diff options
Diffstat (limited to 'meta-networking/recipes-connectivity/snort')
15 files changed, 503 insertions, 349 deletions
diff --git a/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch b/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch deleted file mode 100644 index 047caec324..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort/0001-fix-do_package-failed-since-snort-2.9.7.0.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 4335c4c61877c0b65ff4ec767e8ad3ad8c73c32d Mon Sep 17 00:00:00 2001 -From: Zhiquan Li <zhiquan.li@windriver.com> -Date: Fri, 13 Nov 2015 17:40:24 +0800 -Subject: [PATCH] fix do_package failed since snort 2.9.7.0 - -Remove redundant '/' as a workround for below error: -/lib/rpm/bin/debugedit: canonicalization unexpectedly shrank by one character - -It's a rpm debugedit bug: -* http://sourceforge.net/p/snort/mailman/message/34130268/ -* https://bugzilla.redhat.com/show_bug.cgi?id=304121 - -Upstream-Status:Inappropriate [embedded specific] - -Signed-off-by: Zhiquan Li <zhiquan.li@windriver.com> - ---- - src/snort.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/snort.h b/src/snort.h -index 8308e57..499d157 100644 ---- a/src/snort.h -+++ b/src/snort.h -@@ -39,7 +39,7 @@ - #include "sfdaq.h" - #include "sf_types.h" - #include "sfutil/sflsq.h" --#include "sfutil//sfActionQueue.h" -+#include "sfutil/sfActionQueue.h" - #include "profiler.h" - #include "rules.h" - #include "treenodes.h" diff --git a/meta-networking/recipes-connectivity/snort/snort/configure.in-disable-tirpc-checking-for-fedora.patch b/meta-networking/recipes-connectivity/snort/snort/configure.in-disable-tirpc-checking-for-fedora.patch new file mode 100644 index 0000000000..d8c945a481 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort/configure.in-disable-tirpc-checking-for-fedora.patch @@ -0,0 +1,60 @@ +From 65463a7c5cb2514b1523a81911810effffb75a79 Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Fri, 28 Jun 2019 15:05:31 +0800 +Subject: [PATCH] configure.in: disable tirpc checking for fedora + +The Fedora 28+ does not have inbuilt SunRPC support in glibc and is +separately availble in tirpc package. So it enables tirpc checking for +fedora in configure. + +Drop this piece of code since we had specify '-ltirpc' in LDFLAGS +explicitly. Otherwise it will cause a compile-host-path QA issue if the +host is Fedora 28+: +cc1: warning: include location "/usr/include/tirpc" is unsafe for +cross-compilation [-Wpoison-system-directories] + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + configure.in | 24 ------------------------ + 1 file changed, 24 deletions(-) + +diff --git a/configure.in b/configure.in +index 8662cdd..0ff7e27 100644 +--- a/configure.in ++++ b/configure.in +@@ -895,30 +895,6 @@ if test "x$enable_dlclose" = "xno"; then + AC_DEFINE([DISABLE_DLCLOSE_FOR_VALGRIND_TESTING],[1],[Don't close opened shared objects for valgrind leak testing of dynamic libraries]) + fi + +-################################################## +-# Fedora 28+ does not have inbuilt SunRPC support# +-# in glibc and is separately availble in tirpc # +-# package. Make sure we've got the library and # +-# link it # +-################################################## +- +-if test -f /etc/fedora-release ; then +- DISTRO_VERSION=$(awk '{ print $3 }' /etc/fedora-release) +- if test $DISTRO_VERSION -ge 28 ; then +- TIRPC="" +- AC_CHECK_LIB(tirpc,bindresvport,, TIRPC="no") +- echo "$TIRPC" +- if test "x$TIRPC" = "xno"; then +- echo +- echo " ERROR! tirpc not found, get it by running " +- echo " yum install libtirpc-devel " +- exit +- fi +- LIBS="${LIBS} -ltirpc" +- extra_incl="-I/usr/include/tirpc" +- fi +-fi +- + ################################################## + # Centos 8+ does not have inbuilt SunRPC support # + # in glibc and is separately availble in tirpc # +-- +2.7.4 + diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch b/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch deleted file mode 100644 index 6aa0b736f9..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort/disable-dap-address-space-id.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 5a53260a819e2873f58165e96852529719101c53 Mon Sep 17 00:00:00 2001 -From: Chunrong Guo <B40290@freescale.com> -Date: Mon, 4 Nov 2013 10:39:56 +0800 -Subject: [PATCH] snort: add recipe - -Upstream-Status:Inappropriate [embedded specific] - -fix the below error: -checking for dap address space id... configure: -configure: error: cannot run test program while cross compiling - -Signed-off-by: Chunrong Guo <B40290@freescale.com> - ---- - configure.in | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/configure.in b/configure.in -index 6fe5d68..e7636ce 100644 ---- a/configure.in -+++ b/configure.in -@@ -698,23 +698,23 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "xyes"; then - - fi - --AC_MSG_CHECKING([for daq address space ID]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include <daq.h> --]], --[[ -- DAQ_PktHdr_t hdr; -- hdr.address_space_id = 0; --]])], --[have_daq_address_space_id="yes"], --[have_daq_address_space_id="no"]) --AC_MSG_RESULT($have_daq_address_space_id) --if test "x$have_daq_address_space_id" = "xyes"; then -- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], -- [DAQ version supports address space ID in header.]) --fi -+#AC_MSG_CHECKING([for daq address space ID]) -+#AC_RUN_IFELSE( -+#[AC_LANG_PROGRAM( -+#[[ -+##include <daq.h> -+#]], -+#[[ -+# DAQ_PktHdr_t hdr; -+# hdr.address_space_id = 0; -+#]])], -+have_daq_address_space_id="yes" -+#[have_daq_address_space_id="no"]) -+#AC_MSG_RESULT($have_daq_address_space_id) -+#if test "x$have_daq_address_space_id" = "xyes"; then -+# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], -+# [DAQ version supports address space ID in header.]) -+#fi - - AC_MSG_CHECKING([for daq flow ID]) - AC_RUN_IFELSE( diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch b/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch deleted file mode 100644 index 04df37c94f..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort/disable-daq-flow-id.patch +++ /dev/null @@ -1,60 +0,0 @@ -From 5aa42a3137c657b5eddd4608343aa1854bd7cd27 Mon Sep 17 00:00:00 2001 -From: Zhiquan Li <zhiquan.li@windriver.com> -Date: Mon, 16 Nov 2015 10:23:00 +0800 -Subject: [PATCH] snort: 2.9.6.0 -> 2.9.7.5 - -Upstream-Status:Inappropriate [embedded specific] - -fix the below error: -checking for daq flow ID... configure: -configure: error: cannot run test program while cross compiling - ---- - configure.in | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/configure.in b/configure.in -index e7636ce..2fbd298 100644 ---- a/configure.in -+++ b/configure.in -@@ -716,23 +716,23 @@ have_daq_address_space_id="yes" - # [DAQ version supports address space ID in header.]) - #fi - --AC_MSG_CHECKING([for daq flow ID]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include <daq.h> --]], --[[ -- DAQ_PktHdr_t hdr; -- hdr.flow_id = 0; --]])], --[have_daq_flow_id="yes"], --[have_daq_flow_id="no"]) --AC_MSG_RESULT($have_daq_flow_id) --if test "x$have_daq_flow_id" = "xyes"; then -- AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], -- [DAQ version supports flow ID in header.]) --fi -+#AC_MSG_CHECKING([for daq flow ID]) -+#AC_RUN_IFELSE( -+#[AC_LANG_PROGRAM( -+#[[ -+##include <daq.h> -+#]], -+#[[ -+# DAQ_PktHdr_t hdr; -+# hdr.flow_id = 0; -+#]])], -+have_daq_flow_id="yes" -+#[have_daq_flow_id="no"]) -+#AC_MSG_RESULT($have_daq_flow_id) -+#if test "x$have_daq_flow_id" = "xyes"; then -+# AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], -+# [DAQ version supports flow ID in header.]) -+#fi - - AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) - AC_RUN_IFELSE( diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch b/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch deleted file mode 100644 index 15958a72d0..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort/disable-daq-verdict-retry.patch +++ /dev/null @@ -1,60 +0,0 @@ -From b916443d43f2e1eeacfbed0033274a0270ef634d Mon Sep 17 00:00:00 2001 -From: Zhiquan Li <zhiquan.li@windriver.com> -Date: Mon, 16 Nov 2015 10:23:00 +0800 -Subject: [PATCH] snort: 2.9.6.0 -> 2.9.7.5 - -Upstream-Status:Inappropriate [embedded specific] - -fix the below error: -checking for DAQ_VERDICT_RETRY... configure: -configure: error: cannot run test program while cross compiling - ---- - configure.in | 34 +++++++++++++++++----------------- - 1 file changed, 17 insertions(+), 17 deletions(-) - -diff --git a/configure.in b/configure.in -index 2fbd298..62573a8 100644 ---- a/configure.in -+++ b/configure.in -@@ -734,23 +734,23 @@ have_daq_flow_id="yes" - # [DAQ version supports flow ID in header.]) - #fi - --AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include <daq.h> --]], --[[ -- DAQ_Verdict verdict; -- verdict = DAQ_VERDICT_RETRY; --]])], --[have_daq_verdict_retry="yes"], --[have_daq_verdict_retry="no"]) --AC_MSG_RESULT($have_daq_verdict_retry) --if test "x$have_daq_verdict_retry" = "xyes"; then -- AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1], -- [DAQ version supports DAQ_VERDICT_RETRY in DAQ_Verdict.]) --fi -+#AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) -+#AC_RUN_IFELSE( -+#[AC_LANG_PROGRAM( -+#[[ -+##include <daq.h> -+#]], -+#[[ -+# DAQ_Verdict verdict; -+# verdict = DAQ_VERDICT_RETRY; -+#]])], -+have_daq_verdict_retry="yes" -+#[have_daq_verdict_retry="no"]) -+#AC_MSG_RESULT($have_daq_verdict_retry) -+#if test "x$have_daq_verdict_retry" = "xyes"; then -+# AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1], -+# [DAQ version supports DAQ_VERDICT_RETRY in DAQ_Verdict.]) -+#fi - - # any sparc platform has to have this one defined. - AC_MSG_CHECKING(for sparc) diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch b/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch deleted file mode 100644 index 79e9f076b1..0000000000 --- a/meta-networking/recipes-connectivity/snort/snort/disable-inaddr-none.patch +++ /dev/null @@ -1,85 +0,0 @@ -From a1fdbced4166cb0f35d23b63a59312d86860485a Mon Sep 17 00:00:00 2001 -From: Chunrong Guo <B40290@freescale.com> -Date: Mon, 4 Nov 2013 10:39:56 +0800 -Subject: [PATCH] snort: add recipe - -Upstream-Status: Inappropriate [embedded specific] - -fix the below error: -checking for INADDR_NONE... configure: -configure: error: cannot run test program while cross compiling - -Signed-off-by: Chunrong Guo <B40290@freescale.com> - ---- - configure.in | 50 ++++++++++++++++---------------------------------- - 1 file changed, 16 insertions(+), 34 deletions(-) - -diff --git a/configure.in b/configure.in -index 20d15eb..6fe5d68 100644 ---- a/configure.in -+++ b/configure.in -@@ -274,25 +274,7 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,int64_t]) - AC_CHECK_TYPES([boolean]) - - # In case INADDR_NONE is not defined (like on Solaris) --have_inaddr_none="no" --AC_MSG_CHECKING([for INADDR_NONE]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include <sys/types.h> --#include <netinet/in.h> --#include <arpa/inet.h> --]], --[[ -- if (inet_addr("10,5,2") == INADDR_NONE); -- return 0; --]])], --[have_inaddr_none="yes"], --[have_inaddr_none="no"]) --AC_MSG_RESULT($have_inaddr_none) --if test "x$have_inaddr_none" = "xno"; then -- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) --fi -+have_inaddr_none="yes" - - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ - #include <stdio.h> -@@ -421,21 +403,21 @@ if test "x$LPCAP" = "xno"; then - fi - fi - --AC_MSG_CHECKING([for pcap_lex_destroy]) --AC_RUN_IFELSE( --[AC_LANG_PROGRAM( --[[ --#include <pcap.h> --]], --[[ -- pcap_lex_destroy(); --]])], --[have_pcap_lex_destroy="yes"], --[have_pcap_lex_destroy="no"]) --AC_MSG_RESULT($have_pcap_lex_destroy) --if test "x$have_pcap_lex_destroy" = "xyes"; then -- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) --fi -+#AC_MSG_CHECKING([for pcap_lex_destroy]) -+#AC_RUN_IFELSE( -+#[AC_LANG_PROGRAM( -+#[[ -+##include <pcap.h> -+#]], -+#[[ -+# pcap_lex_destroy(); -+#]])], -+have_pcap_lex_destroy="yes" -+#[have_pcap_lex_destroy="no"]) -+#AC_MSG_RESULT($have_pcap_lex_destroy) -+#if test "x$have_pcap_lex_destroy" = "xyes"; then -+# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) -+#fi - - AC_MSG_CHECKING([for pcap_lib_version]) - AC_LINK_IFELSE( diff --git a/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch b/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch new file mode 100644 index 0000000000..98c20b6ecf --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort/disable-run-test-program-while-cross-compiling.patch @@ -0,0 +1,254 @@ +From dc390837bc7adc205bb955d0922040a7e365d8dd Mon Sep 17 00:00:00 2001 +From: Yi Zhao <yi.zhao@windriver.com> +Date: Mon, 23 Jul 2018 13:54:07 +0800 +Subject: [PATCH] Disable run test program while cross compiling + +fix configure error: +configure: error: cannot run test program while cross compiling + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Yi Zhao <yi.zhao@windriver.com> +--- + configure.in | 148 +++++------------------------------------------------------ + 1 file changed, 12 insertions(+), 136 deletions(-) + +diff --git a/configure.in b/configure.in +index 4b3a5db..a6c5498 100644 +--- a/configure.in ++++ b/configure.in +@@ -284,19 +284,7 @@ AC_CHECK_TYPES([boolean]) + # In case INADDR_NONE is not defined (like on Solaris) + have_inaddr_none="no" + AC_MSG_CHECKING([for INADDR_NONE]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <sys/types.h> +-#include <netinet/in.h> +-#include <arpa/inet.h> +-]], +-[[ +- if (inet_addr("10,5,2") == INADDR_NONE); +- return 0; +-]])], +-[have_inaddr_none="yes"], +-[have_inaddr_none="no"]) ++have_inaddr_none="yes" + AC_MSG_RESULT($have_inaddr_none) + if test "x$have_inaddr_none" = "xno"; then + AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition]) +@@ -429,16 +417,7 @@ if test "x$LPCAP" = "xno"; then + fi + + AC_MSG_CHECKING([for pcap_lex_destroy]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <pcap.h> +-]], +-[[ +- pcap_lex_destroy(); +-]])], +-[have_pcap_lex_destroy="yes"], +-[have_pcap_lex_destroy="no"]) ++have_pcap_lex_destroy="yes" + AC_MSG_RESULT($have_pcap_lex_destroy) + if test "x$have_pcap_lex_destroy" = "xyes"; then + AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter]) +@@ -716,17 +695,7 @@ fi + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta] [daq_dp_add_dc]) + + AC_MSG_CHECKING([for daq real addresses]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.n_real_dPort = 0; +-]])], +-[have_daq_real_addresses="yes"], +-[have_daq_real_addresses="no"]) ++have_daq_real_addresses="no" + AC_MSG_RESULT($have_daq_real_addresses) + if test "x$have_daq_real_addresses" = "xyes"; then + AC_DEFINE([HAVE_DAQ_REAL_ADDRESSES],[1], +@@ -754,17 +723,7 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq address space ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.address_space_id = 0; +-]])], +-[have_daq_address_space_id="yes"], +-[have_daq_address_space_id="no"]) ++have_daq_address_space_id="yes" + AC_MSG_RESULT($have_daq_address_space_id) + if test "x$have_daq_address_space_id" = "xyes"; then + AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1], +@@ -772,17 +731,7 @@ if test "x$have_daq_address_space_id" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq flow ID]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.flow_id = 0; +-]])], +-[have_daq_flow_id="yes"], +-[have_daq_flow_id="no"]) ++have_daq_flow_id="yes" + AC_MSG_RESULT($have_daq_flow_id) + if test "x$have_daq_flow_id" = "xyes"; then + AC_DEFINE([HAVE_DAQ_FLOW_ID],[1], +@@ -790,19 +739,7 @@ if test "x$have_daq_flow_id" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq extended flow modifiers]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_ModFlow_t mod; +- mod.type = 0; +- mod.length = 0; +- mod.value = NULL; +-]])], +-[have_daq_ext_modflow="yes"], +-[have_daq_ext_modflow="no"]) ++have_daq_ext_modflow="no" + AC_MSG_RESULT($have_daq_ext_modflow) + if test "x$have_daq_ext_modflow" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_EXT_MODFLOW" +@@ -811,19 +748,7 @@ if test "x$have_daq_ext_modflow" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq query flow]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_QueryFlow_t mod; +- mod.type = 0; +- mod.length = 0; +- mod.value = NULL; +-]])], +-[have_daq_queryflow="yes"], +-[have_daq_queryflow="no"]) ++have_daq_queryflow="no" + AC_MSG_RESULT($have_daq_queryflow) + if test "x$have_daq_queryflow" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_QUERYFLOW" +@@ -832,16 +757,7 @@ if test "x$have_daq_queryflow" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq data channel flags]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_Data_Channel_Params_t params; +-]])], +-[have_daq_data_channel_flags="yes"], +-[have_daq_data_channel_flags="no"]) ++have_daq_data_channel_flags="no" + AC_MSG_RESULT($have_daq_data_channel_flags) + if test "x$have_daq_data_channel_flags" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_PARAMS" +@@ -850,17 +766,7 @@ if test "x$have_daq_data_channel_flags" = "xyes"; then + fi + + AC_MSG_CHECKING([for separate IP versions on pinhole endpoints]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_DP_key_t dpKey; +- dpKey.src_af = 0; +-]])], +-[have_daq_data_channel_separate_ip_versions="yes"], +-[have_daq_data_channel_separate_ip_versions="no"]) ++have_daq_data_channel_separate_ip_versions="no" + AC_MSG_RESULT($have_daq_data_channel_separate_ip_versions) + if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then + CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_SEPARATE_IP_VERSIONS" +@@ -869,17 +775,7 @@ if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then + fi + + AC_MSG_CHECKING([for DAQ_VERDICT_RETRY]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_Verdict verdict; +- verdict = DAQ_VERDICT_RETRY; +-]])], +-[have_daq_verdict_retry="yes"], +-[have_daq_verdict_retry="no"]) ++have_daq_verdict_retry="yes" + AC_MSG_RESULT($have_daq_verdict_retry) + if test "x$have_daq_verdict_retry" = "xyes"; then + AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1], +@@ -887,17 +783,7 @@ if test "x$have_daq_verdict_retry" = "xyes"; then + fi + + AC_MSG_CHECKING([for daq packet trace]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_PktHdr_t hdr; +- hdr.flags = DAQ_PKT_FLAG_TRACE_ENABLED; +-]])], +-[have_daq_packet_trace="yes"], +-[have_daq_packet_trace="no"]) ++have_daq_packet_trace="no" + AC_MSG_RESULT($have_daq_packet_trace) + if test "x$have_daq_packet_trace" = "xyes"; then + AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1], +@@ -907,17 +793,7 @@ else + fi + + AC_MSG_CHECKING([for daq verdict reason]) +-AC_RUN_IFELSE( +-[AC_LANG_PROGRAM( +-[[ +-#include <daq.h> +-]], +-[[ +- DAQ_ModFlow_t fl; +- fl.type = DAQ_MODFLOW_TYPE_VER_REASON; +-]])], +-[have_daq_verdict_reason="yes"], +-[have_daq_verdict_reason="no"]) ++have_daq_verdict_reason="no" + AC_MSG_RESULT($have_daq_verdict_reason) + if test "x$have_daq_verdict_reason" = "xyes"; then + AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1], +-- +2.7.4 + diff --git a/meta-networking/recipes-connectivity/snort/snort/snort.default b/meta-networking/recipes-connectivity/snort/snort/snort.default new file mode 100644 index 0000000000..f1f67c55c0 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort/snort.default @@ -0,0 +1 @@ +INTERFACES="eth0" diff --git a/meta-networking/recipes-connectivity/snort/snort/snort.init b/meta-networking/recipes-connectivity/snort/snort/snort.init index d8a00c43fc..0d90c9af03 100644 --- a/meta-networking/recipes-connectivity/snort/snort/snort.init +++ b/meta-networking/recipes-connectivity/snort/snort/snort.init @@ -1,6 +1,6 @@ #!/bin/sh # -# Snort Startup Script modified for OpenEmbedded +# Snort Startup Script modified for OpenEmbedded # # Script variables @@ -30,16 +30,16 @@ fi start() { - [ -n "$LAN_INTERFACE" ] || return 0 # Check if log diratory is present. Otherwise, create it. if [ ! -d $LOGDIR/$DATE ]; then - mkdir -d $LOGDIR/$DATE + mkdir -p $LOGDIR/$DATE /bin/chown -R $USER:$USER $LOGDIR/$DATE - /bin/chmod -R 700 $LOGDIR/$DATE + /bin/chmod -R 700 $LOGDIR/$DATE fi /bin/echo "Starting $PROG: " + # Snort parameters # -D Run Snort in background (daemon) mode # -i <if> Listen on interface <if> @@ -64,7 +64,7 @@ stop() RETURN_VAL=$? /bin/echo "$PROG shutdown complete." [ -e $DEL_PID ] && rm -f $DEL_PID - [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck + [ -e $DEL_PID.lck ] && rm -f $DEL_PID.lck else /bin/echo "ERROR: PID in $PID file not found." RETURN_VAL=1 @@ -72,12 +72,13 @@ stop() return $RETURN_VAL } -status() { - if [ -s $PID ]; then - echo "$PROG is running as pid `cat $PID`:" - else - echo "$PROG is not running." - fi +status() +{ + if [ -s $PID ]; then + echo "$PROG is running as pid `cat $PID`:" + else + echo "$PROG is not running." + fi } restart() @@ -89,21 +90,21 @@ restart() } case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status - ;; - restart|reload) - restart - ;; - *) - /bin/echo "Usage: $0 {start|stop|status|restart|reload}" - RETURN_VAL=1 + start) + start + ;; + stop) + stop + ;; + status) + status + ;; + restart|reload) + restart + ;; + *) + /bin/echo "Usage: $0 {start|stop|status|restart|reload}" + RETURN_VAL=1 esac exit $RETURN_VAL diff --git a/meta-networking/recipes-connectivity/snort/snort/snort.service b/meta-networking/recipes-connectivity/snort/snort/snort.service new file mode 100644 index 0000000000..487328c1b0 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort/snort.service @@ -0,0 +1,12 @@ +[Unit] +Description=Snort NIDS Daemon +After=syslog.target network.target + +[Service] +Type=simple +EnvironmentFile=/etc/default/snort +ExecStartPre=/bin/mkdir -p /var/log/snort +ExecStart=/usr/bin/snort -q -c /etc/snort/snort.conf -l /var/log/snort -i $INTERFACES + +[Install] +WantedBy=multi-user.target diff --git a/meta-networking/recipes-connectivity/snort/snort/volatiles.99_snort b/meta-networking/recipes-connectivity/snort/snort/volatiles.99_snort new file mode 100644 index 0000000000..acf5f61ab6 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort/volatiles.99_snort @@ -0,0 +1,2 @@ +# <type> <owner> <group> <mode> <path> <linksource> +d root root 0755 /var/log/snort none diff --git a/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Check-for-HP-libunwind.patch b/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Check-for-HP-libunwind.patch new file mode 100644 index 0000000000..7b7a0d098f --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Check-for-HP-libunwind.patch @@ -0,0 +1,33 @@ +From 433a412fad2ab0383ac3c625d183a71684f2b97b Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 20 Feb 2024 15:35:14 -0800 +Subject: [PATCH] cmake: Check for HP libunwind + +This is to ensure that cmake does not detect LLVM unwinder, which +can provide the support for some HP unwinder functionality but not all +e.g. unw_strerror goes missing. By checking for libunwind-common.h in +tests we ensure that this test passes only with HP libunwind. + +Upstream-Status: Inappropriate [OE-Specific] + +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + cmake/FindLibunwind.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmake/FindLibunwind.cmake b/cmake/FindLibunwind.cmake +index f66800a18..1ad66fc83 100644 +--- a/cmake/FindLibunwind.cmake ++++ b/cmake/FindLibunwind.cmake +@@ -22,7 +22,7 @@ find_package(PkgConfig QUIET) + pkg_check_modules(PC_LIBUNWIND libunwind) + + find_path(LIBUNWIND_INCLUDE_DIRS +- NAMES libunwind.h ++ NAMES libunwind-common.h + HINTS ${PC_LIBUNWIND_INCLUDE_DIRS} + ) + +-- +2.43.2 + diff --git a/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Pass-noline-flag-to-flex.patch b/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Pass-noline-flag-to-flex.patch new file mode 100644 index 0000000000..ec7b90cfb4 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort3/0001-cmake-Pass-noline-flag-to-flex.patch @@ -0,0 +1,31 @@ +From 417ed0045b3d04f539a8eb18b07a208c75f6c7e1 Mon Sep 17 00:00:00 2001 +From: Khem Raj <raj.khem@gmail.com> +Date: Tue, 20 Feb 2024 16:08:20 -0800 +Subject: [PATCH] cmake: Pass --noline flag to flex + +This ensures that line directive is not emitted into lexer output which +could be absolute build paths, since these files end up in dbg packages +this can be flagged as a build/packaging warning. + +Upstream-Status: Pending +Signed-off-by: Khem Raj <raj.khem@gmail.com> +--- + cmake/configure_options.cmake | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/cmake/configure_options.cmake b/cmake/configure_options.cmake +index f3673f399..fbd0bd2c3 100644 +--- a/cmake/configure_options.cmake ++++ b/cmake/configure_options.cmake +@@ -28,7 +28,7 @@ if ( ENABLE_LARGE_PCAP ) + endif ( ENABLE_LARGE_PCAP ) + + # Flex Lexer +-set ( FLEX_FLAGS "-Ca" ) ++set ( FLEX_FLAGS "-Ca --noline" ) + + # documentation + +-- +2.43.2 + diff --git a/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb b/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb new file mode 100644 index 0000000000..ee84aa17e7 --- /dev/null +++ b/meta-networking/recipes-connectivity/snort/snort3_3.1.84.0.bb @@ -0,0 +1,38 @@ +SUMMARY = "snort3" +DESCRIPTION = "snort3 - a free lightweight network intrusion detection system for UNIX and Windows." +HOMEPAGE = "http://www.snort.org/" +SECTION = "net" +LICENSE = "GPL-2.0-only" +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" + +DEPENDS = "flex-native hwloc libdaq libdnet libpcap libpcre libtirpc libunwind luajit zlib" + +SRC_URI = "git://github.com/snort3/snort3.git;protocol=https;branch=master \ + file://0001-cmake-Check-for-HP-libunwind.patch \ + file://0001-cmake-Pass-noline-flag-to-flex.patch" +SRCREV = "e7312efd840d66a52a2019abe1db7cc89ca0f39a" + +S = "${WORKDIR}/git" + +PACKAGES =+ "${PN}-scripts" + +inherit cmake pkgconfig + +do_install:append() { + sed -i "s#${RECIPE_SYSROOT_NATIVE}##g; s#${RECIPE_SYSROOT}##g" ${D}${libdir}/pkgconfig/snort.pc +} + +FILES:${PN} += "${libdir}/snort/daq/*.so" + +FILES:${PN}-scripts = "${bindir}/appid_detector_builder.sh" + +RDEPENDS:${PN}-scripts += "bash" + +# mips64/ppc/ppc64/riscv64/riscv32 is not supported in this release +COMPATIBLE_HOST:mipsarchn32 = "null" +COMPATIBLE_HOST:mipsarchn64 = "null" +COMPATIBLE_HOST:powerpc = "null" +COMPATIBLE_HOST:powerpc64 = "null" +COMPATIBLE_HOST:powerpc64le = "null" +COMPATIBLE_HOST:riscv64 = "null" +COMPATIBLE_HOST:riscv32 = "null" diff --git a/meta-networking/recipes-connectivity/snort/snort_2.9.7.5.bb b/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb index 2034b85fb5..9bc14fc56f 100644 --- a/meta-networking/recipes-connectivity/snort/snort_2.9.7.5.bb +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.20.bb @@ -1,31 +1,35 @@ DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows." HOMEPAGE = "http://www.snort.org/" SECTION = "net" -LICENSE = "GPL-2.0" +LICENSE = "GPL-2.0-only" LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5" -DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native" -DEPENDS_append_libc-musl = " libtirpc" +DEPENDS = "xz libpcap libpcre daq libdnet util-linux daq-native libtirpc bison-native" -SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \ +SRC_URI = "https://www.snort.org/downloads/archive/snort/${BP}.tar.gz \ file://snort.init \ - file://disable-inaddr-none.patch \ - file://disable-dap-address-space-id.patch \ - file://disable-daq-flow-id.patch \ - file://disable-daq-verdict-retry.patch \ + file://snort.service \ + file://snort.default \ + file://volatiles.99_snort \ file://0001-libpcap-search-sysroot-for-headers.patch \ - file://0001-fix-do_package-failed-since-snort-2.9.7.0.patch \ file://fix-host-contamination-when-enable-static-daq.patch \ + file://disable-run-test-program-while-cross-compiling.patch \ + file://configure.in-disable-tirpc-checking-for-fedora.patch \ " +SRC_URI[sha256sum] = "29400e13f53b1831e0b8b10ec1224a1cbaa6dc1533a5322a20dd80bb84b4981c" -SRC_URI[tarball.md5sum] = "fd271788c0f8876be87a858a9142f202" -SRC_URI[tarball.sha256sum] = "ad03f11b5301b16642199a86aa90388eaa53f5003f83b0c5595745a490047be1" +UPSTREAM_CHECK_URI = "https://www.snort.org/downloads" +UPSTREAM_CHECK_REGEX = "snort-(?P<pver>\d+(\.\d+)+)\.tar" -inherit autotools gettext update-rc.d pkgconfig +inherit autotools gettext update-rc.d pkgconfig systemd INITSCRIPT_NAME = "snort" INITSCRIPT_PARAMS = "defaults" +SYSTEMD_PACKAGES = "${PN}" +SYSTEMD_SERVICE:${PN} = "snort.service" +SYSTEMD_AUTO_ENABLE = "disable" + EXTRA_OECONF = " \ --enable-gre \ --enable-linux-smp-stats \ @@ -47,11 +51,12 @@ EXTRA_OECONF = " \ PACKAGECONFIG ?= "openssl lzma" PACKAGECONFIG[openssl] = "--with-openssl-includes=${STAGING_INCDIR} --with-openssl-libraries=${STAGING_LIBDIR}, --without-openssl-includes --without-openssl-libraries, openssl," PACKAGECONFIG[lzma] = "--with-lzma-includes=${STAGING_INCDIR} --with-lzma-libraries=${STAGING_LIBDIR}, --without-lzma-includes --without-lzma-libraries, xz," +PACKAGECONFIG[appid] = "--enable-open-appid, --disable-open-appid, luajit, bash" -CFLAGS_append_libc-musl = " -I${STAGING_INCDIR}/tirpc" -LDFLAGS_append_libc-musl = " -ltirpc" +CFLAGS += "-I${STAGING_INCDIR}/tirpc" +LDFLAGS += " -ltirpc" -do_install_append() { +do_install:append() { install -d ${D}${sysconfdir}/snort/rules install -d ${D}${sysconfdir}/snort/preproc_rules install -d ${D}${sysconfdir}/init.d @@ -70,31 +75,48 @@ do_install_append() { ${D}${sysconfdir}/snort/snort.conf cp ${S}/preproc_rules/*.rules ${D}${sysconfdir}/snort/preproc_rules/ - install -m 755 ${WORKDIR}/snort.init ${D}${sysconfdir}/init.d/snort - mkdir -p ${D}${localstatedir}/log/snort - install -d ${D}/var/log/snort + if ${@bb.utils.contains('DISTRO_FEATURES', 'sysvinit', 'true', 'false', d)}; then + install -m 755 ${UNPACKDIR}/snort.init ${D}${sysconfdir}/init.d/snort + fi + + if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then + install -d ${D}/${systemd_system_unitdir} + install -m 644 ${UNPACKDIR}/snort.service ${D}/${systemd_system_unitdir} + # Install default environment file + install -d ${D}/${sysconfdir}/default + install -m 0644 ${UNPACKDIR}/snort.default ${D}${sysconfdir}/default/snort + fi + install -d ${D}${sysconfdir}/default/volatiles + install -m 0644 ${UNPACKDIR}/volatiles.99_snort ${D}${sysconfdir}/default/volatiles/99_snort + + sed -i -e 's|-ffile-prefix-map[^ ]*||g; s|-fdebug-prefix-map[^ ]*||g; s|-fmacro-prefix-map[^ ]*||g; s|${STAGING_DIR_TARGET}||g' ${D}${libdir}/pkgconfig/*.pc +} - sed -i 's/-fdebug-prefix-map[^ ]*//g; s#${STAGING_DIR_TARGET}##g' ${D}${libdir}/pkgconfig/*.pc +pkg_postinst:${PN}() { + if [ -z "$D" ] && [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then + ${sysconfdir}/init.d/populate-volatile.sh update + fi } -FILES_${PN} += " \ +FILES:${PN} += " \ ${libdir}/snort_dynamicengine/*.so.* \ ${libdir}/snort_dynamicpreprocessor/*.so.* \ ${libdir}/snort_dynamicrules/*.so.* \ + ${systemd_system_unitdir}/snort.service \ " -FILES_${PN}-dbg += " \ +FILES:${PN}-dbg += " \ ${libdir}/snort_dynamicengine/.debug \ ${libdir}/snort_dynamicpreprocessor/.debug \ ${libdir}/snort_dynamicrules/.debug \ " -FILES_${PN}-staticdev += " \ +FILES:${PN}-staticdev += " \ ${libdir}/snort_dynamicengine/*.a \ ${libdir}/snort_dynamicpreprocessor/*.a \ ${libdir}/snort_dynamicrules/*.a \ ${libdir}/snort/dynamic_preproc/*.a \ ${libdir}/snort/dynamic_output/*.a \ " -FILES_${PN}-dev += " \ +FILES:${PN}-dev += " \ ${libdir}/snort_dynamicengine/*.la \ ${libdir}/snort_dynamicpreprocessor/*.la \ ${libdir}/snort_dynamicrules/*.la \ |