Hello,joe
I investigate barnyard2 and barnyard .
I have the following conclusions:
1) Barnyard2 maintains majority of the command syntax of barnyard.
2) Barnyard has not seen an updated in over 4 years and is not
going to be maintained by the original developers.
3) Barnyard2 is a very popular plugin .
I will submit new patch about " snort + Barnyard2".
Thanks,
chunrong
-----Original Message-----
From: Joe MacDonald [mailto:[email protected]]
Sent: Wednesday, October 30, 2013 8:49 PM
To: Guo Chunrong-B40290
Cc: [email protected]
Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
[RE: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.30 (Wed
01:40) Guo Chunrong-B40290 wrote:
> Hi, Joe MacDonald
>
> Thank you for your comments.
>
> The current snort simply do not need sysvinit config.
I apologize, I don't mean to belabor the point, but can you point me at that
information? http://www.snort.org/docs/ contains a lot of documentation around
getting snort started on various systems and there are a number of startup
scripts there that indicate they belong in /etc/init.d of their respective
distributions. Perhaps things have changed in the most recent version of
snort, but the "Snort Startup Scripts" section seem to apply to the versions of
snort you're proposing we include in meta-networking.
Also, please don't forget about the include path and barnyard questions.
Thanks.
-J.
>
>
> Thanks,
> Chunrong
>
> -----Original Message-----
> From: Joe MacDonald [mailto:[email protected]]
> Sent: Wednesday, October 30, 2013 3:20 AM
> To: [email protected]
> Cc: Guo Chunrong-B40290
> Subject: Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe
>
> Hi Chunrong,
>
> Sorry about the confusion here, there were still at least a couple of
> outstanding questions / requests, I thought.
>
> I had a quick look back at the latest barnyard recipe and it appears to be
> removing the include path as opposed to using -I=/usr/include/pcap that Khem
> suggested, I was hoping to hear back on the question I had as well WRT
> barnyard versus barnyard2 (I could make the license tweak myself since I'm
> confident that won't invalidate any of your work) and the Gentoo mirror as
> the primary source for this version of Barnyard.
>
> I also noticed that in the most recent version of the snort recipe the
> sysvinit components have been dropped entirely. Was that due to
> problems inheriting update-rc.d as Koen suggested? (Or perhaps the
> current snort simply doesn't have a functional sysvinit config? I
> hope that's not the case.) I'm probably not the only one still making
> use of sysvinit stuff in some scenarios. :-)
>
> -J.
>
> [Re: [oe] [meta-networking][PATCH v2 1/3] snort : add recipe] On 13.10.28
> (Mon 02:23) Guo Chunrong-B40290 wrote:
>
> > pings
> >
> > -----Original Message-----
> > From: Guo Chunrong-B40290
> > Sent: Friday, October 18, 2013 4:22 PM
> > To: [email protected]
> > Cc: Liu Ting-B28495; Luo Zhenhua-B19537; Guo Chunrong-B40290
> > Subject: [meta-networking][PATCH v2 1/3] snort : add recipe
> >
> > From: Chunrong Guo <[email protected]>
> >
> > *snort - a free lightweight network intrusion detection
> > system for UNIX and Windows
> >
> > Signed-off-by: Chunrong Guo <[email protected]>
> > ---
> > .../snort/files/disable-dap-address-space-id.patch | 52 ++++++++++++++
> > .../snort/files/disable-inaddr-none.patch | 75
> > ++++++++++++++++++++
> > .../recipes-connectivity/snort/snort_2.9.4.6.bb | 64 +++++++++++++++++
> > 3 files changed, 191 insertions(+), 0 deletions(-) create mode
> > 100644
> > meta-networking/recipes-connectivity/snort/files/disable-dap-address
> > -s
> > pace-id.patch create mode 100644
> > meta-networking/recipes-connectivity/snort/files/disable-inaddr-none
> > .p
> > atch create mode 100644
> > meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> >
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-dap-addre
> > ss
> > -space-id.patch
> > new file mode 100644
> > index 0000000..39e5c9c
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-dap-a
> > +++ dd
> > +++ re
> > +++ ss-space-id.patch
> > @@ -0,0 +1,52 @@
> > +Upstream-Status:Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for dap address space id... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +
> > +Signed-off-by: Chunrong Guo <[email protected]>
> > +
> > +--- a/configure.in 2013-08-23 00:06:37.239361932 -0500
> > ++++ b/configure.in 2013-08-23 00:07:32.860266534 -0500
> > +@@ -679,23 +679,23 @@
> > +
> > + AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta])
> > +
> > +-AC_MSG_CHECKING([for daq address space ID]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <daq.h> -]], -[[
> > +- DAQ_PktHdr_t hdr;
> > +- hdr.address_space_id = 0;
> > +-]])],
> > +-[have_daq_address_space_id="yes"],
> > +-[have_daq_address_space_id="no"])
> > +-AC_MSG_RESULT($have_daq_address_space_id)
> > +-if test "x$have_daq_address_space_id" = "xyes"; then
> > +- AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > +- [DAQ version supports address space ID in header.])
> > +-fi
> > ++#AC_MSG_CHECKING([for daq address space ID]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <daq.h> #]], #[[
> > ++# DAQ_PktHdr_t hdr;
> > ++# hdr.address_space_id = 0;
> > ++#]])],
> > ++have_daq_address_space_id="yes"
> > ++#[have_daq_address_space_id="no"])
> > ++#AC_MSG_RESULT($have_daq_address_space_id)
> > ++#if test "x$have_daq_address_space_id" = "xyes"; then
> > ++# AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
> > ++# [DAQ version supports address space ID in header.])
> > ++#fi
> > +
> > + # any sparc platform has to have this one defined.
> > + AC_MSG_CHECKING(for sparc)
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > b/meta-networking/recipes-connectivity/snort/files/disable-inaddr-no
> > ne
> > .patch
> > new file mode 100644
> > index 0000000..9dafe63
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/files/disable-inadd
> > +++ r-
> > +++ no
> > +++ ne.patch
> > @@ -0,0 +1,75 @@
> > +Upstream-Status: Inappropriate [embedded specific]
> > +
> > +fix the below error:
> > +checking for INADDR_NONE... configure:
> > +configure: error: cannot run test program while cross compiling
> > +
> > +Signed-off-by: Chunrong Guo <[email protected]>
> > +
> > +
> > +--- a/configure.in 2013-08-21 03:56:17.197414789 -0500
> > ++++ b/configure.in 2013-08-21 23:19:05.298553560 -0500
> > +@@ -281,25 +281,7 @@
> > + AC_CHECK_TYPES([boolean])
> > +
> > + # In case INADDR_NONE is not defined (like on Solaris)
> > +-have_inaddr_none="no"
> > +-AC_MSG_CHECKING([for INADDR_NONE]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <sys/types.h> -#include
> > +<netinet/in.h> -#include <arpa/inet.h> -]], -[[
> > +- if (inet_addr("10,5,2") == INADDR_NONE);
> > +- return 0;
> > +-]])],
> > +-[have_inaddr_none="yes"],
> > +-[have_inaddr_none="no"])
> > +-AC_MSG_RESULT($have_inaddr_none)
> > +-if test "x$have_inaddr_none" = "xno"; then
> > +- AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
> > +-fi
> > ++have_inaddr_none="yes"
> > +
> > + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
> > + #include <stdio.h>
> > +@@ -397,21 +379,21 @@
> > + fi
> > + fi
> > +
> > +-AC_MSG_CHECKING([for pcap_lex_destroy]) -AC_RUN_IFELSE(
> > +-[AC_LANG_PROGRAM( -[[ -#include <pcap.h> -]], -[[
> > +- pcap_lex_destroy();
> > +-]])],
> > +-[have_pcap_lex_destroy="yes"],
> > +-[have_pcap_lex_destroy="no"])
> > +-AC_MSG_RESULT($have_pcap_lex_destroy)
> > +-if test "x$have_pcap_lex_destroy" = "xyes"; then
> > +- AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack
> > created by pcap bpf filter])
> > +-fi
> > ++#AC_MSG_CHECKING([for pcap_lex_destroy]) #AC_RUN_IFELSE(
> > ++#[AC_LANG_PROGRAM( #[[ ##include <pcap.h> #]], #[[
> > ++# pcap_lex_destroy();
> > ++#]])],
> > ++have_pcap_lex_destroy="yes"
> > ++#[have_pcap_lex_destroy="no"])
> > ++#AC_MSG_RESULT($have_pcap_lex_destroy)
> > ++#if test "x$have_pcap_lex_destroy" = "xyes"; then
> > ++# AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack
> > created by pcap bpf filter])
> > ++#fi
> > +
> > + AC_MSG_CHECKING([for pcap_lib_version]) AC_LINK_IFELSE(
> > diff --git
> > a/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > new file mode 100644
> > index 0000000..8639639
> > --- /dev/null
> > +++ b/meta-networking/recipes-connectivity/snort/snort_2.9.4.6.bb
> > @@ -0,0 +1,64 @@
> > +DESCRIPTION = "snort - a free lightweight network intrusion detection
> > system for UNIX and Windows."
> > +HOMEPAGE = "http://www.snort.org/";
> > +LICENSE = "GPL-2.0"
> > +LIC_FILES_CHKSUM = "file://COPYING;md5=78fa8ef966b48fbf9095e13cc92377c5"
> > +
> > +DEPENDS = "libpcap libpcre daq libdnet"
> > +
> > +
> > +SRC_URI = " ${GENTOO_MIRROR}/${BP}.tar.gz;name=tarball \
> > + file://disable-inaddr-none.patch \
> > + file://disable-dap-address-space-id.patch "
> > +
> > +SRC_URI[tarball.md5sum] = "4111df01a4f21bd1d328a18b76d625bd"
> > +SRC_URI[tarball.sha256sum] =
> > "cfaa5390b1840aaaa68a6c05a7077dd92cb916e6186a014baa451d43cdb0b3bc"
> > +
> > +inherit autotools gettext
> > +
> > +EXTRA_OECONF = " \
> > + --enable-gre \
> > + --enable-linux-smp-stats \
> > + --enable-reload \
> > + --enable-reload-error-restart \
> > + --enable-targetbased \
> > + --disable-static-daq \
> > + "
> > +
> > +do_install_append() {
> > + install -d ${D}/${sysconfdir}/snort/rules
> > + install -d ${D}/${sysconfdir}/snort/preproc_rules
> > + for i in map config conf dtd; do
> > + cp ${S}/etc/*.$i ${D}/${sysconfdir}/snort/
> > + done
> > + cp ${S}/preproc_rules/*.rules ${D}/${sysconfdir}/snort/preproc_rules/
> > + mkdir -p ${D}/${localstatedir}/log/snort }
> > +
> > +FILES_${PN} += " \
> > + ${libdir}/snort_dynamicengine/*.so.* \
> > + ${libdir}/snort_dynamicpreprocessor/*.so.* \
> > + ${libdir}/snort_dynamicrules/*.so.* \
> > + "
> > +FILES_${PN}-dbg += " \
> > + ${libdir}/snort_dynamicengine/.debug \
> > + ${libdir}/snort_dynamicpreprocessor/.debug \
> > + ${libdir}/snort_dynamicrules/.debug \
> > + "
> > +FILES_${PN}-staticdev += " \
> > + ${libdir}/snort_dynamicengine/*.a \
> > + ${libdir}/snort_dynamicpreprocessor/*.a \
> > + ${libdir}/snort_dynamicrules/*.a \
> > + ${libdir}/snort/dynamic_preproc/*.a \
> > + ${libdir}/snort/dynamic_output/*.a \
> > + "
> > +FILES_${PN}-dev += " \
> > + ${libdir}/snort_dynamicengine/*.la \
> > + ${libdir}/snort_dynamicpreprocessor/*.la \
> > + ${libdir}/snort_dynamicrules/*.la \
> > + ${libdir}/snort_dynamicengine/*.so \
> > + ${libdir}/snort_dynamicpreprocessor/*.so \
> > + ${libdir}/snort_dynamicrules/*.so \
> > + ${prefix}/src/snort_dynamicsrc \
> > + "
> > +
> > +RRECOMMENDS_${PN} += "barnyard"
> > --
> > 1.7.5.4
> >
> >
> > _______________________________________________
> > Openembedded-devel mailing list
> > [email protected]
> > http://lists.openembedded.org/mailman/listinfo/openembedded-devel
>
> --
> -Joe MacDonald.
> :wq
>
--
-Joe MacDonald.
:wq
_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel
