mirror of
https://github.com/MiyooCFW/buildroot.git
synced 2025-09-27 22:24:19 +03:00
Merge from bittboy/buildroot@db180c0
This commit is contained in:
TriForceX
@@ -0,0 +1,29 @@
|
||||
From 2660123b0c16d7f6a49747711be676c4119561c9 Mon Sep 17 00:00:00 2001
|
||||
From: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
Date: Wed, 24 Apr 2019 20:35:20 +0200
|
||||
Subject: [PATCH] configure.ac: fix static build with pcap
|
||||
|
||||
pcap can depends on nl-3 so use pkg-config to find these dependencies
|
||||
otherwise all AC_CHECK_LIB calls will fail when building statically
|
||||
|
||||
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
|
||||
[Upstream status: not sent yet]
|
||||
---
|
||||
configure.ac | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index ee59c9d8e..5ec341231 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -1331,6 +1331,7 @@
|
||||
AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
|
||||
|
||||
LIBPCAP=""
|
||||
+ PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}"],[])
|
||||
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no")
|
||||
if test "$LIBPCAP" = "no"; then
|
||||
echo
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@@ -0,0 +1,28 @@
|
||||
From b37554e0bc3cf383e6547c5c6a69c6f6849c09e3 Mon Sep 17 00:00:00 2001
|
||||
From: Eric Leblond <eric@regit.org>
|
||||
Date: Wed, 17 Jul 2019 12:35:12 +0200
|
||||
Subject: [PATCH] af-packet: fix build on recent Linux kernels
|
||||
|
||||
Downloaded from upstream commit
|
||||
https://github.com/OISF/suricata/commit/b37554e0bc3cf383e6547c5c6a69c6f6849c09e3
|
||||
|
||||
Signed-off-by: Bernd Kuhls <bernd.kuhls@t-online.de>
|
||||
---
|
||||
src/source-af-packet.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/source-af-packet.c b/src/source-af-packet.c
|
||||
index 2c65ccbcf5..e117d36e5c 100644
|
||||
--- a/src/source-af-packet.c
|
||||
+++ b/src/source-af-packet.c
|
||||
@@ -65,6 +65,10 @@
|
||||
#include <sys/ioctl.h>
|
||||
#endif
|
||||
|
||||
+#if HAVE_LINUX_SOCKIOS_H
|
||||
+#include <linux/sockios.h>
|
||||
+#endif
|
||||
+
|
||||
#ifdef HAVE_PACKET_EBPF
|
||||
#include "util-ebpf.h"
|
||||
#include <bpf/libbpf.h>
|
||||
22
package/suricata/Config.in
Normal file
22
package/suricata/Config.in
Normal file
@@ -0,0 +1,22 @@
|
||||
config BR2_PACKAGE_SURICATA
|
||||
bool "suricata"
|
||||
depends on BR2_USE_MMU # fork()
|
||||
depends on BR2_USE_WCHAR
|
||||
depends on BR2_TOOLCHAIN_HAS_THREADS
|
||||
select BR2_PACKAGE_LIBHTP
|
||||
select BR2_PACKAGE_LIBPCAP
|
||||
select BR2_PACKAGE_LIBYAML
|
||||
select BR2_PACKAGE_PCRE
|
||||
help
|
||||
Suricata is a free and open source, mature, fast and robust
|
||||
network threat detection engine.
|
||||
|
||||
The Suricata engine is capable of real time intrusion
|
||||
detection (IDS), inline intrusion prevention (IPS), network
|
||||
security monitoring (NSM) and offline pcap processing.
|
||||
|
||||
https://suricata-ids.org
|
||||
|
||||
comment "suricata needs a toolchain w/ wchar, threads"
|
||||
depends on BR2_USE_MMU
|
||||
depends on !BR2_USE_WCHAR || !BR2_TOOLCHAIN_HAS_THREADS
|
||||
64
package/suricata/S99suricata
Normal file
64
package/suricata/S99suricata
Normal file
@@ -0,0 +1,64 @@
|
||||
#!/bin/sh
|
||||
|
||||
DAEMON=suricata
|
||||
PIDFILE=/var/run/$DAEMON.pid
|
||||
|
||||
SURICATA_ARGS="-c /etc/suricata/suricata.yaml -i eth0"
|
||||
|
||||
SURICATA_RELOAD=0
|
||||
|
||||
[ -r "/etc/default/$DAEMON" ] && . "/etc/default/$DAEMON"
|
||||
|
||||
start() {
|
||||
printf 'Starting %s: ' "$DAEMON"
|
||||
mkdir -p /var/log/suricata
|
||||
start-stop-daemon -b -m -S -q -p "$PIDFILE" -x "/usr/bin/$DAEMON" \
|
||||
-- $SURICATA_ARGS
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
stop() {
|
||||
printf 'Stopping %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
rm -f "$PIDFILE"
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
restart() {
|
||||
stop
|
||||
sleep 1
|
||||
start
|
||||
}
|
||||
|
||||
# SIGUSR2 makes suricata reload rules
|
||||
reload() {
|
||||
printf 'Reloading %s: ' "$DAEMON"
|
||||
start-stop-daemon -K -s "$SURICATA_RELOAD" -q -p "$PIDFILE"
|
||||
status=$?
|
||||
if [ "$status" -eq 0 ]; then
|
||||
echo "OK"
|
||||
else
|
||||
echo "FAIL"
|
||||
fi
|
||||
return "$status"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start|stop|restart|reload)
|
||||
"$1";;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|restart|reload}"
|
||||
exit 1
|
||||
esac
|
||||
6
package/suricata/suricata.hash
Normal file
6
package/suricata/suricata.hash
Normal file
@@ -0,0 +1,6 @@
|
||||
# Locally computed:
|
||||
sha256 6cda6c80b753ce36483c6be535358b971f3890b9aa27a58c2d2f7e89dd6c6aa0 suricata-4.1.3.tar.gz
|
||||
|
||||
# Hash for license files:
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|
||||
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 LICENSE
|
||||
128
package/suricata/suricata.mk
Normal file
128
package/suricata/suricata.mk
Normal file
@@ -0,0 +1,128 @@
|
||||
################################################################################
|
||||
#
|
||||
# suricata
|
||||
#
|
||||
################################################################################
|
||||
|
||||
SURICATA_VERSION = 4.1.3
|
||||
SURICATA_SITE = https://www.openinfosecfoundation.org/download
|
||||
SURICATA_LICENSE = GPL-2.0
|
||||
SURICATA_LICENSE_FILES = COPYING LICENSE
|
||||
# We're patching configure.ac
|
||||
SURICATA_AUTORECONF = YES
|
||||
|
||||
SURICATA_DEPENDENCIES = \
|
||||
host-pkgconf \
|
||||
$(if $(BR2_PACKAGE_JANSSON),jansson) \
|
||||
$(if $(BR2_PACKAGE_LIBCAP_NG),libcap-ng) \
|
||||
$(if $(BR2_PACKAGE_LIBEVENT),libevent) \
|
||||
libhtp \
|
||||
$(if $(BR2_PACKAGE_LIBNFNETLINK),libnfnetlink) \
|
||||
libpcap \
|
||||
libyaml \
|
||||
$(if $(BR2_PACKAGE_LZ4),lz4) \
|
||||
$(if $(BR2_PACKAGE_LZMA),lzma) \
|
||||
pcre
|
||||
|
||||
SURICATA_CONF_OPTS = \
|
||||
--disable-gccprotect \
|
||||
--disable-pie \
|
||||
--disable-rust \
|
||||
--disable-suricata-update \
|
||||
--enable-non-bundled-htp
|
||||
|
||||
# install: install binaries
|
||||
# install-conf: install initial configuration files
|
||||
# install-full: install binaries, configuration and rules (rules will be
|
||||
# download through wget/curl)
|
||||
SURICATA_INSTALL_TARGET_OPTS = DESTDIR=$(TARGET_DIR) install install-conf
|
||||
|
||||
ifeq ($(BR2_PACKAGE_FILE),y)
|
||||
SURICATA_DEPENDENCIES += file
|
||||
SURICATA_CONF_OPTS += --enable-libmagic
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-libmagic
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_GEOIP),y)
|
||||
SURICATA_DEPENDENCIES += geoip
|
||||
SURICATA_CONF_OPTS += --enable-geoip
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-geoip
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_HIREDIS),y)
|
||||
SURICATA_DEPENDENCIES += hiredis
|
||||
SURICATA_CONF_OPTS += --enable-hiredis
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-hiredis
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBNET),y)
|
||||
SURICATA_DEPENDENCIES += libnet
|
||||
SURICATA_CONF_OPTS += --with-libnet-includes=$(STAGING_DIR)/usr/include
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBNETFILTER_LOG),y)
|
||||
SURICATA_DEPENDENCIES += libnetfilter_log
|
||||
SURICATA_CONF_OPTS += --enable-nflog
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-nflog
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBNETFILTER_QUEUE),y)
|
||||
SURICATA_DEPENDENCIES += libnetfilter_queue
|
||||
SURICATA_CONF_OPTS += --enable-nfqueue
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-nfqueue
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBNSPR),y)
|
||||
SURICATA_DEPENDENCIES += libnspr
|
||||
SURICATA_CONF_OPTS += --enable-nspr
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-nspr
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LIBNSS),y)
|
||||
SURICATA_DEPENDENCIES += libnss
|
||||
SURICATA_CONF_OPTS += --enable-nss
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-nss
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LUA),y)
|
||||
SURICATA_CONF_OPTS += --enable-lua
|
||||
SURICATA_DEPENDENCIES += lua
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-lua
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_LUAJIT),y)
|
||||
SURICATA_CONF_OPTS += --enable-luajit
|
||||
SURICATA_DEPENDENCIES += luajit
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-luajit
|
||||
endif
|
||||
|
||||
ifeq ($(BR2_PACKAGE_PYTHON)$(BR2_PACKAGE_PYTHON3),y)
|
||||
SURICATA_CONF_OPTS += --enable-python
|
||||
SURICATA_DEPENDENCIES += $(if $(BR2_PACKAGE_PYTHON),python,python3)
|
||||
else
|
||||
SURICATA_CONF_OPTS += --disable-python
|
||||
endif
|
||||
|
||||
define SURICATA_INSTALL_INIT_SYSV
|
||||
$(INSTALL) -D -m 0755 package/suricata/S99suricata \
|
||||
$(TARGET_DIR)/etc/init.d/S99suricata
|
||||
endef
|
||||
|
||||
define SURICATA_INSTALL_INIT_SYSTEMD
|
||||
$(INSTALL) -D -m 644 package/suricata/suricata.service \
|
||||
$(TARGET_DIR)/usr/lib/systemd/system/suricata.service
|
||||
mkdir -p $(TARGET_DIR)/etc/systemd/system/multi-user.target.wants
|
||||
ln -sf ../../../../usr/lib/systemd/system/suricata.service \
|
||||
$(TARGET_DIR)/etc/systemd/system/multi-user.target.wants/suricata.service
|
||||
endef
|
||||
|
||||
$(eval $(autotools-package))
|
||||
14
package/suricata/suricata.service
Normal file
14
package/suricata/suricata.service
Normal file
@@ -0,0 +1,14 @@
|
||||
[Unit]
|
||||
Description=Suricata Intrusion Detection Service
|
||||
After=network.target
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=-/etc/default/suricata
|
||||
ExecStartPre=/bin/rm -f /var/run/suricata.pid
|
||||
ExecStartPre=/usr/bin/mkdir -p /var/log/suricata
|
||||
ExecStart=/usr/bin/suricata -c /etc/suricata/suricata.yaml -i eth0 --pidfile /var/run/suricata.pid
|
||||
ExecReload=/bin/kill -USR2 $MAINPID
|
||||
Restart=always
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user