From 6b84f5cd610648cbff19db22a116909af5a2fc1c Mon Sep 17 00:00:00 2001 From: Aycan iRiCAN Date: Fri, 2 Oct 2015 10:11:04 +0300 Subject: [PATCH] snort: introducing inline snort support via nfq daq --- pkgs/applications/networking/ids/daq/default.nix | 6 ++++-- pkgs/applications/networking/ids/snort/default.nix | 10 +++++++++- pkgs/development/libraries/libdnet/default.nix | 4 ++-- 3 files changed, 15 insertions(+), 5 deletions(-) diff --git a/pkgs/applications/networking/ids/daq/default.nix b/pkgs/applications/networking/ids/daq/default.nix index c4a82966238a..9339bfef6e03 100644 --- a/pkgs/applications/networking/ids/daq/default.nix +++ b/pkgs/applications/networking/ids/daq/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, flex, bison, libpcap}: +{stdenv, fetchurl, flex, bison, libpcap, libdnet, libnfnetlink, libnetfilter_queue}: stdenv.mkDerivation rec { name = "daq-2.0.5"; @@ -9,7 +9,9 @@ stdenv.mkDerivation rec { sha256 = "0vdwb0r9kdlgj4g0i0swafbc7qik0zmks17mhqji8cl7hpdva13p"; }; - buildInputs = [ flex bison libpcap ]; + buildInputs = [ flex bison libpcap libdnet libnfnetlink libnetfilter_queue]; + + configureFlags = "--enable-nfq-module=yes --with-dnet-includes=${libdnet}/includes --with-dnet-libraries=${libdnet}/lib"; meta = { description = "Data AcQuisition library (DAQ), for packet I/O"; diff --git a/pkgs/applications/networking/ids/snort/default.nix b/pkgs/applications/networking/ids/snort/default.nix index ea7e09626994..4a8007796b1c 100644 --- a/pkgs/applications/networking/ids/snort/default.nix +++ b/pkgs/applications/networking/ids/snort/default.nix @@ -1,4 +1,4 @@ -{stdenv, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison}: +{stdenv, makeWrapper, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison}: stdenv.mkDerivation rec { version = "2.9.7.2"; @@ -11,6 +11,14 @@ stdenv.mkDerivation rec { }; buildInputs = [ libpcap pcre libdnet daq zlib flex bison ]; + + enableParallelBuilding = true; + + configureFlags = "--disable-static-daq --enable-control-socket --with-daq-includes=${daq}/includes --with-daq-libraries=${daq}/lib"; + + postInstall = '' + wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq" + ''; meta = { description = "Network intrusion prevention and detection system (IDS/IPS)"; diff --git a/pkgs/development/libraries/libdnet/default.nix b/pkgs/development/libraries/libdnet/default.nix index 2bdeffb204d8..8911539d7b02 100644 --- a/pkgs/development/libraries/libdnet/default.nix +++ b/pkgs/development/libraries/libdnet/default.nix @@ -10,10 +10,10 @@ stdenv.mkDerivation { sha1 = "71302be302e84fc19b559e811951b5d600d976f8"; }; - configureFlags = [ "--enable-shared" ]; # shared libs required by hyenae - buildInputs = [ automake autoconf libtool ]; + CFLAGS="-fPIC"; + # .so endings are missing (quick and dirty fix) postInstall = '' for i in $out/lib/*; do