Add suricata

net-analyzer/suricata/Manifest

@@ -0,0 +1,13 @@
+AUX suricata-5.0.1_configure-no-lz4-automagic.patch 601 BLAKE2B 01874b39d89a8872a35a102018e2e11208549f60790e88f988a689ba09c59fb915bbffccb6db454a8d8d4fee0ccf69b51cd5d2cde11cb6f2a1c401cb74c5c49d SHA512 d26fc7e0193ea3ddd5436964a26bbbfed847890d513c4e7181a0faceb0a688df8ca35ad68045ecd006a25da93d345a942c593f8711f81dff5f63d13e599f78b0
+AUX suricata-5.0.7_configure-no-hyperscan-automagic.patch 739 BLAKE2B 38e73c88d8cee3476b96adee1304a9429d326591b2131fb2f4167e94d3b616a6390f783bfc88922322487548c54b8ddeff5bda5c5e510641965ad5e6615262bc SHA512 bff09105b0908b141857f4804a909cc2ea0d3a2def2215bc3c52e31aea35acd20738606bd6f1c6b6f12a78ac63d86bf8a20cd68aa53ce0692754608d4c38097b
+AUX suricata-6.0.0_default-config.patch 833 BLAKE2B a8a63f838452531feb9f1b69e9756c0385338f4a1b8f6c36b22052cc7f8a41cd07e31b882e2e89402c5eb43e599390cf6922f9dcfc869416d57aa3426516f8f9 SHA512 8edff1be84dbe29a140889040a7d9310ee8dc5ab82cf9ff64298ecfab07a75853caa7ac907cf191a62a1c2de9833311fd090eb2f82c9d3745b5f3fc01adf6efd
+AUX suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch 694 BLAKE2B 3d2be242a67fd8bbbae37fcd2ba856b96e610d61faa7f67d5b1f86d00924381a9f697d53c4592d4e0cdbfea19c44e0dd5a7f3ed71944b6ed63c49312770465fe SHA512 611d31db994191b69fc4ce48279a511812454bc6fdf88074693338b569d230f5f37d4697618724149a37a3ea769c17cfbb67c5b7c254846c51a767fb4e8c1f12
+AUX suricata-7.0.5_configure-fortify_source.patch 736 BLAKE2B 1709e4f2242e4373eb5748fc44b4d82e3046bb75cb05d80d02349caa5dcb5063826a3c7eb80400e75f20311a7cda612253575ddad51f060cfd4b13a05c5dd478 SHA512 eff709f3ad5ea998edb095c0afcb6015d73e9a4045016d46ac856a736924982d284e98d790373ca166a433fddc7ed31c85668b6d47beecaaee39edf264e8c89d
+AUX suricata.confd 2771 BLAKE2B c9f9ac6707f71ace993bcf730df5aab11a6e59fcbb636140a110d2ec636587bca600938af55a7d709ed0994c38095c0a8d505d2af9912ea3aaf1be20e098043f SHA512 4c8c1d0c101e850b39358605451df37427bb94f1b55836078aeb0b4e3720f5bdef01d4bc9d4ddfb3436c822c7bd8796112409421a7d90cf40ec81a6a24c3d6dd
+AUX suricata.initd 5475 BLAKE2B 6f824b26d87d1519ac16bdb78bb2f3391040341ee709663b102ea8989d7ca3f38a475efc2796d7e78da35dbb54d327bb2e18e463fdc19880af1ed20e42a38a14 SHA512 0006e34f24f2cf967cc1e44ec626b53aaeee535a3810aa5ad71175f28b5649b2dbaadd2a97f10b8f4adb37d45b9e5fb0991aa92276183869531cb79887d742df
+AUX suricata.service 501 BLAKE2B 00631ada0d2993eae97a028ef950b031b91bb3af346ee3538bd7f0deb9d76bb8552761b4666a3ac80673fe31ffd95424f2ff71e35db0f5fe6667b32478fab4c4 SHA512 4e4e87735731fd0e18ab26e536e7904833a19ce8785ffdd15b22d494673c73044137908feee74800486960f9efd09d1ddc2c75a490a2e35ef06caf23c7439a0c
+AUX suricata.tmpfiles 24 BLAKE2B 150b74a6775137704915015871ab4455b8d0b9204a75c398ea746e9194b0c0a787904f9015b98f36a685fac0dbb0fcb43746096dd403bf882afa5dfef12af94d SHA512 1530aed4efb35f988e2f0134388ea11ffc3ba1f217845a2c5dd47f947983ed4d343126e49d66a86ca7894ff60b5134464ddbe07509dcc80c001131f09cb7e2dd
+DIST suricata-7.0.8.tar.gz 23439062 BLAKE2B 8571a6368b90e18046cdcf71f53e1b59e895ea8fe2d8f996ef614a890b520671f5dcac10014555880e408060913df1dab4c473bf083e7c0451c6a4b93bedd047 SHA512 d9666b5dfe4717964e3745ad654e3c511bdf794c06f4e5c9e6eb7254d0fbb46712931606bddcba5afb6aa2ad8f1c73a3500112311418a014db14688e62846bac
+DIST suricata-7.0.8.tar.gz.sig 566 BLAKE2B 67844f347a6da03c81b292ab50baa075a5f62e3ee20129539eac4b34f245d29c7cb820ffee51f8081c01db9a080f4b885be0b670c3e1750152037047dc5a4aae SHA512 82fff863aae370ac7c39cdde1d7fc9cc207a4fc8b481c7a321a9fb6c4e034b09606d12292e4b7f3b67f33cf25f222f1dd2dbdddb2b27cd5176bfd614f07fada6
+EBUILD suricata-7.0.8-r1.ebuild 7282 BLAKE2B fff981af3f544ae37aca9340456c30769235119605abe9f3afa98086101e51b368e1e797042e7cede98f1bcf794b5ceaca01a03517f52172cc3ea6fa7a7efd4f SHA512 9565c257f1fec38a013ef60cb77a9af62c61c1f072165cdc3416c6cecf479843dfe19b5eed7851a1d0cc7fbd9264ab83c86d653b25da562fc683674810d68d6e
+MISC metadata.xml 1132 BLAKE2B 6d0146f8b19ab96f4ae6af1f1f29472aa22c829ddf5578dd1b0d5cf9bc1fcb31cd4d8bae5087766c875a288a54dc0c4825cecce11cdabc94a3ea9fb70c37e545 SHA512 c8521bcbf07ba17e90fd82e6bbcba0fba4b45b8192548e6576cf93145f94014a5e07cf971d693abfb231dd4a1170349499f6fbb0679532d019a0127e59b5d401

net-analyzer/suricata/files/suricata-5.0.1_configure-no-lz4-automagic.patch

@@ -0,0 +1,23 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2292,7 +2292,11 @@
+     fi
+ 
+ # Check for lz4
+-enable_liblz4="yes"
++AC_ARG_ENABLE(lz4,
++       AS_HELP_STRING([--enable-lz4], [Enable compressed pcap logging using liblz4]),
++       [enable_liblz4=$enableval],
++       [enable_liblz4=yes])
++if test "x$enable_liblz4" != "xno"; then
+ AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
+ 
+ if test "$enable_liblz4" = "no"; then
+@@ -2306,6 +2310,7 @@
+     echo "               yum install lz4-devel"
+     echo
+ fi
++fi
+ 
+ # get cache line size
+     AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")

net-analyzer/suricata/files/suricata-5.0.7_configure-no-hyperscan-automagic.patch

@@ -0,0 +1,24 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -729,8 +729,11 @@
+     fi
+ 
+   # libhs
+-    enable_hyperscan="no"
+-
++    AC_ARG_ENABLE(hyperscan,
++           AS_HELP_STRING([--enable-hyperscan], [Enable high-performance regex matching with hyperscan]),
++           [enable_hyperscan=$enableval],
++           [enable_hyperscan=no])
++    if test "x$enable_hyperscan" != "xno"; then
+     # Try pkg-config first:
+     PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no])
+     if test "$with_pkgconfig_libhs" != "no"; then
+@@ -765,6 +768,7 @@
+             enable_hyperscan="no"
+         fi
+     fi
++    fi
+     AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])])
+ 
+   # libyaml

net-analyzer/suricata/files/suricata-6.0.0_default-config.patch

@@ -0,0 +1,27 @@
+--- a/suricata.yaml.in
++++ b/suricata.yaml.in
+@@ -209,8 +209,9 @@
+             # https://suricata.readthedocs.io/en/latest/output/eve/eve-json-output.html#dns-v1-format
+ 
+             # As of Suricata 5.0, version 2 of the eve dns output
+-            # format is the default.
+-            #version: 2
++            # format is the default - but the daemon produces a warning to that effect
++            # at start-up if this isn't explicitly set.
++            version: 2
+ 
+             # Enable/disable this logger. Default: enabled.
+             #enabled: yes
+@@ -988,9 +989,9 @@
+ ##
+ 
+ # Run Suricata with a specific user-id and group-id:
+-#run-as:
+-#  user: suri
+-#  group: suri
++run-as:
++  user: suricata
++  group: suricata
+ 
+ # Some logging modules will use that name in event as identifier. The default
+ # value is the hostname

net-analyzer/suricata/files/suricata-7.0.2_configure-no-sphinx-pdflatex-automagic.patch

@@ -0,0 +1,20 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -2231,7 +2231,7 @@
+     fi
+ 
+ # sphinx-build for documentation, and also check for a new enough version
+-    AC_PATH_PROG([SPHINX_BUILD], [sphinx-build], [no])
++    SPHINX_BUILD="no"
+     if test "$SPHINX_BUILD" != "no"; then
+         MIN_SPHINX_BUILD_VERSION="3.4.3"
+         sphinx_build_version=$($SPHINX_BUILD --version 2>&1 | cut -d' ' -f2-)
+@@ -2257,7 +2257,7 @@
+     AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
+ 
+ # pdflatex for the pdf version of the user manual
+-    AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
++    HAVE_PDFLATEX="no"
+     if test "$HAVE_PDFLATEX" = "no"; then
+        enable_pdflatex=no
+     fi

net-analyzer/suricata/files/suricata-7.0.5_configure-fortify_source.patch

@@ -0,0 +1,18 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -339,15 +339,6 @@
+             [AC_MSG_RESULT(no)])
+         CFLAGS="${TMPCFLAGS}"
+ 
+-        #compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions
+-        AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2)
+-        TMPCFLAGS="${CFLAGS}"
+-        CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
+-        AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2"
+-            AC_MSG_RESULT(yes)],
+-            [AC_MSG_RESULT(no)])
+-        CFLAGS="${TMPCFLAGS}"
+-
+         #compile-time warnings about misuse of format strings
+         AC_MSG_CHECKING(for -Wformat -Wformat-security)
+         TMPCFLAGS="${CFLAGS}"

net-analyzer/suricata/files/suricata.confd

@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="--af-packet"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"

net-analyzer/suricata/files/suricata.initd

@@ -0,0 +1,147 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/run/suricata/suricata.${SURICATA}.pid"
+    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+    SURICATACONF=${SURICATA_CONF}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/run/suricata/suricata.pid"
+    SURICATAOPTS=${SURICATA_OPTS}
+    SURICATALOGPATH=${SURICATA_LOG_FILE}
+    SURICATAUSER=${SURICATA_USER}
+    SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[ -z "${SURICATA_MAX_WAIT_ON_STOP}" ] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+	need net
+	after mysql
+	after postgresql
+}
+
+checkconfig() {
+	if [ ! -d "/run/suricata" ] ; then
+		checkpath -d /run/suricata
+	fi
+	if [ ${#SURICATALOGPATH} -gt 0 ]; then
+		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+		if [ ! -d "${SURICATALOGPATH}" ] ; then
+			checkpath -d "${SURICATALOGPATH}"
+		fi
+		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+		fi
+		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+		SURICATALOGPATH="-l ${SURICATALOGPATH}"
+	fi
+	if [ ! -e ${SURICATACONF} ] ; then
+		einfo "The configuration file ${SURICATACONF} was not found."
+		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+		einfo "Take a look at the suricata arguments --set and --dump-config."
+	fi
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+	fi
+}
+
+initpidinfo() {
+	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+	if [ ${#SUR_PID} -gt 0 ]; then
+	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+	fi
+}
+
+checkpidinfo() {
+	initpidinfo
+        if [ ! -e ${SURICATAPID} ]; then
+        	eerror "${SVCNAME} isn't running"
+                return 1
+	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+		return 1
+	elif [ ${#SUR_USER} -eq 0 ]; then
+		eerror "Unable to determine user running ${SVCNAME}!"
+		return 1
+	elif [ "x${SUR_USER}" != "xroot" ]; then
+		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+	local SUR_EXIT=$?
+	if [ $((SUR_EXIT)) -ne 0 ]; then
+	    einfo "Could not start ${SURICATA_BIN} with:"
+	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+	    einfo "Exit code ${SUR_EXIT}"
+	fi
+	eend ${SUR_EXIT}
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+relog() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+dump() {
+	checkconfig || return 1
+	ebegin "Dumping ${SVCNAME} config values and quitting."
+	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+	eend $?
+}

net-analyzer/suricata/files/suricata.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Suricata IDS/IDP daemon
+After=network.target
+Requires=network.target
+Documentation=man:suricata(8) man:suricatasc(8)
+Documentation=https://suricata.readthedocs.io/
+
+[Service]
+Environment=OPTIONS='-c /etc/suricata/suricata.yaml --af-packet'
+PIDFile=/run/suricata/suricata.pid
+ExecStart=/usr/bin/suricata --pidfile /run/suricata/suricata.pid $OPTIONS
+ExecReload=/bin/kill -HUP $MAINPID
+ExecStop=/bin/kill $MAINPID
+PrivateTmp=yes
+ProtectHome=yes
+
+[Install]
+WantedBy=multi-user.target
+

net-analyzer/suricata/files/suricata.tmpfiles

@@ -0,0 +1 @@
+d	/run/suricata	- - - -

net-analyzer/suricata/metadata.xml

@@ -0,0 +1,22 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>marecki@gentoo.org</email>
+    <name>Marek Szuba</name>
+  </maintainer>
+  <use>
+    <flag name="af-packet">Enable AF_PACKET support</flag>
+    <flag name="bpf">Enable support for eBPF (as well as XDP if supported by the kernel and the NIC driver)
+        for low-level, high-speed packet processing</flag>
+    <flag name="control-socket">Enable unix socket</flag>
+    <flag name="cuda">Enable NVIDIA Cuda computations support</flag>
+    <flag name="detection">Enable detection modules</flag>
+    <flag name="hyperscan">Enable high-performance regex matching with Hyperscan</flag>
+    <flag name="lz4">Enable support for compressed pcap logging using the LZ4 algorithm</flag>
+    <flag name="nflog">Enable libnetfilter_log support</flag>
+    <flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag>
+    <flag name="pfring">Enable PF_RING support(<pkg>net-libs/libpfring</pkg>)</flag>
+    <flag name="redis">Enable Redis support</flag>
+  </use>
+</pkgmetadata>

net-analyzer/suricata/suricata-7.0.8-r1.ebuild

@@ -0,0 +1,236 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+LUA_COMPAT=( lua5-1 luajit )
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit autotools flag-o-matic linux-info lua-single python-single-r1 rust systemd tmpfiles verify-sig
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="https://suricata.io/"
+SRC_URI="https://www.openinfosecfoundation.org/download/${P}.tar.gz
+	verify-sig? ( https://www.openinfosecfoundation.org/download/${P}.tar.gz.sig )"
+
+LICENSE="GPL-2"
+SLOT="0/7"
+KEYWORDS="~amd64"
+IUSE="+af-packet af-xdp bpf control-socket cuda debug +detection geoip hardened hyperscan lua lz4 nflog +nfqueue pfring redis systemd test"
+VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/openinfosecfoundation.org.asc"
+
+RESTRICT="!test? ( test )"
+
+REQUIRED_USE="${PYTHON_REQUIRED_USE}
+	af-xdp? ( bpf )
+	bpf? ( af-packet )
+	lua? ( ${LUA_REQUIRED_USE} )"
+
+# TODO: add ja3, ja4
+RDEPEND="${PYTHON_DEPS}
+	>=dev-util/cbindgen-0.26.0
+	acct-group/suricata
+	acct-user/suricata
+	dev-libs/jansson:=
+	dev-libs/libpcre2:=
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	$(python_gen_cond_dep '
+		dev-python/pyyaml[${PYTHON_USEDEP}]
+	')
+	>=net-libs/libhtp-0.5.49
+	net-libs/libpcap
+	sys-apps/file
+	sys-libs/libcap-ng
+	sys-libs/zlib
+	af-xdp? ( net-libs/xdp-tools )
+	bpf? ( dev-libs/libbpf:= )
+	cuda? ( dev-util/nvidia-cuda-toolkit )
+	geoip? ( dev-libs/libmaxminddb:= )
+	hyperscan? ( dev-libs/vectorscan:= )
+	lua? ( ${LUA_DEPS} )
+	lz4? ( app-arch/lz4:= )
+	nflog? ( net-libs/libnetfilter_log )
+	nfqueue? ( net-libs/libnetfilter_queue )
+	pfring? ( net-libs/libpfring )
+	redis? ( dev-libs/hiredis:= )"
+DEPEND="${RDEPEND}
+	>=dev-build/autoconf-2.69-r5
+"
+BDEPEND="verify-sig? ( >=sec-keys/openpgp-keys-oisf-20200807 )"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-5.0.1_configure-no-lz4-automagic.patch"
+	"${FILESDIR}/${PN}-5.0.7_configure-no-hyperscan-automagic.patch"
+	"${FILESDIR}/${PN}-6.0.0_default-config.patch"
+	"${FILESDIR}/${PN}-7.0.2_configure-no-sphinx-pdflatex-automagic.patch"
+	"${FILESDIR}/${PN}-7.0.5_configure-fortify_source.patch"
+)
+
+pkg_pretend() {
+	if use af-xdp && use kernel_linux; then
+		if kernel_is -lt 4 18; then
+			ewarn "Kernel 4.18 or newer is required for AF_XDP"
+		fi
+	fi
+
+	if use bpf && use kernel_linux; then
+		if kernel_is -lt 4 15; then
+			ewarn "Kernel 4.15 or newer is necessary to use all XDP features like the CPU redirect map"
+		fi
+
+		CONFIG_CHECK="~XDP_SOCKETS"
+		ERROR_XDP_SOCKETS="CONFIG_XDP_SOCKETS is not set, making it impossible for Suricata to load XDP programs. "
+		ERROR_XDP_SOCKETS+="Other eBPF features should work normally."
+		check_extra_config
+	fi
+}
+
+pkg_setup() {
+	python-single-r1_pkg_setup
+	rust_pkg_setup
+}
+
+src_prepare() {
+	default
+	sed -ie 's/docdir =.*/docdir = ${datarootdir}\/doc\/'${PF}'\//' "${S}/doc/Makefile.am" || die
+	eautoreconf
+}
+
+src_configure() {
+	# Bug #861242
+	filter-lto
+
+	local myeconfargs=(
+		"--localstatedir=/var" \
+		"--runstatedir=/run" \
+		"--enable-non-bundled-htp" \
+		"--enable-gccmarch-native=no" \
+		"--enable-python" \
+		$(use_enable af-packet) \
+		$(use_enable af-xdp) \
+		$(use_enable bpf ebpf) \
+		$(use_enable pfring pfring) \
+		$(use_enable control-socket unix-socket) \
+		$(use_enable cuda) \
+		$(use_enable detection) \
+		$(use_enable geoip) \
+		$(use_enable hardened gccprotect) \
+		$(use_enable hardened pie) \
+		$(use_enable hyperscan) \
+		$(use_enable lz4) \
+		$(use_enable nflog) \
+		$(use_enable nfqueue) \
+		$(use_enable redis hiredis) \
+		$(use_enable test unittests) \
+		"--disable-coccinelle"
+	)
+	if use lua; then
+		if use lua_single_target_luajit; then
+			myeconfargs+=( --enable-luajit )
+		else
+			myeconfargs+=( --enable-lua )
+		fi
+	fi
+
+	if use pfring ; then
+		append-cppflags -DHAVE_PFRING_OPEN_NEW
+		append-libs -lrt -lnuma
+	fi
+	if use debug; then
+		myeconfargs+=( $(use_enable debug) )
+		# so we can get a backtrace according to "reporting bugs" on upstream web site
+		QA_FLAGS_IGNORED="usr/bin/${PN}"
+		CFLAGS="-ggdb -O0" econf ${myeconfargs[@]}
+	else
+		econf ${myeconfargs[@]}
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+	python_optimize
+	# Bug #878855
+	python_fix_shebang "${ED}"/usr/bin/
+
+	if use bpf; then
+		rm ebpf/Makefile.{am,in} || die
+		dodoc -r ebpf/
+		keepdir /usr/libexec/suricata/ebpf
+	fi
+
+	insinto "/etc/${PN}"
+	doins etc/{classification,reference}.config threshold.config suricata.yaml
+
+	keepdir "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+	keepdir "/var/log/${PN}"
+
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 6750 "/var/lib/${PN}/rules" "/var/lib/${PN}/update"
+
+	newinitd "${FILESDIR}/${PN}.initd" ${PN}
+	newconfd "${FILESDIR}/${PN}.confd" ${PN}
+	systemd_dounit "${FILESDIR}"/${PN}.service
+	newtmpfiles "${FILESDIR}"/${PN}.tmpfiles ${PN}.conf
+
+	insopts -m0644
+	insinto /etc/logrotate.d
+	newins etc/${PN}.logrotate ${PN}
+}
+
+pkg_postinst() {
+	tmpfiles_process ${PN}.conf
+
+	elog
+	if use systemd; then
+		elog "Suricata requires either the mode of operation (e.g. --af-packet) or the interface to listen on (e.g. -i eth0)"
+		elog "to be specified on the command line. The provided systemd unit launches Suricata in af-packet mode and relies"
+		elog "on file configuration to specify interfaces, should you prefer to run it differently you will have to customise"
+		elog "said unit. The simplest way of doing it is to override the Environment=OPTIONS='...' line using a .conf file"
+		elog "placed in the directory ${EPREFIX}/etc/systemd/system/suricata.service.d/ ."
+		elog "For details, see the section on drop-in directories in systemd.unit(5)."
+	else
+		elog "The ${PN} init script expects to find the path to the configuration"
+		elog "file as well as extra options in /etc/conf.d."
+		elog
+		elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+		elog "then create a symlink to the init script from a link called"
+		elog "${PN}.foo - like so"
+		elog "   cd /etc/${PN}"
+		elog "   ${EDITOR##*/} suricata-foo.yaml"
+		elog "   cd /etc/init.d"
+		elog "   ln -s ${PN} ${PN}.foo"
+		elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+		elog
+		elog "You can create as many ${PN}.foo* services as you wish."
+	fi
+
+	if use bpf; then
+		elog
+		elog "eBPF/XDP files must be compiled (using llvm-core/clang[llvm_targets_BPF]) before use"
+		elog "because their configuration is hard-coded. You can find the default ones in"
+		elog "    ${EPREFIX}/usr/share/doc/${PF}/ebpf"
+		elog "and the common location for eBPF bytecode is"
+		elog "    ${EPREFIX}/usr/libexec/${PN}"
+		elog "For more information, see https://${PN}.readthedocs.io/en/${P}/capture-hardware/ebpf-xdp.html"
+	fi
+
+	if use debug; then
+		elog
+		elog "You have enabled the debug USE flag. Please read this link to report bugs upstream:"
+		elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+		elog "You need to also ensure the FEATURES variable in make.conf contains the"
+		elog "'nostrip' option to produce useful core dumps or back traces."
+	fi
+
+	elog
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		elog "To download and install an initial set of rules, run:"
+		elog "    suricata-update"
+	fi
+	elog
+}