Add 'infra/libkookie/' from commit 'd661aa56a8843e991261510c1bb28fdc2f6975ae'

git-subtree-dir: infra/libkookie
git-subtree-mainline: 49f735974dd103039ddc4cb576bb76555164a9e7
git-subtree-split: d661aa56a8843e991261510c1bb28fdc2f6975ae

6 files changed, 375 insertions, 0 deletions

diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix
new file mode 100644
index 000000000000..871aba0a669f
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/daq/default.nix
@@ -0,0 +1,27 @@
+{stdenv, fetchurl, flex, bison, libpcap, libdnet, libnfnetlink, libnetfilter_queue}:
+
+stdenv.mkDerivation rec {
+  name = "daq-2.2.2";
+
+  src = fetchurl {
+    name = "${name}.tar.gz";
+    url = "https://snort.org/downloads/archive/snort/${name}.tar.gz";
+    sha256 = "0yvzscy7vqj7s5rccza0f7p6awghfm3yaxihx1h57lqspg51in3w";
+  };
+
+  buildInputs = [ flex bison libpcap libdnet libnfnetlink libnetfilter_queue];
+
+  configureFlags = [
+    "--enable-nfq-module=yes"
+    "--with-dnet-includes=${libdnet}/includes"
+    "--with-dnet-libraries=${libdnet}/lib"
+  ];
+
+  meta = {
+    description = "Data AcQuisition library (DAQ), for packet I/O";
+    homepage = "https://www.snort.org";
+    maintainers = with stdenv.lib.maintainers; [ aycanirican ];
+    license = stdenv.lib.licenses.gpl2;
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix
new file mode 100644
index 000000000000..7529e233e137
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/snort/default.nix
@@ -0,0 +1,39 @@
+{stdenv, pkgconfig, luajit, openssl, fetchurl, libpcap, pcre, libdnet, daq, zlib, flex, bison, makeWrapper
+, libtirpc
+}:
+
+stdenv.mkDerivation rec {
+  version = "2.9.16.1";
+  pname = "snort";
+
+  src = fetchurl {
+    name = "${pname}-${version}.tar.gz";
+    url = "https://snort.org/downloads/archive/snort/${pname}-${version}.tar.gz";
+    sha256 = "13lzvjli6kbsnkd7lf0rm71l2mnz38pxk76ia9yrjb6clfhlbb73";
+  };
+
+  buildInputs = [ makeWrapper pkgconfig luajit openssl libpcap pcre libdnet daq zlib flex bison libtirpc ];
+
+  NIX_CFLAGS_COMPILE = [ "-I${libtirpc.dev}/include/tirpc" ];
+
+  enableParallelBuilding = true;
+
+  configureFlags = [
+    "--disable-static-daq"
+    "--enable-control-socket"
+    "--with-daq-includes=${daq}/includes"
+    "--with-daq-libraries=${daq}/lib"
+  ];
+
+  postInstall = ''
+    wrapProgram $out/bin/snort --add-flags "--daq-dir ${daq}/lib/daq --dynamic-preprocessor-lib-dir $out/lib/snort_dynamicpreprocessor/ --dynamic-engine-lib-dir $out/lib/snort_dynamicengine"
+  '';
+
+  meta = {
+    description = "Network intrusion prevention and detection system (IDS/IPS)";
+    homepage = "https://www.snort.org";
+    maintainers = with stdenv.lib.maintainers; [ aycanirican ];
+    license = stdenv.lib.licenses.gpl2;
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch
new file mode 100644
index 000000000000..d4e8c95fea22
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/bpf_stubs_workaround.patch
@@ -0,0 +1,19 @@
+*** suricata-5.0.0/ebpf/Makefile.in	2019-10-16 22:39:13.174649416 +0200
+--- suricata-5.0.0/ebpf/Makefile.in.fixed	2019-10-16 22:38:41.822201802 +0200
+***************
+*** 527,533 ****
+  @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c
+  #      From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm)
+  @BUILD_EBPF_TRUE@	${CLANG} -Wall $(BPF_CFLAGS) -O2 \
+! @BUILD_EBPF_TRUE@		-I/usr/include/$(build_cpu)-$(build_os)/ \
+  @BUILD_EBPF_TRUE@		-D__KERNEL__ -D__ASM_SYSREG_H \
+  @BUILD_EBPF_TRUE@		-target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
+  #      From LLVM-IR to BPF-bytecode in ELF-obj file
+--- 527,533 ----
+  @BUILD_EBPF_TRUE@$(BPF_TARGETS): %.bpf: %.c
+  #      From C-code to LLVM-IR format suffix .ll (clang -S -emit-llvm)
+  @BUILD_EBPF_TRUE@	${CLANG} -Wall $(BPF_CFLAGS) -O2 \
+! @BUILD_EBPF_TRUE@		-idirafter ../bpf_stubs_workaround \
+  @BUILD_EBPF_TRUE@		-D__KERNEL__ -D__ASM_SYSREG_H \
+  @BUILD_EBPF_TRUE@		-target bpf -S -emit-llvm $< -o ${@:.bpf=.ll}
+  #      From LLVM-IR to BPF-bytecode in ELF-obj file
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix
new file mode 100644
index 000000000000..d6e9b2e74397
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/suricata/default.nix
@@ -0,0 +1,158 @@
+{ stdenv
+, lib
+, fetchurl
+, clang
+, llvm
+, pkgconfig
+, makeWrapper
+, file
+, hyperscan
+, jansson
+, libbpf
+, libcap_ng
+, libelf
+, libevent
+, libmaxminddb
+, libnet
+, libnetfilter_log
+, libnetfilter_queue
+, libnfnetlink
+, libpcap
+, libyaml
+, luajit
+, lz4
+, nspr
+, nss
+, pcre
+, python
+, zlib
+, redisSupport ? true, redis, hiredis
+, rustSupport ? true, rustc, cargo
+}: let
+  libmagic = file;
+  hyperscanSupport = stdenv.system == "x86_64-linux" || stdenv.system == "i686-linux";
+in
+stdenv.mkDerivation rec {
+  pname = "suricata";
+  version = "5.0.3";
+
+  src = fetchurl {
+    url = "https://www.openinfosecfoundation.org/download/${pname}-${version}.tar.gz";
+    sha256 = "1nv5aq5lpkpskkzw05hr2lshkzcs4zqj5kfv4qjlbwigmp6kwh9l";
+  };
+
+  nativeBuildInputs = [
+    clang
+    llvm
+    makeWrapper
+    pkgconfig
+  ]
+  ++ lib.optionals rustSupport [ rustc cargo ]
+  ;
+
+  buildInputs = [
+    jansson
+    libbpf
+    libcap_ng
+    libelf
+    libevent
+    libmagic
+    libmaxminddb
+    libnet
+    libnetfilter_log
+    libnetfilter_queue
+    libnfnetlink
+    libpcap
+    libyaml
+    luajit
+    lz4
+    nspr
+    nss
+    pcre
+    python
+    zlib
+  ]
+  ++ lib.optional hyperscanSupport hyperscan
+  ++ lib.optionals redisSupport [ redis hiredis ]
+  ;
+
+  enableParallelBuilding = true;
+
+  patches = lib.optional stdenv.is64bit ./bpf_stubs_workaround.patch;
+
+  postPatch = ''
+    substituteInPlace ./configure \
+      --replace "/usr/bin/file" "${file}/bin/file"
+    substituteInPlace ./libhtp/configure \
+      --replace "/usr/bin/file" "${file}/bin/file"
+
+    mkdir -p bpf_stubs_workaround/gnu
+    touch bpf_stubs_workaround/gnu/stubs-32.h
+  '';
+
+  configureFlags = [
+    "--disable-gccmarch-native"
+    "--enable-af-packet"
+    "--enable-ebpf"
+    "--enable-ebpf-build"
+    "--enable-gccprotect"
+    "--enable-geoip"
+    "--enable-luajit"
+    "--enable-nflog"
+    "--enable-nfqueue"
+    "--enable-pie"
+    "--disable-prelude"
+    "--enable-python"
+    "--enable-unix-socket"
+    "--localstatedir=/var"
+    "--sysconfdir=/etc"
+    "--with-libnet-includes=${libnet}/include"
+    "--with-libnet-libraries=${libnet}/lib"
+  ]
+  ++ lib.optionals hyperscanSupport [
+    "--with-libhs-includes=${hyperscan.dev}/include/hs"
+    "--with-libhs-libraries=${hyperscan}/lib"
+  ]
+  ++ lib.optional redisSupport "--enable-hiredis"
+  ++ lib.optionals rustSupport [
+    "--enable-rust"
+    "--enable-rust-experimental"
+  ];
+
+  postConfigure = ''
+    # Avoid unintended clousure growth.
+    sed -i 's|/nix/store/\(.\{8\}\)[^-]*-|/nix/store/\1...-|g' ./src/build-info.h
+  '';
+
+  hardeningDisable = [ "stackprotector" ];
+
+  installFlags = [
+    "e_localstatedir=\${TMPDIR}"
+    "e_logdir=\${TMPDIR}"
+    "e_logcertsdir=\${TMPDIR}"
+    "e_logfilesdir=\${TMPDIR}"
+    "e_rundir=\${TMPDIR}"
+    "e_sysconfdir=\${out}/etc/suricata"
+    "e_sysconfrulesdir=\${out}/etc/suricata/rules"
+    "localstatedir=\${TMPDIR}"
+    "runstatedir=\${TMPDIR}"
+    "sysconfdir=\${out}/etc"
+  ];
+
+  installTargets = [ "install" "install-conf" ];
+
+  postInstall = ''
+    wrapProgram "$out/bin/suricatasc" \
+      --prefix PYTHONPATH : $PYTHONPATH:$(toPythonPath "$out")
+    substituteInPlace "$out/etc/suricata/suricata.yaml" \
+      --replace "/etc/suricata" "$out/etc/suricata"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "A free and open source, mature, fast and robust network threat detection engine";
+    homepage = "https://suricata-ids.org";
+    license = licenses.gpl2;
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ magenbluten ];
+  };
+}
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix
new file mode 100644
index 000000000000..a6189da7ee3e
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/default.nix
@@ -0,0 +1,63 @@
+{ stdenv
+, fetchurl
+, cmake
+, flex
+, bison
+, openssl
+, libpcap
+, zlib
+, file
+, curl
+, libmaxminddb
+, gperftools
+, python
+, swig
+, gettext
+, fetchpatch
+, coreutils
+}:
+let
+  preConfigure = (import ./script.nix {inherit coreutils;});
+in
+stdenv.mkDerivation rec {
+  pname = "zeek";
+  version = "3.2.1";
+
+  src = fetchurl {
+    url = "https://download.zeek.org/zeek-${version}.tar.gz";
+    sha256 = "0rybs79h0sq12vsayah8dixqac404z84rlvqynvzf3dh2lwcgg0y";
+  };
+
+  nativeBuildInputs = [ cmake flex bison file ];
+  buildInputs = [ openssl libpcap zlib curl libmaxminddb gperftools python swig ]
+    ++ stdenv.lib.optionals stdenv.isDarwin [ gettext ];
+
+  #see issue https://github.com/zeek/zeek/issues/804 to modify hardlinking duplicate files.
+  inherit preConfigure;
+
+  enableParallelBuilding = true;
+
+  patches = stdenv.lib.optionals stdenv.cc.isClang [
+    # Fix pybind c++17 build with Clang. See: https://github.com/pybind/pybind11/issues/1604
+    (fetchpatch {
+      url = "https://github.com/pybind/pybind11/commit/759221f5c56939f59d8f342a41f8e2d2cacbc8cf.patch";
+      sha256 = "17qznp8yavnv84fjsbghv3d59z6k6rx74j49w0izakmgw5a95w84";
+      extraPrefix = "auxil/broker/bindings/python/3rdparty/pybind11/";
+      stripLen = 1;
+    })
+  ];
+
+  cmakeFlags = [
+    "-DPY_MOD_INSTALL_DIR=${placeholder "out"}/${python.sitePackages}"
+    "-DENABLE_PERFTOOLS=true"
+    "-DINSTALL_AUX_TOOLS=true"
+  ];
+
+  meta = with stdenv.lib; {
+    description = "Powerful network analysis framework much different from a typical IDS";
+    homepage = "https://www.zeek.org";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ pSub marsam tobim ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix
new file mode 100644
index 000000000000..4c8bbcf22c03
--- /dev/null
+++ b/infra/libkookie/nixpkgs/pkgs/applications/networking/ids/zeek/script.nix
@@ -0,0 +1,69 @@
+{coreutils}:
+''
+   sed -i 's|/bin/mv|${coreutils}/bin/mv|' scripts/base/frameworks/logging/writers/ascii.zeek
+   sed -i 's|/bin/mv|${coreutils}/bin/mv|' scripts/policy/misc/trim-trace-file.zeek
+   sed -i 's|/bin/cat|${coreutils}/bin/cat|' scripts/base/frameworks/notice/actions/pp-alarms.zeek
+   sed -i 's|/bin/cat|${coreutils}/bin/cat|' scripts/base/frameworks/notice/main.zeek
+
+   sed -i "1i##! test dpd" $PWD/scripts/base/frameworks/dpd/__load__.zeek
+   sed -i "1i##! test x509" $PWD/scripts/base/files/x509/__load__.zeek
+   sed -i "1i##! test files-extract" $PWD/scripts/base/files/extract/__load__.zeek
+   sed -i "1i##! test files-hash" $PWD/scripts/base/files/hash/__load__.zeek
+   sed -i "1i##! test files-pe" $PWD/scripts/base/files/pe/__load__.zeek
+   sed -i "1i##! test analyzer" $PWD/scripts/base/frameworks/analyzer/__load__.zeek
+   sed -i "1i##! test cluster" $PWD/scripts/base/frameworks/cluster/__load__.zeek
+   sed -i "1i##! test config" $PWD/scripts/base/frameworks/config/__load__.zeek
+   sed -i "1i##! test contro" $PWD/scripts/base/frameworks/control/__load__.zeek
+   sed -i "1i##! test files" $PWD/scripts/base/frameworks/files/__load__.zeek
+   sed -i "1i##! test files-magic" $PWD/scripts/base/frameworks/files/magic/__load__.zeek
+   sed -i "1i##! test input" $PWD/scripts/base/frameworks/input/__load__.zeek
+   sed -i "1i##! test intel" $PWD/scripts/base/frameworks/intel/__load__.zeek
+   sed -i "1i##! test logging" $PWD/scripts/base/frameworks/logging/__load__.zeek
+   sed -i "1i##! test logging-postprocessors" $PWD/scripts/base/frameworks/logging/postprocessors/__load__.zeek
+   sed -i "1i##! test netcontrol" $PWD/scripts/base/frameworks/netcontrol/__load__.zeek
+   sed -i "1i##! test netcontrol-plugins" $PWD/scripts/base/frameworks/netcontrol/plugins/__load__.zeek
+   sed -i "1i##! test notice" $PWD/scripts/base/frameworks/notice/__load__.zeek
+   sed -i "1i##! test openflow" $PWD/scripts/base/frameworks/openflow/__load__.zeek
+   sed -i "1i##! test openflow-plugins" $PWD/scripts/base/frameworks/openflow/plugins/__load__.zeek
+   sed -i "1i##! test packet-filter" $PWD/scripts/base/frameworks/packet-filter/__load__.zeek
+   sed -i "1i##! test reporter" $PWD/scripts/base/frameworks/reporter/__load__.zeek
+   sed -i "1i##! test signatures" $PWD/scripts/base/frameworks/signatures/__load__.zeek
+   sed -i "1i##! test software" $PWD/scripts/base/frameworks/software/__load__.zeek
+   sed -i "1i##! test sumstats" $PWD/scripts/base/frameworks/sumstats/__load__.zeek
+   sed -i "1i##! test sumstats-plugins" $PWD/scripts/base/frameworks/sumstats/plugins/__load__.zeek
+   sed -i "1i##! test conn" $PWD/scripts/base/protocols/conn/__load__.zeek
+   sed -i "1i##! test dce-rpc" $PWD/scripts/base/protocols/dce-rpc/__load__.zeek
+   sed -i "1i##! test dhcp" $PWD/scripts/base/protocols/dhcp/__load__.zeek
+   sed -i "1i##! test dnp3" $PWD/scripts/base/protocols/dnp3/__load__.zeek
+   sed -i "1i##! test dns" $PWD/scripts/base/protocols/dns/__load__.zeek
+   sed -i "1i##! test ftp" $PWD/scripts/base/protocols/ftp/__load__.zeek
+   sed -i "1i##! test http" $PWD/scripts/base/protocols/http/__load__.zeek
+   sed -i "1i##! test tunnels" $PWD/scripts/base/protocols/tunnels/__load__.zeek
+   sed -i "1i##! test imap" $PWD/scripts/base/protocols/imap/__load__.zeek
+   sed -i "1i##! test irc" $PWD/scripts/base/protocols/irc/__load__.zeek
+   sed -i "1i##! test krb" $PWD/scripts/base/protocols/krb/__load__.zeek
+   sed -i "1i##! test modbus" $PWD/scripts/base/protocols/modbus/__load__.zeek
+   sed -i "1i##! test mqtt" $PWD/scripts/base/protocols/mqtt/__load__.zeek
+   sed -i "1i##! test mysql" $PWD/scripts/base/protocols/mysql/__load__.zeek
+   sed -i "1i##! test ntlm" $PWD/scripts/base/protocols/ntlm/__load__.zeek
+   sed -i "1i##! test ntp" $PWD/scripts/base/protocols/ntp/__load__.zeek
+   sed -i "1i##! test pop3" $PWD/scripts/base/protocols/pop3/__load__.zeek
+   sed -i "1i##! test radius" $PWD/scripts/base/protocols/radius/__load__.zeek
+   sed -i "1i##! test rdp" $PWD/scripts/base/protocols/rdp/__load__.zeek
+   sed -i "1i##! test rfb" $PWD/scripts/base/protocols/rfb/__load__.zeek
+   sed -i "1i##! test sip" $PWD/scripts/base/protocols/sip/__load__.zeek
+   sed -i "1i##! test smb" $PWD/scripts/base/protocols/smb/__load__.zeek
+   sed -i "1i##! test smtp" $PWD/scripts/base/protocols/smtp/__load__.zeek
+   sed -i "1i##! test snmp" $PWD/scripts/base/protocols/snmp/__load__.zeek
+   sed -i "1i##! test socks" $PWD/scripts/base/protocols/socks/__load__.zeek
+   sed -i "1i##! test ssh" $PWD/scripts/base/protocols/ssh/__load__.zeek
+   sed -i "1i##! test ssl" $PWD/scripts/base/protocols/ssl/__load__.zeek
+   sed -i "1i##! test syslog" $PWD/scripts/base/protocols/syslog/__load__.zeek
+   sed -i "1i##! test xmpp" $PWD/scripts/base/protocols/xmpp/__load__.zeek
+   sed -i "1i##! test unified2" $PWD/scripts/policy/files/unified2/__load__.zeek
+   sed -i "1i##! test intel-seen" $PWD/scripts/policy/frameworks/intel/seen/__load__.zeek
+   sed -i "1i##! test notice" $PWD/scripts/policy/frameworks/notice/__load__.zeek
+   sed -i "1i##! test barnyard2" $PWD/scripts/policy/integration/barnyard2/__load__.zeek
+   sed -i "1i##! test collective-intel" $PWD/scripts/policy/integration/collective-intel/__load__.zeek
+   sed -i "1i##! test detect-traceroute" $PWD/scripts/policy/misc/detect-traceroute/__load__.zeek
+''