initial commit for snortsam and snortsam-redirect patch

2012-06-01 20:11:00 +04:00 · 2012-06-01 20:11:00 +04:00 · 738d2e2acb
commit 738d2e2acb
parent 86e43ddd32
3 changed files with 99 additions and 0 deletions
--- a/net-analyzer/snortsam/Manifest
+++ b/net-analyzer/snortsam/Manifest
@ -0,0 +1,4 @@
+AUX snortsam-2.70-redirect.patch 2294 RMD160 6d3c5bc4d4ceb537c1fb5f5dfe806f3657b48d7b SHA1 60d281983784506051ad1f1cfe5b659d0b6e6dd1 SHA256 d0c443d26161947b369be0ab8fe2363f3fd5d7a23b0afa287dd2fe576c9e7d41
+DIST snortsam-2.50-ciscoacl.diff.bz2 7295 RMD160 91d36fecc3fcf14de5ed964928d69ef3cc167bae SHA1 c887162193df59bff2f3fb2fe0ae0aec253314ce SHA256 a4f39789e9f10b95e6db1bbce5f9d26f7393161311f5c955a4b8380186a2cb6b
+DIST snortsam-src-2.70.tar.gz 1971624 RMD160 336b0c701754d0688e2ebc967cfdbb3f9bc2fe32 SHA1 9cc7f9aad927217fbda75de038d0489b8e5f3a9e SHA256 442040a7281a641008f6410b7f6528d709f17d5041fd3752011075f8a38d19bc
+EBUILD snortsam-2.70-r9999.ebuild 1598 RMD160 9b1d28cb4ee1865c2f6f166903824f6fff91e08b SHA1 57f138c4d7868f7bea169e1f0317f657a784325a SHA256 bfafe9ab2046e19abcfcf8d8a676e5dd264e9f0f6fad277ec4ba5bfd47238759
--- a/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
+++ b/net-analyzer/snortsam/files/snortsam-2.70-redirect.patch
@ -0,0 +1,37 @@
+diff -ur snortsam-2.7.0-orig/src/snortsam.c snortsam/src/snortsam.c
+--- snortsam-2.7.0-orig/src/snortsam.c	2012-05-20 20:59:46.277029000 +0400
+++ snortsam/src/snortsam.c	2012-05-25 16:16:59.411043000 +0400
+@@ -2467,6 +2467,7 @@
+ 		printf("Debug: Received Packet: %s\n",packet.status==FWSAM_STATUS_CHECKIN?"CHECKIN":
+ 											  packet.status==FWSAM_STATUS_CHECKOUT?"CHECKOUT":
+ 											  packet.status==FWSAM_STATUS_BLOCK?"BLOCK":
+											  packet.status==FWSAM_STATUS_REDIRECT?"REDIRECT":
+ 											  packet.status==FWSAM_STATUS_UNBLOCK?"UNBLOCK":"**UNKNOWN**");
+ 		printf("Debug: Snort SeqNo:  %x\n",packet.snortseqno[0]|(packet.snortseqno[1]<<8));
+ 		printf("Debug: Mgmt SeqNo :  %x\n",packet.fwseqno[0]|(packet.fwseqno[1]<<8));
+@@ -2512,11 +2513,12 @@
+ 				snortbox->toberemoved=TRUE;				/* Mark sensor for removal from list. */
+ 				ret=FALSE;
+ 			}
+-			else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_UNBLOCK)	/* if we received a blocking request */
+			else if(packet.status==FWSAM_STATUS_BLOCK || packet.status==FWSAM_STATUS_REDIRECT || packet.status==FWSAM_STATUS_UNBLOCK)	/* if we received a blocking or redirecting request */
+ 			{	if((( (packet.fwseqno[0]|(packet.fwseqno[1]<<8)) ==snortbox->myseqno) && ( (packet.snortseqno[0]|(packet.snortseqno[1]<<8)) ==((snortbox->snortseqno+snortbox->myseqno)&0xffff) )) || disableseqnocheck)
+ 				{	packstat=packet.status;
+ #ifdef FWSAMDEBUG
+-					printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":"Unblocking");
+					printf("Debug: %s request received...\n",packet.status==FWSAM_STATUS_BLOCK?"Blocking":
+											packet.status==FWSAM_STATUS_REDIRECT?"Redirecting":"Unblocking");
+ #endif
+ 					bmode=packet.fwmode;			/* save parameters from packet */
+ 					if(packet.endiancheck==1)		/* Check if peer has the same endianess */
+diff -ur snortsam-2.7.0-orig/src/snortsam.h snortsam/src/snortsam.h
+--- snortsam-2.7.0-orig/src/snortsam.h	2012-05-20 20:59:46.278524000 +0400
+++ snortsam/src/snortsam.h	2012-05-20 21:01:02.273330000 +0400
+@@ -242,6 +242,7 @@
+ #define FWSAM_STATUS_CHECKOUT	2
+ #define FWSAM_STATUS_BLOCK		3
+ #define FWSAM_STATUS_UNBLOCK	9
+#define FWSAM_STATUS_REDIRECT		10
+ 
+ #define FWSAM_STATUS_OK			4	/* fw to snort */
+ #define FWSAM_STATUS_ERROR		5
--- a/net-analyzer/snortsam/snortsam-2.70-r9999.ebuild
+++ b/net-analyzer/snortsam/snortsam-2.70-r9999.ebuild
@ -0,0 +1,58 @@
+# Copyright 1999-2011 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/net-analyzer/snortsam/snortsam-2.70.ebuild,v 1.3 2011/11/18 05:09:16 jer Exp $
+
+EAPI="4"
+
+inherit eutils toolchain-funcs
+
+MY_P="${PN}-src-${PV}"
+DESCRIPTION="Snort plugin that allows automated blocking of IP addresses on several firewalls"
+HOMEPAGE="http://www.snortsam.net/"
+SRC_URI="http://www.snortsam.net/files/snortsam/${MY_P}.tar.gz
+	mirror://gentoo/${PN}-2.50-ciscoacl.diff.bz2"
+
+LICENSE="as-is"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="debug"
+
+S=${WORKDIR}/${PN}
+
+src_prepare() {
+	sed -i makesnortsam.sh \
+		-e "s:sbin/functions.sh:etc/init.d/functions.sh:" \
+		-e "s:-O2 : ${CFLAGS} :" \
+		-e "s:gcc :$(tc-getCC) :" \
+		-e "/^LDFLAGS=/d" \
+		-e "s:\( -o ../snortsam\): ${LDFLAGS}\1:" \
+		-e "s:\${SSP_LINUX_SRC} -o \${SNORTSAM}:& \${LINUX_LDFLAGS}:" \
+		|| die "sed failed"
+
+	find "${S}" -depth -type d -name CVS -exec rm -rf \{\} \;
+}
+
+src_compile() {
+	# Pinkbyte: patch for traffic redirection support
+	epatch "${FILESDIR}/${P}-redirect.patch"
+	#
+	sh makesnortsam.sh || die "makesnortsam.sh failed"
+}
+
+src_install() {
+	if use debug; then
+		newbin snortsam-debug snortsam
+	else
+		dobin snortsam
+	fi
+	find "${S}" -depth -type f -name "*.asc" -exec rm -f {} \;
+	dodoc -r docs/ conf/
+}
+
+pkg_postinst() {
+	elog
+	elog "To use snortsam with snort, you'll have to compile snort with USE=snortsam."
+	elog "Read the INSTALL file to configure snort for snortsam, and configure"
+	elog "snortsam for your particular firewall."
+	elog
+}