Re: snort+LuaJIT

2021-09-18 Thread Markus Lude 
On Wed, Jul 14, 2021 at 10:22:12AM +0100, Stuart Henderson wrote:

Hello Stuart,

first I'd like to apologize for the late reply.

> LuaJIT only supports a limited number of archs, restricting what snort
> can be run on. (Notably LuaJIT 2.0 doesn't support aarch64). This diff,
> prompted by a mail from Soner Tari, adds a no_luajit flavour disabling
> use of LuaJIT, and uses it by default unless on one of the archs where
> LuaJIT is supported.
>
> It would also be possible to get rid of the flavour and just include or
> disable appid depending on the arch, but with rspamd I found it helpful
> to be able to build without luajit on amd64 for testing, so I took the
> same approach.
>
> @comment approach is similar to MODPY_COMMENT used in many Python ports
> to include/exclude files based on a Makefile without the need to manage
> separate PFRAG files.

Thanks for your patch.

Attached is a straight forward update of snort to 2.9.18.1 with your
additional patch.
The flavored and unflavored versions work for me on amd64.
Unfortunately I don't have other archs to test.

Regards,
Markus

Index: Makefile
===
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.110
diff -u -p -u -p -r1.110 Makefile
--- Makefile11 Jul 2021 02:11:34 -  1.110
+++ Makefile18 Sep 2021 21:34:47 -
@@ -2,9 +2,9 @@

 COMMENT =  highly flexible sniffer/NIDS

-DISTNAME = snort-2.9.18
-RULESV =   29180
-SUBST_VARS =   RULESV
+DISTNAME = snort-2.9.18.1
+RULESV =   29181
+SUBST_VARS =   RULESV APPID_COMMENT

 CATEGORIES =   net security

@@ -15,8 +15,17 @@ MAINTAINER = Markus Lude https://www.snort.org/downloads/snort/

@@ -29,10 +38,18 @@ LIBTOOL_FLAGS = --tag=disable-static

 LIB_DEPENDS =  archivers/xz \
devel/pcre \
-   lang/luajit \
net/daq \
net/libdnet \
www/nghttp2
+
+.if ${FLAVOR:Mno_luajit}
+CONFIGURE_ARGS +=  --disable-open-appid
+APPID_COMMENT ="@comment "
+.else
+LIB_DEPENDS += lang/luajit
+WANTLIB += c++abi luajit-5.1
+APPID_COMMENT =
+.endif

 CONFIGS=   classification.config gen-msg.map 
reference.config \
snort.conf threshold.conf unicode.map
Index: distinfo
===
RCS file: /cvs/ports/net/snort/distinfo,v
retrieving revision 1.46
diff -u -p -u -p -r1.46 distinfo
--- distinfo11 Jul 2021 02:11:34 -  1.46
+++ distinfo18 Sep 2021 21:34:47 -
@@ -1,2 +1,2 @@
-SHA256 (snort-2.9.18.tar.gz) = 0DCGQvaeDTb3DblwPldmr84vRP8Ft9LJzI46yDI7LHc=
-SIZE (snort-2.9.18.tar.gz) = 6909928
+SHA256 (snort-2.9.18.1.tar.gz) = 2orw8bLk8kfZcMajwOg/ttzVyE+qIa6knzBvJp6OKKo=
+SIZE (snort-2.9.18.1.tar.gz) = 7001847
Index: patches/patch-src_dynamic-plugins_sf_engine_Makefile_in
===
RCS file: 
/cvs/ports/net/snort/patches/patch-src_dynamic-plugins_sf_engine_Makefile_in,v
retrieving revision 1.16
diff -u -p -u -p -r1.16 patch-src_dynamic-plugins_sf_engine_Makefile_in
--- patches/patch-src_dynamic-plugins_sf_engine_Makefile_in 11 Jul 2021 
02:11:34 -  1.16
+++ patches/patch-src_dynamic-plugins_sf_engine_Makefile_in 18 Sep 2021 
21:34:47 -
@@ -5,7 +5,7 @@ Disable libsf_sorules in the examples di
 Index: src/dynamic-plugins/sf_engine/Makefile.in
 --- src/dynamic-plugins/sf_engine/Makefile.in.orig
 +++ src/dynamic-plugins/sf_engine/Makefile.in
-@@ -376,7 +376,7 @@ top_srcdir = @top_srcdir@
+@@ -388,7 +388,7 @@ top_srcdir = @top_srcdir@
  AUTOMAKE_OPTIONS = foreign no-dependencies
  dynamicengine_LTLIBRARIES = libsf_engine.la
  dynamicenginedir = $(libdir)/snort_dynamicengine
@@ -14,7 +14,7 @@ Index: src/dynamic-plugins/sf_engine/Mak
  @BUILD_OPENSSL_MD5_TRUE@OPENSSL_MD5 = \
  @BUILD_OPENSSL_MD5_TRUE@md5.c md5.h

-@@ -517,7 +517,7 @@ massage_ipv6_headers = \
+@@ -529,7 +529,7 @@ massage_ipv6_headers = \
$(sed_ipv6_headers); \
fi

Index: patches/patch-src_dynamic-preprocessors_Makefile_in
===
RCS file: 
/cvs/ports/net/snort/patches/patch-src_dynamic-preprocessors_Makefile_in,v
retrieving revision 1.24
diff -u -p -u -p -r1.24 patch-src_dynamic-preprocessors_Makefile_in
--- patches/patch-src_dynamic-preprocessors_Makefile_in 11 Jul 2021 02:11:34 
-  1.24
+++ patches/patch-src_dynamic-preprocessors_Makefile_in 18 Sep 2021 21:34:47 
-
@@ -2,7 +2,7 @@ $OpenBSD: patch-src_dynamic-preprocessor
 Index: src/dynamic-preprocessors/Makefile.in
 --- src/dynamic-preprocessors/Makefile.in.orig
 +++ src/dynamic-preprocessors/Makefile.in
-@@ -1639,19 +1639,8 @@ clean-local:
+@@ -1655,19 +1655,8 @@ clean-local:
rm

snort+LuaJIT

2021-07-14 Thread Stuart Henderson 
LuaJIT only supports a limited number of archs, restricting what snort
can be run on. (Notably LuaJIT 2.0 doesn't support aarch64). This diff,
prompted by a mail from Soner Tari, adds a no_luajit flavour disabling
use of LuaJIT, and uses it by default unless on one of the archs where
LuaJIT is supported.

It would also be possible to get rid of the flavour and just include or
disable appid depending on the arch, but with rspamd I found it helpful
to be able to build without luajit on amd64 for testing, so I took the
same approach.

@comment approach is similar to MODPY_COMMENT used in many Python ports
to include/exclude files based on a Makefile without the need to manage
separate PFRAG files.

ok?


Index: Makefile
===
RCS file: /cvs/ports/net/snort/Makefile,v
retrieving revision 1.110
diff -u -p -r1.110 Makefile
--- Makefile11 Jul 2021 02:11:34 -  1.110
+++ Makefile14 Jul 2021 09:16:29 -
@@ -4,7 +4,7 @@ COMMENT =   highly flexible sniffer/NIDS
 
 DISTNAME = snort-2.9.18
 RULESV =   29180
-SUBST_VARS =   RULESV
+SUBST_VARS =   RULESV APPID_COMMENT
 
 CATEGORIES =   net security
 
@@ -15,8 +15,17 @@ MAINTAINER = Markus Lude https://www.snort.org/downloads/snort/
 
@@ -29,10 +38,18 @@ LIBTOOL_FLAGS = --tag=disable-static
 
 LIB_DEPENDS =  archivers/xz \
devel/pcre \
-   lang/luajit \
net/daq \
net/libdnet \
www/nghttp2
+
+.if ${FLAVOR:Mno_luajit}
+CONFIGURE_ARGS +=  --disable-open-appid
+APPID_COMMENT ="@comment "
+.else
+LIB_DEPENDS += lang/luajit
+WANTLIB += c++abi luajit-5.1
+APPID_COMMENT =
+.endif
 
 CONFIGS=   classification.config gen-msg.map 
reference.config \
snort.conf threshold.conf unicode.map
Index: pkg/PLIST
===
RCS file: /cvs/ports/net/snort/pkg/PLIST,v
retrieving revision 1.34
diff -u -p -r1.34 PLIST
--- pkg/PLIST   16 Feb 2021 03:02:38 -  1.34
+++ pkg/PLIST   14 Jul 2021 09:16:29 -
@@ -3,19 +3,19 @@
 @newgroup _snort:557
 @newuser _snort:557:_snort:daemon:Snort Account:/nonexistent:/sbin/nologin
 @rcscript ${RCDIR}/snort
-bin/appid_detector_builder.sh
+${APPID_COMMENT}bin/appid_detector_builder.sh
 @bin bin/snort
 @bin bin/u2boat
-@bin bin/u2openappid
+${APPID_COMMENT}@bin bin/u2openappid
 @bin bin/u2spewfoo
-@bin bin/u2streamer
+${APPID_COMMENT}@bin bin/u2streamer
 lib/pkgconfig/snort.pc
 lib/snort_dynamicengine/
 @comment lib/snort_dynamicengine/libsf_engine.la
 @so lib/snort_dynamicengine/libsf_engine.so
 lib/snort_dynamicpreprocessor/
-lib/snort_dynamicpreprocessor/libsf_appid_preproc.la
-@so lib/snort_dynamicpreprocessor/libsf_appid_preproc.so
+${APPID_COMMENT}lib/snort_dynamicpreprocessor/libsf_appid_preproc.la
+${APPID_COMMENT}@so lib/snort_dynamicpreprocessor/libsf_appid_preproc.so
 @comment lib/snort_dynamicpreprocessor/libsf_dce2_preproc.la
 @so lib/snort_dynamicpreprocessor/libsf_dce2_preproc.so
 @comment lib/snort_dynamicpreprocessor/libsf_dnp3_preproc.la
@@ -46,7 +46,7 @@ lib/snort_dynamicpreprocessor/libsf_appi
 @so lib/snort_dynamicpreprocessor/libsf_ssh_preproc.so
 @comment lib/snort_dynamicpreprocessor/libsf_ssl_preproc.la
 @so lib/snort_dynamicpreprocessor/libsf_ssl_preproc.so
-lib/snort_dynamicrules/
+${APPID_COMMENT}lib/snort_dynamicrules/
 @man man/man8/snort.8
 share/doc/pkg-readmes/${PKGSTEM}
 share/doc/snort/