Mailing List Archive

There's a couple of fairly recent discussions in the forums about snort on Sparc:

http://forums.gentoo.org/viewtopic-t-314212.html
http://forums.gentoo.org/viewtopic-t-456504.html

From what I see there, the package is masked because it's broken on Sparc.


That was a couple of months ago, though, so things may have changed.

Ralph Mitchell


-----Original Message-----
From: gentuxx [mailto:gentuxx@gmail.com]
Sent: Thu 8/3/2006 2:57 AM
To: gentoo-sparc@lists.gentoo.org
Subject: [gentoo-sparc] Snort?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I noticed this:

* net-analyzer/snort
Available versions: -2.4.5 [M]2.6.0
Installed: none
Homepage: http://www.snort.org/
Description: Libpcap-based packet
sniffer/logger/lightweight IDS


I'm not sure what '-' and '[M]' means in eix, quite yet. (I've just
started using eix.) I also noticed in packages.gentoo.org that it
isn't even on the map for sparc. So, am I stuck with downloading the
sources, and managing it outside of portage? I'd really rather not do
that. Is it really that unstable? Or is there just no one to build
the ebuild for sparc? If it's the latter, I might be able to help,
but I'd like some insight before I go diving into a project like that.

Thanks.

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE0ax+TPA54hjTSp4RAp/7AKCW0Jxg5PX9TG6WBZahgvPBHg3SnQCfcWJ6
zOJ5WWUt800rox67LkOaLEo=
=eAIr
-----END PGP SIGNATURE-----

--
gentoo-sparc@gentoo.org mailing list

On 8/3/06, gentuxx <gentuxx@gmail.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I noticed this:
>
> * net-analyzer/snort
> Available versions: -2.4.5 [M]2.6.0
> Installed: none
> Homepage: http://www.snort.org/
> Description: Libpcap-based packet
> sniffer/logger/lightweight IDS
>
>
> I'm not sure what '-' and '[M]' means in eix, quite yet. (I've just
> started using eix.) I also noticed in packages.gentoo.org that it
> isn't even on the map for sparc. So, am I stuck with downloading the
> sources, and managing it outside of portage? I'd really rather not do
> that. Is it really that unstable? Or is there just no one to build
> the ebuild for sparc? If it's the latter, I might be able to help,
> but I'd like some insight before I go diving into a project like that.
>
> Thanks.
>
> - --
> gentux
> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>


Snort on Sparc works for the most part. It seems like if it tries to
process more than about 150MB/s it'll sig11, and if it runs for more
than a few days it sig11s. It's not really any better on
Solaris/Sparc, so it's just a basic incompatibility with the Sparc
architecture and Snort. If you do decide to stick with it, I recommend
a simple cron job that restarts Snort every day, that seems to work
pretty well for me. With as cheap as x86 hardware is though, I highly
recommend you just pick up a cheap box and use that for Snort.

HTH,
Mike
--
gentoo-sparc@gentoo.org mailing list

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Owen wrote:
> On 8/3/06, gentuxx <gentuxx@gmail.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I noticed this:
>>
>> * net-analyzer/snort
>> Available versions: -2.4.5 [M]2.6.0
>> Installed: none
>> Homepage: http://www.snort.org/
>> Description: Libpcap-based packet
>> sniffer/logger/lightweight IDS
>>
>>
>> I'm not sure what '-' and '[M]' means in eix, quite yet. (I've just
>> started using eix.) I also noticed in packages.gentoo.org that it
>> isn't even on the map for sparc. So, am I stuck with downloading the
>> sources, and managing it outside of portage? I'd really rather not do
>> that. Is it really that unstable? Or is there just no one to build
>> the ebuild for sparc? If it's the latter, I might be able to help,
>> but I'd like some insight before I go diving into a project like that.
>>
>> Thanks.
>>
>> - --
>> gentux
>> echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
>>
>
>
> Snort on Sparc works for the most part. It seems like if it tries to
> process more than about 150MB/s it'll sig11, and if it runs for more
> than a few days it sig11s. It's not really any better on
> Solaris/Sparc, so it's just a basic incompatibility with the Sparc
> architecture and Snort. If you do decide to stick with it, I recommend
> a simple cron job that restarts Snort every day, that seems to work
> pretty well for me. With as cheap as x86 hardware is though, I highly
> recommend you just pick up a cheap box and use that for Snort.
>
> HTH,
> Mike
Well, I have been toying with building a custom Smoothwall/IPCop type
firewall/router for my own use (not for distribution), based on gentoo
and php (instead of redhat and perl). A couple years ago, I managed
to pick up a bunch of U1s from eBay for literally a dollar a piece,
and just recently, a friend passed a U5 to me. So, I was looking to
use what I had available.

So, if I wanted to *test it* and/or live with restarting it once a
day, how do I unmask it so emerge will install it?
(/etc/portage/package.keywords didn't work)

- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE1mz8TPA54hjTSp4RAkl4AKCtXfqVGN6ihgMhDsc8Zyd67Qr8QgCfZPje
4GvcWKIlZJY++wOb5Y2SgMo=
=wHBV
-----END PGP SIGNATURE-----

--
gentoo-sparc@gentoo.org mailing list

On Sun, 06 Aug 2006 15:28:13 -0700
gentuxx <gentuxx@gmail.com> wrote:

> So, if I wanted to *test it* and/or live with restarting it once a
> day, how do I unmask it so emerge will install it?
> (/etc/portage/package.keywords didn't work)

NOTE: The advice given below is not recommended for working around
packages that are masked or lack sparc keywords. Specifically, if an
ebuild has a -sparc keyword, it is known the software is broken.

Chances are you didn't do it quite right. You'll probably want an
entry like "net-analyzer/snort ~x86" in package.keywords. If I add
this to /etc/portage/package.keywords on a sparc system with stable
keywords, I can now emerge snort-2.4.5.

Cheers,
--
Jason Wever
Gentoo/Sparc Team Co-Lead

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Jason Wever wrote:
> On Sun, 06 Aug 2006 15:28:13 -0700
> gentuxx <gentuxx@gmail.com> wrote:
>
>> So, if I wanted to *test it* and/or live with restarting it once a
>> day, how do I unmask it so emerge will install it?
>> (/etc/portage/package.keywords didn't work)
>
> NOTE: The advice given below is not recommended for working around
> packages that are masked or lack sparc keywords. Specifically, if an
> ebuild has a -sparc keyword, it is known the software is broken.
>
Understood and accepted. ;-)
> Chances are you didn't do it quite right. You'll probably want an
> entry like "net-analyzer/snort ~x86" in package.keywords. If I add
> this to /etc/portage/package.keywords on a sparc system with stable
> keywords, I can now emerge snort-2.4.5.
>
> Cheers,
Putting "~x86" in package.keywords still gets me this:

jupiter portage # emerge -pv snort

These are the packages that would be merged, in order:

Calculating dependencies
!!! All ebuilds that could satisfy "snort" have been masked.
!!! One of the following masked packages is required to complete your
request:
- - net-analyzer/snort-2.6.0 (masked by: package.mask)
# Marcelo Goes <vanquirius@gentoo.org> (07 Jul 2006)
# Masked for testing
# Please see bug 136250 for more details

- - net-analyzer/snort-2.4.5 (masked by: -sparc keyword)

For more information, see MASKED PACKAGES section in the emerge man
page or
refer to the Gentoo Handbook.

But putting '-sparc' seems to work:

jupiter portage # emerge -av snort

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] net-libs/libpcap-0.9.4 USE="-ipv6" 415 kB
[ebuild N ] dev-libs/libpcre-6.3 USE="-doc" 552 kB
[ebuild N ] net-analyzer/snort-2.4.5 USE="ssl -flexresp -inline
- -mysql -odbc -postgres -prelude -sguil -snortsam" 3,540 kB

Total size of downloads: 4,508 kB

Would you like to merge these packages? [Yes/No]


- --
gentux
echo "hfouvyyAhnbjm/dpn" | perl -pe 's/(.)/chr(ord($1)-1)/ge'

gentux's gpg fingerprint ==> 5495 0388 67FF 0B89 1239 D840 4CF0 39E2
18D3 4A9E
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE1obSTPA54hjTSp4RAmOcAJ4vppYK/U6tMWBnNE7emA/jYGodxgCfQVOa
iLPvuDCyKu4Dko5A0orS1D0=
=IBdR
-----END PGP SIGNATURE-----

--
gentoo-sparc@gentoo.org mailing list