mirror of
https://github.com/openwrt/packages.git
synced 2026-02-04 12:06:29 +08:00
88e75f45ab
New upstream release. Changelog:
appid: configurable midstream service discovery
appid: prefer QUIC client appid over SSL
appid: prevent out-of-bounds read in bootp option parsing
appid: prevent out-of-bounds read in sslv2 server-hello detection
control: refactor connection ownership model and improve thread safety
extractor: avoid reporting default values for missing SSL fields
file_api: coverity fix
flow: refactor dump_flows command to dump flow state in binary format
mime: fix compile issues
react: block flow when packets are not reset candidates
show_flows: implement utility program to convert dump_flows binary files to text Flow state data for each flow
smtp: handle split CRLF in multi-line response parsing
ssl: ssl client hello event is published with empty hostname
% snort --version
,,_ -*> Snort++ <*-
o" )~ Version 3.10.2.0
'''' By Martin Roesch & The Snort Team
http://snort.org/contact#team
Copyright (C) 2014-2025 Cisco and/or its affiliates. All rights reserved.
Copyright (C) 1998-2013 Sourcefire, Inc., et al.
Using DAQ version 3.0.24
Using Vectorscan version 5.4.12 2026-01-11
Using libpcap version 1.10.5 (with TPACKET_V3)
Using LuaJIT version 2.1.0-beta3
Using LZMA version 5.8.1
Using OpenSSL 3.5.4 30 Sep 2025
Using PCRE2 version 10.47 2025-10-21
Using ZLIB version 1.3.1
Signed-off-by: John Audia <therealgraysky@proton.me>
112 lines
3.8 KiB
Makefile
112 lines
3.8 KiB
Makefile
#
|
|
# This is free software, licensed under the GNU General Public License v2.
|
|
# See /LICENSE for more information.
|
|
#
|
|
|
|
include $(TOPDIR)/rules.mk
|
|
|
|
PKG_NAME:=snort3
|
|
PKG_VERSION:=3.10.2.0
|
|
PKG_RELEASE:=1
|
|
|
|
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
|
PKG_SOURCE_URL:=https://codeload.github.com/snort3/snort3/tar.gz/$(PKG_VERSION)?
|
|
PKG_HASH:=5a7bad8c0c0c87ee12c74932c6cafbfb28c44abed4055a2862d222ff270a384e
|
|
|
|
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
|
|
PKG_LICENSE:=GPL-2.0-only
|
|
PKG_LICENSE_FILES:=COPYING
|
|
PKG_CPE_ID:=cpe:/a:snort:snort
|
|
|
|
include $(INCLUDE_DIR)/package.mk
|
|
include $(INCLUDE_DIR)/cmake.mk
|
|
|
|
define Package/snort3
|
|
SUBMENU:=Firewall
|
|
SECTION:=net
|
|
CATEGORY:=Network
|
|
DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre2 \
|
|
+libpthread +libuuid +zlib +libhwloc +USE_MUSL:libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \
|
|
+kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci \
|
|
+PACKAGE_gperftools:gperftools \
|
|
+PACKAGE_vectorscan:vectorscan
|
|
USERID:=snort=975:snort=975
|
|
TITLE:=Lightweight Network Intrusion Detection System
|
|
URL:=http://www.snort.org/
|
|
MENU:=1
|
|
endef
|
|
|
|
define Package/snort3/description
|
|
Snort is an open source network intrusion detection and prevention system.
|
|
It is capable of performing real-time traffic analysis, alerting, blocking
|
|
and packet logging on IP networks. It utilizes a combination of protocol
|
|
analysis and pattern matching in order to detect anomalies, misuse and
|
|
attacks.
|
|
|
|
Note:
|
|
When compiling from source, and if your target supports them, optionally
|
|
enable runtime dependencies for improved performance:
|
|
- gperftools
|
|
- vectorscan
|
|
These are not enabled by default and must be manually selected in menuconfig
|
|
to take advantage of their benefits.
|
|
endef
|
|
|
|
CMAKE_OPTIONS += \
|
|
-DUSE_TIRPC=$(if $(CONFIG_USE_MUSL),ON,OFF) \
|
|
-DENABLE_STATIC_DAQ:BOOL=NO \
|
|
-DDAQ_INCLUDE_DIR=$(STAGING_DIR)/usr/include/daq3 \
|
|
-DDAQ_LIBRARIES_DIR_HINT:PATH=$(STAGING_DIR)/usr/lib/daq3 \
|
|
-DFLEX_INCLUDES:PATH=$(STAGING_DIR_HOST)/include \
|
|
-DENABLE_COREFILES:BOOL=NO \
|
|
-DENABLE_GDB:BOOL=NO \
|
|
-DMAKE_DOC:BOOL=NO \
|
|
-DMAKE_HTML_DOC:BOOL=NO \
|
|
-DMAKE_PDF_DOC:BOOL=NO \
|
|
-DMAKE_TEXT_DOC:BOOL=NO \
|
|
-DHAVE_LIBUNWIND=OFF \
|
|
-DHAVE_LZMA=ON \
|
|
-DENABLE_TCMALLOC=$(if $(CONFIG_PACKAGE_gperftools),ON,OFF) \
|
|
-DENABLE_HYPERSCAN=$(if $(CONFIG_PACKAGE_vectorscan),ON,OFF) \
|
|
$(if $(CONFIG_PACKAGE_vectorscan),-DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs)
|
|
|
|
TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3
|
|
|
|
define Package/snort3/conffiles
|
|
/etc/config/snort
|
|
/etc/snort/
|
|
endef
|
|
|
|
define Package/snort3/install
|
|
$(INSTALL_DIR) $(1)/usr/bin
|
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort $(1)/usr/bin/
|
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/snort2lua $(1)/usr/bin/
|
|
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} $(1)/usr/bin/
|
|
$(INSTALL_BIN) ./files/snort-{mgr,rules} $(1)/usr/bin/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/lib/snort
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_{hext,file}.so $(1)/usr/lib/snort/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/share/lua
|
|
$(CP) $(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua $(1)/usr/share/lua/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/share/snort
|
|
$(INSTALL_CONF) ./files/main.uc $(1)/usr/share/snort/
|
|
|
|
$(INSTALL_DIR) $(1)/usr/share/snort/templates
|
|
$(INSTALL_CONF) ./files/{nftables,snort}.uc $(1)/usr/share/snort/templates/
|
|
|
|
$(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules}
|
|
|
|
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/*.lua $(1)/etc/snort
|
|
$(INSTALL_CONF) $(PKG_INSTALL_DIR)/usr/etc/snort/file_magic.rules $(1)/etc/snort
|
|
|
|
$(INSTALL_DIR) $(1)/etc/init.d
|
|
$(INSTALL_BIN) ./files/snort.init $(1)/etc/init.d/snort
|
|
|
|
$(INSTALL_DIR) $(1)/etc/config
|
|
$(INSTALL_CONF) ./files/snort.config $(1)/etc/config/snort
|
|
endef
|
|
|
|
$(eval $(call BuildPackage,snort3))
|