Bro 2.3 on OpenWRT
After posting the Bro port for OpenWRT on my blog roughly two years ago, I didn’t realize some people were already actually using it on their routers.
I had created an updated version of the port which I hadn’t posted on the blog. Digging in my archived files I finally found it today along with its sources:
Word of caution though, my notes indicate that one of the default scripts was leaking memory and I never got around to figuring out which one. The workaround was to launch Bro in barebone mode with -b
switch, which would prevent loading of default scripts.
# cat test.bro |
event bro_init() { print "Hello World!"; } event new_connection(c: connection) { print "New connection created"; }
# bro test.bro |
Hello World!
# bro -C -b -i br-lan test.bro |
Hello World! New connection created New connection created
If someone has cycles to spend and figure out which default script is leaking memory we can update the package to address the bug.
Tags: Bro IDS, Code, Linux, Open Source, OpenWRT, Security, Shrimp, SysNet, Technology
Would you mind to explain how to build the package? my router is http://wiki.openwrt.org/toh/bt/homehub_v2b so it’s not compatible with your ipk
Thanks
Comment by Fernando — April 30, 2015 @ 12:44 am
Fernando,
You can extract the tarball in the packages/network/services subdirectory and then follow general build instructions found here. In any case I will try to build another package for MIPS, if it goes through smoothly it should be compatible with your router.
Thanks
Comment by krkhan — May 7, 2015 @ 1:03 am
I bumped the version to 2.3.2 d89fe0942e41c25869effd959749a730
But it won’t build, was there another host build Makefile you’ve made?
make[1]: *** No rule to make target `package/feeds/packages/file/host/compile’, needed by `package/network/services/bro/host/compile’. Stop.
And the patched one for libpcap?
HOST_BUILD_DEPENDS:=libpcap/host file/host
Comment by utbabya — May 15, 2015 @ 11:50 pm
I’ve got it to compile for my mipsel outside of the openwrt buildroot at last, it involves getting an older version of bind (9.5.2-P4)for the libbind it includes since we’re using uclibc and libresolv is a stub; Compiling python which also makes use of a host build pgen just like bicfl in Bro; And –prefix in Bro affects where cmake finds zlib..
Someone else had gone through the same painful process at least 10 years ago.
http://mailman.icsi.berkeley.edu/pipermail/bro/2005-July/001318.html
Granted it’s a lot better now, but I wonder why it hasn’t gone into Bro/openwrt themselves yet so we get a smoother process, is Bro that unpopular?
I don’t speak cmake so I have no idea how to make it work within openwrt buildroot, nor package it in ipkg, but I’m sure you’ve done quite a bit more than the patches you uploaded, probably hidden in your stashed buildroot somewhere?
Comment by utbabya — May 17, 2015 @ 9:02 am
utbabya,
I just looked at my git index and found that I had some other modifications as well (mainly to libpcap and libmagic/file packages).
Unfortunately, I’m heading out for vacation and won’t be able to look into it in more detail for at least a couple of weeks. In case it might be helpful, here’s the diff for all the changes I had in my repo:
https://gist.github.com/krkhan/227107e0f147a647d9df
Now that I know the port has active interest I’ll try recompiling again with a recent snapshot of buildroot and a newer bro release after I’m back from the vacation.
Thanks,
Kamran.
Comment by krkhan — May 17, 2015 @ 10:46 am
[…] I promised in the comments section of previous post, I set out on the adventure of recompiling Bro for Lantiq routers. As a result of the exercise I […]
Pingback by Release: Bro 2.3.1-2 on OpenWRT | Inspirated — June 8, 2015 @ 12:08 am
Guys, I updated my buildroot and recompiled the bro package for both Atheros and Lantiq:
https://inspirated.com/2015/06/08/release-bro-2-3-1-2-on-openwrt
If you give the ipk a spin, let me know how it goes.
Comment by krkhan — June 8, 2015 @ 12:11 am