Created attachment 160286 [details] Makefile for yaf for ports/pkg I updated the YAF port Makefile to enable more options, changed the default build options, and updated the version to YAF 2.7.1. The Makefile, pkg-plist, and distinfo file are attached. They passed the "poudiere testport" command on amd64 for FreeBSD 10.2. I'll submit them to some test build system/server if there is such a thing if someone lets me know where/how to do that.
Created attachment 160287 [details] pkg-plist for updated yaf
Created attachment 160288 [details] distinfo file - includes sizes and SHA256 for previous YAF versions as well.
Can you update your patch to handle 2.8.0 ?
Actually, I've already done the work to do the port for the newer version of YAF. But I was also working on porting super_mediator (http://tools.netsa.cert.org) with YAF at the same time - that's 95% done as well. Both YAF and super_mediator require an updated libfixbuf. Anyway, I have the stuff for a YAF update and I'll post that ASAP - with or without the super_mediator port file.
I'll post this after I've added support for PF_RING which I didn't add when I did the work over the holidays – double checking what I've done. Fixbug and SiLK are up to date, so I just need to post the YAF patches. (And finish and post super_mediator.)
@Chris, can you please provide your changes in a single unified diff file please, ideally by `svn diff`
I didn't do svndiff (sorry missed that detail) I did create a diff/patch using diff -rupN to create the patch file. I can create the svndiff file if you still want/need it. Hopefully I'll get the netmap driver added into the code base as well. But that will come out with a release update to YAF, not as a FreeBSD patch.
Created attachment 166531 [details] patch to take the current YAF 2.8.0 definition and include the build options
Testbuilds fine (with added newline for pkg-plist 8-)
If I disable all options, the build fails with: libtool: compile: cc -DHAVE_CONFIG_H -I. -I../include/yaf -I../airframe/include/airframe -I../libltdl -I../include -I../include -I../airframe/include -I../airframe/include -Wall -Wno-comment -Wno-long-long -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -I/usr/local/include -I/usr/local/include -I/usr/local/include/glib-2.0 -I/usr/local/lib/glib-2.0/include -DYAF_CONF_DIR=\"/usr/local/etc\" -O2 -pipe -fstack-protector -fno-strict-aliasing -I/usr/local/include -MT libyaf_la-yaftab.lo -MD -MP -MF .deps/libyaf_la-yaftab.Tpo -c yaftab.c -fPIC -DPIC -o .libs/libyaf_la-yaftab.o yaftab.c:911:15: error: no member named 'paylen' in 'struct yfFlowVal_st' fn->f.val.paylen = 0; ~~~~~~~~~ ^ yaftab.c:912:16: error: no member named 'paylen' in 'struct yfFlowVal_st' fn->f.rval.paylen = 0; ~~~~~~~~~~ ^ yaftab.c:985:14: error: no member named 'payload' in 'struct yfFlowVal_st' valtemp->payload = NULL; ~~~~~~~ ^
Test shows: It needs at least APPLABEL, PLUGIN and PAYLOAD on to build. Is it useful to have those as options if it does not build without those ?
Final question for today 8-): Which combination provides combined IPv4 and IPv6 flows ? Does it support IPv6 at all ?
build bug ========= Can we hold back on pushing this out for YAF 2.8.0? I'll get a YAF 2.8.1 released which includes the build fix for not having <code>payload</code> enabled by the end of next week. I would much prefer to have that as the solution – especially as a YAF stakeholder. I'll do the updates to the checksums to support 2.8.1 when it's available. IPv6 support ============ By default YAF does support IPv6. You can disable IPv6 support by enabling the compact IPv4. The compact IPv4 option really functions to reduce the flow table memory allocated while YAF operates by eliminating the extra space to hold IPv6 addresses. The output of YAF doesn't change because YAF will always use the appropriate data elements on the wire depending on the traffic that was observed. The flow table allocates a static structure internally which either has room for IPv6 addresses or it doesn't.
(In reply to Chris Inacio from comment #13) > Can we hold back on pushing this out for YAF 2.8.0? Yes, sure. If you think it needs more time to really get into shape, no problem! Thanks for the IPv6 hints. Maybe I find the time for tests 8-}
YAF 2.8.1 is released which fixes the no-payload configure switch build option. I updated my distinfo, etc. but it doesn't seem to be fetching via poudeire. I'll try again later, but the fix in the code base. I'll send up the diff as soon as I can get it to verify.
I am fine with default options as long there is ports/UPDATING entry. I tried locally here in my desktop. With default options everything looks good. Please go ahead commit it and dont forget adding ports/UPDATING entry. Thanks you!
I smoke tested this fix against YAF 2.8.1; should be okay. svnup ports is glacially slow, so I apologize if the diff isn't 100% up to date.
Created attachment 166620 [details] diff for supporting YAF 2.8.1 latest diff
Latest diff with no options selected builds, but has invalid pkg-plist. Fails configure with all options selected: Package 'libp0f', required by 'world', not found While the idea of many options looks promising, it probably needs thorough testing ?
agreed - is there a poudeire way of doing that?
I can write a script, but is there anything built in?
(In reply to Chris Inacio from comment #20) I'm not aware of any tool to help permutate all option settings. I think testing the 'default', 'no-opts' and 'all-opts' case should be enough for now, and fixing other combinations as they are reported.
Btw, the way I test options is like this: I have a build host where I build ports by cd /usr/ports/<someport> make config make check-plist This writes into /var/db/ports/<someport>/options. By symlinking /var/db/ports to /usr/local/etc/poudriere.d/options, all my jails are using the configs I choose on the build host itself.
Created attachment 167420 [details] new patch that works with all options enabled, includes support for libp0f port this should work for all options enabled, and the default options.
Testbuilds@work
The testcase with all options off fails with pkg-plist listing many missing libs. See http://people.freebsd.org/~pi/logs/net-mgmt__yaf-93a-1457266416.txt
A commit references this bug: Author: pi Date: Sun Mar 6 14:40:47 UTC 2016 New revision: 410460 URL: https://svnweb.freebsd.org/changeset/ports/410460 Log: net-mgmt/yaf: 2.8.0 -> 2.8.1, with many new OPTIONs - Fix compile error when configured with --disable-payload - Force buffer emit with IPFIX Options record when inactive Please report if you find OPTION combinations that cause problems. PR: 202611 Submitted by: Chris Inacio <nacho319+freebsdZilla@gmail.com> Approved by: dikshie@sfc.wide.ad.jp Changes: head/UPDATING head/net-mgmt/yaf/Makefile head/net-mgmt/yaf/distinfo head/net-mgmt/yaf/pkg-plist
Committed, thanks!