snort: remove package

Replaced with snort3. Signed-off-by: W. Michael Petullo <mike@flyn.org>
2024-01-02 17:10:46 -06:00 · 2024-01-02 17:10:46 -06:00 · 839f1313e7
commit 839f1313e7
parent c6c1dfc50b
8 changed files with 0 additions and 2598 deletions
--- a/net/snort/Config.in
+++ b/net/snort/Config.in
@ -1,11 +0,0 @@
-menu "Configuration"
-	depends on PACKAGE_snort
-
-config SNORT_LZMA
-	bool "Enable LZMA support"
-	default n
-	help
-           This option enables LZMA decompression.
-           Disabled by default.
-
-endmenu
--- a/net/snort/Makefile
+++ b/net/snort/Makefile
@ -1,160 +0,0 @@
-#
-# Copyright (C) 2006-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=snort
-PKG_VERSION:=2.9.20
-PKG_RELEASE:=1
-
-PKG_LICENSE:=GPL-2.0
-PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
-PKG_CPE_ID:=cpe:/a:snort:snort
-
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://www.snort.org/downloads/archive/snort/ \
-	@SF/$(PKG_NAME)
-PKG_HASH:=29400e13f53b1831e0b8b10ec1224a1cbaa6dc1533a5322a20dd80bb84b4981c
-
-PKG_BUILD_DEPENDS:=libtirpc
-PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)/$(PKG_NAME)-$(PKG_VERSION)
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/snort
-  SUBMENU:=Firewall
-  SECTION:=net
-  CATEGORY:=Network
-  DEPENDS:=+libdaq +libdnet +libnghttp2 +libopenssl +libpcap +libpcre2 +libpthread +libtirpc +libuuid +zlib @HAS_LUAJIT_ARCH +luajit +SNORT_LZMA:liblzma
-  TITLE:=Lightweight Network Intrusion Detection System
-  URL:=http://www.snort.org/
-  CONFLICTS:=snort3
-  MENU:=1
-endef
-
-define Package/snort/description
-  Snort is an open source network intrusion detection and prevention system.
-  It is capable of performing real-time traffic analysis, alerting, blocking
-  and packet logging on IP networks.  It utilizes a combination of protocol
-  analysis and pattern matching in order to detect anomalies, misuse and
-  attacks.
-endef
-
-define Package/snort/config
-	source "$(SOURCE)/Config.in"
-endef
-
-CONFIGURE_ARGS += \
-	--prefix="/usr" \
-	--enable-flexresp \
-	--with-dnet-includes="$(STAGING_DIR)/usr/include" \
-	--with-dnet-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-libpcap-includes="$(STAGING_DIR)/usr/include" \
-	--with-libpcap-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-libpcre2-includes="$(STAGING_DIR)/usr/include" \
-	--with-libpcre2-libraries="$(STAGING_DIR)/usr/lib" \
-	--with-daq-includes="$(STAGING_DIR)/usr/include/daq2" \
-	--with-daq-libraries="$(STAGING_DIR)/usr/lib/daq2" \
-	--disable-static-daq
-
-ifeq ($(CONFIG_SNORT_LZMA),)
-CONFIGURE_ARGS += \
-	--disable-lzma
-endif
-
-CONFIGURE_VARS += \
-	PATH="$(STAGING_DIR)/usr/lib/libnet-1.0.x/bin:$$$$PATH"
-
-MAKE_FLAGS += \
-	extra_incl=""
-	
-TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/tirpc
-
-define Build/InstallDev
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/include/snort/dynamic_preproc
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/include/snort/dynamic_preproc/* \
-		$(STAGING_DIR)/usr/include/snort/dynamic_preproc/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort/dynamic_preproc
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort/dynamic_preproc/* \
-		$(STAGING_DIR)/usr/lib/snort/dynamic_preproc/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicengine
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/* \
-		$(STAGING_DIR)/usr/lib/snort_dynamicengine/
-	$(INSTALL_DIR) $(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/* \
-		$(STAGING_DIR)/usr/lib/snort_dynamicpreprocessor/
-endef
-
-define Package/snort/conffiles
-/etc/config/snort
-/etc/snort/snort.conf
-endef
-
-define Package/snort/install
-	$(INSTALL_DIR) $(1)/usr/bin
-	$(INSTALL_BIN) \
-		$(PKG_INSTALL_DIR)/usr/bin/snort  \
-		$(1)/usr/bin/snort
-
-	$(INSTALL_BIN) \
-		$(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \
-		$(1)/usr/bin
-
-	$(INSTALL_DIR) $(1)/usr/lib/snort_dynamicengine
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicengine/libsf_engine.so* \
-		$(1)/usr/lib/snort_dynamicengine/
-
-	$(INSTALL_DIR) $(1)/usr/lib/snort_dynamicpreprocessor
-	$(CP) \
-		$(PKG_INSTALL_DIR)/usr/lib/snort_dynamicpreprocessor/libsf*.so* \
-		$(1)/usr/lib/snort_dynamicpreprocessor/
-
-	$(INSTALL_DIR) $(1)/etc/snort
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/etc/snort.conf \
-		$(1)/etc/snort/
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/etc/attribute_table.dtd \
-		$(1)/etc/snort/
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/etc/classification.config \
-		$(1)/etc/snort/
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/etc/gen-msg.map \
-		$(1)/etc/snort/
-	$(INSTALL_CONF) \
-			$(PKG_BUILD_DIR)/etc/reference.config \
-			$(1)/etc/snort/
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/etc/unicode.map \
-		$(1)/etc/snort/
-
-	$(INSTALL_DIR) $(1)/etc/snort/preproc_rules
-	$(INSTALL_CONF) \
-		$(PKG_BUILD_DIR)/preproc_rules/*.rules \
-		$(1)/etc/snort/preproc_rules/
-
-	$(INSTALL_DIR) $(1)/etc/init.d
-	$(INSTALL_BIN) \
-		./files/snort.init \
-		$(1)/etc/init.d/snort
-
-	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_CONF) \
-		./files/snort.config \
-		$(1)/etc/config/snort
-endef
-
-$(eval $(call BuildPackage,snort))
-
--- a/net/snort/files/snort.config
+++ b/net/snort/files/snort.config
@ -1,3 +0,0 @@
-config snort 'snort'
-	option config_file '/etc/snort/snort.conf'
-	option interface 'lo'
--- a/net/snort/files/snort.init
+++ b/net/snort/files/snort.init
@ -1,43 +0,0 @@
-#!/bin/sh /etc/rc.common
-# Copyright (C) 2015 OpenWrt.org
-
-START=90
-STOP=10
-
-USE_PROCD=1
-PROG=/usr/bin/snort
-
-validate_snort_section() {
-	uci_load_validate snort snort "$1" "$2" \
-		'config_file:string' \
-		'interface:string'
-}
-
-start_snort_instance() {
-	[ "$2" = 0 ] || {
-		echo "validation failed"
-		return 1
-	}
-
-	procd_open_instance
-	procd_set_param command $PROG "-q" "--daq-dir" "/usr/lib/daq/" "-i" "$interface" "-c" "$config_file" "-s" "-N"
-	procd_set_param file $config_file
-	procd_set_param respawn
-	procd_close_instance
-}
-
-start_service()
-{
-	validate_snort_section snort start_snort_instance
-}
-
-stop_service()
-{
-	service_stop ${PROG}
-}
-
-service_triggers()
-{
-	procd_add_reload_trigger "snort"
-	procd_add_validation validate_snort_section
-}
--- a/net/snort/patches/001-compile.patch
+++ b/net/snort/patches/001-compile.patch
@ -1,243 +0,0 @@
--- a/configure.in
-+++ b/configure.in
-@@ -282,21 +282,7 @@ AC_CHECK_TYPES([int8_t,int16_t,int32_t,i
- AC_CHECK_TYPES([boolean])
- 
- # In case INADDR_NONE is not defined (like on Solaris)
-have_inaddr_none="no"
-AC_MSG_CHECKING([for INADDR_NONE])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <sys/types.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-]],
-[[
-	if (inet_addr("10,5,2") == INADDR_NONE);
-    return 0;
-]])],
-[have_inaddr_none="yes"],
-[have_inaddr_none="no"])
-+have_inaddr_none="yes"
- AC_MSG_RESULT($have_inaddr_none)
- if test "x$have_inaddr_none" = "xno"; then
- 	AC_DEFINE([INADDR_NONE],[-1],[For INADDR_NONE definition])
-@@ -428,17 +414,7 @@ if test "x$LPCAP" = "xno"; then
-   fi
- fi
- 
-AC_MSG_CHECKING([for pcap_lex_destroy])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <pcap.h>
-]],
-[[
-   pcap_lex_destroy();
-]])],
-[have_pcap_lex_destroy="yes"],
-[have_pcap_lex_destroy="no"])
-+have_pcap_lex_destroy="yes"
- AC_MSG_RESULT($have_pcap_lex_destroy)
- if test "x$have_pcap_lex_destroy" = "xyes"; then
-     AC_DEFINE([HAVE_PCAP_LEX_DESTROY],[1],[Can cleanup lex buffer stack created by pcap bpf filter])
-@@ -716,18 +692,7 @@ fi
- 
- AC_CHECK_FUNCS([daq_hup_apply] [daq_acquire_with_meta] [daq_dp_add_dc])
- 
-AC_MSG_CHECKING([for daq real addresses])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_PktHdr_t hdr;
-   hdr.n_real_dPort = 0;
-]])],
-[have_daq_real_addresses="yes"],
-[have_daq_real_addresses="no"])
-+have_daq_address_space_id="yes"
- AC_MSG_RESULT($have_daq_real_addresses)
- if test "x$have_daq_real_addresses" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_REAL_ADDRESSES],[1],
-@@ -770,56 +735,21 @@ if test "x$ac_cv_func_daq_dp_add_dc" = "
- 
- fi
- 
-AC_MSG_CHECKING([for daq address space ID])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_PktHdr_t hdr;
-   hdr.address_space_id = 0;
-]])],
-[have_daq_address_space_id="yes"],
-[have_daq_address_space_id="no"])
-+have_daq_address_space_id="yes"
- AC_MSG_RESULT($have_daq_address_space_id)
- if test "x$have_daq_address_space_id" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_ADDRESS_SPACE_ID],[1],
-         [DAQ version supports address space ID in header.])
- fi
- 
-AC_MSG_CHECKING([for daq flow ID])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_PktHdr_t hdr;
-   hdr.flow_id = 0;
-]])],
-[have_daq_flow_id="yes"],
-[have_daq_flow_id="no"])
-+have_daq_flow_id="yes"
- AC_MSG_RESULT($have_daq_flow_id)
- if test "x$have_daq_flow_id" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_FLOW_ID],[1],
-         [DAQ version supports flow ID in header.])
- fi
- 
-AC_MSG_CHECKING([for daq extended flow modifiers])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_ModFlow_t mod;
-   mod.type = 0;
-   mod.length = 0;
-   mod.value = NULL;
-]])],
-[have_daq_ext_modflow="yes"],
-[have_daq_ext_modflow="no"])
-+have_daq_ext_modflow="yes"
- AC_MSG_RESULT($have_daq_ext_modflow)
- if test "x$have_daq_ext_modflow" = "xyes"; then
-     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_EXT_MODFLOW"
-@@ -827,20 +757,7 @@ if test "x$have_daq_ext_modflow" = "xyes
-         [DAQ version supports extended flow modifiers.])
- fi
- 
-AC_MSG_CHECKING([for daq query flow])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_QueryFlow_t mod;
-   mod.type = 0;
-   mod.length = 0;
-   mod.value = NULL;
-]])],
-[have_daq_queryflow="yes"],
-[have_daq_queryflow="no"])
-+have_daq_queryflow="no"
- AC_MSG_RESULT($have_daq_queryflow)
- if test "x$have_daq_queryflow" = "xyes"; then
-     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_QUERYFLOW"
-@@ -848,17 +765,7 @@ if test "x$have_daq_queryflow" = "xyes";
-         [DAQ version supports query flow.])
- fi
- 
-AC_MSG_CHECKING([for daq data channel flags])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_Data_Channel_Params_t params;
-]])],
-[have_daq_data_channel_flags="yes"],
-[have_daq_data_channel_flags="no"])
-+have_daq_data_channel_flags="yes"
- AC_MSG_RESULT($have_daq_data_channel_flags)
- if test "x$have_daq_data_channel_flags" = "xyes"; then
-     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_PARAMS"
-@@ -866,18 +773,7 @@ if test "x$have_daq_data_channel_flags"
-         [DAQ version supports data channel.])
- fi
- 
-AC_MSG_CHECKING([for separate IP versions on pinhole endpoints])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_DP_key_t dpKey;
-   dpKey.src_af = 0;
-]])],
-[have_daq_data_channel_separate_ip_versions="yes"],
-[have_daq_data_channel_separate_ip_versions="no"])
-+have_daq_data_channel_separate_ip_versions="yes"
- AC_MSG_RESULT($have_daq_data_channel_separate_ip_versions)
- if test "x$have_daq_data_channel_separate_ip_versions" = "xyes"; then
-     CCONFIGFLAGS="${CCONFIGFLAGS} -DHAVE_DAQ_DATA_CHANNEL_SEPARATE_IP_VERSIONS"
-@@ -886,35 +782,14 @@ if test "x$have_daq_data_channel_separat
- fi
- 
- AC_MSG_CHECKING([for DAQ_VERDICT_RETRY])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_Verdict verdict;
-   verdict = DAQ_VERDICT_RETRY;
-]])],
-[have_daq_verdict_retry="yes"],
-[have_daq_verdict_retry="no"])
-+have_daq_verdict_retry="yes"
- AC_MSG_RESULT($have_daq_verdict_retry)
- if test "x$have_daq_verdict_retry" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_VERDICT_RETRY],[1],
-         [DAQ version supports DAQ_VERDICT_RETRY in DAQ_Verdict.])
- fi
- 
-AC_MSG_CHECKING([for daq packet trace])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_PktHdr_t hdr;
-   hdr.flags = DAQ_PKT_FLAG_TRACE_ENABLED;
-]])],
-[have_daq_packet_trace="yes"],
-[have_daq_packet_trace="no"])
-+have_daq_packet_trace="no"
- AC_MSG_RESULT($have_daq_packet_trace)
- if test "x$have_daq_packet_trace" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_PKT_TRACE],[1],
-@@ -923,18 +798,7 @@ else
-     echo "DAQ version doesn't support packet trace."
- fi
- 
-AC_MSG_CHECKING([for daq verdict reason])
-AC_RUN_IFELSE(
-[AC_LANG_PROGRAM(
-[[
-#include <daq.h>
-]],
-[[
-   DAQ_ModFlow_t fl;
-   fl.type = DAQ_MODFLOW_TYPE_VER_REASON;
-]])],
-[have_daq_verdict_reason="yes"],
-[have_daq_verdict_reason="no"])
-+have_daq_verdict_reason="no"
- AC_MSG_RESULT($have_daq_verdict_reason)
- if test "x$have_daq_verdict_reason" = "xyes"; then
-     AC_DEFINE([HAVE_DAQ_VERDICT_REASON],[1],
--- a/net/snort/patches/002-fix_include.patch
+++ b/net/snort/patches/002-fix_include.patch
@ -1,14 +0,0 @@
--- a/configure.in
-+++ b/configure.in
-@@ -67,6 +67,11 @@ case "$host" in
-     AC_DEFINE([SUNOS],[1],[Define if SunOS])
-     sunos4="yes"
-     ;;
-+  *-openwrt*)
-+    linux="yes"
-+    AC_DEFINE([LINUX],[1],[Define if Linux])
-+    AC_SUBST(extra_incl)
-+    ;;
-   *-linux*)
-     linux="yes"
-     AC_DEFINE([LINUX],[1],[Define if Linux])
--- a/net/snort/patches/003-include-tirpc.patch
+++ b/net/snort/patches/003-include-tirpc.patch
@ -1,10 +0,0 @@
--- a/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c
-+++ b/src/dynamic-preprocessors/appid/service_plugins/service_rpc.c
-@@ -32,6 +32,7 @@
- #include "flow.h"
- #include "service_api.h"
- 
-+#include <tirpc/rpc/rpcent.h>
- #if defined(FREEBSD) || defined(OPENBSD)
- #include "rpc/rpc.h"
- #endif
--- a/net/snort/patches/900-Convert-project-to-PCRE2.patch
+++ b/net/snort/patches/900-Convert-project-to-PCRE2.patch