[oe] [meta-networking][PATCH v2 1/3] snort : add recipe

Guo Chunrong-B40290 B40290 at freescale.com
Wed Oct 30 01:40:29 UTC 2013 

Hi, Joe MacDonald

Thank you for your comments.

The current snort simply do not need sysvinit config.


Thanks,
Chunrong

-----Original Message-----
From: Joe MacDonald [mailto:joe at deserted.net] 
Sent: Wednesday, October 30, 2013 3:20 AM
To: openembedded-devel at lists.openembedded.org
Cc: Guo Chunrong-B40290
Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe

Hi Chunrong,

Sorry about the confusion here, there were still at least a couple of outstanding questions / requests, I thought.

I had a quick look back at the latest barnyard recipe and it appears to be removing the include path as opposed to using -I=/usr/include/pcap that Khem suggested, I was hoping to hear back on the question I had as well WRT barnyard versus barnyard2 (I could make the license tweak myself since I'm confident that won't invalidate any of your work) and the Gentoo mirror as the primary source for this version of Barnyard.

I also noticed that in the most recent version of the snort recipe the sysvinit components have been dropped entirely.  Was that due to problems inheriting update-rc.d as Koen suggested?  (Or perhaps the current snort simply doesn't have a functional sysvinit config?  I hope that's not the case.)  I'm probably not the only one still making use of sysvinit stuff in some scenarios.  :-)

-J.

[Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28 (Mon 02:23) Guo Chunrong-B40290 wrote:

> pings
> 
> -----Original Message-----
> From: Guo Chunrong-B40290
> Sent: Friday, October 18, 2013 4:22 PM
> To: openembedded-devel at lists.openembedded.org
> Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> 
> From: Chunrong Guo <B40290 at freescale.com>
> 
>    *snort - a free lightweight network intrusion detection
>                 system for UNIX and Windows
> 
> Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> ---
>  .../snort/files/disable-dap-address-space-id.patch |   52 ++++++++++++++
>  .../snort/files/disable-inaddr-none.patch          |   75 ++++++++++++++++++++
>  .../recipes-connectivity/snort/snort_2.9.4.6.bb    |   64 +++++++++++++++++
>  3 files changed, 191 insertions(+), 0 deletions(-)  create mode 
> 100644 
> meta-networking/recipes-connectivity/snort/files/disable-dap-address-s
> pace-id.patch  create mode 100644 
> meta-networking/recipes-connectivity/snort/files/disable-inaddr-none.p
> atch  create mode 100644 
> meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> 
> diff --git 
> a/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> -space-id.patch 
> b/meta-networking/recipes-connectivity/snort/files/disable-dap-address
> -space-id.patch
> new file mode 100644
> index 0000000..39e5c9c
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-add
> +++ re
> +++ ss-space-id.patch
> @@ -0,0 +1,52 @@
> +Upstream-Status:Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for dap address space id... configure: 
> +configure: error: cannot run test program while cross compiling
> +
> +
> +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> +
> +--- a/configure.in	2013-08-23 00:06:37.239361932 -0500
> ++++ b/configure.in	2013-08-23 00:07:32.860266534 -0500
> +@@ -679,23 +679,23 @@
> + 
> + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> + 
> +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE( 
> +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> +-   DAQ_PktHdr_t hdr;
> +-   hdr.address_space_id = 0;
> +-]])],
> +-[have_daq_address_space_id="yes"],
> +-[have_daq_address_space_id="no"])
> +-AC_MSG_RESULT($have_daq_address_space_id)
> +-if test "x$have_daq_address_space_id" = "xyes"; then
> +-    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> +-        [DAQ version supports address space ID in header.])
> +-fi
> ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE( 
> ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> ++#   DAQ_PktHdr_t hdr;
> ++#   hdr.address_space_id = 0;
> ++#]])],
> ++have_daq_address_space_id="yes"
> ++#[have_daq_address_space_id="no"])
> ++#AC_MSG_RESULT($have_daq_address_space_id)
> ++#if test "x$have_daq_address_space_id" = "xyes"; then
> ++#    AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> ++#        [DAQ version supports address space ID in header.])
> ++#fi
> + 
> + # any sparc platform has to have this one defined.
> + AC_MSG_CHECKING(for sparc)
> diff --git 
> a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> .patch 
> b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> .patch
> new file mode 100644
> index 0000000..9dafe63
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-
> +++ no
> +++ ne.patch
> @@ -0,0 +1,75 @@
> +Upstream-Status: Inappropriate [embedded specific]
> +
> +fix the below error:
> +checking for INADDR_NONE... configure:
> +configure: error: cannot run test program while cross compiling
> +
> +Signed-off-by: Chunrong Guo <B40290 at freescale.com>
> +
> +
> +--- a/configure.in	2013-08-21 03:56:17.197414789 -0500
> ++++ b/configure.in	2013-08-21 23:19:05.298553560 -0500
> +@@ -281,25 +281,7 @@
> + AC_CHECK_TYPES([boolean])
> + 
> + # In case INADDR_NONE is not defined (like on Solaris) 
> +-have_inaddr_none="no"
> +-AC_MSG_CHECKING([for INADDR_NONE])
> +-AC_RUN_IFELSE(
> +-[AC_LANG_PROGRAM(
> +-[[
> +-#include <sys/types.h>
> +-#include <netinet/in.h>
> +-#include <arpa/inet.h>
> +-]],
> +-[[
> +-	if (inet_addr("10,5,2") == INADDR_NONE);
> +-    return 0;
> +-]])],
> +-[have_inaddr_none="yes"],
> +-[have_inaddr_none="no"])
> +-AC_MSG_RESULT($have_inaddr_none)
> +-if test "x$have_inaddr_none" = "xno"; then
> +-	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> +-fi
> ++have_inaddr_none="yes"
> + 
> + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> + #include <stdio.h>
> +@@ -397,21 +379,21 @@
> +   fi
> + fi
> + 
> +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE( 
> +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> +-   pcap_lex_destroy();
> +-]])],
> +-[have_pcap_lex_destroy="yes"],
> +-[have_pcap_lex_destroy="no"])
> +-AC_MSG_RESULT($have_pcap_lex_destroy)
> +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> +-    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> +-fi
> ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE( 
> ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> ++#   pcap_lex_destroy();
> ++#]])],
> ++have_pcap_lex_destroy="yes"
> ++#[have_pcap_lex_destroy="no"])
> ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> ++#    AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
> ++#fi
> + 
> + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> diff --git 
> a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb 
> b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> new file mode 100644
> index 0000000..8639639
> --- /dev/null
> +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> @@ -0,0 +1,64 @@
> +DESCRIPTION = "snort - a free lightweight network intrusion detection system for UNIX and Windows."
> +HOMEPAGE = "http://www.snort.org/"
> +LICENSE = "GPL-2.0"
> +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> +
> +DEPENDS = "libpcap libpcre daq libdnet"
> +
> +
> +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> +            file://disable-inaddr-none.patch \
> +            file://disable-dap-address-space-id.patch "
> +
> +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> +SRC_URI[tarball.sha256sum] = "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> +
> +inherit autotools  gettext
> +
> +EXTRA_OECONF = " \
> +	--enable-gre \    
> +	--enable-linux-smp-stats \
> +	--enable-reload \
> +	--enable-reload-error-restart \
> +	--enable-targetbased \
> +	--disable-static-daq \
> +	"
> +
> +do_install_append() {
> +	install -d ${D}/${sysconfdir}/snort/rules
> +	install -d ${D}/${sysconfdir}/snort/preproc_rules
> +	for i in map config conf dtd; do
> +		cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> +	done
> +	cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> +	mkdir -p ${D}/${localstatedir}/log/snort }
> +
> +FILES_${PN} += " \
> +	${libdir}/snort_dynamicengine/*.so.* \
> +	${libdir}/snort_dynamicpreprocessor/*.so.* \
> +	${libdir}/snort_dynamicrules/*.so.* \
> +	"
> +FILES_${PN}-dbg += " \
> +	${libdir}/snort_dynamicengine/.debug \
> +	${libdir}/snort_dynamicpreprocessor/.debug \
> +	${libdir}/snort_dynamicrules/.debug \
> +	"
> +FILES_${PN}-staticdev += " \
> +	${libdir}/snort_dynamicengine/*.a \
> +	${libdir}/snort_dynamicpreprocessor/*.a \
> +	${libdir}/snort_dynamicrules/*.a \
> +	${libdir}/snort/dynamic_preproc/*.a \
> +	${libdir}/snort/dynamic_output/*.a \
> +	"
> +FILES_${PN}-dev += " \
> +	${libdir}/snort_dynamicengine/*.la \
> +	${libdir}/snort_dynamicpreprocessor/*.la \
> +	${libdir}/snort_dynamicrules/*.la \
> +	${libdir}/snort_dynamicengine/*.so \
> +	${libdir}/snort_dynamicpreprocessor/*.so \
> +	${libdir}/snort_dynamicrules/*.so \
> +	${prefix}/src/snort_dynamicsrc \
> +	"
> +
> +RRECOMMENDS_${PN} += "barnyard"
> --
> 1.7.5.4
> 
> 
> _______________________________________________
> Openembedded-devel mailing list
> Openembedded-devel at lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-devel

--
-Joe MacDonald.
:wq

More information about the Openembedded-devel mailing list