NFQ is the new and improved way to process iptables packets. Snort IPS mode requires this module in some cases.
Before the patch: $ snort --daq-list Available DAQ modules: pcap(v3): readback live multi unpriv ipfw(v3): live inline multi unpriv dump(v3): readback live inline multi unpriv afpacket(v5): live inline multi unpriv After the patch: $ snort --daq-list Available DAQ modules: pcap(v3): readback live multi unpriv nfq(v7): live inline multi ipfw(v3): live inline multi unpriv dump(v3): readback live inline multi unpriv afpacket(v5): live inline multi unpriv Also update 0001-correct-the-location-of-unistd.h.patch to fix build with musl. Signed-off-by: Yi Zhao <[email protected]> --- .../recipes-connectivity/daq/daq_2.0.7.bb | 4 +-- ...001-correct-the-location-of-unistd.h.patch | 27 +++++++++++++++---- 2 files changed, 24 insertions(+), 7 deletions(-) diff --git a/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb b/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb index 14d809f51..c5499ffee 100644 --- a/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb +++ b/meta-networking/recipes-connectivity/daq/daq_2.0.7.bb @@ -6,7 +6,7 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=f9ce51a65dd738dc1ae631d8b21c40e0" PARALLEL_MAKE = "" -DEPENDS = "libpcap libpcre libdnet bison-native" +DEPENDS = "libpcap libpcre libdnet bison-native libnetfilter-queue" SRC_URI = "http://fossies.org/linux/misc/daq-${PV}.tar.gz \ file://disable-run-test-program-while-cross-compiling.patch \ @@ -19,7 +19,7 @@ SRC_URI[sha256sum] = "bdc4e5a24d1ea492c39ee213a63c55466a2e8114b6a9abed609927ae13 # # never look to /usr/local lib while cross compiling -EXTRA_OECONF = "--disable-nfq-module --disable-ipq-module --includedir=${includedir} \ +EXTRA_OECONF = "--enable-nfq-module --disable-ipq-module --includedir=${includedir} \ --with-libpcap-includes=${STAGING_INCDIR} --with-dnet-includes=${STAGING_LIBDIR}" PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)}" diff --git a/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch b/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch index 38dae2099..7587d4433 100644 --- a/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch +++ b/meta-networking/recipes-connectivity/daq/files/0001-correct-the-location-of-unistd.h.patch @@ -1,14 +1,15 @@ -From 10e7d4e4bfcb70344d18f0d4ce36068475747f25 Mon Sep 17 00:00:00 2001 +From b7d54de51553f6d09906c355bd0dd326890c8fe4 Mon Sep 17 00:00:00 2001 From: Khem Raj <[email protected]> Date: Wed, 29 Mar 2017 15:59:43 -0700 Subject: [PATCH] correct the location of unistd.h -Signed-off-by: Khem Raj <[email protected]> ---- Upstream-Status: Pending +Signed-off-by: Khem Raj <[email protected]> +--- os-daq-modules/daq_ipfw.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) + os-daq-modules/daq_nfq.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/os-daq-modules/daq_ipfw.c b/os-daq-modules/daq_ipfw.c index 016beb0..c2a4175 100644 @@ -26,6 +27,22 @@ index 016beb0..c2a4175 100644 #include <netinet/in.h> #include <sys/socket.h> +diff --git a/os-daq-modules/daq_nfq.c b/os-daq-modules/daq_nfq.c +index 33021c0..4de94b6 100644 +--- a/os-daq-modules/daq_nfq.c ++++ b/os-daq-modules/daq_nfq.c +@@ -24,10 +24,10 @@ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> ++#include <unistd.h> + + #include <sys/types.h> + #include <sys/time.h> +-#include <sys/unistd.h> + + #include <netinet/ip.h> + -- -2.12.1 +2.25.1 -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#104068): https://lists.openembedded.org/g/openembedded-devel/message/104068 Mute This Topic: https://lists.openembedded.org/mt/100407166/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
