reinit the tree, so we can have metadata

author: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
committer: V3n3RiX <venerix@redcorelinux.org> 2017-10-09 18:53:29 +0100
commit: 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree: ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-analyzer/suricata
16 files changed, 1317 insertions, 0 deletions
diff --git a/net-analyzer/suricata/Manifest b/net-analyzer/suricata/Manifest
new file mode 100644
index 000000000000..f7c7ab13834a
--- /dev/null
+++ b/net-analyzer/suricata/Manifest
@@ -0,0 +1,21 @@
+AUX fortify_source-numeric.patch 407 SHA256 fa4c9efc3e63b42a46b323ce58d8c42978b1d6a519f74b90b8aa3a124cd8e707 SHA512 7b8e2cd5353ad5b3129143a43ecd03d056bd71b048e52934efe5a50033fd8a62eee12cd9b773303b497834b1899ad69071f37cafe9c72d3ae180151788af6392 WHIRLPOOL 1d2678613e95dde98503d7679ba0f0c2ed65c6ecf99ff81a800583d65c72d662208f4916fa6eb4dfc37bfd0c75a56fb3678974d43942ea64f75ca712452148e5
+AUX json.patch 276 SHA256 9c6e9344b71a3c19cedc89a47670de76566d06d9895eeae8fbade60231506d96 SHA512 7deec6818ddad384bd6721e363599c0bcd38ba20f8f23673abf90559ccb67bc7c0b5734c0dec8e74501c4032f50dccf069f1d8ddd8c2d69aab79abfbe56181ca WHIRLPOOL 5fad1edf495382ba5d20f0c1cd31057af971f1ab45c305755fc7a0e37b69e6c94ee0897b4fd7eb448d79b95921158f1553b4a11540935d5401d6c8e1e36c986b
+AUX magic-location.patch 352 SHA256 2b66722559f2a2f9c4b1051468cfae0cbcbba3cf3b24b1dd7cc3870f6d97be00 SHA512 0cb2fbcf65c3ce567da0492b0b0b0ff5e6ce50390e2879131e2b912433c5540f7822bcf15cc4eb556d023105bbbff554aa990cc366b6b995482e98ecdf61c07f WHIRLPOOL d82ccfa9c9bb98e5b0c28e68921a174c3af7fd68fd8035004c7be6166422bada767d75b2da2bbceee0e64d23bf7dd8c5d77c222a4f41cf248611f39e63c13f12
+AUX suricata-3.2-conf 2767 SHA256 4597ab2e3bda0d45a33717d2d90f75cb7684bf0ef3d6d67898922bf86318301a SHA512 fd3aec48b4e7e52f192af117f3cda063c5614f33082986dca4e3bdf7a46d62655cd03a1d723db9d36a1b1f84964dc2273e3bf00fb23648902639b18a64025d6b WHIRLPOOL 8a5a110741bd5ebaeb77f146fc1b6d73d3dfa4f1fcbd34e96e1e5038186550d084159b54d457e311eef9495d402121d38ad3d0b6b9abc940f7929d8d0e7b469a
+AUX suricata-3.2-init 5499 SHA256 53b0fcbc91eb1b277e2f85e229fc33ca242a052d833d50e61dd7be46a2ffa436 SHA512 2f13036bd34e91760dfc53be3f6b9b2579a48e7e3146a5c2fcb9b83b949f5e979cab8001ebd4a6732d620f05c71b0a112028b86f423c126145941119c09456d0 WHIRLPOOL f64c2eefa9b23d6c5e461ee43bb006903b2c593b806c568b989aa283b50bdb05fed68684a08b31f8bcf8de278a496f45d130b313b184a72f37c39790a79d504b
+AUX suricata-3.2.1-conf 2767 SHA256 4597ab2e3bda0d45a33717d2d90f75cb7684bf0ef3d6d67898922bf86318301a SHA512 fd3aec48b4e7e52f192af117f3cda063c5614f33082986dca4e3bdf7a46d62655cd03a1d723db9d36a1b1f84964dc2273e3bf00fb23648902639b18a64025d6b WHIRLPOOL 8a5a110741bd5ebaeb77f146fc1b6d73d3dfa4f1fcbd34e96e1e5038186550d084159b54d457e311eef9495d402121d38ad3d0b6b9abc940f7929d8d0e7b469a
+AUX suricata-3.2.1-init 5499 SHA256 53b0fcbc91eb1b277e2f85e229fc33ca242a052d833d50e61dd7be46a2ffa436 SHA512 2f13036bd34e91760dfc53be3f6b9b2579a48e7e3146a5c2fcb9b83b949f5e979cab8001ebd4a6732d620f05c71b0a112028b86f423c126145941119c09456d0 WHIRLPOOL f64c2eefa9b23d6c5e461ee43bb006903b2c593b806c568b989aa283b50bdb05fed68684a08b31f8bcf8de278a496f45d130b313b184a72f37c39790a79d504b
+AUX suricata-logrotate 161 SHA256 7e8a4a3541387d51d5c65a2bf7d8db66f7535a87feeca200a83c002cf9994f8f SHA512 c22a85667460df9b7b1fd15af1e4472dd5b7d1726a43f3b621547a884dcd64ff49b0728767d6a4dc70c413dd8997905e3753fa94c82cda34e4aaf903ebdb1cec WHIRLPOOL d6de009066dd75a3170acd876a3e71549b24512582ccdc41cc3184e29c924c8de467a984d65a0bd030741642a3e4c3313a072b16cc45787521d243a2620c83d5
+DIST suricata-2.0.11.tar.gz 3091124 SHA256 c607f1e18e5636830f42a83f7c67e1466f07db82853f3a9dba4ab8c6c3bc656e SHA512 659e893fef3cdcca8440f2af7596d5cc58b142d3350b9ea5ba57d855c6759a00adafeb15a1dfe91dd55eca1437487eb4e842b4e2913d12417f0b906ca3d54ec9 WHIRLPOOL 5cfa55abd90284a0a3441853af9db18075a23fa5661d89448b409b8fdd1031ad348d76d455b7dfe7b2688e69633f5bbb65dc060cc2426af017ab1bcb824c9ac5
+DIST suricata-3.0.1.tar.gz 3315637 SHA256 74c685f8da51b3f038a7b8185bdbed274aca25daf64ac7ea01eea60636727f26 SHA512 cd10f5b19dd7b6ccbed668263b54d93738842191e71391b040aa7fc2049ac597feb38cd333f07b15d30ebeaf778f6abe18b72215e609891608dca094531c7fd8 WHIRLPOOL a1f6c8ee760cac9e3daa3358e89d30b4a24441fb975214ae2fe165fcb697b4292e035007323041febdc0d8f09b16666515aba76f60f1e437d865193db3deb25d
+DIST suricata-3.1.3.tar.gz 3340627 SHA256 bd89c269e29b03a8898ccabccfb7fcab11c1aa036444772e117705f3b37b4174 SHA512 d29c2c4344d52ba3d8c5ed4331a35b512e323c9a13a73e3039df6406d8c6389d05e3b311db6b561125c12dfbea67b121afbdecb7f0a5cb0594cf339b492726fb WHIRLPOOL 720f668480bfa05e7e6c32bb63f09af6d38e46b909ab4d0d9879cd069436215eb3b4bb1778147de82344b6879a1b3e04da0af2e14084bb1b74472ecc727c4ebe
+DIST suricata-3.2.1.tar.gz 11754332 SHA256 0e0b0cf49016804bb2fb1fc4327341617e76a67902f4e03e0ef6d16c1d7d3994 SHA512 6b0e5565368a085f059f62c9862364a9fcd970158b17671a25bcbed9b3ef8fcf857b1760a6d186ebe3227dde45070bc69a8b0d0bfd341f39a4d42ef93d12f290 WHIRLPOOL 6469191d11f8bd3cf4fab80650d4fbf380c74e3502867e446f57fd297d3f8bbd9b23e452dcb2c559496e8f64f9e9822c5f0303a6351ec13a32fd172a39d3ca05
+DIST suricata-3.2.tar.gz 11732080 SHA256 41cbe19c6fd6bd51ebcbc29063f558e2fbba4a2450e5809fee2e461f16a4ed68 SHA512 327f5a62449af44f6cb95220e1ff9bf61b51db7bd25f2b1e8def3e8650ba754304cf9d02fc30b46b6cbaa6b5f94fa3d4be90edb8a293ff3b6c0927b596a2976e WHIRLPOOL b6d4c2c08e34da2b4dee4087831a0a9dcad836737489e2599938d74b74c624e455d0f1299ef7c4e70df038ac13dcd29344c2117b44310f8dc42d9f0fad0c3e15
+EBUILD suricata-2.0.11.ebuild 2786 SHA256 935516dfe48624d072e2992f18cec0e13275ed1002867e103b213ec07dd7fe9a SHA512 c077788ff428b1d52ed5d307463520292e71daf728676fd9be92ea23da6d5ba20ec6957f932efc33e801b4a7d6be5090df166167cdb429be70b9420607f7518c WHIRLPOOL 6b8e041528dec06640fb1a78aca34b80e8ee555143b0990feda0ea614f53949180b107b74a3a9e404eeb6b71b1fa16b7ce1eba85c1fa3b22563ba55e55114f70
+EBUILD suricata-3.0.1.ebuild 2658 SHA256 4402c743c932623ad06458d45215cdd73145180c6f33b329565695f77850271e SHA512 2d9cc77b9dd82db6ccacf0d9ed5711ccc204b8d02325523dbbde266da71347e2bcb74be79ddb2b70278916ef4a779fe6bf7e7037eb77092939ee33a2b5f3d948 WHIRLPOOL 6957b9589ca037415395bf59ddb2b8974cb9e262c0e6a4d3ae46009fd82243342aadff5576237eb6bdccddc57fb88aea5214abc4a9cfcef42588585452d28a44
+EBUILD suricata-3.1.3.ebuild 2770 SHA256 cd764a576b29c4831a6ee996fb092c34ae242516f8657dc86f2bb65056d7350c SHA512 7d8a2e934c5f62aca4bc11faff14d39f92aaf8ab0ac802f6f1c1187061880ec3fa5b13c4192be19909000232eb91b1bcee76fc0af76543f00bb981e2b3542a3b WHIRLPOOL 67dd5c49e675229bf53fd423c4d4b40c5fc76d82e93c840f3e963cf4fafd3c3e3b17ee6b2017c7ee49ea370de6d6dcf3601617cea3f6b56c0d957e563d06d135
+EBUILD suricata-3.2-r1.ebuild 4490 SHA256 289aab11669d601bc333f6cdc03dc2bb64895cbf1883a5c9613dd19db7bd45ae SHA512 b143e94b1fbc444c2af5676bfb859e9780261a1b5435bd2018329736e81ac386c4927edf494fced53bba349535b26d48276b2be8e4c23bb9870e8174625da3a6 WHIRLPOOL 6e8bd825308e6c9afe81a99a19326697b027afd3eb63c7e6581a820152a75b2fd927eb41e7c3384a8ba5b097a2b36900fd363ec82c4d466dc0062b6eefdec84a
+EBUILD suricata-3.2.1.ebuild 4457 SHA256 1ad237a074ba4df27933a59d33b695d1b4ba8fe72ce2744bc8e5a1d1170cdee1 SHA512 f379ff6dd6137a4fc8541941f62f401f1ca73b1d635336eec27db30009ac7d2c32b7ec81f66c76b52b277e9c37b45da1a367a37f0c6f5540250fd58dcb69a790 WHIRLPOOL 1c9f90290787708169de3264b93f95726704a2f071846f341eec3194e1df310cbac188c9ec90ab68cc26e97e173175af421e11499463aab5fce34f7c08c4b75e
+EBUILD suricata-3.2.ebuild 3955 SHA256 6938b04bd7617d206b7ff0b4b092a8f5576a5e9384429828e16863846c5eb504 SHA512 a61cc818e963174184dbd3b1ba025138294856453c03ea60b8d6f66f41e040ad10e59982df750c7468cd3968789da0ea40f61ef8369c00c44ed3160cadab9539 WHIRLPOOL 664af824047845b86de6d5046cda479a62831e76bb568d28b6ac3cee11f543453634f6914d83c1a5a398dbb3bf555ee0942a5c044b9da921430f830b2031650f
+MISC ChangeLog 2855 SHA256 b1dab0f0a3876a0ff424a25c0cc2a52e3bf33e5010e4184e1d7b095ddb1007e9 SHA512 b2146e640c59d87c64c7b7e8bb1925da466db770eb5cbc0b6f09630b26b0dd9f5a2413d1c9580cb7421fea37711ce89be008ab704c76a31e7a165e11a95cce2d WHIRLPOOL b6c2a9a10feb1c0505798925400d144ec7e90ade6998a9bc5a6921e8f3381b33a35ce9d80a4580fb072fff7700da7f97c126de93837e5705cb607ed3eb45919e
+MISC metadata.xml 828 SHA256 5c9e69031f5b6705134839fa2c1cbd157f612d84cd8d78525f22d54fe1e31daf SHA512 b9508afecf680f4e4b48fa88853170ba30b4d7d3e0cb6696405a742dfeb1ae2039cb8979793e37526d082ca252fc828688973c1395dd50ff5a61b86c6433fe70 WHIRLPOOL 7dc5ecc22e635774d315af3fb3d8ea659ba988f35d7c6063396d9d3c8f2a9e8c23aabb7df9f9282e1612ccf02c505e75860ff9dcc9488461f6859423923450b0
diff --git a/net-analyzer/suricata/files/fortify_source-numeric.patch b/net-analyzer/suricata/files/fortify_source-numeric.patch
new file mode 100644
index 000000000000..0a7f4827ea05
--- /dev/null
+++ b/net-analyzer/suricata/files/fortify_source-numeric.patch
@@ -0,0 +1,11 @@
+--- a/src/suricata.c	2015-10-02 00:21:55.634213646 +0200
++++ b/src/suricata.c	2015-10-02 00:22:39.143940007 +0200
+@@ -774,7 +774,7 @@
+     printf("compiled with -fstack-protector-all\n");
+ #endif
+ #ifdef _FORTIFY_SOURCE
+-    printf("compiled with _FORTIFY_SOURCE=%d\n", _FORTIFY_SOURCE);
++    printf("compiled with _FORTIFY_SOURCE\n");
+ #endif
+ #ifdef CLS
+     printf("L1 cache line size (CLS)=%d\n", CLS);
diff --git a/net-analyzer/suricata/files/json.patch b/net-analyzer/suricata/files/json.patch
new file mode 100644
index 000000000000..a542f351640d
--- /dev/null
+++ b/net-analyzer/suricata/files/json.patch
@@ -0,0 +1,10 @@
+--- src/output-json.h.orig	2015-11-21 21:56:24.996289587 +0100
++++ src/output-json.h	2015-11-21 21:57:11.419622642 +0100
+@@ -28,6 +28,7 @@
+ 
+ #ifdef HAVE_LIBJANSSON
+ 
++#include <jansson.h>
+ #include "suricata-common.h"
+ #include "util-buffer.h"
+ #include "util-logopenfile.h"
diff --git a/net-analyzer/suricata/files/magic-location.patch b/net-analyzer/suricata/files/magic-location.patch
new file mode 100644
index 000000000000..02681f934b06
--- /dev/null
+++ b/net-analyzer/suricata/files/magic-location.patch
@@ -0,0 +1,13 @@
+diff --git a/configure.ac b/configure.ac
+index 8b41eb0..3cdf0e7 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -182,7 +182,7 @@
+     fi
+     echo -n "installation for $host OS... "
+ 
+-    e_magic_file="/usr/share/file/magic"
++    e_magic_file="/usr/share/misc/magic.mgc"
+     case "$host" in
+         *-*-*freebsd*)
+             LUA_PC_NAME="lua-5.1"
diff --git a/net-analyzer/suricata/files/suricata-3.2-conf b/net-analyzer/suricata/files/suricata-3.2-conf
new file mode 100644
index 000000000000..655b947fdd9b
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2-conf
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="-i eth0"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
diff --git a/net-analyzer/suricata/files/suricata-3.2-init b/net-analyzer/suricata/files/suricata-3.2-init
new file mode 100644
index 000000000000..76dd521d7ada
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2-init
@@ -0,0 +1,147 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
+    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+    SURICATACONF=${SURICATA_CONF}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.pid"
+    SURICATAOPTS=${SURICATA_OPTS}
+    SURICATALOGPATH=${SURICATA_LOG_FILE}
+    SURICATAUSER=${SURICATA_USER}
+    SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+	need net
+	after mysql
+	after postgresql
+}
+
+checkconfig() {
+	if [ ! -d "/var/run/suricata" ] ; then
+		checkpath -d /var/run/suricata
+	fi
+	if [ ${#SURICATALOGPATH} -gt 0 ]; then
+		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+		if [ ! -d "${SURICATALOGPATH}" ] ; then
+			checkpath -d "${SURICATALOGPATH}"
+		fi
+		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+		fi
+		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+		SURICATALOGPATH="-l ${SURICATALOGPATH}"
+	fi
+	if [ ! -e ${SURICATACONF} ] ; then
+		einfo "The configuration file ${SURICATACONF} was not found."
+		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+		einfo "Take a look at the suricata arguments --set and --dump-config."
+	fi
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+	fi
+}
+
+initpidinfo() {
+	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+	if [ ${#SUR_PID} -gt 0 ]; then
+	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+	fi
+}
+
+checkpidinfo() {
+	initpidinfo
+        if [ ! -e ${SURICATAPID} ]; then
+        	eerror "${SVCNAME} isn't running"
+                return 1
+	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+		return 1
+	elif [ ${#SUR_USER} -eq 0 ]; then
+		eerror "Unable to determine user running ${SVCNAME}!"
+		return 1
+	elif [ "x${SUR_USER}" != "xroot" ]; then
+		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+	local SUR_EXIT=$?
+	if [ $((SUR_EXIT)) -ne 0 ]; then
+	    einfo "Could not start ${SURICATA_BIN} with:"
+	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+	    einfo "Exit code ${SUR_EXIT}"
+	fi
+	eend ${SUR_EXIT}
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+relog() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+dump() {
+	checkconfig || return 1
+	ebegin "Dumping ${SVCNAME} config values and quitting."
+	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+	eend $?
+}
diff --git a/net-analyzer/suricata/files/suricata-3.2.1-conf b/net-analyzer/suricata/files/suricata-3.2.1-conf
new file mode 100644
index 000000000000..655b947fdd9b
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2.1-conf
@@ -0,0 +1,62 @@
+# Config file for /etc/init.d/suricata*
+
+# Where config files are stored. Default:
+
+# SURICATA_DIR="/etc/suricata"
+
+# Pass options to each suricata service.
+#
+# You can launch more than one service at the same time with different options.
+# This can be useful in a multi-queue gateway, for example.
+# You can expand on the Suricata inline example found at:
+# http://suricata.readthedocs.io/en/latest/setting-up-ipsinline-for-linux.html
+# Instead of configuring iptables to send traffic to just one queue, you can configure it to "load balance"
+# on several queues. You can then have a Suricata instance processing traffic for each queue.
+# This should help improve performance on the gateway/firewall.
+#
+# Suppose you configured iptables to use queues 0 and 1 named q0 and q1. You can now do the following:
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q0
+# ln -s /etc/init.d/suricata /etc/init.d/suricata.q1
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q0.yaml
+# cp /etc/suricata/suricata.yaml /etc/suricata/suricata-q1.yaml
+#
+# Edit both suricata-q{0,1}.yaml files and set values accordingly.
+# You can override these yaml config file names with SURICATA_CONF* below (optional).
+# This allows you to use the same yaml config file for multiple instances as long as you override
+# sensible options such as the log file paths.
+# SURICATA_CONF_q0="suricata-queues.yaml"
+# SURICATA_CONF_q1="suricata-queues.yaml"
+# SURICATA_CONF="suricata.yaml"
+
+# You can define the options here:
+# NB: avoid using -l, -c, --user, --group and setting logging.outputs.1.file.filename as the init script will try to set them for you.
+
+# SURICATA_OPTS_q0="-q 0"
+# SURICATA_OPTS_q1="-q 1"
+
+# If you want to use ${SURICATA_DIR}/suricata.yaml and start the service with /etc/init.d/suricata
+# then you can set:
+
+SURICATA_OPTS="-i eth0"
+
+# Log paths listed here will be created by the init script and will override the log path
+# set in the yaml file, if present.
+# SURICATA_LOG_FILE_q0="/var/log/suricata/q0/suricata.log"
+# SURICATA_LOG_FILE_q1="/var/log/suricata/q1/suricata.log"
+# SURICATA_LOG_FILE="/var/log/suricata/suricata.log"
+
+# Run as user/group.
+# Do not define if you want to run as root or as the user defined in the yaml config file (run-as).
+# The ebuild should have created the dedicated user/group suricata:suricata for you to specify here below.
+# SURICATA_USER_q0="suricata"
+# SURICATA_GROUP_q0="suricata"
+# SURICATA_USER_q1="suricata"
+# SURICATA_GROUP_q1="suricata"
+# SURICATA_USER="suricata"
+# SURICATA_GROUP="suricata"
+
+# Suricata processes can take a long time to shut down.
+# If necessary, adjust timeout in seconds to be used when calling stop from the init script.
+# Examples:
+# SURICATA_MAX_WAIT_ON_STOP="300"
+# SURICATA_MAX_WAIT_ON_STOP="SIGTERM/30"
diff --git a/net-analyzer/suricata/files/suricata-3.2.1-init b/net-analyzer/suricata/files/suricata-3.2.1-init
new file mode 100644
index 000000000000..76dd521d7ada
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-3.2.1-init
@@ -0,0 +1,147 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+SURICATA_BIN=/usr/bin/suricata
+SURICATA_DIR=${SURICATA_DIR:-/etc/suricata}
+SURICATA=${SVCNAME#*.}
+SURICATAID=$(shell_var "${SURICATA}")
+if [ -n "${SURICATA}" ] && [ ${SVCNAME} != "suricata" ]; then
+    eval SURICATACONF=\$SURICATA_CONF_${SURICATAID}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata-${SURICATA}.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.${SURICATA}.pid"
+    eval SURICATAOPTS=\$SURICATA_OPTS_${SURICATAID}
+    eval SURICATALOGPATH=\$SURICATA_LOG_FILE_${SURICATAID}
+    eval SURICATAUSER=\$SURICATA_USER_${SURICATAID}
+    eval SURICATAGROUP=\$SURICATA_GROUP_${SURICATAID}
+else
+    SURICATACONF=${SURICATA_CONF}
+    [ ${#SURICATACONF} -eq 0 ] && SURICATACONF="${SURICATA_DIR}/suricata.yaml" || SURICATACONF="${SURICATA_DIR}/${SURICATACONF}"
+    SURICATAPID="/var/run/suricata/suricata.pid"
+    SURICATAOPTS=${SURICATA_OPTS}
+    SURICATALOGPATH=${SURICATA_LOG_FILE}
+    SURICATAUSER=${SURICATA_USER}
+    SURICATAGROUP=${SURICATA_GROUP}
+fi
+SURICATAUSER=${SURICATAUSER:-${SURICATA_USER}}
+SURICATAGROUP=${SURICATAGROUP:-${SURICATA_GROUP}}
+[ -e ${SURICATACONF} ] && SURICATAOPTS="-c ${SURICATACONF} ${SURICATAOPTS}"
+[[ -z "${SURICATA_MAX_WAIT_ON_STOP// }" ]] || SURICATA_RETRY="--retry ${SURICATA_MAX_WAIT_ON_STOP}"
+
+description="Suricata IDS/IPS"
+extra_commands="checkconfig dump"
+description_checkconfig="Check config for ${SVCNAME}"
+description_dump="List all config values that can be used with --set"
+extra_started_commands="reload relog"
+description_reload="Live rule and config reload"
+description_relog="Close and re-open all log files"
+
+depend() {
+	need net
+	after mysql
+	after postgresql
+}
+
+checkconfig() {
+	if [ ! -d "/var/run/suricata" ] ; then
+		checkpath -d /var/run/suricata
+	fi
+	if [ ${#SURICATALOGPATH} -gt 0 ]; then
+		SURICATALOGFILE=$( basename ${SURICATALOGPATH} )
+		SURICATALOGFILE=${SURICATALOGFILE:-suricata.log}
+		SURICATALOGPATH=$( dirname ${SURICATALOGPATH} )
+		if [ ! -d "${SURICATALOGPATH}" ] ; then
+			checkpath -d "${SURICATALOGPATH}"
+		fi
+		if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ] && [ -e "${SURICATALOGPATH}" ]; then
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}" || return 1
+			chown ${SURICATAUSER}:${SURICATAGROUP} "${SURICATALOGPATH}"/* >/dev/null 2>&1 3>&1
+		fi
+		SURICATAOPTS="${SURICATAOPTS} --set logging.outputs.1.file.filename=${SURICATALOGPATH}/${SURICATALOGFILE}"
+		SURICATALOGPATH="-l ${SURICATALOGPATH}"
+	fi
+	if [ ! -e ${SURICATACONF} ] ; then
+		einfo "The configuration file ${SURICATACONF} was not found."
+		einfo "If this is OK then make sure you set enough options for ${SVCNAME} in /etc/conf.d/suricata."
+		einfo "Take a look at the suricata arguments --set and --dump-config."
+	fi
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		einfo "${SVCNAME} will run as user ${SURICATAUSER}:${SURICATAGROUP}."
+		SURICATAOPTS="${SURICATAOPTS} --user=${SURICATAUSER} --group=${SURICATAGROUP}"
+	fi
+}
+
+initpidinfo() {
+	[ -e ${SURICATAPID} ] && SUR_PID="$(cat ${SURICATAPID})"
+	if [ ${#SUR_PID} -gt 0 ]; then
+	    SUR_PID_CHECK="$(ps -eo pid | grep -c ${SUR_PID})"
+	    SUR_USER="$(ps -p ${SUR_PID} --no-headers -o user)"
+	fi
+}
+
+checkpidinfo() {
+	initpidinfo
+        if [ ! -e ${SURICATAPID} ]; then
+        	eerror "${SVCNAME} isn't running"
+                return 1
+	elif [ ${#SUR_PID} -eq 0 ] || [ $((SUR_PID_CHECK)) -ne 1 ]; then
+		eerror "Could not determine PID of ${SVCNAME}! Did the service crash?"
+		return 1
+	elif [ ${#SUR_USER} -eq 0 ]; then
+		eerror "Unable to determine user running ${SVCNAME}!"
+		return 1
+	elif [ "x${SUR_USER}" != "xroot" ]; then
+		ewarn "${SVCNAME} may need to be running as root or as a priviledged user for the extra commands reload and relog to work."
+        fi
+}
+
+start() {
+	checkconfig || return 1
+	ebegin "Starting ${SVCNAME}"
+	start-stop-daemon --start --quiet --exec ${SURICATA_BIN} \
+		-- --pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH} >/dev/null 2>&1
+	local SUR_EXIT=$?
+	if [ $((SUR_EXIT)) -ne 0 ]; then
+	    einfo "Could not start ${SURICATA_BIN} with:"
+	    einfo "--pidfile ${SURICATAPID} -D ${SURICATAOPTS} ${SURICATALOGPATH}"
+	    einfo "Exit code ${SUR_EXIT}"
+	fi
+	eend ${SUR_EXIT}
+}
+
+stop() {
+	ebegin "Stopping ${SVCNAME}"
+	start-stop-daemon --stop ${SURICATA_RETRY} --quiet --pidfile ${SURICATAPID} >/dev/null 2>&1
+	eend $?
+}
+
+reload() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending USR2 signal to ${SVCNAME} to perform a live rule and config reload."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal USR2 --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal USR2 --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+relog() {
+	checkpidinfo || return 1
+	checkconfig || return 1
+	ebegin "Sending HUP signal to ${SVCNAME} to close and re-open all log files."
+	if [ ${#SURICATAUSER} -gt 0 ] && [ ${#SURICATAGROUP} -gt 0 ]; then
+		start-stop-daemon --user ${SURICATAUSER} --group ${SURICATAGROUP} --signal HUP --pidfile ${SURICATAPID}
+	else
+		start-stop-daemon --signal HUP --pidfile ${SURICATAPID}
+	fi
+	eend $?
+}
+
+dump() {
+	checkconfig || return 1
+	ebegin "Dumping ${SVCNAME} config values and quitting."
+	${SURICATA_BIN} --dump-config --pidfile ${SURICATAPID} ${SURICATAOPTS} ${SURICATALOGPATH}
+	eend $?
+}
diff --git a/net-analyzer/suricata/files/suricata-logrotate b/net-analyzer/suricata/files/suricata-logrotate
new file mode 100644
index 000000000000..7b22283ec7cf
--- /dev/null
+++ b/net-analyzer/suricata/files/suricata-logrotate
@@ -0,0 +1,10 @@
+/var/log/suricata/*.log /var/log/suricata/*.json {
+	rotate 3
+	missingok
+	nocompress
+	create
+	sharedscripts
+	postrotate
+		/etc/init.d/suricata relog
+	endscript
+}
diff --git a/net-analyzer/suricata/metadata.xml b/net-analyzer/suricata/metadata.xml
new file mode 100644
index 000000000000..58878c64f05c
--- /dev/null
+++ b/net-analyzer/suricata/metadata.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+  <maintainer type="person">
+    <email>slis@gentoo.org</email>
+  </maintainer>
+  <use>
+    <flag name="af-packet">Enable AF_PACKET support</flag>
+    <flag name="control-socket">Enable unix socket</flag>
+    <flag name="cuda">Enable NVIDIA Cuda computations support</flag>
+    <flag name="detection">Enable detection modules</flag>
+    <flag name="luajit">Enable Luajit support</flag>
+    <flag name="nflog">Enable libnetfilter_log support</flag>
+    <flag name="nfqueue">Enable NFQUEUE support for inline IDP</flag>
+    <flag name="redis">Enable Redis support</flag>
+    <flag name="rules">Install default ruleset</flag>
+    <flag name="logrotate">Install logrotate rule</flag>
+  </use>
+</pkgmetadata>
diff --git a/net-analyzer/suricata/suricata-2.0.11.ebuild b/net-analyzer/suricata/suricata-2.0.11.ebuild
new file mode 100644
index 000000000000..cebe46b654e3
--- /dev/null
+++ b/net-analyzer/suricata/suricata-2.0.11.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue +rules test"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.18
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	epatch "${FILESDIR}/fortify_source-numeric.patch"
+	epatch "${FILESDIR}/magic-location.patch"
+	epatch "${FILESDIR}/json.patch"
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	econf LIBS="${LIBS}" ${myeconfargs[@]}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+}
diff --git a/net-analyzer/suricata/suricata-3.0.1.ebuild b/net-analyzer/suricata/suricata-3.0.1.ebuild
new file mode 100644
index 000000000000..90010bf2a045
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.0.1.ebuild
@@ -0,0 +1,112 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue +rules test"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.18
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	econf LIBS="${LIBS}" ${myeconfargs[@]}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+}
diff --git a/net-analyzer/suricata/suricata-3.1.3.ebuild b/net-analyzer/suricata/suricata-3.1.3.ebuild
new file mode 100644
index 000000000000..5b883f9be78a
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.1.3.ebuild
@@ -0,0 +1,116 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.20
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+	redis?      ( dev-libs/hiredis )
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	if use redis ; then
+		myeconfargs+=( $(use_enable redis hiredis) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	econf LIBS="${LIBS}" ${myeconfargs[@]}
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+}
diff --git a/net-analyzer/suricata/suricata-3.2-r1.ebuild b/net-analyzer/suricata/suricata-3.2-r1.ebuild
new file mode 100644
index 000000000000..f6aa21dbcc46
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2-r1.ebuild
@@ -0,0 +1,163 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
+
+REQUIRED_USE="lua? ( !luajit )"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.20
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+	redis?      ( dev-libs/hiredis )
+	logrotate?      ( app-admin/logrotate )
+	sys-libs/libcap-ng
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	if use redis ; then
+		myeconfargs+=( $(use_enable redis hiredis) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	# avoid upstream configure script trying to add -march=native to CFLAGS
+	myeconfargs+=( --enable-gccmarch-native=no )
+
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+		# so we can get a backtrace according to "reporting bugs" on upstream web site
+		CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+	else
+		econf LIBS="${LIBS}" ${myeconfargs[@]}
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+	newinitd "${FILESDIR}/${P}-init" ${PN}
+	newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+	if use logrotate; then
+		insopts -m0644
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/${PN}-logrotate ${PN}
+	fi
+}
+
+pkg_postinst() {
+	elog "The ${PN} init script expects to find the path to the configuration"
+	elog "file as well as extra options in /etc/conf.d."
+	elog ""
+	elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+	elog "then create a symlink to the init script from a link called"
+	elog "${PN}.foo - like so"
+	elog "   cd /etc/${PN}"
+	elog "   ${EDITOR##*/} suricata-foo.yaml"
+	elog "   cd /etc/init.d"
+	elog "   ln -s ${PN} ${PN}.foo"
+	elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+	elog ""
+	elog "You can create as many ${PN}.foo* services as you wish."
+
+	if use logrotate; then
+		elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+	fi
+
+	if use debug; then
+		elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+		elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+		elog "You need to also ensure the FEATURES variable in make.conf contains the"
+		elog "'nostrip' option to produce useful core dumps or back traces."
+	fi
+}
diff --git a/net-analyzer/suricata/suricata-3.2.1.ebuild b/net-analyzer/suricata/suricata-3.2.1.ebuild
new file mode 100644
index 000000000000..419c56ac26d8
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2.1.ebuild
@@ -0,0 +1,161 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened logrotate lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.20
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+	redis?      ( dev-libs/hiredis )
+	logrotate?      ( app-admin/logrotate )
+	sys-libs/libcap-ng
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	if use redis ; then
+		myeconfargs+=( $(use_enable redis hiredis) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	# avoid upstream configure script trying to add -march=native to CFLAGS
+	myeconfargs+=( --enable-gccmarch-native=no )
+
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+		# so we can get a backtrace according to "reporting bugs" on upstream web site
+		CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+	else
+		econf LIBS="${LIBS}" ${myeconfargs[@]}
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+	newinitd "${FILESDIR}/${P}-init" ${PN}
+	newconfd "${FILESDIR}/${P}-conf" ${PN}
+
+	if use logrotate; then
+		insopts -m0644
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/${PN}-logrotate ${PN}
+	fi
+}
+
+pkg_postinst() {
+	elog "The ${PN} init script expects to find the path to the configuration"
+	elog "file as well as extra options in /etc/conf.d."
+	elog ""
+	elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+	elog "then create a symlink to the init script from a link called"
+	elog "${PN}.foo - like so"
+	elog "   cd /etc/${PN}"
+	elog "   ${EDITOR##*/} suricata-foo.yaml"
+	elog "   cd /etc/init.d"
+	elog "   ln -s ${PN} ${PN}.foo"
+	elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+	elog ""
+	elog "You can create as many ${PN}.foo* services as you wish."
+
+	if use logrotate; then
+		elog "You enabled the logrotate USE flag. Please make sure you correctly set up the ${PN} logrotate config file in /etc/logrotate.d/."
+	fi
+
+	if use debug; then
+		elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+		elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+		elog "You need to also ensure the FEATURES variable in make.conf contains the"
+		elog "'nostrip' option to produce useful core dumps or back traces."
+	fi
+}
diff --git a/net-analyzer/suricata/suricata-3.2.ebuild b/net-analyzer/suricata/suricata-3.2.ebuild
new file mode 100644
index 000000000000..a8763bf9ff89
--- /dev/null
+++ b/net-analyzer/suricata/suricata-3.2.ebuild
@@ -0,0 +1,147 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=5
+
+inherit autotools eutils user
+
+DESCRIPTION="High performance Network IDS, IPS and Network Security Monitoring engine"
+HOMEPAGE="http://suricata-ids.org/"
+SRC_URI="http://www.openinfosecfoundation.org/download/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+af-packet control-socket cuda debug +detection geoip hardened lua luajit nflog +nfqueue redis +rules test"
+
+DEPEND="
+	>=dev-libs/jansson-2.2
+	dev-libs/libpcre
+	dev-libs/libyaml
+	net-libs/libnet:*
+	net-libs/libnfnetlink
+	dev-libs/nspr
+	dev-libs/nss
+	>=net-libs/libhtp-0.5.20
+	net-libs/libpcap
+	sys-apps/file
+	cuda?       ( dev-util/nvidia-cuda-toolkit )
+	geoip?      ( dev-libs/geoip )
+	lua?        ( dev-lang/lua:* )
+	luajit?     ( dev-lang/luajit:* )
+	nflog?      ( net-libs/libnetfilter_log )
+	nfqueue?    ( net-libs/libnetfilter_queue )
+	redis?      ( dev-libs/hiredis )
+"
+# #446814
+#	prelude?    ( dev-libs/libprelude )
+#	pfring?     ( sys-process/numactl net-libs/pf_ring)
+RDEPEND="${DEPEND}"
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 /var/lib/${PN} "${PN}"
+}
+
+src_prepare() {
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		"--localstatedir=/var/" \
+		"--enable-non-bundled-htp" \
+		$(use_enable af-packet) \
+		$(use_enable detection) \
+		$(use_enable nfqueue) \
+		$(use_enable test coccinelle) \
+		$(use_enable test unittests) \
+		$(use_enable control-socket unix-socket)
+	)
+
+	if use cuda ; then
+		myeconfargs+=( $(use_enable cuda) )
+	fi
+	if use geoip ; then
+		myeconfargs+=( $(use_enable geoip) )
+	fi
+	if use hardened ; then
+		myeconfargs+=( $(use_enable hardened gccprotect) )
+	fi
+	if use nflog ; then
+		myeconfargs+=( $(use_enable nflog) )
+	fi
+	if use redis ; then
+		myeconfargs+=( $(use_enable redis hiredis) )
+	fi
+	# not supported yet (no pfring in portage)
+# 	if use pfring ; then
+# 		myeconfargs+=( $(use_enable pfring) )
+# 	fi
+	# no libprelude in portage
+# 	if use prelude ; then
+# 		myeconfargs+=( $(use_enable prelude) )
+# 	fi
+	if use lua ; then
+		myeconfargs+=( $(use_enable lua) )
+	fi
+	if use luajit ; then
+		myeconfargs+=( $(use_enable luajit) )
+	fi
+
+# this should be used when pf_ring use flag support will be added
+# 	LIBS+="-lrt -lnuma"
+
+	# avoid upstream configure script trying to add -march=native to CFLAGS
+	myeconfargs+=( --enable-gccmarch-native=no )
+
+	if use debug ; then
+		myeconfargs+=( $(use_enable debug) )
+		# so we can get a backtrace according to "reporting bugs" on upstream web site
+		CFLAGS="-ggdb -O0" econf LIBS="${LIBS}" ${myeconfargs[@]}
+	else
+		econf LIBS="${LIBS}" ${myeconfargs[@]}
+	fi
+}
+
+src_install() {
+	emake DESTDIR="${D}" install
+
+	insinto "/etc/${PN}"
+	doins {classification,reference,threshold}.config suricata.yaml
+
+	if use rules ; then
+		insinto "/etc/${PN}/rules"
+		doins rules/*.rules
+	fi
+
+	dodir "/var/lib/${PN}"
+	dodir "/var/log/${PN}"
+
+	fowners -R ${PN}: "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+	fperms 750 "/var/lib/${PN}" "/var/log/${PN}" "/etc/${PN}"
+
+	newinitd "${FILESDIR}/${P}-init" ${PN}
+	newconfd "${FILESDIR}/${P}-conf" ${PN}
+}
+
+pkg_postinst() {
+	elog "The ${PN} init script expects to find the path to the configuration"
+	elog "file as well as extra options in /etc/conf.d"
+	elog ""
+	elog "To create more than one ${PN} service, simply create a new .yaml file for it"
+	elog "then create a symlink to the init script from a link called"
+	elog "${PN}.foo - like so"
+	elog "   cd /etc/${PN}"
+	elog "   ${EDITOR##*/} suricata-foo.yaml"
+	elog "   cd /etc/init.d"
+	elog "   ln -s ${PN} ${PN}.foo"
+	elog "Then edit /etc/conf.d/${PN} and make sure you specify sensible options for foo."
+	elog ""
+	elog "You can create as many ${PN}.foo* services as you wish."
+
+	if use debug; then
+	    elog "You enabled the debug USE flag. Please read this link to report bugs upstream:"
+	    elog "https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs"
+	fi
+}
author	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
committer	V3n3RiX <venerix@redcorelinux.org>	2017-10-09 18:53:29 +0100
commit	4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch)
tree	ba5f07bf3f9d22d82e54a462313f5d244036c768 /net-analyzer/suricata