AC_MSG_RESULT($have_inaddr_none)
> +-if test "x$have_inaddr_none" = "xno"; then
> +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> +-fi
> ++have_inaddr_none="yes"
> +
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> + #include <stdio.h>
> +@@ -397,21 +379,21 @@
> + fi
> + fi
> +
> +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> +- pcap_lex_destroy();
> +-]])],
> +-[have_pcap_lex_destroy="yes"],
> +-[have_pcap_lex_destroy="no"])
> +-AC_MSG_RESULT($have_pcap_lex_destroy)
> +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> +-fi
> ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> ++# pcap_lex_destroy();
> ++#]])],
> ++have_pcap_lex_destroy="yes"
> ++#[have_pcap_lex_destroy="no"])
> ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> ++#fi
> +
> + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> new file mode 100644
> index 0000000..8639639
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> @@ -0,0 +1,64 @@
> +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> +HOMEPAGE = "http://www.snort.org/"
> +LICENSE = "GPL-2.0"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> +
> +DEPENDS = "libpcap libpcre daq libdnet"
> +
> +
> +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> + file://disable-inaddr-none.patch \
> + file://disable-dap-address-space-id.patch "
> +
> +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> +
> +inherit autotools gettext
> +
> +EXTRA_OECONF = " \
> + --enable-gre \
> + --enable-linux-smp-stats \
> + --enable-reload \
> + --enable-reload-error-restart \
> + --enable-targetbased \
> + --disable-static-daq \
> + "
> +
> +do_install_append() {
> + install -d ${D}/${sysconfdir}/snort/rules
> + install -d ${D}/${sysconfdir}/snort/preproc_rules
> + for i in map config conf dtd; do
> + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> + done
> + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> + mkdir -p ${D}/${localstatedir}/log/snort }
> +
> +FILES_${PN} += " \
> + ${libdir}/snort_dynamicengine/*.so.* \
> + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> + ${libdir}/snort_dynamicrules/*.so.* \
> + "
> +FILES_${PN}-dbg += " \
> + ${libdir}/snort_dynamicengine/.debug \
> + ${libdir}/snort_dynamicpreprocessor/.debug \
> + ${libdir}/snort_dynamicrules/.debug \
> + "
> +FILES_${PN}-staticdev += " \
> + ${libdir}/snort_dynamicengine/*.a \
> + ${libdir}/snort_dynamicpreprocessor/*.a \
> + ${libdir}/snort_dynamicrules/*.a \
> + ${libdir}/snort/dynamic_preproc/*.a \
> + ${libdir}/snort/dynamic_output/*.a \
> + "
> +FILES_${PN}-dev += " \
> + ${libdir}/snort_dynamicengine/*.la \
> + ${libdir}/snort_dynamicpreprocessor/*.la \
> + ${libdir}/snort_dynamicrules/*.la \
> + ${libdir}/snort_dynamicengine/*.so \
> + ${libdir}/snort_dynamicpreprocessor/*.so \
> + ${libdir}/snort_dynamicrules/*.so \
> + ${prefix}/src/snort_dynamicsrc \
> + "
> +
> +RRECOMMENDS_${PN} += "barnyard"
> --
> 1.7.5.4
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-10-29 19:20 ` Joe MacDonald
@ 2013-10-30 1:40 ` Guo Chunrong-B40290
2013-10-30 12:49 ` Joe MacDonald
0 siblings, 1 reply; 7+ messages in thread
From: Guo Chunrong-B40290 @ 2013-10-30 1:40 UTC (permalink / raw)
To: Joe MacDonald, openembedded-devel
Hi, Joe MacDonald
Thank you for your comments.
The current snort simply do not need sysvinit config.
Thanks,
Chunrong
-----Original Message-----
From: Joe MacDonald [mailto:joe@deserted.net]
Sent: Wednesday, October 30, 2013 3:20 AM
To: openembedded-devel@lists.openembedded.org
Cc: Guo Chunrong-B40290
Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
Hi Chunrong,
Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.
I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.
I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely. Was that due to problems inheriting update-rc.d as Koen suggested? (Or perhaps the current snort simply doesn't have a functional sysvinit config? I hope that's not the case.) I'm probably not the only one still making use of sysvinit stuff in some scenarios. :-)
-J.
[Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
> pings
>
> -----Original Message-----
> From: Guo Chunrong-B40290
> Sent: Friday, October 18, 2013 4:22 PM
> To: openembedded-devel@lists.openembedded.org
> Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
>
> From: Chunrong Guo <B40290@freescale.com>
>
> *snort - a free lightweight network intrusion detection
> system for UNIX and Windows
>
> Signed-off-by: Chunrong Guo <B40290@freescale.com>
> ---
> .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
> .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> 3 files changed, 191 insertions(+), 0 deletions(-) create mode
> 100644
> meta-networking/recipes-connectivity/snort/files/disable-dap-address-s
> pace-id.patch create mode 100644
> meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.p
> atch create mode 100644
> meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
>
> diff --git
> a/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> -space-id.patch
> b/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> -space-id.patch
> new file mode 100644
> index 0000000..39e5c9c
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-add
> +++ re
> +++ ss-space-id.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status:Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for dap address space id... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> +@@ -679,23 +679,23 @@
> +
> + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> +
> +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> +- DAQ_PktHdr_t hdr;
> +- hdr.address_space_id = 0;
> +-]])],
> +-[have_daq_address_space_id="yes"],
> +-[have_daq_address_space_id="no"])
> +-AC_MSG_RESULT($have_daq_address_space_id)
> +-if test "x$have_daq_address_space_id" = "xyes"; then
> +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> +- [DAQ version supports address space ID in header.])
> +-fi
> ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> ++# DAQ_PktHdr_t hdr;
> ++# hdr.address_space_id = 0;
> ++#]])],
> ++have_daq_address_space_id="yes"
> ++#[have_daq_address_space_id="no"])
> ++#AC_MSG_RESULT($have_daq_address_space_id)
> ++#if test "x$have_daq_address_space_id" = "xyes"; then
> ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> ++# [DAQ version supports address space ID in header.])
> ++#fi
> +
> + # any sparc platform has to have this one defined.
> + AC_MSG_CHECKING(for sparc)
> diff --git
> a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> .patch
> b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> .patch
> new file mode 100644
> index 0000000..9dafe63
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-
> +++ no
> +++ ne.patch
> @@ -0,0 +1,75 @@
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for INADDR_NONE... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> +
> +
> +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> +@@ -281,25 +281,7 @@
> + AC_CHECK_TYPES([boolean])
> +
> + # In case INADDR_NONE is not defined (like on Solaris)
> +-have_inaddr_none="no"
> +-AC_MSG_CHECKING([for INADDR_NONE])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <sys/types.h>
> +-#include <netinet/in.h>
> +-#include <arpa/inet.h>
> +-]],
> +-[[
> +- if (inet_addr("10,5,2") == INADDR_NONE);
> +- return 0;
> +-]])],
> +-[have_inaddr_none="yes"],
> +-[have_inaddr_none="no"])
> +-AC_MSG_RESULT($have_inaddr_none)
> +-if test "x$have_inaddr_none" = "xno"; then
> +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> +-fi
> ++have_inaddr_none="yes"
> +
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> + #include <stdio.h>
> +@@ -397,21 +379,21 @@
> + fi
> + fi
> +
> +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> +- pcap_lex_destroy();
> +-]])],
> +-[have_pcap_lex_destroy="yes"],
> +-[have_pcap_lex_destroy="no"])
> +-AC_MSG_RESULT($have_pcap_lex_destroy)
> +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> +-fi
> ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> ++# pcap_lex_destroy();
> ++#]])],
> ++have_pcap_lex_destroy="yes"
> ++#[have_pcap_lex_destroy="no"])
> ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> ++#fi
> +
> + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> diff --git
> a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> new file mode 100644
> index 0000000..8639639
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> @@ -0,0 +1,64 @@
> +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> +HOMEPAGE = "http://www.snort.org/"
> +LICENSE = "GPL-2.0"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> +
> +DEPENDS = "libpcap libpcre daq libdnet"
> +
> +
> +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> + file://disable-inaddr-none.patch \
> + file://disable-dap-address-space-id.patch "
> +
> +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> +
> +inherit autotools gettext
> +
> +EXTRA_OECONF = " \
> + --enable-gre \
> + --enable-linux-smp-stats \
> + --enable-reload \
> + --enable-reload-error-restart \
> + --enable-targetbased \
> + --disable-static-daq \
> + "
> +
> +do_install_append() {
> + install -d ${D}/${sysconfdir}/snort/rules
> + install -d ${D}/${sysconfdir}/snort/preproc_rules
> + for i in map config conf dtd; do
> + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> + done
> + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> + mkdir -p ${D}/${localstatedir}/log/snort }
> +
> +FILES_${PN} += " \
> + ${libdir}/snort_dynamicengine/*.so.* \
> + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> + ${libdir}/snort_dynamicrules/*.so.* \
> + "
> +FILES_${PN}-dbg += " \
> + ${libdir}/snort_dynamicengine/.debug \
> + ${libdir}/snort_dynamicpreprocessor/.debug \
> + ${libdir}/snort_dynamicrules/.debug \
> + "
> +FILES_${PN}-staticdev += " \
> + ${libdir}/snort_dynamicengine/*.a \
> + ${libdir}/snort_dynamicpreprocessor/*.a \
> + ${libdir}/snort_dynamicrules/*.a \
> + ${libdir}/snort/dynamic_preproc/*.a \
> + ${libdir}/snort/dynamic_output/*.a \
> + "
> +FILES_${PN}-dev += " \
> + ${libdir}/snort_dynamicengine/*.la \
> + ${libdir}/snort_dynamicpreprocessor/*.la \
> + ${libdir}/snort_dynamicrules/*.la \
> + ${libdir}/snort_dynamicengine/*.so \
> + ${libdir}/snort_dynamicpreprocessor/*.so \
> + ${libdir}/snort_dynamicrules/*.so \
> + ${prefix}/src/snort_dynamicsrc \
> + "
> +
> +RRECOMMENDS_${PN} += "barnyard"
> --
> 1.7.5.4
>
>
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel
--
-Joe MacDonald.
:wq
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-10-30 1:40 ` Guo Chunrong-B40290
@ 2013-10-30 12:49 ` Joe MacDonald
2013-11-01 7:15 ` Chunrong Guo
0 siblings, 1 reply; 7+ messages in thread
From: Joe MacDonald @ 2013-10-30 12:49 UTC (permalink / raw)
To: Guo Chunrong-B40290; +Cc: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 11150 bytes --]
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote:
> Hi, Joe MacDonald
>
> Thank you for your comments.
>
> The current snort simply do not need sysvinit config.
I apologize, I don't mean to belabor the point, but can you point me at
that information? http://www.snort.org/docs/ contains a lot of
documentation around getting snort started on various systems and there
are a number of startup scripts there that indicate they belong in
/etc/init.d of their respective distributions. Perhaps things have
changed in the most recent version of snort, but the "Snort Startup
Scripts" section seem to apply to the versions of snort you're proposing
we include in meta-networking.
Also, please don't forget about the include path and barnyard questions.
Thanks.
-J.
>
>
> Thanks,
> Chunrong
>
> -----Original Message-----
> From: Joe MacDonald [mailto:joe@deserted.net]
> Sent: Wednesday, October 30, 2013 3:20 AM
> To: openembedded-devel@lists.openembedded.org
> Cc: Guo Chunrong-B40290
> Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
>
> Hi Chunrong,
>
> Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.
>
> I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.
>
> I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely. Was that due to problems inheriting update-rc.d as Koen suggested? (Or perhaps the current snort simply doesn't have a functional sysvinit config? I hope that's not the case.) I'm probably not the only one still making use of sysvinit stuff in some scenarios. :-)
>
> -J.
>
> [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
>
> > pings
> >
> > -----Original Message-----
> > From: Guo Chunrong-B40290
> > Sent: Friday, October 18, 2013 4:22 PM
> > To: openembedded-devel@lists.openembedded.org
> > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> >
> > From: Chunrong Guo <B40290@freescale.com>
> >
> > *snort - a free lightweight network intrusion detection
> > system for UNIX and Windows
> >
> > Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > ---
> > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
> > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> > 3 files changed, 191 insertions(+), 0 deletions(-) create mode
> > 100644
> > meta-networking/recipes-connectivity/snort/files/disable-dap-address-s
> > pace-id.patch create mode 100644
> > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.p
> > atch create mode 100644
> > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> >
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > -space-id.patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > -space-id.patch
> > new file mode 100644
> > index 0000000..39e5c9c
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-add
> > +++ re
> > +++ ss-space-id.patch
> > @@ -0,0 +1,52 @@
> > +Upstream-Status:Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for dap address space id... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +
> > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > +
> > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> > +@@ -679,23 +679,23 @@
> > +
> > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> > +
> > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> > +- DAQ_PktHdr_t hdr;
> > +- hdr.address_space_id = 0;
> > +-]])],
> > +-[have_daq_address_space_id="yes"],
> > +-[have_daq_address_space_id="no"])
> > +-AC_MSG_RESULT($have_daq_address_space_id)
> > +-if test "x$have_daq_address_space_id" = "xyes"; then
> > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > +- [DAQ version supports address space ID in header.])
> > +-fi
> > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> > ++# DAQ_PktHdr_t hdr;
> > ++# hdr.address_space_id = 0;
> > ++#]])],
> > ++have_daq_address_space_id="yes"
> > ++#[have_daq_address_space_id="no"])
> > ++#AC_MSG_RESULT($have_daq_address_space_id)
> > ++#if test "x$have_daq_address_space_id" = "xyes"; then
> > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > ++# [DAQ version supports address space ID in header.])
> > ++#fi
> > +
> > + # any sparc platform has to have this one defined.
> > + AC_MSG_CHECKING(for sparc)
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > .patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > .patch
> > new file mode 100644
> > index 0000000..9dafe63
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-
> > +++ no
> > +++ ne.patch
> > @@ -0,0 +1,75 @@
> > +Upstream-Status: Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for INADDR_NONE... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > +
> > +
> > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> > +@@ -281,25 +281,7 @@
> > + AC_CHECK_TYPES([boolean])
> > +
> > + # In case INADDR_NONE is not defined (like on Solaris)
> > +-have_inaddr_none="no"
> > +-AC_MSG_CHECKING([for INADDR_NONE])
> > +-AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM(
> > +-[[
> > +-#include <sys/types.h>
> > +-#include <netinet/in.h>
> > +-#include <arpa/inet.h>
> > +-]],
> > +-[[
> > +- if (inet_addr("10,5,2") == INADDR_NONE);
> > +- return 0;
> > +-]])],
> > +-[have_inaddr_none="yes"],
> > +-[have_inaddr_none="no"])
> > +-AC_MSG_RESULT($have_inaddr_none)
> > +-if test "x$have_inaddr_none" = "xno"; then
> > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> > +-fi
> > ++have_inaddr_none="yes"
> > +
> > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> > + #include <stdio.h>
> > +@@ -397,21 +379,21 @@
> > + fi
> > + fi
> > +
> > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> > +- pcap_lex_destroy();
> > +-]])],
> > +-[have_pcap_lex_destroy="yes"],
> > +-[have_pcap_lex_destroy="no"])
> > +-AC_MSG_RESULT($have_pcap_lex_destroy)
> > +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > +-fi
> > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> > ++# pcap_lex_destroy();
> > ++#]])],
> > ++have_pcap_lex_destroy="yes"
> > ++#[have_pcap_lex_destroy="no"])
> > ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > ++#fi
> > +
> > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > new file mode 100644
> > index 0000000..8639639
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > @@ -0,0 +1,64 @@
> > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> > +HOMEPAGE = "http://www.snort.org/"
> > +LICENSE = "GPL-2.0"
> > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> > +
> > +DEPENDS = "libpcap libpcre daq libdnet"
> > +
> > +
> > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> > + file://disable-inaddr-none.patch \
> > + file://disable-dap-address-space-id.patch "
> > +
> > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> > +
> > +inherit autotools gettext
> > +
> > +EXTRA_OECONF = " \
> > + --enable-gre \
> > + --enable-linux-smp-stats \
> > + --enable-reload \
> > + --enable-reload-error-restart \
> > + --enable-targetbased \
> > + --disable-static-daq \
> > + "
> > +
> > +do_install_append() {
> > + install -d ${D}/${sysconfdir}/snort/rules
> > + install -d ${D}/${sysconfdir}/snort/preproc_rules
> > + for i in map config conf dtd; do
> > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> > + done
> > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> > + mkdir -p ${D}/${localstatedir}/log/snort }
> > +
> > +FILES_${PN} += " \
> > + ${libdir}/snort_dynamicengine/*.so.* \
> > + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> > + ${libdir}/snort_dynamicrules/*.so.* \
> > + "
> > +FILES_${PN}-dbg += " \
> > + ${libdir}/snort_dynamicengine/.debug \
> > + ${libdir}/snort_dynamicpreprocessor/.debug \
> > + ${libdir}/snort_dynamicrules/.debug \
> > + "
> > +FILES_${PN}-staticdev += " \
> > + ${libdir}/snort_dynamicengine/*.a \
> > + ${libdir}/snort_dynamicpreprocessor/*.a \
> > + ${libdir}/snort_dynamicrules/*.a \
> > + ${libdir}/snort/dynamic_preproc/*.a \
> > + ${libdir}/snort/dynamic_output/*.a \
> > + "
> > +FILES_${PN}-dev += " \
> > + ${libdir}/snort_dynamicengine/*.la \
> > + ${libdir}/snort_dynamicpreprocessor/*.la \
> > + ${libdir}/snort_dynamicrules/*.la \
> > + ${libdir}/snort_dynamicengine/*.so \
> > + ${libdir}/snort_dynamicpreprocessor/*.so \
> > + ${libdir}/snort_dynamicrules/*.so \
> > + ${prefix}/src/snort_dynamicsrc \
> > + "
> > +
> > +RRECOMMENDS_${PN} += "barnyard"
> > --
> > 1.7.5.4
> >
> >
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
> --
> -Joe MacDonald.
> :wq
>
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-10-30 12:49 ` Joe MacDonald
@ 2013-11-01 7:15 ` Chunrong Guo
2013-11-01 14:13 ` Joe MacDonald
0 siblings, 1 reply; 7+ messages in thread
From: Chunrong Guo @ 2013-11-01 7:15 UTC (permalink / raw)
To: Joe MacDonald; +Cc: openembedded-devel
Hello,joe
I investigate barnyard2 and barnyard .
I have the following conclusions:
1) Barnyard2 maintains majority of the command syntax of barnyard.
2) Barnyard has not seen an updated in over 4 years and is not going to be maintained by the original developers.
3) Barnyard2 is a very popular plugin .
I will submit new patch about " snort + Barnyard2".
Thanks,
chunrong
-----Original Message-----
From: Joe MacDonald [mailto:joe@deserted.net]
Sent: Wednesday, October 30, 2013 8:49 PM
To: Guo Chunrong-B40290
Cc: openembedded-devel@lists.openembedded.org
Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote:
> Hi, Joe MacDonald
>
> Thank you for your comments.
>
> The current snort simply do not need sysvinit config.
I apologize, I don't mean to belabor the point, but can you point me at that information? http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions. Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking.
Also, please don't forget about the include path and barnyard questions.
Thanks.
-J.
>
>
> Thanks,
> Chunrong
>
> -----Original Message-----
> From: Joe MacDonald [mailto:joe@deserted.net]
> Sent: Wednesday, October 30, 2013 3:20 AM
> To: openembedded-devel@lists.openembedded.org
> Cc: Guo Chunrong-B40290
> Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
>
> Hi Chunrong,
>
> Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.
>
> I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.
>
> I also noticed that in the most recent version of the snort recipe the
> sysvinit components have been dropped entirely. Was that due to
> problems inheriting update-rc.d as Koen suggested? (Or perhaps the
> current snort simply doesn't have a functional sysvinit config? I
> hope that's not the case.) I'm probably not the only one still making
> use of sysvinit stuff in some scenarios. :-)
>
> -J.
>
> [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
>
> > pings
> >
> > -----Original Message-----
> > From: Guo Chunrong-B40290
> > Sent: Friday, October 18, 2013 4:22 PM
> > To: openembedded-devel@lists.openembedded.org
> > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> >
> > From: Chunrong Guo <B40290@freescale.com>
> >
> > *snort - a free lightweight network intrusion detection
> > system for UNIX and Windows
> >
> > Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > ---
> > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
> > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> > 3 files changed, 191 insertions(+), 0 deletions(-) create mode
> > 100644
> > meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > -s
> > pace-id.patch create mode 100644
> > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > .p
> > atch create mode 100644
> > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> >
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > new file mode 100644
> > index 0000000..39e5c9c
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a
> > +++ dd
> > +++ re
> > +++ ss-space-id.patch
> > @@ -0,0 +1,52 @@
> > +Upstream-Status:Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for dap address space id... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +
> > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > +
> > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> > +@@ -679,23 +679,23 @@
> > +
> > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> > +
> > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> > +- DAQ_PktHdr_t hdr;
> > +- hdr.address_space_id = 0;
> > +-]])],
> > +-[have_daq_address_space_id="yes"],
> > +-[have_daq_address_space_id="no"])
> > +-AC_MSG_RESULT($have_daq_address_space_id)
> > +-if test "x$have_daq_address_space_id" = "xyes"; then
> > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > +- [DAQ version supports address space ID in header.])
> > +-fi
> > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> > ++# DAQ_PktHdr_t hdr;
> > ++# hdr.address_space_id = 0;
> > ++#]])],
> > ++have_daq_address_space_id="yes"
> > ++#[have_daq_address_space_id="no"])
> > ++#AC_MSG_RESULT($have_daq_address_space_id)
> > ++#if test "x$have_daq_address_space_id" = "xyes"; then
> > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > ++# [DAQ version supports address space ID in header.])
> > ++#fi
> > +
> > + # any sparc platform has to have this one defined.
> > + AC_MSG_CHECKING(for sparc)
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > new file mode 100644
> > index 0000000..9dafe63
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd
> > +++ r-
> > +++ no
> > +++ ne.patch
> > @@ -0,0 +1,75 @@
> > +Upstream-Status: Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for INADDR_NONE... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > +
> > +
> > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> > +@@ -281,25 +281,7 @@
> > + AC_CHECK_TYPES([boolean])
> > +
> > + # In case INADDR_NONE is not defined (like on Solaris)
> > +-have_inaddr_none="no"
> > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include
> > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[
> > +- if (inet_addr("10,5,2") == INADDR_NONE);
> > +- return 0;
> > +-]])],
> > +-[have_inaddr_none="yes"],
> > +-[have_inaddr_none="no"])
> > +-AC_MSG_RESULT($have_inaddr_none)
> > +-if test "x$have_inaddr_none" = "xno"; then
> > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> > +-fi
> > ++have_inaddr_none="yes"
> > +
> > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> > + #include <stdio.h>
> > +@@ -397,21 +379,21 @@
> > + fi
> > + fi
> > +
> > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> > +- pcap_lex_destroy();
> > +-]])],
> > +-[have_pcap_lex_destroy="yes"],
> > +-[have_pcap_lex_destroy="no"])
> > +-AC_MSG_RESULT($have_pcap_lex_destroy)
> > +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > +-fi
> > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> > ++# pcap_lex_destroy();
> > ++#]])],
> > ++have_pcap_lex_destroy="yes"
> > ++#[have_pcap_lex_destroy="no"])
> > ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > ++#fi
> > +
> > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > new file mode 100644
> > index 0000000..8639639
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > @@ -0,0 +1,64 @@
> > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> > +HOMEPAGE = "http://www.snort.org/"
> > +LICENSE = "GPL-2.0"
> > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> > +
> > +DEPENDS = "libpcap libpcre daq libdnet"
> > +
> > +
> > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> > + file://disable-inaddr-none.patch \
> > + file://disable-dap-address-space-id.patch "
> > +
> > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> > +
> > +inherit autotools gettext
> > +
> > +EXTRA_OECONF = " \
> > + --enable-gre \
> > + --enable-linux-smp-stats \
> > + --enable-reload \
> > + --enable-reload-error-restart \
> > + --enable-targetbased \
> > + --disable-static-daq \
> > + "
> > +
> > +do_install_append() {
> > + install -d ${D}/${sysconfdir}/snort/rules
> > + install -d ${D}/${sysconfdir}/snort/preproc_rules
> > + for i in map config conf dtd; do
> > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> > + done
> > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> > + mkdir -p ${D}/${localstatedir}/log/snort }
> > +
> > +FILES_${PN} += " \
> > + ${libdir}/snort_dynamicengine/*.so.* \
> > + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> > + ${libdir}/snort_dynamicrules/*.so.* \
> > + "
> > +FILES_${PN}-dbg += " \
> > + ${libdir}/snort_dynamicengine/.debug \
> > + ${libdir}/snort_dynamicpreprocessor/.debug \
> > + ${libdir}/snort_dynamicrules/.debug \
> > + "
> > +FILES_${PN}-staticdev += " \
> > + ${libdir}/snort_dynamicengine/*.a \
> > + ${libdir}/snort_dynamicpreprocessor/*.a \
> > + ${libdir}/snort_dynamicrules/*.a \
> > + ${libdir}/snort/dynamic_preproc/*.a \
> > + ${libdir}/snort/dynamic_output/*.a \
> > + "
> > +FILES_${PN}-dev += " \
> > + ${libdir}/snort_dynamicengine/*.la \
> > + ${libdir}/snort_dynamicpreprocessor/*.la \
> > + ${libdir}/snort_dynamicrules/*.la \
> > + ${libdir}/snort_dynamicengine/*.so \
> > + ${libdir}/snort_dynamicpreprocessor/*.so \
> > + ${libdir}/snort_dynamicrules/*.so \
> > + ${prefix}/src/snort_dynamicsrc \
> > + "
> > +
> > +RRECOMMENDS_${PN} += "barnyard"
> > --
> > 1.7.5.4
> >
> >
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
> --
> -Joe MacDonald.
> :wq
>
--
-Joe MacDonald.
:wq
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [meta-networking][PATCH v2 1/3] snort : add recipe
2013-11-01 7:15 ` Chunrong Guo
@ 2013-11-01 14:13 ` Joe MacDonald
0 siblings, 0 replies; 7+ messages in thread
From: Joe MacDonald @ 2013-11-01 14:13 UTC (permalink / raw)
To: Chunrong Guo; +Cc: openembedded-devel
[-- Attachment #1: Type: text/plain, Size: 12915 bytes --]
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.11.01 (Fri 07:15) Chunrong Guo wrote:
> Hello,joe
>
> I investigate barnyard2 and barnyard .
> I have the following conclusions:
> 1) Barnyard2 maintains majority of the command syntax of barnyard.
> 2) Barnyard has not seen an updated in over 4 years and is not going to be maintained by the original developers.
> 3) Barnyard2 is a very popular plugin .
>
> I will submit new patch about " snort + Barnyard2".
Thanks. That was my read on barnyard v. barnyard2 as well but it is
good to know you've verified my impression. I saw the latest version
(please do try to ensure you tag them with meta-networking in the
subject) and I'll have a look at them and try them out later this
morning.
-J.
>
> Thanks,
> chunrong
>
> -----Original Message-----
> From: Joe MacDonald [mailto:joe@deserted.net]
> Sent: Wednesday, October 30, 2013 8:49 PM
> To: Guo Chunrong-B40290
> Cc: openembedded-devel@lists.openembedded.org
> Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
>
> [RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote:
>
> > Hi, Joe MacDonald
> >
> > Thank you for your comments.
> >
> > The current snort simply do not need sysvinit config.
>
> I apologize, I don't mean to belabor the point, but can you point me at that information? http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions. Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking.
>
> Also, please don't forget about the include path and barnyard questions.
>
> Thanks.
>
> -J.
>
> >
> >
> > Thanks,
> > Chunrong
> >
> > -----Original Message-----
> > From: Joe MacDonald [mailto:joe@deserted.net]
> > Sent: Wednesday, October 30, 2013 3:20 AM
> > To: openembedded-devel@lists.openembedded.org
> > Cc: Guo Chunrong-B40290
> > Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
> >
> > Hi Chunrong,
> >
> > Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.
> >
> > I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.
> >
> > I also noticed that in the most recent version of the snort recipe the
> > sysvinit components have been dropped entirely. Was that due to
> > problems inheriting update-rc.d as Koen suggested? (Or perhaps the
> > current snort simply doesn't have a functional sysvinit config? I
> > hope that's not the case.) I'm probably not the only one still making
> > use of sysvinit stuff in some scenarios. :-)
> >
> > -J.
> >
> > [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
> >
> > > pings
> > >
> > > -----Original Message-----
> > > From: Guo Chunrong-B40290
> > > Sent: Friday, October 18, 2013 4:22 PM
> > > To: openembedded-devel@lists.openembedded.org
> > > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> > > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> > >
> > > From: Chunrong Guo <B40290@freescale.com>
> > >
> > > *snort - a free lightweight network intrusion detection
> > > system for UNIX and Windows
> > >
> > > Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > > ---
> > > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> > > .../snort/files/disable-inaddr-none.patch | 75 ++++++++++++++++++++
> > > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> > > 3 files changed, 191 insertions(+), 0 deletions(-) create mode
> > > 100644
> > > meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > > -s
> > > pace-id.patch create mode 100644
> > > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > > .p
> > > atch create mode 100644
> > > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > >
> > > diff --git
> > > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > > ss
> > > -space-id.patch
> > > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > > ss
> > > -space-id.patch
> > > new file mode 100644
> > > index 0000000..39e5c9c
> > > --- /dev/null
> > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a
> > > +++ dd
> > > +++ re
> > > +++ ss-space-id.patch
> > > @@ -0,0 +1,52 @@
> > > +Upstream-Status:Inappropriate [embedded specific]
> > > +
> > > +fix the below error:
> > > +checking for dap address space id... configure:
> > > +configure: error: cannot run test program while cross compiling
> > > +
> > > +
> > > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > > +
> > > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> > > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> > > +@@ -679,23 +679,23 @@
> > > +
> > > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> > > +
> > > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> > > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> > > +- DAQ_PktHdr_t hdr;
> > > +- hdr.address_space_id = 0;
> > > +-]])],
> > > +-[have_daq_address_space_id="yes"],
> > > +-[have_daq_address_space_id="no"])
> > > +-AC_MSG_RESULT($have_daq_address_space_id)
> > > +-if test "x$have_daq_address_space_id" = "xyes"; then
> > > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > > +- [DAQ version supports address space ID in header.])
> > > +-fi
> > > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> > > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> > > ++# DAQ_PktHdr_t hdr;
> > > ++# hdr.address_space_id = 0;
> > > ++#]])],
> > > ++have_daq_address_space_id="yes"
> > > ++#[have_daq_address_space_id="no"])
> > > ++#AC_MSG_RESULT($have_daq_address_space_id)
> > > ++#if test "x$have_daq_address_space_id" = "xyes"; then
> > > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > > ++# [DAQ version supports address space ID in header.])
> > > ++#fi
> > > +
> > > + # any sparc platform has to have this one defined.
> > > + AC_MSG_CHECKING(for sparc)
> > > diff --git
> > > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > > ne
> > > .patch
> > > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > > ne
> > > .patch
> > > new file mode 100644
> > > index 0000000..9dafe63
> > > --- /dev/null
> > > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd
> > > +++ r-
> > > +++ no
> > > +++ ne.patch
> > > @@ -0,0 +1,75 @@
> > > +Upstream-Status: Inappropriate [embedded specific]
> > > +
> > > +fix the below error:
> > > +checking for INADDR_NONE... configure:
> > > +configure: error: cannot run test program while cross compiling
> > > +
> > > +Signed-off-by: Chunrong Guo <B40290@freescale.com>
> > > +
> > > +
> > > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> > > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> > > +@@ -281,25 +281,7 @@
> > > + AC_CHECK_TYPES([boolean])
> > > +
> > > + # In case INADDR_NONE is not defined (like on Solaris)
> > > +-have_inaddr_none="no"
> > > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE(
> > > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include
> > > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[
> > > +- if (inet_addr("10,5,2") == INADDR_NONE);
> > > +- return 0;
> > > +-]])],
> > > +-[have_inaddr_none="yes"],
> > > +-[have_inaddr_none="no"])
> > > +-AC_MSG_RESULT($have_inaddr_none)
> > > +-if test "x$have_inaddr_none" = "xno"; then
> > > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> > > +-fi
> > > ++have_inaddr_none="yes"
> > > +
> > > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> > > + #include <stdio.h>
> > > +@@ -397,21 +379,21 @@
> > > + fi
> > > + fi
> > > +
> > > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> > > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> > > +- pcap_lex_destroy();
> > > +-]])],
> > > +-[have_pcap_lex_destroy="yes"],
> > > +-[have_pcap_lex_destroy="no"])
> > > +-AC_MSG_RESULT($have_pcap_lex_destroy)
> > > +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> > > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > > +-fi
> > > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> > > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> > > ++# pcap_lex_destroy();
> > > ++#]])],
> > > ++have_pcap_lex_destroy="yes"
> > > ++#[have_pcap_lex_destroy="no"])
> > > ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> > > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> > > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > > ++#fi
> > > +
> > > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> > > diff --git
> > > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > > new file mode 100644
> > > index 0000000..8639639
> > > --- /dev/null
> > > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > > @@ -0,0 +1,64 @@
> > > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> > > +HOMEPAGE = "http://www.snort.org/"
> > > +LICENSE = "GPL-2.0"
> > > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> > > +
> > > +DEPENDS = "libpcap libpcre daq libdnet"
> > > +
> > > +
> > > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> > > + file://disable-inaddr-none.patch \
> > > + file://disable-dap-address-space-id.patch "
> > > +
> > > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> > > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> > > +
> > > +inherit autotools gettext
> > > +
> > > +EXTRA_OECONF = " \
> > > + --enable-gre \
> > > + --enable-linux-smp-stats \
> > > + --enable-reload \
> > > + --enable-reload-error-restart \
> > > + --enable-targetbased \
> > > + --disable-static-daq \
> > > + "
> > > +
> > > +do_install_append() {
> > > + install -d ${D}/${sysconfdir}/snort/rules
> > > + install -d ${D}/${sysconfdir}/snort/preproc_rules
> > > + for i in map config conf dtd; do
> > > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> > > + done
> > > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> > > + mkdir -p ${D}/${localstatedir}/log/snort }
> > > +
> > > +FILES_${PN} += " \
> > > + ${libdir}/snort_dynamicengine/*.so.* \
> > > + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> > > + ${libdir}/snort_dynamicrules/*.so.* \
> > > + "
> > > +FILES_${PN}-dbg += " \
> > > + ${libdir}/snort_dynamicengine/.debug \
> > > + ${libdir}/snort_dynamicpreprocessor/.debug \
> > > + ${libdir}/snort_dynamicrules/.debug \
> > > + "
> > > +FILES_${PN}-staticdev += " \
> > > + ${libdir}/snort_dynamicengine/*.a \
> > > + ${libdir}/snort_dynamicpreprocessor/*.a \
> > > + ${libdir}/snort_dynamicrules/*.a \
> > > + ${libdir}/snort/dynamic_preproc/*.a \
> > > + ${libdir}/snort/dynamic_output/*.a \
> > > + "
> > > +FILES_${PN}-dev += " \
> > > + ${libdir}/snort_dynamicengine/*.la \
> > > + ${libdir}/snort_dynamicpreprocessor/*.la \
> > > + ${libdir}/snort_dynamicrules/*.la \
> > > + ${libdir}/snort_dynamicengine/*.so \
> > > + ${libdir}/snort_dynamicpreprocessor/*.so \
> > > + ${libdir}/snort_dynamicrules/*.so \
> > > + ${prefix}/src/snort_dynamicsrc \
> > > + "
> > > +
> > > +RRECOMMENDS_${PN} += "barnyard"
> > > --
> > > 1.7.5.4
> > >
> > >
> > > _______________________________________________
> > > Openembedded-devel mailing list
> > > Openembedded-devel@lists.openembedded.org
> > > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> >
> > --
> > -Joe MacDonald.
> > :wq
> >
>
> --
> -Joe MacDonald.
> :wq
--
-Joe MacDonald.
:wq
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 205 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2013-11-01 14:13 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-10-18 8:22 [meta-networking][PATCH v2 1/3] snort : add recipe b40290
2013-10-28 2:23 ` Guo Chunrong-B40290
2013-10-29 19:20 ` Joe MacDonald
2013-10-30 1:40 ` Guo Chunrong-B40290
2013-10-30 12:49 ` Joe MacDonald
2013-11-01 7:15 ` Chunrong Guo
2013-11-01 14:13 ` Joe MacDonald
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.