[oe] [meta-networking][PATCH v2 1/3] snort : add recipe

Chunrong Guo B40290 at freescale.com
Fri Nov 1 07:15:39 UTC 2013 

Hello,joe 

	I investigate  barnyard2 and barnyard . 
	I have the following conclusions: 
  	  1) Barnyard2 maintains majority of the command syntax of barnyard.
  	  2) Barnyard  has not seen an updated in over 4 years  and is  not going to be maintained by the original developers. 
        3) Barnyard2  is a very popular plugin .

I will submit new patch about " snort + Barnyard2".

Thanks,
chunrong

-----Original Message-----
From: Joe MacDonald [mailto:joe at deserted.net] 
Sent: Wednesday, October 30, 2013 8:49 PM
To: Guo Chunrong-B40290
Cc: openembedded-devel at lists.openembedded.org
Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe

[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed 01:40) Guo Chunrong-B40290 wrote:

> Hi, Joe MacDonald
> 
> Thank you for your comments.
> 
> The current snort simply do not need sysvinit config.

I apologize, I don't mean to belabor the point, but can you point me at that information?  http://www.snort.org/docs/ contains a lot of documentation around getting snort started on various systems and there are a number of startup scripts there that indicate they belong in /etc/init.d of their respective distributions.  Perhaps things have changed in the most recent version of snort, but the "Snort Startup Scripts" section seem to apply to the versions of snort you're proposing we include in meta-networking.

Also, please don't forget about the include path and barnyard questions.

Thanks.

-J.

> 
> 
> Thanks,
> Chunrong
> 
> -----Original Message-----
> From: Joe MacDonald [mailto:joe at deserted.net]
> Sent: Wednesday, October 30, 2013 3:20 AM
> To: openembedded-devel at lists.openembedded.org
> Cc: Guo Chunrong-B40290
> Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
> 
> Hi Chunrong,
> 
> Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.
> 
> I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.
> 
> I also noticed that in the most recent version of the snort recipe the 
> sysvinit components have been dropped entirely.  Was that due to 
> problems inheriting update-rc.d as Koen suggested?  (Or perhaps the 
> current snort simply doesn't have a functional sysvinit config?  I 
> hope that's not the case.)  I'm probably not the only one still making 
> use of sysvinit stuff in some scenarios.  :-)
> 
> -J.
> 
> [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:
> 
> > pings
> > 
> > -----Original Message-----
> > From: Guo Chunrong-B40290
> > Sent: Friday, October 18, 2013 4:22 PM
> > To: openembedded-devel at lists.openembedded.org
> > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> > 
> > From: Chunrong Guo <B40290 at freescale.com>
> > 
> >    *snort - a free lightweight network intrusion detection
> >                 system for UNIX and Windows
> > 
> > Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> > ---
> >  .../snort/files/disable-dap-address-space-id.patch |   52 ++++++++++++++
> >  .../snort/files/disable-inaddr-none.patch          |   75 ++++++++++++++++++++
> >  .../recipes-connectivity/snort/snort_2.9.4.6.bb    |   64 +++++++++++++++++
> >  3 files changed, 191 insertions(+), 0 deletions(-)  create mode
> > 100644
> > meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > -s
> > pace-id.patch  create mode 100644
> > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > .p
> > atch  create mode 100644
> > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > 
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > new file mode 100644
> > index 0000000..39e5c9c
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a
> > +++ dd
> > +++ re
> > +++ ss-space-id.patch
> > @@ -0,0 +1,52 @@
> > +Upstream-Status:Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for dap address space id... configure: 
> > +configure: error: cannot run test program while cross compiling
> > +
> > +
> > +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> > +
> > +--- a/configure.in	2013-08-23 00:06:37.239361932 -0500
> > ++++ b/configure.in	2013-08-23 00:07:32.860266534 -0500
> > +@@ -679,23 +679,23 @@
> > + 
> > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> > + 
> > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( 
> > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> > +-   DAQ_PktHdr_t hdr;
> > +-   hdr.address_space_id = 0;
> > +-]])],
> > +-[have_daq_address_space_id="yes"],
> > +-[have_daq_address_space_id="no"])
> > +-AC_MSG_RESULT($have_daq_address_space_id)
> > +-if test "x$have_daq_address_space_id" = "xyes"; then
> > +-    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > +-        [DAQ version supports address space ID in header.])
> > +-fi
> > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( 
> > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> > ++#   DAQ_PktHdr_t hdr;
> > ++#   hdr.address_space_id = 0;
> > ++#]])],
> > ++have_daq_address_space_id="yes"
> > ++#[have_daq_address_space_id="no"])
> > ++#AC_MSG_RESULT($have_daq_address_space_id)
> > ++#if test "x$have_daq_address_space_id" = "xyes"; then
> > ++#    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > ++#        [DAQ version supports address space ID in header.])
> > ++#fi
> > + 
> > + # any sparc platform has to have this one defined.
> > + AC_MSG_CHECKING(for sparc)
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > new file mode 100644
> > index 0000000..9dafe63
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd
> > +++ r-
> > +++ no
> > +++ ne.patch
> > @@ -0,0 +1,75 @@
> > +Upstream-Status: Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for INADDR_NONE... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> > +
> > +
> > +--- a/configure.in	2013-08-21 03:56:17.197414789 -0500
> > ++++ b/configure.in	2013-08-21 23:19:05.298553560 -0500
> > +@@ -281,25 +281,7 @@
> > + AC_CHECK_TYPES([boolean])
> > + 
> > + # In case INADDR_NONE is not defined (like on Solaris) 
> > +-have_inaddr_none="no"
> > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE( 
> > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include 
> > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[
> > +-	if (inet_addr("10,5,2") == INADDR_NONE);
> > +-    return 0;
> > +-]])],
> > +-[have_inaddr_none="yes"],
> > +-[have_inaddr_none="no"])
> > +-AC_MSG_RESULT($have_inaddr_none)
> > +-if test "x$have_inaddr_none" = "xno"; then
> > +-	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> > +-fi
> > ++have_inaddr_none="yes"
> > + 
> > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> > + #include <stdio.h>
> > +@@ -397,21 +379,21 @@
> > +   fi
> > + fi
> > + 
> > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( 
> > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> > +-   pcap_lex_destroy();
> > +-]])],
> > +-[have_pcap_lex_destroy="yes"],
> > +-[have_pcap_lex_destroy="no"])
> > +-AC_MSG_RESULT($have_pcap_lex_destroy)
> > +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> > +-    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > +-fi
> > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( 
> > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> > ++#   pcap_lex_destroy();
> > ++#]])],
> > ++have_pcap_lex_destroy="yes"
> > ++#[have_pcap_lex_destroy="no"])
> > ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> > ++#    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> > ++#fi
> > + 
> > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > new file mode 100644
> > index 0000000..8639639
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > @@ -0,0 +1,64 @@
> > +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> > +HOMEPAGE = "http://www.snort.org/"
> > +LICENSE = "GPL-2.0"
> > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> > +
> > +DEPENDS = "libpcap libpcre daq libdnet"
> > +
> > +
> > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> > +            file://disable-inaddr-none.patch \
> > +            file://disable-dap-address-space-id.patch "
> > +
> > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> > +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> > +
> > +inherit autotools  gettext
> > +
> > +EXTRA_OECONF = " \
> > +	--enable-gre \    
> > +	--enable-linux-smp-stats \
> > +	--enable-reload \
> > +	--enable-reload-error-restart \
> > +	--enable-targetbased \
> > +	--disable-static-daq \
> > +	"
> > +
> > +do_install_append() {
> > +	install -d ${D}/${sysconfdir}/snort/rules
> > +	install -d ${D}/${sysconfdir}/snort/preproc_rules
> > +	for i in map config conf dtd; do
> > +		cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> > +	done
> > +	cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> > +	mkdir -p ${D}/${localstatedir}/log/snort }
> > +
> > +FILES_${PN} += " \
> > +	${libdir}/snort_dynamicengine/*.so.* \
> > +	${libdir}/snort_dynamicpreprocessor/*.so.* \
> > +	${libdir}/snort_dynamicrules/*.so.* \
> > +	"
> > +FILES_${PN}-dbg += " \
> > +	${libdir}/snort_dynamicengine/.debug \
> > +	${libdir}/snort_dynamicpreprocessor/.debug \
> > +	${libdir}/snort_dynamicrules/.debug \
> > +	"
> > +FILES_${PN}-staticdev += " \
> > +	${libdir}/snort_dynamicengine/*.a \
> > +	${libdir}/snort_dynamicpreprocessor/*.a \
> > +	${libdir}/snort_dynamicrules/*.a \
> > +	${libdir}/snort/dynamic_preproc/*.a \
> > +	${libdir}/snort/dynamic_output/*.a \
> > +	"
> > +FILES_${PN}-dev += " \
> > +	${libdir}/snort_dynamicengine/*.la \
> > +	${libdir}/snort_dynamicpreprocessor/*.la \
> > +	${libdir}/snort_dynamicrules/*.la \
> > +	${libdir}/snort_dynamicengine/*.so \
> > +	${libdir}/snort_dynamicpreprocessor/*.so \
> > +	${libdir}/snort_dynamicrules/*.so \
> > +	${prefix}/src/snort_dynamicsrc \
> > +	"
> > +
> > +RRECOMMENDS_${PN} += "barnyard"
> > --
> > 1.7.5.4
> > 
> > 
> > _______________________________________________
> > Openembedded-devel mailing list
> > Openembedded-devel at lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
> 
> --
> -Joe MacDonald.
> :wq
> 

--
-Joe MacDonald.
:wq

More information about the Openembedded-devel mailing list