include $(TOPDIR)/rules.mk
PKG_NAME:=snort3
-PKG_VERSION:=3.1.70.0
+PKG_VERSION:=3.1.84.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
-PKG_HASH:=4917f2631d033383ca553002f5688b61df507f5c809b9ba62abceca45a7554ad
+PKG_HASH:=dca1707a66f6ca56ddd526163b2d951cefdb168bddc162c791adc74c0d226c7f
-PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
+PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
PKG_LICENSE:=GPL-2.0-only
PKG_LICENSE_FILES:=COPYING
PKG_CPE_ID:=cpe:/a:snort:snort
SUBMENU:=Firewall
SECTION:=net
CATEGORY:=Network
- DEPENDS:=+libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic
+ DEPENDS:= \
+ +(TARGET_x86||TARGET_x86_64):hyperscan-runtime \
+ +(TARGET_x86||TARGET_x86_64):gperftools-runtime \
+ +libstdcpp +libdaq3 +libdnet +libopenssl +libpcap +libpcre +libpthread \
+ +libuuid +zlib +libhwloc +libtirpc @HAS_LUAJIT_ARCH +luajit +libatomic \
+ +kmod-nft-queue +liblzma +ucode +ucode-mod-fs +ucode-mod-uci
TITLE:=Lightweight Network Intrusion Detection System
URL:=http://www.snort.org/
MENU:=1
attacks.
endef
+# Hyperscan and gperftools only builds for x86
+ifdef CONFIG_TARGET_x86_64
+ CMAKE_OPTIONS += -DHS_INCLUDE_DIRS=$(STAGING_DIR)/usr/include/hs \
+ -DENABLE_TCMALLOC=ON \
+ -DTCMALLOC_LIBRARIES=$(STAGING_DIR)/usr/lib/libtcmalloc.so
+endif
+
CMAKE_OPTIONS += \
-DUSE_TIRPC:BOOL=YES \
-DENABLE_STATIC_DAQ:BOOL=NO \
-DMAKE_PDF_DOC:BOOL=NO \
-DMAKE_TEXT_DOC:BOOL=NO \
-DHAVE_LIBUNWIND=OFF \
- -DHAVE_LZMA=OFF
+ -DHAVE_LZMA=ON
TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include/daq3 -I$(STAGING_DIR)/usr/include/tirpc
TARGET_LDFLAGS += -L$(STAGING_DIR)/usr/lib/daq3 -ltirpc
$(PKG_INSTALL_DIR)/usr/bin/u2{boat,spewfoo} \
$(1)/usr/bin/
+ $(INSTALL_BIN) \
+ ./files/snort-{mgr,rules} \
+ $(1)/usr/bin/
+
$(INSTALL_DIR) $(1)/usr/lib/snort
$(CP) \
$(PKG_INSTALL_DIR)/usr/lib/snort/daq/daq_hext.so \
$(PKG_INSTALL_DIR)/usr/include/snort/lua/snort_plugin.lua \
$(1)/usr/share/lua/
+ $(INSTALL_DIR) $(1)/usr/share/snort
+ $(INSTALL_CONF) \
+ ./files/main.uc \
+ $(1)/usr/share/snort/
+
+ $(INSTALL_DIR) $(1)/usr/share/snort/templates
+ $(INSTALL_CONF) \
+ ./files/nftables.uc \
+ $(1)/usr/share/snort/templates/
+ $(INSTALL_CONF) \
+ ./files/snort.uc \
+ $(1)/usr/share/snort/templates/
+
$(INSTALL_DIR) $(1)/etc/snort/{rules,lists,builtin_rules,so_rules}
$(INSTALL_CONF) \
$(INSTALL_CONF) \
./files/snort.config \
$(1)/etc/config/snort
- $(INSTALL_CONF) \
- ./files/local.lua \
- $(1)/etc/snort
- $(INSTALL_CONF) \
- ./files/homenet.lua \
- $(1)/etc/snort
+
sed \
- -i -e "/^EXTERNAL_NET\\s\\+=/ a include 'homenet.lua'" \
- -e "/^HOME_NET\\s\\+=/ i -- we set HOME_NET and EXTERNAL_NET here or via an included file" \
+ -i \
+ -e "/^-- HOME_NET and EXTERNAL_NET/ i -- The values for the two variables HOME_NET and EXTERNAL_NET have been" \
+ -e "/^-- HOME_NET and EXTERNAL_NET/ i -- moved to /etc/config/snort, so do not modify them here without good" \
+ -e "/^-- HOME_NET and EXTERNAL_NET/ i -- reason.\n" \
-e 's/^\(HOME_NET\s\+=\)/--\1/g' \
-e 's/^\(EXTERNAL_NET\s\+=\)/--\1/g' \
$(1)/etc/snort/snort.lua