snort3: new package

Signed-off-by: W. Michael Petullo <mike@flyn.org>
6 years ago · 53df351850
--- a/net/snort3/Makefile
+++ b/net/snort3/Makefile
@ -0,0 +1,102 @@
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=snort3
 PKG_VERSION:=3.0.0-beta
 PKG_VERSION_SHORT:=3.0.0
 PKG_RELEASE:=1

 PKG_LICENSE:=GPL-2.0
 PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>

 PKG_SOURCE:=snort-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.snort.org/downloads/snortplus/
 PKG_HASH:=ea4079c551002e4d83586f05b3ecdae72706a46ec223339b87ce60f7ae30b8a2

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/snort-$(PKG_VERSION_SHORT)
 PKG_FIXUP:=autoreconf
 PKG_INSTALL:=1

 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

 define Package/snort3
  SUBMENU:=Firewall
  SECTION:=net
  CATEGORY:=Network
  DEPENDS:=+libstdcpp +libdaq +libdnet +libopenssl +libpcap +libpcre +libpthread +libuuid +zlib +libhwloc +libtirpc +luajit
  TITLE:=Lightweight Network Intrusion Detection System
  URL:=http://www.snort.org/
  MENU:=1
 endef

 define Package/snort3/description
  Snort is an open source network intrusion detection and prevention system.
  It is capable of performing real-time traffic analysis, alerting, blocking
  and packet logging on IP networks.  It utilizes a combination of protocol
  analysis and pattern matching in order to detect anomalies, misuse and
  attacks.
 endef

 CMAKE_OPTIONS += \
 	-DENABLE_STATIC_DAQ:BOOL=NO \
 	-DENABLE_COREFILES:BOOL=NO \
 	-DENABLE_GDB:BOOL=NO \
 	-DMAKE_DOC:BOOL=NO \
 	-DMAKE_HTML_DOC:BOOL=NO \
 	-DMAKE_PDF_DOC:BOOL=NO \
 	-DMAKE_TEXT_DOC:BOOL=NO \

 TARGET_CFLAGS  += -I$(STAGING_DIR)/usr/include/tirpc
 TARGET_LDFLAGS += -ltirpc

 define Package/snort3/conffiles
 /etc/config/snort
 endef

 define Package/snort3/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) \
 		$(PKG_INSTALL_DIR)/usr/bin/snort  \
 		$(1)/usr/bin/

 	$(INSTALL_BIN) \
 		$(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \
 		$(1)/usr/bin/

 	$(INSTALL_DIR) $(1)/usr/lib/snort
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/lib/snort/daqs/daq_hext.so \
 		$(1)/usr/lib/snort/

 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/lib/snort/daqs/daq_file.so \
 		$(1)/usr/lib/snort/

 	$(INSTALL_DIR) $(1)/usr/share/lua
 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
 		$(1)/usr/share/lua/

 	$(CP) \
 		$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_config.lua \
 		$(1)/usr/share/lua/

 	$(INSTALL_DIR) $(1)/etc/snort

 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) \
 		./files/snort.init \
 		$(1)/etc/init.d/snort

 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) \
 		./files/snort.config \
 		$(1)/etc/config/snort
 endef

 $(eval $(call BuildPackage,snort3))
--- a/net/snort3/files/snort.config
+++ b/net/snort3/files/snort.config
@ -0,0 +1,4 @@
 config snort 'snort'
 	option config_dir '/etc/snort/etc/'
 	option alert_module 'alert_syslog'
 	option interface 'eth0'
--- a/net/snort3/files/snort.init
+++ b/net/snort3/files/snort.init
@ -0,0 +1,41 @@
 #!/bin/sh /etc/rc.common

 START=99
 STOP=10

 USE_PROCD=1
 PROG=/usr/bin/snort

 validate_snort_section() {
 	uci_validate_section snort snort "${1}" \
 		'config_dir:string' \
 		'alert_module:string' \
 		'interface:string'
 }

 start_service() {
 	local config_file interface

 	validate_snort_section snort || {
 		echo "validation failed"
 		return 1
 	}

 	procd_open_instance
 	procd_set_param command $PROG -q --daq-dir /usr/lib/daq/ -i "$interface" -c "$config_dir/snort.lua" -A "$alert_module"
 	procd_set_param env SNORT_LUA_PATH="$config_dir"
 	procd_set_param file $CONFIGFILE
 	procd_set_param respawn
 	procd_close_instance
 }

 stop_service()
 {
 	service_stop ${PROG}
 }

 service_triggers()
 {
 	procd_add_reload_trigger "snort"
 	procd_add_validation validate_snort_section
 }
--- a/net/snort3/patches/001-compile.patch
+++ b/net/snort3/patches/001-compile.patch
@ -0,0 +1,52 @@
 diff -u --recursive snort-3.0.0-vanilla/daqs/daq_file.c snort-3.0.0/daqs/daq_file.c
 --- snort-3.0.0-vanilla/daqs/daq_file.c	2018-08-28 02:01:02.000000000 -0400
 +++ snort-3.0.0/daqs/daq_file.c	2019-03-28 23:03:25.292770141 -0400
@@ -33,7 +33,7 @@
 
 #include <sys/types.h>
 #include <sys/time.h>
 -#include <sys/unistd.h>
 +#include <unistd.h>
 
 #include <daq_api.h>
 #include <sfbpf_dlt.h>
 diff -u --recursive snort-3.0.0-vanilla/daqs/daq_hext.c snort-3.0.0/daqs/daq_hext.c
 --- snort-3.0.0-vanilla/daqs/daq_hext.c	2018-08-28 02:01:02.000000000 -0400
 +++ snort-3.0.0/daqs/daq_hext.c	2019-03-28 22:54:15.738207157 -0400
@@ -35,7 +35,7 @@
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <sys/time.h>
 -#include <sys/unistd.h>
 +#include <unistd.h>
 #include <sys/socket.h>
 
 #include <daq_api.h>
 diff -u --recursive snort-3.0.0-vanilla/src/network_inspectors/appid/service_plugins/service_rpc.cc snort-3.0.0/src/network_inspectors/appid/service_plugins/service_rpc.cc
 --- snort-3.0.0-vanilla/src/network_inspectors/appid/service_plugins/service_rpc.cc	2018-08-28 02:01:02.000000000 -0400
 +++ snort-3.0.0/src/network_inspectors/appid/service_plugins/service_rpc.cc	2019-03-28 22:32:04.211783669 -0400
@@ -27,6 +27,7 @@
 
 #include <netdb.h>
 
 +#include <tirpc/rpc/rpcent.h>
 #if defined(__FreeBSD__) || defined(__OpenBSD__)
 #include <rpc/rpc.h>
 #elif defined(__sun)
 diff -u --recursive snort-3.0.0-vanilla/src/utils/util.cc snort-3.0.0/src/utils/util.cc
 --- snort-3.0.0-vanilla/src/utils/util.cc	2018-08-28 02:01:02.000000000 -0400
 +++ snort-3.0.0/src/utils/util.cc	2019-03-28 22:16:16.860942230 -0400
@@ -605,13 +605,8 @@
 {
     static THREAD_LOCAL char buf[128];
 
 -#if (defined(_POSIX_C_SOURCE) && _POSIX_C_SOURCE < 200112L && \
 -        defined(_XOPEN_SOURCE) && _XOPEN_SOURCE < 600) || _GNU_SOURCE
 -    return strerror_r(errnum, buf, sizeof(buf));
 -#else
     (void)strerror_r(errnum, buf, sizeof(buf));
     return buf;
 -#endif
 }
 
 char* snort_strndup(const char* src, size_t dst_size)