Merge pull request #10178 from aycanirican/snort_inline_support

snort: introducing inline snort support via nfq daq
2024-11-01 23:22:37 +00:00 · 2015-10-02 10:27:23 +03:00 · 2015-10-02 10:27:23 +03:00 · c416e4a129
commit c416e4a129
parent ff742d5475 8d8457d9ae
3 changed files with 16 additions and 6 deletions
--- a/pkgs/applications/networking/ids/daq/default.nix
+++ b/pkgs/applications/networking/ids/daq/default.nix
@ -1,4 +1,4 @@
-{stdenv, fetchurl, flex, bison, libpcap}:
+{stdenv, fetchurl, flex, bison, libpcap, libdnet, libnfnetlink, libnetfilter_queue}:

 stdenv.mkDerivation rec {
  name = "daq-2.0.5";
@ -9,7 +9,9 @@ stdenv.mkDerivation rec {
    sha256 = "0vdwb0r9kdlgj4g0i0swafbc7qik0zmks17mhqji8cl7hpdva13p";
  };

-  buildInputs = [ flex bison libpcap ];
+  buildInputs = [ flex bison libpcap libdnet libnfnetlink libnetfilter_queue];
+
+  configureFlags = "--enable-nfq-module=yes --with-dnet-includes=${libdnet}/includes --with-dnet-libraries=${libdnet}/lib"; 

  meta = {
    description = "Data AcQuisition library (DAQ), for packet I/O";
--- a/pkgs/applications/networking/ids/snort/default.nix
+++ b/pkgs/applications/networking/ids/snort/default.nix
@ -1,4 +1,4 @@
-{stdenv, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison}:
+{stdenv, makeWrapper, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison}:

 stdenv.mkDerivation rec {
  version = "2.9.7.2";
@ -10,7 +10,15 @@ stdenv.mkDerivation rec {
    sha256 = "1gmlrh9ygpd5h6nnrr4090wk5n2yq2yrvwi7q6xbm6lxj4rcamyv";
  };
  
-  buildInputs = [ libpcap pcre libdnet daq zlib flex bison ];
+  buildInputs = [ makeWrapper libpcap pcre libdnet daq zlib flex bison ];
+
+  enableParallelBuilding = true;
+
+  configureFlags = "--disable-static-daq --enable-control-socket --with-daq-includes=${daq}/includes --with-daq-libraries=${daq}/lib";
+
+  postInstall = ''
+    wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq"
+  '';
  
  meta = {
    description = "Network intrusion prevention and detection system (IDS/IPS)";
--- a/pkgs/development/libraries/libdnet/default.nix
+++ b/pkgs/development/libraries/libdnet/default.nix
@ -10,10 +10,10 @@ stdenv.mkDerivation {
    sha1 = "71302be302e84fc19b559e811951b5d600d976f8";
  };

-  configureFlags = [ "--enable-shared" ]; # shared libs required by hyenae
-
  buildInputs = [ automake autoconf libtool ];

+  CFLAGS="-fPIC";
+
  # .so endings are missing (quick and dirty fix)
  postInstall = ''
    for i in $out/lib/*; do