AC_INIT([suricata],[5.0.0-dev])
m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
AC_CONFIG_HEADERS([config.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
AM_INIT_AUTOMAKE
AC_LANG([C])
AC_PROG_CC_C99
LT_INIT
PKG_PROG_PKG_CONFIG
dnl Taken from https://llvm.org/svn/llvm-project/llvm/trunk/autoconf/configure.ac
dnl check if we compile using clang or gcc. On some systems the gcc binary is
dnl is actually clang, so do a compile test.
AC_MSG_CHECKING([whether GCC or Clang is our compiler])
AC_LANG_PUSH([C])
compiler=unknown
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __clang__
#error
#endif
]])],
compiler=clang,
[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __GNUC__
#error
#endif
]])],
compiler=gcc, [])])
AC_LANG_POP([C])
AC_MSG_RESULT([${compiler}])
AC_ARG_WITH([clang],
[ --with-clang=PROGRAM path to Clang for compiling eBPF code. Use if the main C compiler is not Clang.],
[CLANG="$withval"],
[AS_IF([test "$compiler" = clang],
[CLANG="$CC"],
[AC_PATH_PROG([CLANG],[clang])])])
AC_SUBST([CLANG])
case "$compiler" in
clang)
CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
AC_MSG_CHECKING([clang __sync_bool_compare_and_swap support])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
[[ unsigned int i = 0; (void)__sync_bool_compare_and_swap(&i, 1, 1);]])],
[
AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1], [1], [Fake GCC atomic support])
AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2], [1], [Fake GCC atomic support])
AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4], [1], [Fake GCC atomic support])
AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8], [1], [Fake GCC atomic support])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
AC_SUBST(CLANG_CFLAGS)
;;
gcc)
dnl get gcc version
AC_MSG_CHECKING([gcc version])
gccver=$($CC -dumpversion)
gccvermajor=$(echo $gccver | cut -d . -f1)
gccverminor=$(echo $gccver | cut -d . -f2)
gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor)
AC_MSG_RESULT($gccver)
if test "$gccvernum" -ge "400"; then
dnl gcc 4.0 or later
GCC_CFLAGS="-Wextra -Werror-implicit-function-declaration"
else
GCC_CFLAGS="-W"
fi
AC_SUBST(GCC_CFLAGS)
;;
*)
AC_MSG_WARN([unsupported/untested compiler, this may or may not work])
;;
esac
# Checks for programs.
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_GREP
AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no")
AM_CONDITIONAL([HAVE_CYGPATH], [test "x$enable_cygpath" = "xyes"])
AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no")
if test "$HAVE_PKG_CONFIG" = "no"; then
echo
echo " ERROR! pkg-config not found, go get it "
echo " http://pkg-config.freedesktop.org/wiki/ "
echo " or install from your distribution "
echo
exit 1
fi
python_version="not set"
python_path="not set"
AC_ARG_ENABLE(python,
AS_HELP_STRING([--enable-python], [Enable python]),
[enable_python=$enableval],[enable_python=yes])
if test "x$enable_python" != "xyes"; then
enable_python="no"
else
AC_PATH_PROGS(HAVE_PYTHON, python3 python2.7 python2 python, "no")
if test "$HAVE_PYTHON" = "no"; then
echo
echo " Warning! python not found, you will not be "
echo " able to install suricatasc unix socket client "
echo
enable_python="no"
else
python_path="$HAVE_PYTHON"
python_version="$($HAVE_PYTHON --version)"
fi
fi
AM_CONDITIONAL([HAVE_PYTHON], [test "x$enable_python" = "xyes"])
# Check for python-distutils (setup).
have_python_distutils="no"
if test "x$enable_python" = "xyes"; then
AC_MSG_CHECKING([for python-distutils])
if $HAVE_PYTHON -c "import distutils; from distutils.core import setup" 2>/dev/null; then
AC_MSG_RESULT([yes])
have_python_distutils="yes"
else
AC_MSG_RESULT([no])
fi
fi
AM_CONDITIONAL([HAVE_PYTHON_DISTUTILS],
[test "x$have_python_distutils" = "xyes"])
if test "$have_python_distutils" = "no"; then
echo ""
echo " Warning: Python distutils not found. Python tools will"
echo " not be installed."
echo ""
echo " Ubuntu/Debian: apt install `basename ${HAVE_PYTHON}`-distutils"
echo ""
fi
# Check for python-yaml.
have_python_yaml="no"
if test "x$enable_python" = "xyes"; then
AC_MSG_CHECKING([for python-yaml])
if $HAVE_PYTHON -c "import yaml" 2>/dev/null; then
have_python_yaml="yes"
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
fi
fi
AM_CONDITIONAL([HAVE_PYTHON_YAML], [test "x$have_python_yaml" = "xyes"])
AC_PATH_PROG(HAVE_WGET, wget, "no")
if test "$HAVE_WGET" = "no"; then
AC_PATH_PROG(HAVE_CURL, curl, "no")
if test "$HAVE_CURL" = "no"; then
echo
echo " Warning curl or wget not found, you won't be able to"
echo " download latest ruleset with 'make install-rules'"
fi
fi
AM_CONDITIONAL([HAVE_FETCH_COMMAND], [test "x$HAVE_WGET" != "xno" || test "x$HAVE_CURL" != "xno"])
AM_CONDITIONAL([HAVE_WGET_COMMAND], [test "x$HAVE_WGET" != "xno"])
# Checks for libraries.
# Checks for header files.
AC_CHECK_HEADERS([stddef.h])
AC_CHECK_HEADERS([arpa/inet.h assert.h ctype.h errno.h fcntl.h inttypes.h])
AC_CHECK_HEADERS([getopt.h])
AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h])
AC_CHECK_HEADERS([stdarg.h stdint.h stdio.h stdlib.h stdbool.h string.h strings.h sys/ioctl.h])
AC_CHECK_HEADERS([syslog.h sys/prctl.h sys/socket.h sys/stat.h sys/syscall.h])
AC_CHECK_HEADERS([sys/time.h time.h unistd.h])
AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h])
AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h])
AC_CHECK_HEADERS([glob.h])
AC_CHECK_HEADERS([dirent.h fnmatch.h])
AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
AC_CHECK_HEADERS([sys/random.h])
AC_CHECK_HEADERS([utime.h])
AC_CHECK_HEADERS([libgen.h])
AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
[[#ifdef HAVE_SYS_SOCKET_H
#include <sys/types.h>
#include <sys/socket.h>
#endif
]])
AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h w32api/wtypes.h], [], [],
[[
#ifndef _X86_
#define _X86_
#endif
]])
AC_CHECK_HEADERS([w32api/winbase.h wincrypt.h], [], [],
[[
#ifndef _X86_
#define _X86_
#endif
#include <windows.h>
]])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_INLINE
AC_TYPE_PID_T
AC_TYPE_SIZE_T
AC_TYPE_INT32_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT64_T
AC_TYPE_UINT8_T
AC_HEADER_STDBOOL
# Checks for library functions.
AC_FUNC_MALLOC
AC_FUNC_REALLOC
AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strdup strndup strerror strncasecmp strtol strtoul memchr memrchr clock_gettime])
AC_CHECK_FUNCS([strptime])
AC_CHECK_DECL([getrandom],
AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
[], [
#include <sys/random.h>
])
AC_CHECK_FUNCS([utime])
OCFLAGS=$CFLAGS
CFLAGS=""
AC_CHECK_FUNCS([strlcpy strlcat])
CFLAGS=$OCFLAGS
# Add large file support
AC_SYS_LARGEFILE
#check for os
AC_MSG_CHECKING([host os])
# lua pkg-config name differs per OS
LUA_PC_NAME="lua5.1"
LUA_LIB_NAME="lua5.1"
# If no host os was detected, try with uname
if test -z "$host" ; then
host="`uname`"
fi
echo -n "installation for $host OS... "
RUST_SURICATA_LIBNAME="libsuricata.a"
e_magic_file=""
e_magic_file_comment="#"
PCAP_LIB_NAME="pcap"
case "$host" in
*-*-*freebsd*)
LUA_PC_NAME="lua-5.1"
LUA_LIB_NAME="lua-5.1"
CFLAGS="${CFLAGS} -DOS_FREEBSD"
CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet11"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/usr/local/lib/libnet11"
RUST_LDADD="-lrt -lm"
;;
*-*-openbsd*)
LUA_PC_NAME="lua51"
CFLAGS="${CFLAGS} -D__OpenBSD__"
CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet-1.1"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -I/usr/local/lib/libnet-1.1"
RUST_LDADD="-lm -lc++ -lc++abi"
;;
*darwin*|*Darwin*)
LUA_PC_NAME="lua-5.1"
LUA_LIB_NAME="lua-5.1"
CFLAGS="${CFLAGS} -DOS_DARWIN"
CPPFLAGS="${CPPFLAGS} -I/opt/local/include"
LDFLAGS="${LDFLAGS} -L/opt/local/lib"
;;
*-*-linux*)
RUST_LDADD="-ldl -lrt -lm"
;;
*-*-mingw32*|*-*-msys)
CFLAGS="${CFLAGS} -DOS_WIN32"
Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.
From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."
- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.
Limitation: currently limited to `autofp` runmode.
Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
6 years ago
LDFLAGS="${LDFLAGS} -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid"
WINDOWS_PATH="yes"
PCAP_LIB_NAME="wpcap"
AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg])
RUST_SURICATA_LIBNAME="suricata.lib"
RUST_LDADD="-luserenv -lshell32 -ladvapi32 -lgcc_eh"
;;
*-*-cygwin)
LUA_PC_NAME="lua"
LUA_LIB_NAME="lua"
WINDOWS_PATH="yes"
PCAP_LIB_NAME="wpcap"
;;
*-*-solaris*)
AC_MSG_WARN([support for Solaris/Illumos/SunOS is experimental])
LDFLAGS="${LDFLAGS} -lsocket -lnsl"
;;
*)
AC_MSG_WARN([unsupported OS this may or may not work])
;;
esac
AC_MSG_RESULT(ok)
# enable modifications for AFL fuzzing
AC_ARG_ENABLE(afl,
AS_HELP_STRING([--enable-afl], Enable AFL fuzzing logic[])], [enable_afl="$enableval"],[enable_afl=no])
AS_IF([test "x$enable_afl" = "xyes"], [
AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
AC_DEFINE([AFLFUZZ_DISABLE_MGTTHREADS], [1], [Disable all management threads])
AC_DEFINE([AFLFUZZ_PCAP_RUNMODE], [1], [Enable special AFL 'single' runmode])
AC_DEFINE([AFLFUZZ_CONF_TEST], [1], [Enable special --afl-parse-rules commandline option])
AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
AC_DEFINE([AFLFUZZ_RULES], [1], [Enable --afl-rules commandline option])
# test for AFL PERSISTANT_MODE support
CFLAGS_ORIG=$CFLAGS
CFLAGS="-Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
[AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
[])
CFLAGS=$CFLAGS_ORIG
])
# disable TLS on user request
AC_ARG_ENABLE(threading-tls,
AS_HELP_STRING([--disable-threading-tls], [Disable TLS (thread local storage)]), [enable_tls="$enableval"],[enable_tls=yes])
AS_IF([test "x$enable_tls" = "xyes"], [
# check if our target supports thread local storage
AC_MSG_CHECKING(for thread local storage __thread support)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
[[ static __thread int i; i = 1; i++; ]])],
[AC_DEFINE([TLS], [1], [Thread local storage])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])])
])
#Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found
#AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc.
#These flags seem to be supported on CentOS 5+, Ubuntu 8.04+, and FedoreCore 11+
#Options are taken from https://wiki.ubuntu.com/CompilerFlags
AC_ARG_ENABLE(gccprotect,
AS_HELP_STRING([--enable-gccprotect], [Detect and use gcc hardening options]),[enable_gccprotect=$enableval],[enable_gccprotect=no])
AS_IF([test "x$enable_gccprotect" = "xyes"], [
#buffer overflow protection
AC_MSG_CHECKING(for -fstack-protector)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -fstack-protector"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="-fstack-protector"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions
AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#compile-time warnings about misuse of format strings
AC_MSG_CHECKING(for -Wformat -Wformat-security)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -Wformat -Wformat-security"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -Wformat -Wformat-security"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#provides a read-only relocation table area in the final ELF
AC_MSG_CHECKING(for -z relro)
TMPLDFLAGS="${LDFLAGS}"
LDFLAGS="${LDFLAGS} -z relro"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z relro"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
LDFLAGS="${TMPLDFLAGS}"
#forces all relocations to be resolved at run-time
AC_MSG_CHECKING(for -z now)
TMPLDFLAGS="${LDFLAGS}"
LDFLAGS="${LDFLAGS} -z now"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z now"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
LDFLAGS="${TMPLDFLAGS}"
AC_SUBST(SECCFLAGS)
AC_SUBST(SECLDFLAGS)
])
#enable profile generation
AC_ARG_ENABLE(gccprofile,
AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),[enable_gccprofile=$enableval],[enable_gccprofile=no])
AS_IF([test "x$enable_gccprofile" = "xyes"], [
CFLAGS="${CFLAGS} -pg"
])
#enable gcc march=native gcc 4.2 or later
AC_ARG_ENABLE(gccmarch_native,
AS_HELP_STRING([--enable-gccmarch-native], [Enable gcc march=native gcc 4.2 and later only]),[enable_gccmarch_native=$enableval],[enable_gccmarch_native=yes])
AS_IF([test "x$enable_gccmarch_native" = "xyes"], [
case "$host" in
*powerpc*)
;;
*)
OFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -march=native"
AC_MSG_CHECKING([checking if $CC supports -march=native])
AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[#include <stdlib.h>]])],
[
AC_MSG_RESULT([yes])
OPTIMIZATION_CFLAGS="-march=native"
AC_SUBST(OPTIMIZATION_CFLAGS)
],
[
AC_MSG_RESULT([no])
CFLAGS="$OFLAGS"
enable_gccmarch_native=no
]
)
;;
esac
])
# options
# enable the running of unit tests
AC_ARG_ENABLE(unittests,
AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no])
AS_IF([test "x$enable_unittests" = "xyes"], [
AC_DEFINE([UNITTESTS],[1],[Enable built-in unittests])
])
AM_CONDITIONAL([BUILD_UNITTESTS], [test "x$enable_unittests" = "xyes"])
# enable the building of ebpf files
AC_ARG_ENABLE(ebpf-build,
AS_HELP_STRING([--enable-ebpf-build], [Enable compilation of ebpf files]),[enable_ebpf_build=$enableval],[enable_ebpf_build=no])
AM_CONDITIONAL([BUILD_EBPF], [test "x$enable_ebpf_build" = "xyes"])
AS_IF([test "x$enable_ebpf_build" = "xyes"],
[
AS_IF([test "$CLANG" != no],
[
llc_candidates=$($CLANG --version | \
awk '/^clang version/ {
split($3, v, ".");
printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
}')
AC_CHECK_PROGS([LLC], [$llc_candidates], "no")
AS_IF([test "$LLC" != "no"],
[AC_SUBST(LLC)],
[AC_MSG_ERROR([unable to find any of $llc_candidates needed to build ebpf files])])
],
[AC_MSG_ERROR([clang needed to build ebpf files])])
])
# enable workaround for old barnyard2 for unified alert output
AC_ARG_ENABLE(old-barnyard2,
AS_HELP_STRING([--enable-old-barnyard2], [Use workaround for old barnyard2 in unified2 output]),[enable_old_barnyard2=$enableval],[enable_old_barnyard2=no])
AS_IF([test "x$enable_old_barnyard2" = "xyes"], [
AC_DEFINE([HAVE_OLD_BARNYARD2],[1],[Use workaround for old barnyard2 in unified2 output])
])
# enable debug output
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug], [Enable debug output]),[enable_debug=$enableval],[enable_debug=no])
AS_IF([test "x$enable_debug" = "xyes"], [
AC_DEFINE([DEBUG],[1],[Enable debug output])
])
AM_CONDITIONAL([DEBUG], [test "x$enable_debug" = "xyes"])
# enable debug validation functions & macro's output
AC_ARG_ENABLE(debug-validation,
AS_HELP_STRING([--enable-debug-validation], [Enable (debug) validation code output]),[enable_debug_validation=$enableval],[enable_debug_validation=no])
AS_IF([test "x$enable_debug_validation" = "xyes"], [
if test "$enable_unittests" = "yes"; then
AC_MSG_ERROR([debug_validation can't be enabled with enabled unittests!])
else
AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output])
fi
])
# profiling support
AC_ARG_ENABLE(profiling,
AS_HELP_STRING([--enable-profiling], [Enable performance profiling]),[enable_profiling=$enableval],[enable_profiling=no])
AS_IF([test "x$enable_profiling" = "xyes"], [
case "$host" in
*-*-openbsd*)
AC_MSG_ERROR([profiling is not supported on OpenBSD])
;;
*)
AC_DEFINE([PROFILING],[1],[Enable performance profiling])
;;
esac
])
# profiling support, locking
AC_ARG_ENABLE(profiling-locks,
AS_HELP_STRING([--enable-profiling-locks], [Enable performance profiling for locks]),[enable_profiling_locks=$enableval],[enable_profiling_locks=no])
AS_IF([test "x$enable_profiling_locks" = "xyes"], [
AC_DEFINE([PROFILING],[1],[Enable performance profiling])
AC_DEFINE([PROFILE_LOCKING],[1],[Enable performance profiling for locks])
])
# enable support for IPFW
AC_ARG_ENABLE(ipfw,
AS_HELP_STRING([--enable-ipfw], [Enable FreeBSD IPFW support for inline IDP]),[enable_ipfw=$enableval],[enable_ipfw=no])
AS_IF([test "x$enable_ipfw" = "xyes"], [
AC_DEFINE([IPFW],[1],[Enable FreeBSD IPFW support for inline IDP])
])
AC_ARG_ENABLE(coccinelle,
AS_HELP_STRING([--disable-coccinelle], [Disable coccinelle QA steps during make check]),[enable_coccinelle="$enableval"],[enable_coccinelle=yes])
AS_IF([test "x$enable_coccinelle" = "xyes"], [
AC_PATH_PROG(HAVE_COCCINELLE_CONFIG, spatch, "no")
if test "$HAVE_COCCINELLE_CONFIG" = "no"; then
enable_coccinelle=no
fi
])
AM_CONDITIONAL([HAVE_COCCINELLE], [test "x$enable_coccinelle" != "xno"])
# disable detection
AC_ARG_ENABLE(detection,
AS_HELP_STRING([--disable-detection], [Disable Detection Modules]), [enable_detection="$enableval"],[enable_detection=yes])
AS_IF([test "x$enable_detection" = "xno"], [
AC_DEFINE([HAVE_DETECT_DISABLED], [1], [Detection is disabled])
])
# libraries
# zlib
AC_ARG_WITH(zlib_includes,
[ --with-zlib-includes=DIR zlib include directory],
[with_zlib_includes="$withval"],[with_zlib_includes=no])
AC_ARG_WITH(zlib_libraries,
[ --with-zlib-libraries=DIR zlib library directory],
[with_zlib_libraries="$withval"],[with_zlib_libraries="no"])
if test "$with_zlib_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_zlib_includes}"
fi
AC_CHECK_HEADER(zlib.h, ZLIB="yes",ZLIB="no")
if test "$ZLIB" = "yes"; then
if test "$with_zlib_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_zlib_libraries}"
fi
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
ZLIB=""
TMPLIBS="${LIBS}"
AC_CHECK_LIB(z,inflate,,ZLIB="no")
if test "$ZLIB" = "no"; then
echo
echo " ERROR! zlib library not found, go get it"
echo " Debian/Ubuntu: apt install zlib1g-dev"
echo " Fedora: dnf install zlib-devel"
echo " CentOS/RHEL: yum install zlib-devel"
echo
exit 1
fi
LIBS="${TMPLIBS} -lz"
fi
# liblzma
enable_liblzma=no
AC_ARG_WITH(liblzma_includes,
[ --with-liblzma-includes=DIR liblzma include directory],
[with_liblzma_includes="$withval"],[with_liblzma_includes="no"])
AC_ARG_WITH(liblzma_libraries,
[ --with-liblzma-libraries=DIR liblzma library directory],
[with_liblzma_libraries="$withval"],[with_liblzma_libraries="no"])
if test "$with_liblzma_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_liblzma_includes}"
fi
TMPLIBS="${LIBS}"
AC_CHECK_HEADER(lzma.h,
AC_CHECK_LIB(lzma,lzma_code,[
AC_DEFINE([HAVE_LIBLZMA],[1],[liblzma available])
LIBLZMA="yes"
if test "$LIBLZMA" = "yes"; then
if test "$with_liblzma_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_liblzma_libraries}"
LIBS="${TMPLIBS} -llzma"
else
LIBS="${TMPLIBS} -llzma"
fi
fi]),LIBLZMA="no")
if test "$LIBLZMA" != "yes"; then
echo
echo " Warning! liblzma library not found, you will not be"
echo " able to decompress flash file compressed with lzma."
echo " Debian/Ubuntu: apt install liblzma-dev"
echo " Fedora: dnf install xz-devel"
echo " CentOS/RHEL: yum install xz-devel"
echo
enable_liblzma=no
else
enable_liblzma=yes
LIBS="${TMPLIBS} -llzma"
fi
#libpcre
AC_ARG_WITH(libpcre_includes,
[ --with-libpcre-includes=DIR libpcre include directory],
[with_libpcre_includes="$withval"],[with_libpcre_includes="no"])
AC_ARG_WITH(libpcre_libraries,
[ --with-libpcre-libraries=DIR libpcre library directory],
[with_libpcre_libraries="$withval"],[with_libpcre_libraries="no"])
if test "$with_libpcre_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpcre_includes}"
fi
AC_CHECK_HEADER(pcre.h,,[AC_MSG_ERROR(pcre.h not found ...)])
if test "$with_libpcre_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcre_libraries}"
fi
PCRE=""
AC_CHECK_LIB(pcre, pcre_get_substring,,PCRE="no")
if test "$PCRE" = "no"; then
echo
echo " ERROR! pcre library not found, go get it"
echo " from www.pcre.org. Or from packages:"
echo " Debian/Ubuntu: apt install libpcre3-dev"
echo " Fedora: dnf install pcre-devel"
echo " CentOS/RHEL: yum install pcre-devel"
echo
exit 1
fi
# libpcre 8.35 (especially on debian) has a known issue that results in segfaults
# see https://redmine.openinfosecfoundation.org/issues/1693
if test "$with_libpcre_libraries" = "no"; then
PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.35],[libpcre_buggy_found="yes"],[libprce_buggy_found="no"])
if test "$libpcre_buggy_found" = "yes"; then
echo
echo " Warning! vulnerable libpcre version 8.35 found"
echo " This version has a known issue that could result in segfaults"
echo " please upgrade to a newer version of pcre which you can get from"
echo " www.pcre.org. For more information, see issue #1693"
echo
echo " Continuing for now with JIT disabled..."
echo
fi
fi
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
PCRE=""
TMPLIBS="${LIBS}"
AC_CHECK_LIB(pcre, pcre_dfa_exec,, PCRE="no")
if test "$PCRE" = "no"; then
echo
echo " ERROR! pcre library was found but version was < 6.0"
echo " please upgrade to a newer version of pcre which you can get from"
echo " www.pcre.org."
echo
exit 1
fi
LIBS="${TMPLIBS}"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
[[ int eo = 0; eo |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; ]])],
[ pcre_match_limit_recursion_available=yes ],[:]
)
if test "$pcre_match_limit_recursion_available" != "yes"; then
echo
echo " Warning! pcre extra opt PCRE_EXTRA_MATCH_LIMIT_RECURSION not found"
echo " This could lead to potential DoS please upgrade to pcre >= 6.5"
echo " from www.pcre.org."
echo " Continuing for now...."
echo
AC_DEFINE([NO_PCRE_MATCH_RLIMIT],[1],[Pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION not available])
fi
TMPCFLAGS="${CFLAGS}"
CFLAGS="-O0 -g -Werror -Wall"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
[[ pcre_extra *extra = NULL; pcre_free_study(extra); ]])],
[ AC_DEFINE([HAVE_PCRE_FREE_STUDY], [1], [Pcre pcre_free_study supported])],[:]
)
CFLAGS="${TMPCFLAGS}"
#enable support for PCRE-jit available since pcre-8.20
AC_MSG_CHECKING(for PCRE JIT support)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
[[
int jit = 0;
pcre_config(PCRE_CONFIG_JIT, &jit);
]])],[ pcre_jit_available=yes ],[ pcre_jit_available=no ]
)
case $host in
*powerpc64*)
PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.39],[libpcre_ppc64_buggy_found1="yes"],[libprce_ppc64_buggy_found1="no"])
PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.40],[libpcre_ppc64_buggy_found2="yes"],[libprce_ppc64_buggy_found2="no"])
if test "$libprce_ppc64_buggy_found1" = "yes" || test "$libprce_ppc64_buggy_found2"; then
# on powerpc64, both gcc and clang lead to SIGILL in
# unittests when jit is enabled.
pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64"
fi
;;
*)
# bug 1693, libpcre 8.35 is broken and debian jessie is still using that
if test "$libpcre_buggy_found" = "yes"; then
pcre_jit_available="no, libpcre 8.35 blacklisted"
fi
;;
esac
if test "x$pcre_jit_available" = "xyes"; then
AC_MSG_RESULT(yes)
AC_DEFINE([PCRE_HAVE_JIT], [1], [Pcre with JIT compiler support enabled])
AC_MSG_CHECKING(for PCRE JIT support usability)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
[[
const char* regexstr = "(a|b|c|d)";
pcre *re;
const char *error;
pcre_extra *extra;
int err_offset;
re = pcre_compile(regexstr,0, &error, &err_offset,NULL);
extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
if (extra == NULL)
exit(EXIT_FAILURE);
int jit = 0;
int ret = pcre_fullinfo(re, extra, PCRE_INFO_JIT, &jit);
if (ret != 0 || jit != 1)
exit(EXIT_FAILURE);
exit(EXIT_SUCCESS);
]])],[ pcre_jit_works=yes ],[:]
)
if test "x$pcre_jit_works" != "xyes"; then
AC_MSG_RESULT(no)
echo
echo " PCRE JIT support detection worked but testing it failed"
echo " something odd is going on, please file a bug report."
echo
exit 1
else
AC_MSG_RESULT(yes)
fi
else
AC_MSG_RESULT(no)
fi
# libhs
enable_hyperscan="no"
# Try pkg-config first:
PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no])
if test "$with_pkgconfig_libhs" != "no"; then
CPPFLAGS="${CPPFLAGS} ${libhs_CFLAGS}"
LIBS="${LIBS} ${libhs_LIBS}"
fi
AC_ARG_WITH(libhs_includes,
[ --with-libhs-includes=DIR libhs include directory],
[with_libhs_includes="$withval"],[with_libhs_includes=no])
AC_ARG_WITH(libhs_libraries,
[ --with-libhs-libraries=DIR libhs library directory],
[with_libhs_libraries="$withval"],[with_libhs_libraries="no"])
if test "$with_libhs_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libhs_includes}"
fi
AC_CHECK_HEADER(hs.h,HYPERSCAN="yes",HYPERSCAN="no")
if test "$HYPERSCAN" = "yes"; then
if test "$with_libhs_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libhs_libraries}"
fi
AC_CHECK_LIB(hs,hs_compile,,HYPERSCAN="no")
AC_CHECK_FUNCS(hs_valid_platform)
enable_hyperscan="yes"
if test "$HYPERSCAN" = "no"; then
echo
echo " Hyperscan headers are present, but link test failed."
echo " Check that you have a shared library and C++ linkage available."
echo
enable_hyperscan="no"
fi
fi
AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])])
# libyaml
AC_ARG_WITH(libyaml_includes,
[ --with-libyaml-includes=DIR libyaml include directory],
[with_libyaml_includes="$withval"],[with_libyaml_includes=no])
AC_ARG_WITH(libyaml_libraries,
[ --with-libyaml-libraries=DIR libyaml library directory],
[with_libyaml_libraries="$withval"],[with_libyaml_libraries="no"])
if test "$with_libyaml_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libyaml_includes}"
fi
AC_CHECK_HEADER(yaml.h,,LIBYAML="no")
if test "$with_libyaml_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libyaml_libraries}"
fi
LIBYAML=""
AC_CHECK_LIB(yaml,yaml_parser_initialize,,LIBYAML="no")
if test "$LIBYAML" = "no"; then
echo
echo " ERROR! libyaml library not found, go get it"
echo " from http://pyyaml.org/wiki/LibYAML "
echo " or your distribution:"
echo
echo " Ubuntu: apt-get install libyaml-dev"
echo " Fedora: dnf install libyaml-devel"
echo " CentOS/RHEL: yum install libyaml-devel"
echo
exit 1
fi
# libpthread
AC_ARG_WITH(libpthread_includes,
[ --with-libpthread-includes=DIR libpthread include directory],
[with_libpthread_includes="$withval"],[with_libpthread_includes=no])
AC_ARG_WITH(libpthread_libraries,
[ --with-libpthread-libraries=DIR libpthread library directory],
[with_libpthread_libraries="$withval"],[with_libpthread_libraries="no"])
if test "$with_libpthread_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpthread_includes}"
fi
dnl AC_CHECK_HEADER(pthread.h,,[AC_MSG_ERROR(pthread.h not found ...)])
if test "$with_libpthread_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpthread_libraries}"
fi
PTHREAD=""
AC_CHECK_LIB(pthread, pthread_create,, PTHREAD="no")
if test "$PTHREAD" = "no"; then
echo
echo " ERROR! libpthread library not found, glibc problem?"
echo
exit 1
fi
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
# libjansson
AC_ARG_WITH(libjansson_includes,
[ --with-libjansson-includes=DIR libjansson include directory],
[with_libjansson_includes="$withval"],[with_libjansson_includes=no])
AC_ARG_WITH(libjansson_libraries,
[ --with-libjansson-libraries=DIR libjansson library directory],
[with_libjansson_libraries="$withval"],[with_libjansson_libraries="no"])
if test "$with_libjansson_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libjansson_includes}"
fi
if test "$with_libjansson_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libjansson_libraries}"
fi
AC_CHECK_HEADER(jansson.h,JANSSON="yes",JANSSON="no")
AC_CHECK_LIB(jansson, json_dump_callback,, JANSSON="no")
if test "$JANSSON" = "no"; then
echo ""
echo " ERROR: Jansson is now required."
echo ""
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo ""
echo " Ubuntu/Debian: apt install libjansson-dev"
echo " CentOS: yum install jansson-devel"
echo " Fedora: dnf install jansson-devel"
echo ""
exit 1
fi
enable_jansson="yes"
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
enable_unixsocket="no"
AC_ARG_ENABLE(unix-socket,
AS_HELP_STRING([--enable-unix-socket], [Enable unix socket [default=test]]),[enable_unixsocket="$enableval"],[enable_unixsocket=test])
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
if test "$JANSSON" = "yes"; then
enable_jansson="yes"
if test "$JANSSON" = "no"; then
echo
echo " Jansson >= 2.2 is required for features like unix socket"
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo " Ubuntu: apt-get install libjansson-dev"
echo " Fedora: dnf install jansson-devel"
echo " CentOS/RHEL: yum install jansson-devel"
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
echo
if test "x$enable_unixsocket" = "xyes"; then
exit 1
fi
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
enable_unixsocket="no"
enable_jansson="no"
else
case $host in
*-*-mingw32*|*-*-msys*|*-*-cygwin)
enable_unixsocket="no"
;;
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
*)
if test "x$enable_unixsocket" = "xtest"; then
enable_unixsocket="yes"
fi
;;
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
esac
fi
else
if test "x$enable_unixsocket" = "xyes"; then
echo
echo " Jansson >= 2.2 is required for features like unix socket"
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo " Ubuntu: apt-get install libjansson-dev"
echo " Fedora: dnf install jansson-devel"
echo " CentOS/RHEL: yum install jansson-devel"
echo
exit 1
fi
enable_unixsocket="no"
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
fi
AS_IF([test "x$enable_unixsocket" = "xyes"], [AC_DEFINE([BUILD_UNIX_SOCKET], [1], [Unix socket support enabled])])
e_enable_evelog=$enable_jansson
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
AC_ARG_ENABLE(nflog,
AS_HELP_STRING([--enable-nflog],[Enable libnetfilter_log support]),
[ enable_nflog="$enableval"],
[ enable_nflog="no"])
AC_ARG_ENABLE(nfqueue,
AS_HELP_STRING([--enable-nfqueue], [Enable NFQUEUE support for inline IDP]),[enable_nfqueue=$enableval],[enable_nfqueue=no])
if test "$enable_nfqueue" != "no"; then
PKG_CHECK_MODULES([libnetfilter_queue], [libnetfilter_queue], [enable_nfqueue=yes], [enable_nfqueue=no])
CPPFLAGS="${CPPFLAGS} ${libnetfilter_queue_CFLAGS}"
fi
if test "x$enable_nflog" = "xyes" || test "x$enable_nfqueue" = "xyes"; then
# libnfnetlink
case $host in
*-*-mingw32*)
;;
*)
AC_ARG_WITH(libnfnetlink_includes,
[ --with-libnfnetlink-includes=DIR libnfnetlink include directory],
[with_libnfnetlink_includes="$withval"],[with_libnfnetlink_includes=no])
AC_ARG_WITH(libnfnetlink_libraries,
[ --with-libnfnetlink-libraries=DIR libnfnetlink library directory],
[with_libnfnetlink_libraries="$withval"],[with_libnfnetlink_libraries="no"])
if test "$with_libnfnetlink_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnfnetlink_includes}"
fi
if test "$with_libnfnetlink_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnfnetlink_libraries}"
fi
NFNL=""
AC_CHECK_LIB(nfnetlink, nfnl_fd,, NFNL="no")
if test "$NFNL" = "no"; then
echo
echo " ERROR! nfnetlink library not found, go get it"
echo " from www.netfilter.org."
echo " we automatically append libnetfilter_queue/ when searching"
echo " for headers etc. when the --with-libnfnetlink-includes directive"
echo " is used"
echo " Ubuntu: apt-get install libnetfilter-queue-dev"
echo " Fedora: dnf install libnetfilter_queue-devel"
echo " CentOS/RHEL: yum install libnetfilter_queue-devel"
echo
fi
;;
esac
fi
# enable support for NFQUEUE
if test "x$enable_nfqueue" = "xyes"; then
AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP])
#libnetfilter_queue
AC_ARG_WITH(libnetfilter_queue_includes,
[ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory],
[with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no])
AC_ARG_WITH(libnetfilter_queue_libraries,
[ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory],
[with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"])
if test "$with_libnetfilter_queue_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
fi
AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
if test "$with_libnetfilter_queue_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
fi
NFQ=""
AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",)
AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_flags],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_QUEUE_FLAGS],[1],[Found nfq_set_queue_flags function in netfilter_queue]) ,,[-lnfnetlink])
nfq: add support for batch verdicts
Normally, there is one verdict per packet, i.e., we receive a packet,
process it, and then tell the kernel what to do with that packet (eg.
DROP or ACCEPT).
recv(), packet id x
send verdict v, packet id x
recv(), packet id x+1
send verdict v, packet id x+1
[..]
recv(), packet id x+n
send verdict v, packet id x+n
An alternative is to process several packets from the queue, and then send
a batch-verdict.
recv(), packet id x
recv(), packet id x+1
[..]
recv(), packet id x+n
send batch verdict v, packet id x+n
A batch verdict affects all previous packets (packet_id <= x+n),
we thus only need to remember the last packet_id seen.
Caveats:
- can't modify payload
- verdict is applied to all packets
- nfmark (if set) will be set for all packets
- increases latency (packets remain queued by the kernel
until batch verdict is sent).
To solve this, we only defer verdict for up to 20 packets and
send pending batch-verdict immediately if:
- no packets are currently queue
- current packet should be dropped
- current packet has different nfmark
- payload of packet was modified
This patch adds a configurable batch verdict support for workers runmode.
The batch verdicts are turned off by default.
Problem is that batch verdicts only work with kernels >= 3.1, i.e.
using newer libnetfilter_queue with an old kernel means non-working
suricata. So the functionnality has to be disabled by default.
12 years ago
AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict_batch],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT_BATCH],[1],[Found nfq_set_verdict_batch function in netfilter_queue]) ,,[-lnfnetlink])
# check if the argument to nfq_get_payload is signed or unsigned
AC_MSG_CHECKING([for signed nfq_get_payload payload argument])
STORECFLAGS="${CFLAGS}"
if test `basename $CC` = "clang"; then
CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
else
CFLAGS="${CFLAGS} -Werror"
fi
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <stdio.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
],
[
char *pktdata;
nfq_get_payload(NULL, &pktdata);
])],
[libnetfilter_queue_nfq_get_payload_signed="yes"],
[libnetfilter_queue_nfq_get_payload_signed="no"])
AC_MSG_RESULT($libnetfilter_queue_nfq_get_payload_signed)
if test "x$libnetfilter_queue_nfq_get_payload_signed" = "xyes"; then
AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload])
fi
CFLAGS="${STORECFLAGS}"
if test "$NFQ" = "no"; then
echo
echo " ERROR! libnetfilter_queue library not found, go get it"
echo " from www.netfilter.org."
echo " we automatically append libnetfilter_queue/ when searching"
echo " for headers etc. when the --with-libnfq-includes directive"
echo " is used"
echo " Ubuntu: apt-get install libnetfilter-queue-dev"
echo " Fedora: dnf install libnetfilter_queue-devel"
echo " CentOS/RHEL: yum install libnetfilter_queue-devel"
echo
exit 1
fi
fi
# libnetfilter_log
AC_ARG_WITH(libnetfilter_log_includes,
[ --with-libnetfilter_log-includes=DIR libnetfilter_log include directory],
[with_libnetfilter_log_includes="$withval"],[with_libnetfilter_log_includes="no"])
AC_ARG_WITH(libnetfilter_log_libraries,
[ --with-libnetfilter_log-libraries=DIR libnetfilter_log library directory],
[with_libnetfilter_log_libraries="$withval"],[with_libnetfilter_log_libraries="no"])
if test "$enable_nflog" = "yes"; then
if test "$with_libnetfilter_log_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_log_includes}"
fi
AC_CHECK_HEADER(libnetfilter_log/libnetfilter_log.h,,[AC_MSG_ERROR(libnetfilter_log.h not found ...)])
if test "$with_libnetfilter_log_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_log_libraries}"
fi
NFLOG=""
AC_CHECK_LIB(netfilter_log, nflog_open,, NFLOG="no")
if test "$NFLOG" = "no"; then
echo
echo " ERROR! libnetfilter_log library not found, go get it"
echo " from http://www.netfilter.org."
echo
exit 1
else
AC_DEFINE([HAVE_NFLOG],[1],[nflog available])
enable_nflog="yes"
fi
fi
Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.
From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."
- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.
Limitation: currently limited to `autofp` runmode.
Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
6 years ago
# WinDivert support
AC_ARG_ENABLE(windivert,
AS_HELP_STRING([--enable-windivert],[Enable WinDivert support [default=no]]),[enable_windivert=$enableval],
Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.
From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."
- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.
Limitation: currently limited to `autofp` runmode.
Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
6 years ago
[enable_windivert="no"])
# WinDivert can only be enabled on Windows builds
AC_CHECK_DECL([OS_WIN32],,[enable_windivert="no"])
if test "x$enable_windivert" = "xyes"; then
# WinDivert requires Vista at a minimum. If the user has selected their own NTDDI_VERSION
# then don't override it.
AC_CHECK_DECL([NTDDI_VERSION],,
[CFLAGS="${CFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"])
AC_DEFINE_UNQUOTED([WINDIVERT],[1],[Enable Windows WinDivert support for inline IDP])
AC_ARG_WITH(windivert_include,
[ --with-windivert-include=DIR WinDivert include path],
[with_windivert_include="$withval"],[with_windivert_include="no"])
AC_ARG_WITH(windivert_libraries,
[ --with-windivert-libraries=DIR WinDivert library path],
[with_windivert_libraries="$withval"],[with_windivert_libraries="no"])
if test "$with_windivert_include" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_windivert_include}"
fi
if test "$with_windivert_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_windivert_libraries}"
fi
AC_CHECK_HEADER(windivert.h,,WINDIVERT_INC="no")
AC_CHECK_LIB(WinDivert, WinDivertOpen,, WINDIVERT_LIB="no")
if test "$WINDIVERT_LIB" = "no" || test "$WINDIVERT_INC" = "no"; then
echo
echo " ERROR! WinDivert not found, go get it from"
echo " https://www.reqrypt.org/windivert.html"
echo
exit 1
fi
fi
# /WinDivert
# prelude
AC_ARG_ENABLE(prelude,
AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),[enable_prelude=$enableval],[enable_prelude=no])
# Prelude doesn't work with -Werror
STORECFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -Wno-error=unused-result"
AS_IF([test "x$enable_prelude" = "xyes"], [
AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
CPPFLAGS="${CPPFLAGS} ${LIBPRELUDE_CFLAGS}"
fi
if test "x${LIBPRELUDE_LDFLAGS}" != "x"; then
LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LDFLAGS}"
fi
if test "x${LIBPRELUDE_LIBS}" != "x"; then
LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LIBS}"
fi
AC_DEFINE([PRELUDE], [1], [Libprelude support enabled])
])
CFLAGS="${STORECFLAGS}"
# libnet
AC_ARG_WITH(libnet_includes,
[ --with-libnet-includes=DIR libnet include directory],
[with_libnet_includes="$withval"],[with_libnet_includes="no"])
AC_ARG_WITH(libnet_libraries,
[ --with-libnet-libraries=DIR libnet library directory],
[with_libnet_libraries="$withval"],[with_libnet_libraries="no"])
if test "x$with_libnet_includes" != "xno"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}"
libnet_dir="${with_libnet_includes}"
else
libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include /usr/local/include/libnet-1.1"
fi
if test "x$with_libnet_libraries" != "xno"; then
LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}"
fi
LIBNET_DETECT_FAIL="no"
LIBNET_INC_DIR=""
for i in $libnet_dir; do
if test -r "$i/libnet.h"; then
LIBNET_INC_DIR="$i"
fi
done
enable_libnet="no"
AC_MSG_CHECKING(for libnet.h version 1.1.x)
if test "$LIBNET_INC_DIR" != ""; then
LIBNET_VER=`grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep '1.[[12]]' | sed 's/[[^"]]*"\([[^"]]*\).*/\1/'`
if test -z "$LIBNET_VER" ; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
#CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems
#to have been depreciated but all distro's seem to include it as part of the package.
if test "$LIBNET_DETECT_FAIL" = "no"; then
LLIBNET=""
AC_CHECK_LIB(net, libnet_write,, LLIBNET="no")
if test "$LLIBNET" != "no"; then
AC_DEFINE([HAVE_LIBNET11],[1],(libnet 1.1 available))
AC_DEFINE([_DEFAULT_SOURCE],[1],(default source))
AC_DEFINE([_BSD_SOURCE],[1],(bsd source))
AC_DEFINE([__BSD_SOURCE],[1],(bsd source))
AC_DEFINE([__FAVOR_BSD],[1],(favor bsd))
AC_DEFINE([HAVE_NET_ETHERNET_H],[1],(ethernet.h))
enable_libnet="yes"
fi
# see if we have the patched libnet 1.1
# https://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html
#
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
if test "$enable_libnet" = "yes"; then
LLIBNET=""
TMPLIBS="${LIBS}"
AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no")
if test "$LLIBNET" != "no"; then
AC_DEFINE([HAVE_LIBNET_ICMPV6_UNREACH],[1],(libnet_build_icmpv6_unreach available))
fi
LIBS="${TMPLIBS}"
fi
# See if we have libnet 1.1.6 or newer - these versions handle capabilities correctly
# Some patched 1.1.4 versions are also good, but it's not guaranteed for all distros.
#
# Details: https://bugzilla.redhat.com/show_bug.cgi?id=589770
AS_VERSION_COMPARE([LIBNET_VER], [1.1.6],
[],
[AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))],
[AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))])
# check if the argument to libnet_init is char* or const char*
AC_MSG_CHECKING([libnet_init dev type])
STORECFLAGS="${CFLAGS}"
if test `basename $CC` = "clang"; then
CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
else
CFLAGS="${CFLAGS} -Werror"
fi
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <stdio.h>
#include <libnet.h>
],
[[
const char dev[32] = "";
char ebuf[LIBNET_ERRBUF_SIZE];
(void)libnet_init(LIBNET_LINK, dev, ebuf);
]])],
[libnet_init_const="yes"],
[libnet_init_const="no"])
AC_MSG_RESULT($libnet_init_const)
if test "x$libnet_init_const" = "xyes"; then
AC_DEFINE([HAVE_LIBNET_INIT_CONST], [1], [libnet_init takes const argument])
fi
CFLAGS="${STORECFLAGS}"
fi
else
AC_MSG_RESULT(no)
fi
# libpcap
AC_ARG_WITH(libpcap_includes,
[ --with-libpcap-includes=DIR libpcap include directory],
[with_libpcap_includes="$withval"],[with_libpcap_includes=no])
AC_ARG_WITH(libpcap_libraries,
[ --with-libpcap-libraries=DIR libpcap library directory],
[with_libpcap_libraries="$withval"],[with_libpcap_libraries="no"])
if test "$with_libpcap_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}"
fi
AC_CHECK_HEADER(pcap.h,,[AC_MSG_ERROR(pcap.h not found ...)])
if test "$with_libpcap_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcap_libraries}"
fi
AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
LIBPCAP=""
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no")
if test "$LIBPCAP" = "no"; then
echo
echo " ERROR! libpcap library not found, go get it"
echo " from http://www.tcpdump.org or your distribution:"
echo
echo " Ubuntu: apt-get install libpcap-dev"
echo " Fedora: dnf install libpcap-devel"
echo " CentOS/RHEL: yum install libpcap-devel"
echo
exit 1
fi
# pcap_activate and pcap_create only exists in libpcap >= 1.0
LIBPCAPVTEST=""
#To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
#see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
TMPLIBS="${LIBS}"
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_activate,, LPCAPVTEST="no")
if test "$LPCAPVTEST" = "no"; then
echo
echo " ERROR! libpcap library too old, need at least 1+, "
echo " go get it from http://www.tcpdump.org or your distribution:"
echo
echo " Ubuntu: apt-get install libpcap-dev"
echo " Fedora: dnf install libpcap-devel"
echo " CentOS/RHEL: yum install libpcap-devel"
echo
exit 1
fi
AC_PATH_PROG(HAVE_PCAP_CONFIG, pcap-config, "no")
if test "$HAVE_PCAP_CONFIG" = "no" -o "$cross_compiling" = "yes"; then
AC_MSG_RESULT(no pcap-config is use)
else
PCAP_CFLAGS="$(pcap-config --defines) $(pcap-config --cflags)"
AC_SUBST(PCAP_CFLAGS)
fi
LIBS="${TMPLIBS}"
#Appears as if pcap_set_buffer_size is linux only?
LIBPCAPSBUFF=""
#To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
#see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
TMPLIBS="${LIBS}"
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_set_buffer_size,, LPCAPSBUFF="no")
if test "$LPCAPSBUFF" != "no"; then
AC_DEFINE([HAVE_PCAP_SET_BUFF],[1],(libpcap has pcap_set_buffer_size function))
fi
LIBS="${TMPLIBS}"
# libpfring
# libpfring (currently only supported for libpcap enabled pfring)
# Error on the side of caution. If libpfring enabled pcap is being used and we don't link against -lpfring compilation will fail.
AC_ARG_ENABLE(pfring,
AS_HELP_STRING([--enable-pfring], [Enable Native PF_RING support]),[enable_pfring=$enableval],[enable_pfring=no])
AS_IF([test "x$enable_pfring" = "xyes"], [
AC_DEFINE([HAVE_PFRING],[1],(PF_RING support enabled))
#We have to set CFLAGS for AC_COMPILE_IFELSE as it doesn't pay attention to CPPFLAGS
AC_ARG_WITH(libpfring_includes,
[ --with-libpfring-includes=DIR libpfring include directory],
[with_libpfring_includes="$withval"],[with_libpfring_includes=no])
AC_ARG_WITH(libpfring_libraries,
[ --with-libpfring-libraries=DIR libpfring library directory],
[with_libpfring_libraries="$withval"],[with_libpfring_libraries="no"])
if test "$with_libpfring_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpfring_includes}"
fi
if test "$with_libpfring_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpfring_libraries}"
fi
LIBPFRING=""
AC_CHECK_LIB(pfring, pfring_open,, LIBPFRING="no", [-lpcap])
if test "$LIBPFRING" != "no"; then
STORECFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -Werror"
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <pfring.h>
],
[
pfring_recv_chunk(NULL, NULL, 0, 0);
])],
[pfring_recv_chunk="yes"],
[pfring_recv_chunk="no"])
CFLAGS="${STORECFLAGS}"
if test "x$pfring_recv_chunk" != "xyes"; then
if test "x$enable_pfring" = "xyes"; then
echo
echo " ERROR! --enable-pfring was passed but the library version is < 6, go get it"
echo " from http://www.ntop.org/products/pf_ring/"
echo
exit 1
fi
fi
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE([[
#include <pfring.h>
#ifndef PF_RING_FLOW_OFFLOAD
# error PF_RING_FLOW_OFFLOAD not defined
#endif
]])],
[
AC_DEFINE([HAVE_PF_RING_FLOW_OFFLOAD], [1], [PF_RING bypass support enabled])
],
[
echo
echo " Warning! Pfring hw bypass not supported by this library version < 7,"
echo " please upgrade to a newer version to use this feature."
echo
echo " Continuing for now with hw bypass support disabled..."
echo
])
else
if test "x$enable_pfring" = "xyes"; then
echo
echo " ERROR! --enable-pfring was passed but the library was not found, go get it"
echo " from http://www.ntop.org/products/pf_ring/"
echo
exit 1
fi
fi
])
# AF_PACKET support
AC_ARG_ENABLE(af-packet,
AS_HELP_STRING([--enable-af-packet], [Enable AF_PACKET support [default=yes]]),
[enable_af_packet=$enableval],[enable_af_packet=yes])
AS_IF([test "x$enable_af_packet" = "xyes"], [
AC_CHECK_DECL([TPACKET_V2],
AC_DEFINE([HAVE_AF_PACKET],[1],[AF_PACKET support is available]),
[enable_af_packet="no"],
[[#include <sys/socket.h>
#include <linux/if_packet.h>]])
AC_CHECK_DECL([PACKET_FANOUT_QM],
AC_DEFINE([HAVE_PACKET_FANOUT],[1],[Recent packet fanout support is available]),
[],
[[#include <linux/if_packet.h>]])
AC_CHECK_DECL([TPACKET_V3],
AC_DEFINE([HAVE_TPACKET_V3],[1],[AF_PACKET tpcket_v3 support is available]),
[],
[[#include <sys/socket.h>
#include <linux/if_packet.h>]])
AC_CHECK_DECL([SOF_TIMESTAMPING_RAW_HARDWARE],
AC_DEFINE([HAVE_HW_TIMESTAMPING],[1],[Hardware timestamping support is available]),
[],
[[#include <linux/net_tstamp.h>]])
])
# Netmap support
AC_ARG_ENABLE(netmap,
AS_HELP_STRING([--enable-netmap], [Enable Netmap support]),[enable_netmap=$enableval],[enable_netmap=no])
AC_ARG_WITH(netmap_includes,
[ --with-netmap-includes=DIR netmap include directory],
[with_netmap_includes="$withval"],[with_netmap_includes=no])
AS_IF([test "x$enable_netmap" = "xyes"], [
AC_DEFINE([HAVE_NETMAP],[1],(NETMAP support enabled))
if test "$with_netmap_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_netmap_includes}"
fi
AC_CHECK_HEADER(net/netmap_user.h,,[AC_MSG_ERROR(net/netmap_user.h not found ...)],)
have_recent_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#ifndef NETMAP_API
#error "outdated netmap, need one with NETMAP_API"
#endif
#if NETMAP_API < 11
#error "outdated netmap, need at least api version 11"
#endif
])], [have_recent_netmap="yes"])
if test "x$have_recent_netmap" != "xyes"; then
echo "ERROR: outdated netmap"
exit 1
fi
have_netmap_version="unknown"
have_v11_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#if NETMAP_API != 11
#error "not 11"
#endif
])], [have_v11_netmap="yes"])
if test "x$have_v11_netmap" = "xyes"; then
have_netmap_version="v11"
fi
have_v12_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#if NETMAP_API != 12
#error "not 12"
#endif
])], [have_v12_netmap="yes"])
if test "x$have_v12_netmap" = "xyes"; then
have_netmap_version="v12"
fi
have_v13_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#if NETMAP_API != 13
#error "not 13"
#endif
])], [have_v13_netmap="yes"])
if test "x$have_v13_netmap" = "xyes"; then
have_netmap_version="v13"
fi
have_gtv13_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#if NETMAP_API <= 13
#error "not gt 13"
#endif
])], [have_gtv13_netmap="yes"])
if test "x$have_gtv13_netmap" = "xyes"; then
have_netmap_version="> v13"
fi
])
# Suricata-Update.
AC_ARG_ENABLE([suricata-update], AS_HELP_STRING([--disable-suricata-update],
[Disable suricata-update]), [enable_suricata_update=$enableval],
[enable_suricata_update="yes"])
# Assume suircata-update will not be installed.
have_suricata_update="no"
ruledirprefix="$sysconfdir"
no_suricata_update_comment="#"
has_suricata_update_comment=""
suricata_update_rule_files="suricata-update-rule-files"
if test "$enable_suricata_update" = "yes"; then
AC_CHECK_FILE([$srcdir/suricata-update/setup.py], [
have_suricata_update="yes"], [])
fi
AM_CONDITIONAL([HAVE_SURICATA_UPDATE],
[test "x$have_suricata_update" != "xno"])
if test "$have_suricata_update" = "yes"; then
if test "$have_python_yaml" != "yes"; then
echo ""
echo " Warning: suricata-update will not be installed as the"
echo " depedency python-yaml is not installed."
echo ""
echo " Debian/Ubuntu: apt install python-yaml"
echo " Fedora: dnf install python-yaml"
echo " CentOS/RHEL: yum install python-yaml"
echo
else
SURICATA_UPDATE_DIR="suricata-update"
AC_SUBST(SURICATA_UPDATE_DIR)
AC_CONFIG_FILES(suricata-update/Makefile)
AC_OUTPUT
ruledirprefix="$localstatedir/lib"
no_suricata_update_comment=""
has_suricata_update_comment="#"
fi
fi
# Test to see if suricatactl (and suricatasc) can be installed.
if test "x$enable_python" != "xyes"; then
install_suricatactl="requires python"
elif test "x$have_python_distutils" != "xyes"; then
install_suricatactl="requires distutils"
else
install_suricatactl="yes"
fi
# Test to see if suricata-update can be installed.
if test "x$have_suricata_update" != "xyes"; then
install_suricata_update="not bundled"
elif test "x$enable_python" != "xyes"; then
install_suricata_update="requires python"
elif test "x$have_python_distutils" != "xyes"; then
install_suricata_update="requires distutils"
elif test "x$have_python_yaml" != "xyes"; then
install_suricata_update="requires pyyaml"
else
install_suricata_update="yes"
fi
# libhtp
AC_ARG_ENABLE(non-bundled-htp,
AS_HELP_STRING([--enable-non-bundled-htp], [Enable the use of an already installed version of htp]),[enable_non_bundled_htp=$enableval],[enable_non_bundled_htp=no])
AS_IF([test "x$enable_non_bundled_htp" = "xyes"], [
PKG_CHECK_MODULES([libhtp], htp,, [with_pkgconfig_htp=no])
if test "$with_pkgconfig_htp" != "no"; then
CPPFLAGS="${CPPFLAGS} ${libhtp_CFLAGS}"
LIBS="${LIBS} ${libhtp_LIBS}"
fi
AC_ARG_WITH(libhtp_includes,
[ --with-libhtp-includes=DIR libhtp include directory],
[with_libhtp_includes="$withval"],[with_libhtp_includes=no])
AC_ARG_WITH(libhtp_libraries,
[ --with-libhtp-libraries=DIR libhtp library directory],
[with_libhtp_libraries="$withval"],[with_libhtp_libraries="no"])
if test "$with_libhtp_includes" != "no"; then
CPPFLAGS="-I${with_libhtp_includes} ${CPPFLAGS}"
fi
if test "$with_libhtp_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libhtp_libraries}"
fi
AC_CHECK_HEADER(htp/htp.h,,[AC_MSG_ERROR(htp/htp.h not found ...)])
LIBHTP=""
AC_CHECK_LIB(htp, htp_conn_create,, LIBHTP="no")
if test "$LIBHTP" = "no"; then
echo
echo " ERROR! libhtp library not found"
echo
exit 1
fi
PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.20],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
if test "$libhtp_minver_found" = "no"; then
PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
if test "$libhtp_devver_found" = "no"; then
echo
echo " ERROR! libhtp was found but it is neither >= 0.5.20, nor the dev 0.5.X"
echo
exit 1
fi
fi
AC_CHECK_LIB([htp], [htp_config_register_request_uri_normalize],AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Found htp_config_register_request_uri_normalize function in libhtp]) ,,[-lhtp])
# check for htp_tx_get_response_headers_raw
AC_CHECK_LIB([htp], [htp_tx_get_response_headers_raw],AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Found htp_tx_get_response_headers_raw in libhtp]) ,,[-lhtp])
AC_CHECK_LIB([htp], [htp_decode_query_inplace],AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Found htp_decode_query_inplace function in libhtp]) ,,[-lhtp])
AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp])
AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) )
])
if test "x$enable_non_bundled_htp" = "xno"; then
# test if we have a bundled htp
if test -d "$srcdir/libhtp"; then
AC_CONFIG_SUBDIRS([libhtp])
HTP_DIR="libhtp"
AC_SUBST(HTP_DIR)
HTP_LDADD="../libhtp/htp/libhtp.la"
AC_SUBST(HTP_LDADD)
# make sure libhtp is added to the includes
CPPFLAGS="-I\${srcdir}/../libhtp/ ${CPPFLAGS}"
AC_CHECK_HEADER(iconv.h,,[AC_MSG_ERROR(iconv.h not found ...)])
AC_CHECK_LIB(iconv, libiconv_close)
AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Assuming htp_config_register_request_uri_normalize function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Assuming htp_tx_get_response_headers_raw function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Assuming htp_decode_query_inplace function in bundled libhtp])
# enable when libhtp has been updated
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp])
else
echo
echo " ERROR: Libhtp is not bundled. Get libhtp by doing:"
echo " git clone https://github.com/OISF/libhtp"
echo " Then re-run Suricata's autogen.sh and configure script."
echo " Or, if libhtp is installed in a different location,"
echo " pass --enable-non-bundled-htp to Suricata's configure script."
echo " Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if"
echo " libhtp is not installed in the include and library paths."
echo
exit 1
fi
fi
# Check for libcap-ng
case $host in
*-*-linux*)
AC_ARG_WITH(libcap_ng_includes,
[ --with-libcap_ng-includes=DIR libcap_ng include directory],
[with_libcap_ng_includes="$withval"],[with_libcap_ng_includes=no])
AC_ARG_WITH(libcap_ng_libraries,
[ --with-libcap_ng-libraries=DIR libcap_ng library directory],
[with_libcap_ng_libraries="$withval"],[with_libcap_ng_libraries="no"])
if test "$with_libcap_ng_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libcap_ng_includes}"
fi
if test "$with_libcap_ng_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libcap_ng_libraries}"
fi
AC_CHECK_HEADER(cap-ng.h,,LIBCAP_NG="no")
if test "$LIBCAP_NG" != "no"; then
LIBCAP_NG=""
AC_CHECK_LIB(cap-ng,capng_clear,,LIBCAP_NG="no")
fi
if test "$LIBCAP_NG" != "no"; then
AC_DEFINE([HAVE_LIBCAP_NG],[1],[Libpcap-ng support])
fi
if test "$LIBCAP_NG" = "no"; then
echo
echo " WARNING! libcap-ng library not found, go get it"
echo " from http://people.redhat.com/sgrubb/libcap-ng/"
echo " or your distribution:"
echo
echo " Ubuntu: apt-get install libcap-ng-dev"
echo " Fedora: dnf install libcap-ng-devel"
echo " CentOS/RHEL: yum install libcap-ng-devel"
echo
echo " Suricata will be built without support for dropping privs."
echo
fi
;;
esac
AC_ARG_ENABLE(ebpf,
AS_HELP_STRING([--enable-ebpf],[Enable eBPF support]),
[ enable_ebpf="$enableval"],
[ enable_ebpf="no"])
have_xdp="no"
if test "$enable_ebpf" = "yes"; then
AC_CHECK_LIB(elf,elf_begin,,LIBELF="no")
if test "$LIBELF" = "no"; then
echo
echo " libelf library and development headers not found but"
echo " but needed to use eBPF code"
echo
exit 1
fi;
AC_CHECK_LIB(bpf,bpf_object__open,,LIBBPF="no")
if test "$LIBBPF" = "no"; then
echo
echo " libbpf library and development headers not found but"
echo " needed to use eBPF code. It can be found at"
echo " https://github.com/libbpf/libbpf"
echo
exit 1
fi;
AC_CHECK_DECL([PACKET_FANOUT_EBPF],
AC_DEFINE([HAVE_PACKET_EBPF],[1],[Recent ebpf fanout support is available]),
[],
[[#include <linux/if_packet.h>]])
AC_CHECK_LIB(bpf, bpf_set_link_xdp_fd,have_xdp="yes")
if test "$have_xdp" = "yes"; then
AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
fi
fi;
# Check for DAG support.
AC_ARG_ENABLE(dag,
AS_HELP_STRING([--enable-dag],[Enable DAG capture]),
[ enable_dag=$enableval ],
[ enable_dag=no])
AC_ARG_WITH(dag_includes,
[ --with-dag-includes=DIR dagapi include directory],
[with_dag_includes="$withval"],[with_dag_includes="no"])
AC_ARG_WITH(dag_libraries,
[ --with-dag-libraries=DIR dagapi library directory],
[with_dag_libraries="$withval"],[with_dag_libraries="no"])
if test "$enable_dag" = "yes"; then
if test "$with_dag_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_dag_includes}"
fi
if test "$with_dag_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_dag_libraries}"
fi
AC_CHECK_HEADER(dagapi.h,DAG="yes",DAG="no")
if test "$DAG" != "no"; then
DAG=""
AC_CHECK_LIB(dag,dag_open,,DAG="no",)
fi
if test "$DAG" = "no"; then
echo
echo " ERROR! libdag library not found"
echo
exit 1
fi
AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled))
fi
# libnspr (enabled by default)
AC_ARG_ENABLE(nspr,
AS_HELP_STRING([--disable-nspr],[Disable libnspr support]),
[enable_nspr=$enableval],[enable_nspr="yes"])
AC_ARG_WITH(libnspr_includes,
[ --with-libnspr-includes=DIR libnspr include directory],
[with_libnspr_includes="$withval"],[with_libnspr_includes="no"])
AC_ARG_WITH(libnspr_libraries,
[ --with-libnspr-libraries=DIR libnspr library directory],
[with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
if test "$enable_nspr" != "no"; then
# Try pkg-config first:
PKG_CHECK_MODULES([libnspr],nspr,,[with_pkgconfig_nspr="no"])
if test "$with_pkgconfig_nspr" != "no"; then
CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
LIBS="${LIBS} ${libnspr_LIBS}"
fi
if test "$with_libnspr_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
fi
TMPLIBS="${LIBS}"
AC_CHECK_HEADER(nspr.h,
AC_CHECK_LIB(nspr4,PR_GetCurrentThread,[AC_DEFINE([HAVE_NSPR],[1],[libnspr available])
NSPR="yes"
if test "$NSPR" = "yes"; then
if test "$with_libnspr_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
LIBS="${TMPLIBS}"
else
LIBS="${TMPLIBS}"
fi
fi]),NSPR="no")
if test "$NSPR" = "no"; then
echo
echo " ERROR! libnspr library not found, go get it"
echo " from Mozilla or your distribution:"
echo
echo " Ubuntu: apt-get install libnspr4-dev"
echo " Fedora: dnf install nspr-devel"
echo " CentOS/RHEL: yum install nspr-devel"
echo
fi
fi
# libnss (enabled by default)
AC_ARG_ENABLE(nss,
AS_HELP_STRING([--disable-nss],[Disable libnss support]),
[enable_nss=$enableval],[enable_nss="yes"])
AC_ARG_WITH(libnss_includes,
[ --with-libnss-includes=DIR libnss include directory],
[with_libnss_includes="$withval"],[with_libnss_includes="no"])
AC_ARG_WITH(libnss_libraries,
[ --with-libnss-libraries=DIR libnss library directory],
[with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
if test "$enable_nss" != "no"; then
# Try pkg-config first:
PKG_CHECK_MODULES([libnss],nss,,[with_pkgconfig_nss="no"])
if test "$with_pkgconfig_nss" != "no"; then
CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
LIBS="${LIBS} ${libnss_LIBS}"
fi
if test "$with_libnss_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
fi
TMPLIBS="${LIBS}"
AC_CHECK_HEADER(sechash.h,
AC_CHECK_LIB(nss3,HASH_Begin,[AC_DEFINE([HAVE_NSS],[1],[libnss available])
NSS="yes"
if test "$NSS" = "yes"; then
if test "$with_libnss_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
LIBS="${TMPLIBS}"
else
LIBS="${TMPLIBS}"
fi
fi]),NSS="no")
if test "$NSS" = "no"; then
echo
echo " ERROR! libnss library not found, go get it"
echo " from Mozilla or your distribution:"
echo
echo " Ubuntu: apt-get install libnss3-dev"
echo " Fedora: dnf install nss-devel"
echo " CentOS/RHEL: yum install nss-devel"
echo
fi
fi
# libmagic
enable_magic="no"
AC_ARG_ENABLE(libmagic,
AS_HELP_STRING([--enable-libmagic], [Enable libmagic support [default=yes]]),
[enable_magic=$enableval],[enable_magic=yes])
if test "$enable_magic" = "yes"; then
AC_ARG_WITH(libmagic_includes,
[ --with-libmagic-includes=DIR libmagic include directory],
[with_libmagic_includes="$withval"],[with_libmagic_includes=no])
AC_ARG_WITH(libmagic_libraries,
[ --with-libmagic-libraries=DIR libmagic library directory],
[with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
if test "$with_libmagic_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
fi
AC_CHECK_HEADER(magic.h,,MAGIC="no")
if test "$MAGIC" != "no"; then
MAGIC=""
AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
fi
if test "x$MAGIC" != "xno"; then
if test "$with_libmagic_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}"
fi
AC_DEFINE([HAVE_MAGIC],[1],(Libmagic for file handling))
else
echo
echo " WARNING! magic library not found, go get it"
echo " from http://www.darwinsys.com/file/ or your distribution:"
echo
echo " Ubuntu: apt-get install libmagic-dev"
echo " Fedora: dnf install file-devel"
echo " CentOS/RHEL: yum install file-devel"
echo
enable_magic="no"
fi
fi
# Napatech - Using the 3GD API
AC_ARG_ENABLE(napatech,
AS_HELP_STRING([--enable-napatech],[Enabled Napatech Devices]),
[ enable_napatech=$enableval ],
[ enable_napatech=no])
AC_ARG_WITH(napatech_includes,
[ --with-napatech-includes=DIR napatech include directory],
[with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"])
AC_ARG_WITH(napatech_libraries,
[ --with-napatech-libraries=DIR napatech library directory],
[with_napatech_libraries="$withval"],[with_napatech_libraries="/opt/napatech3/lib"])
if test "$enable_napatech" = "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_napatech_includes}"
LDFLAGS="${LDFLAGS} -L${with_napatech_libraries} -lntapi"
AC_CHECK_HEADER(nt.h,NAPATECH="yes",NAPATECH="no")
if test "$NAPATECH" != "no"; then
NAPATECH=""
AC_CHECK_LIB(ntapi, NT_Init,NAPATECH="yes",NAPATECH="no")
fi
if test "$NAPATECH" = "no"; then
echo
echo " ERROR! libntapi library not found"
echo
exit 1
else
AC_CHECK_LIB(numa, numa_available,, LIBNUMA="no")
if test "$LIBNUMA" = "no"; then
echo
echo " WARNING: libnuma is required to use Napatech auto-config"
echo " libnuma is not found. Go get it"
echo " from http://github.com/numactl/numactl or your distribution:"
echo " Ubuntu: apt-get install libnuma-dev"
echo " Fedora: dnf install numactl-devel"
echo " CentOS/RHEL: yum install numactl-devel"
echo
exit 1
fi
fi
AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support))
fi
# liblua
AC_ARG_ENABLE(lua,
AS_HELP_STRING([--enable-lua],[Enable Lua support]),
[ enable_lua="$enableval"],
[ enable_lua="no"])
AC_ARG_ENABLE(luajit,
AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
[ enable_luajit="$enableval"],
[ enable_luajit="no"])
if test "$enable_lua" = "yes"; then
if test "$enable_luajit" = "yes"; then
echo "ERROR: can't enable liblua and luajit at the same time."
echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)"
echo "support, use just --enable-lua."
echo "Both options will enable the Lua scripting capabilities"
echo "in Suricata".
echo
exit 1
fi
fi
AC_ARG_WITH(liblua_includes,
[ --with-liblua-includes=DIR liblua include directory],
[with_liblua_includes="$withval"],[with_liblua_includes="no"])
AC_ARG_WITH(liblua_libraries,
[ --with-liblua-libraries=DIR liblua library directory],
[with_liblua_libraries="$withval"],[with_liblua_libraries="no"])
if test "$enable_lua" = "yes"; then
if test "$with_liblua_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_liblua_includes}"
else
# lua lua51 lua5.1 lua-5.1
PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [
LUA="no"
])
])
])
])
CPPFLAGS="${CPPFLAGS} ${LUA_CFLAGS}"
fi
AC_CHECK_HEADER(lualib.h,LUA="yes",LUA="no")
if test "$LUA" = "yes"; then
if test "$with_liblua_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_liblua_libraries}"
AC_CHECK_LIB(${LUA_LIB_NAME}, luaL_openlibs,, LUA="no")
if test "$LUA" = "no"; then
echo
echo " ERROR! liblua library not found, go get it"
echo " from http://lua.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install liblua5.1-dev"
echo " Fedora: dnf install lua-devel"
echo " CentOS/RHEL: yum install lua-devel"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-liblua-libraries configure option."
echo
exit 1
fi
else
# lua lua51 lua5.1 lua-5.1
PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [
PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [
LUA="no"
])
])
])
])
LDFLAGS="${LDFLAGS} ${LUA_LIBS}"
fi
if test "$LUA" = "no"; then
AC_CHECK_LIB(lua, luaL_openlibs,, LUA="no")
fi
if test "$LUA" = "yes"; then
AC_DEFINE([HAVE_LUA],[1],[liblua available])
enable_lua="yes"
fi
else
echo
echo " ERROR! liblua headers not found, go get them"
echo " from http://lua.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install liblua5.1-dev"
echo " Fedora: dnf install lua-devel"
echo " CentOS/RHEL: yum install lua-devel"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-liblua-includes and --with-liblua-libraries"
echo " configure option."
echo
exit 1
fi
fi
# libluajit
AC_ARG_WITH(libluajit_includes,
[ --with-libluajit-includes=DIR libluajit include directory],
[with_libluajit_includes="$withval"],[with_libluajit_includes="no"])
AC_ARG_WITH(libluajit_libraries,
[ --with-libluajit-libraries=DIR libluajit library directory],
[with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"])
if test "$enable_luajit" = "yes"; then
if test "$with_libluajit_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no")
CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}"
fi
AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no")
if test "$LUAJIT" = "yes"; then
if test "$with_libluajit_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit])
LDFLAGS="${LDFLAGS} ${LUAJIT_LIBS}"
fi
AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no")
if test "$LUAJIT" = "no"; then
echo
echo " ERROR! libluajit library not found, go get it"
echo " from http://luajit.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install libluajit-5.1-dev"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-libluajit-libraries configure option."
echo
exit 1
fi
AC_DEFINE([HAVE_LUA],[1],[lua support available])
AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available])
enable_lua="yes, through luajit"
enable_luajit="yes"
else
echo
echo " ERROR! libluajit headers not found, go get them"
echo " from http://luajit.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install libluajit-5.1-dev"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-libluajit-includes and --with-libluajit-libraries"
echo " configure option."
echo
exit 1
fi
fi
AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
# libmaxminddb
AC_ARG_ENABLE(geoip,
AS_HELP_STRING([--enable-geoip],[Enable GeoIP2 support]),
[ enable_geoip="yes"],
[ enable_geoip="no"])
AC_ARG_WITH(libmaxminddb_includes,
[ --with-libmaxminddb-includes=DIR libmaxminddb include directory],
[with_libmaxminddb_includes="$withval"],[with_libmaxminddb_includes="no"])
AC_ARG_WITH(libmaxminddb_libraries,
[ --with-libmaxminddb-libraries=DIR libmaxminddb library directory],
[with_libmaxminddb_libraries="$withval"],[with_libmaxminddb_libraries="no"])
if test "$enable_geoip" = "yes"; then
if test "$with_libmaxminddb_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libmaxminddb_includes}"
fi
AC_CHECK_HEADER(maxminddb.h,GEOIP="yes",GEOIP="no")
if test "$GEOIP" = "yes"; then
if test "$with_libmaxminddb_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libmaxminddb_libraries}"
fi
AC_CHECK_LIB(maxminddb, MMDB_open,, GEOIP="no")
fi
if test "$GEOIP" = "no"; then
echo
echo " ERROR! libmaxminddb GeoIP2 library not found, go get it"
echo " from https://github.com/maxmind/libmaxminddb or your distribution:"
echo
echo " Ubuntu: apt-get install libmaxminddb-dev"
echo " Fedora: dnf install libmaxminddb-devel"
echo " CentOS/RHEL: yum install libmaxminddb-devel"
echo
exit 1
fi
AC_DEFINE([HAVE_GEOIP],[1],[libmaxminddb available])
enable_geoip="yes"
fi
# Position Independent Executable
AC_ARG_ENABLE(pie,
AS_HELP_STRING([--enable-pie],[Enable compiling as a position independent executable]),
[ enable_pie="$enableval"],
[ enable_pie="no"])
if test "$enable_pie" = "yes"; then
CPPFLAGS="${CPPFLAGS} -fPIC"
LDFLAGS="${LDFLAGS} -pie"
fi
#libevent includes and libraries
AC_ARG_WITH(libevent_includes,
[ --with-libevent-includes=DIR libevent include directory],
[with_libevent_includes="$withval"],[with_libevent_includes="no"])
AC_ARG_WITH(libevent_libraries,
[ --with-libevent-libraries=DIR libevent library directory],
[with_libevent_libraries="$withval"],[with_libevent_libraries="no"])
# libhiredis
AC_ARG_ENABLE(hiredis,
AS_HELP_STRING([--enable-hiredis],[Enable Redis support]),
[ enable_hiredis="$enableval"],
[ enable_hiredis="no"])
AC_ARG_WITH(libhiredis_includes,
[ --with-libhiredis-includes=DIR libhiredis include directory],
[with_libhiredis_includes="$withval"],[with_libhiredis_includes="no"])
AC_ARG_WITH(libhiredis_libraries,
[ --with-libhiredis-libraries=DIR libhiredis library directory],
[with_libhiredis_libraries="$withval"],[with_libhiredis_libraries="no"])
enable_hiredis_async="no"
if test "$enable_hiredis" = "yes"; then
if test "$with_libhiredis_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libhiredis_includes}"
fi
AC_CHECK_HEADER("hiredis/hiredis.h",HIREDIS="yes",HIREDIS="no")
if test "$HIREDIS" = "yes"; then
if test "$with_libhiredis_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libhiredis_libraries}"
fi
AC_CHECK_LIB(hiredis, redisConnect,, HIREDIS="no")
fi
if test "$HIREDIS" = "no"; then
echo
echo " ERROR! libhiredis library not found, go get it"
echo " from https://github.com/redis/hiredis or your distribution:"
echo
echo " Ubuntu: apt-get install libhiredis-dev"
echo " Fedora: dnf install hiredis-devel"
echo " CentOS/RHEL: yum install hiredis-devel"
echo
exit 1
fi
if test "$HIREDIS" = "yes"; then
AC_DEFINE([HAVE_LIBHIREDIS],[1],[libhiredis available])
enable_hiredis="yes"
#
# Check if async adapters and libevent is installed
#
AC_CHECK_HEADER("hiredis/adapters/libevent.h",HIREDIS_LIBEVENT_ADAPTER="yes",HIREDIS_LIBEVENT_ADAPTER="no")
if test "$HIREDIS_LIBEVENT_ADAPTER" = "yes"; then
#Look for libevent headers
if test "$with_libevent_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libevent_includes}"
fi
AC_CHECK_HEADER("event.h",LIBEVENT="yes",LIBEVENT="no")
if test "$LIBEVENT" = "yes"; then
if test "$with_libevent_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libevent_libraries}"
fi
AC_CHECK_LIB(event, event_base_free,, HAVE_LIBEVENT="no")
AC_CHECK_LIB(event_pthreads, evthread_use_pthreads,, HAVE_LIBEVENT_PTHREADS="no")
fi
if [ test "$HAVE_LIBEVENT" = "no" ] && [ -o test "$HAVE_LIBEVENT_PTHREADS" = "no"]; then
if test "$HAVE_LIBEVENT" = "no"; then
echo
echo " Async mode for redis output will not be available."
echo " To enable it install libevent"
echo
echo " Ubuntu: apt-get install libevent-dev"
echo " Fedora: dnf install libevent-devel"
echo " CentOS/RHEL: yum install libevent-devel"
echo
fi
if test "$HAVE_LIBEVENT_PTHREADS" = "no"; then
echo
echo " Async mode for redis output will not be available."
echo " To enable it install libevent with pthreads support"
echo
echo " Ubuntu: apt-get install libevent-pthreads-2.0-5"
echo
fi
else
AC_DEFINE([HAVE_LIBEVENT],[1],[libevent available])
enable_hiredis_async="yes"
fi
fi
fi
fi
# Check for lz4
enable_liblz4="yes"
AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
if test "$enable_liblz4" = "no"; then
echo
echo " Compressed pcap logging is not available without liblz4."
echo " If you want to enable compression, you need to install it."
echo
echo " Ubuntu: apt-get install liblz4-dev"
echo " Fedora: dnf install lz4-devel"
echo " CentOS/RHEL: yum install epel-release"
echo " yum install lz4-devel"
echo
fi
# get cache line size
AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
if test "$HAVE_GETCONF_CMD" != "no"; then
CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
if [test "$CLS" != "" && test "$CLS" != "0"]; then
AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size])
else
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
else
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
# sphinx for documentation
AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no")
if test "$HAVE_SPHINXBUILD" = "no"; then
enable_sphinxbuild=no
if test -e "$srcdir/doc/userguide/suricata.1"; then
have_suricata_man=yes
fi
fi
AM_CONDITIONAL([HAVE_SPHINXBUILD], [test "x$enable_sphinxbuild" != "xno"])
AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
# pdflatex for the pdf version of the user manual
AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
if test "$HAVE_PDFLATEX" = "no"; then
enable_pdflatex=no
fi
AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"])
# Cargo/Rust
AC_PATH_PROG(RUSTC, rustc, "no")
if test "$RUSTC" = "no"; then
echo ""
echo " ERROR: Suricata now requires Rust to build."
echo ""
echo " Ubuntu/Debian: apt install rustc cargo"
echo " Fedora: dnf install rustc cargo"
echo " CentOS: yum install rustc cargo (requires EPEL)"
echo ""
echo " Rustup works as well: https://rustup.rs/"
echo ""
exit 1
fi
AC_PATH_PROG(CARGO, cargo, "no")
if test "CARGO" = "no"; then
AC_MSG_ERROR([cargo required])
fi
AC_DEFINE([HAVE_RUST],[1],[Enable Rust language])
AM_CONDITIONAL([HAVE_RUST],true)
AC_SUBST([CARGO], [$CARGO])
enable_rust="yes"
rust_compiler_version=$($RUSTC --version)
rust_cargo_version=$($CARGO --version)
rust_vendor_comment="# "
have_rust_vendor="no"
rust_compiler_version="not set"
rust_cargo_version="not set"
# We may require Python if the Rust header stubs are not already
# generated.
if test "x$enable_python" != "xyes" && test ! -f rust/gen/c-headers/rust-core-gen.h; then
echo ""
echo " ERROR! Rust support requires Python."
echo
echo " Ubuntu: apt install python"
echo
exit 1
fi
if test "x$enable_debug" = "xyes"; then
RUST_SURICATA_LIB="../rust/target/debug/${RUST_SURICATA_LIBNAME}"
else
RUST_SURICATA_LIB="../rust/target/release/${RUST_SURICATA_LIBNAME}"
fi
RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}"
CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen/c-headers"
AC_SUBST(RUST_SURICATA_LIB)
AC_SUBST(RUST_LDADD)
if test "x$CARGO_HOME" = "x"; then
AC_SUBST([CARGO_HOME], [~/.cargo])
else
AC_SUBST([CARGO_HOME], [$CARGO_HOME])
fi
AC_CHECK_FILES([$srcdir/rust/vendor], [have_rust_vendor="yes"])
if test "x$have_rust_vendor" = "xyes"; then
rust_vendor_comment=""
fi
rust_compiler_version=$(rustc --version)
rust_cargo_version=$(cargo --version)
AC_SUBST(rust_vendor_comment)
AM_CONDITIONAL([HAVE_RUST_VENDOR], [test "x$have_rust_vendor" = "xyes"])
if test "x$enable_rust" = "xyes" || test "x$enable_rust" = "xyes (default)"; then
AC_PATH_PROG(HAVE_CARGO_VENDOR, cargo-vendor, "no")
if test "x$HAVE_CARGO_VENDOR" = "xno"; then
echo " Warning: cargo-vendor not found, but it is only required"
echo " for building the distribution"
echo " To install: cargo install cargo-vendor"
fi
fi
AM_CONDITIONAL([HAVE_CARGO_VENDOR], [test "x$HAVE_CARGO_VENDOR" != "xno"])
AC_ARG_ENABLE(rust_strict,
AS_HELP_STRING([--enable-rust-strict], [Rust warnings as errors]),[enable_rust_strict=$enableval],[enable_rust_strict=no])
AS_IF([test "x$enable_rust_strict" = "xyes"], [
RUST_FEATURES="strict"
])
AC_SUBST(RUST_FEATURES)
AC_ARG_ENABLE(rust_debug,
AS_HELP_STRING([--enable-rust-debug], [Rust not in --release mode]),[enable_rust_debug=$enableval],[enable_rust_debug=no])
AM_CONDITIONAL([RUST_DEBUG], [test "x$enable_rust_debug" = "xyes"])
AC_SUBST(RUST_DEBUG)
# get revision
if test -f ./revision; then
REVISION=`cat ./revision`
AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision])
else
AC_PATH_PROG(HAVE_GIT_CMD, git, "no")
if test "$HAVE_GIT_CMD" != "no"; then
if [ test -d .git ]; then
REVISION=`git rev-parse --short HEAD`
DATE=`git log -1 --date=short --pretty=format:%cd`
REVISION="$REVISION $DATE"
AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision])
fi
fi
fi
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)
define([EXPAND_VARIABLE],
[$2=[$]$1
if test $prefix = 'NONE'; then
prefix="/usr/local"
fi
while true; do
case "[$]$2" in
*\[$]* ) eval "$2=[$]$2" ;;
*) break ;;
esac
done
eval "$2=[$]$2$3"
])dnl EXPAND_VARIABLE
# suricata log dir
if test "$WINDOWS_PATH" = "yes"; then
case $host in
x86_64-w64-mingw32)
e_winbase="C:\\\\Program Files\\\\Suricata"
;;
*)
systemtype="`systeminfo | grep \"based PC\"`"
case "$systemtype" in
*x64*)
e_winbase="C:\\\\Program Files (x86)\\\\Suricata"
;;
*)
e_winbase="C:\\\\Program Files\\\\Suricata"
;;
esac
esac
e_sysconfdir="${e_winbase}\\\\"
e_sysconfrulesdir="$e_winbase\\\\rules\\\\"
e_defaultruledir="$e_winbase\\\\rules\\\\"
e_magic_file="$e_winbase\\\\magic.mgc"
e_logdir="$e_winbase\\\\log"
e_logfilesdir="$e_logdir\\\\files"
e_logcertsdir="$e_logdir\\\\certs"
e_datarulesdir="$e_winbase\\\\rules\\\\"
if test "$HAVE_CYGPATH" != "no"; then
# turn srcdir into abs path and convert to the
# mixed output (/c/Users/dev into c:/Users/dev)
e_rustdir="$(cygpath -a -t mixed ${srcdir})/rust"
else
e_abs_srcdir=$(cd $srcdir && pwd)
e_rustdir="$e_abs_srcdir/rust"
fi
else
EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
EXPAND_VARIABLE(localstatedir, e_rundir, "/run/")
EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files")
EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs")
EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/")
EXPAND_VARIABLE(sysconfdir, e_sysconfrulesdir, "/suricata/rules")
EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata")
EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules")
EXPAND_VARIABLE(ruledirprefix, e_defaultruledir, "/suricata/rules")
e_abs_srcdir=$(cd $srcdir && pwd)
EXPAND_VARIABLE(e_abs_srcdir, e_rustdir, "/rust")
fi
AC_SUBST(e_logdir)
AC_SUBST(e_rundir)
AC_SUBST(e_logfilesdir)
AC_SUBST(e_logcertsdir)
AC_SUBST(e_sysconfdir)
AC_SUBST(e_sysconfrulesdir)
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
AC_SUBST(e_localstatedir)
AC_DEFINE_UNQUOTED([CONFIG_DIR],["$e_sysconfdir"],[Our CONFIG_DIR])
AC_SUBST(e_magic_file)
AC_SUBST(e_magic_file_comment)
AC_SUBST(e_enable_evelog)
AC_SUBST(e_datarulesdir)
AC_SUBST(e_defaultruledir)
AC_SUBST(e_rustdir)
AC_SUBST(has_suricata_update_comment)
AC_SUBST(no_suricata_update_comment)
EXPAND_VARIABLE(prefix, CONFIGURE_PREFIX)
EXPAND_VARIABLE(sysconfdir, CONFIGURE_SYSCONDIR)
EXPAND_VARIABLE(localstatedir, CONFIGURE_LOCALSTATEDIR)
EXPAND_VARIABLE(datadir, CONFIGURE_DATAROOTDIR)
AC_SUBST(CONFIGURE_PREFIX)
AC_SUBST(CONFIGURE_SYSCONDIR)
AC_SUBST(CONFIGURE_LOCALSTATEDIR)
AC_SUBST(CONFIGURE_DATAROOTDIR)
AC_SUBST(PACKAGE_VERSION)
AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/.cargo/config)
AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile)
AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile)
AC_CONFIG_FILES(suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service)
AC_CONFIG_FILES(python/Makefile python/suricata/config/defaults.py)
AC_CONFIG_FILES(ebpf/Makefile)
AC_OUTPUT
SURICATA_BUILD_CONF="Suricata Configuration:
AF_PACKET support: ${enable_af_packet}
eBPF support: ${enable_ebpf}
XDP support: ${have_xdp}
PF_RING support: ${enable_pfring}
NFQueue support: ${enable_nfqueue}
NFLOG support: ${enable_nflog}
IPFW support: ${enable_ipfw}
Netmap support: ${enable_netmap} ${have_netmap_version}
DAG enabled: ${enable_dag}
Napatech enabled: ${enable_napatech}
Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.
From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."
- adds `--windivert [filter string]` and `--windivert-forward [filter
string]` command-line options to enable WinDivert IPS mode.
`--windivert[-forward] true` will open a filter for all traffic. See
https://www.reqrypt.org/windivert-doc.html#filter_language for more
information.
Limitation: currently limited to `autofp` runmode.
Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
6 years ago
WinDivert enabled: ${enable_windivert}
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
Unix socket enabled: ${enable_unixsocket}
Detection enabled: ${enable_detection}
Libmagic support: ${enable_magic}
libnss support: ${enable_nss}
libnspr support: ${enable_nspr}
unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
* Client connects to the socket
* It sends a version message: { "version": "$VERSION_ID" }
* Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.
The format of command is the following:
{
"command": "pcap-file",
"arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
}
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
{
"return": "OK|NOK",
"message": JSON_OBJECT or information string
}
A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code. The first command line argument of suricatasc is
used to specify the socket to connect to.
Configuration of the feature is made in the YAML under the 'unix-command'
section:
unix-command:
enabled: yes
filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.
A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.
To start this mode, Suricata must be started with the --unix-socket
option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.
THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.
This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.
Two other commands exists to get info on the remaining tasks:
* pcap-file-number: return the number of files in the waiting queue
* pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
{
'count': 2,
'files': ['file1.pcap', 'file2.pcap']
}
13 years ago
libjansson support: ${enable_jansson}
liblzma support: ${enable_liblzma}
hiredis support: ${enable_hiredis}
hiredis async with libevent: ${enable_hiredis_async}
Prelude support: ${enable_prelude}
PCRE jit: ${pcre_jit_available}
LUA support: ${enable_lua}
libluajit: ${enable_luajit}
GeoIP2 support: ${enable_geoip}
Non-bundled htp: ${enable_non_bundled_htp}
Old barnyard2 support: ${enable_old_barnyard2}
Hyperscan support: ${enable_hyperscan}
Libnet support: ${enable_libnet}
liblz4 support: ${enable_liblz4}
Rust support: ${enable_rust}
Rust strict mode: ${enable_rust_strict}
Rust debug mode: ${enable_rust_debug}
Rust compiler: ${rust_compiler_version}
Rust cargo: ${rust_cargo_version}
Python support: ${enable_python}
Python path: ${python_path}
Python version: ${python_version}
Python distutils ${have_python_distutils}
Python yaml ${have_python_yaml}
Install suricatactl: ${install_suricatactl}
Install suricatasc: ${install_suricatactl}
Install suricata-update: ${install_suricata_update}
Profiling enabled: ${enable_profiling}
Profiling locks enabled: ${enable_profiling_locks}
Development settings:
Coccinelle / spatch: ${enable_coccinelle}
Unit tests enabled: ${enable_unittests}
Debug output enabled: ${enable_debug}
Debug validation enabled: ${enable_debug_validation}
Generic build parameters:
Installation prefix: ${prefix}
Configuration directory: ${e_sysconfdir}
Log directory: ${e_logdir}
--prefix ${CONFIGURE_PREFIX}
--sysconfdir ${CONFIGURE_SYSCONDIR}
--localstatedir ${CONFIGURE_LOCALSTATEDIR}
--datarootdir ${CONFIGURE_DATAROOTDIR}
Host: ${host}
Compiler: ${CC} (exec name) / ${compiler} (real)
GCC Protect enabled: ${enable_gccprotect}
GCC march native enabled: ${enable_gccmarch_native}
GCC Profile enabled: ${enable_gccprofile}
Position Independent Executable enabled: ${enable_pie}
CFLAGS ${CFLAGS}
PCAP_CFLAGS ${PCAP_CFLAGS}
SECCFLAGS ${SECCFLAGS}"
echo
echo "$SURICATA_BUILD_CONF"
echo "printf(" >src/build-info.h
echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h
echo ");" >>src/build-info.h
echo "
To build and install run 'make' and 'make install'.
You can run 'make install-conf' if you want to install initial configuration
files to ${e_sysconfdir}. Running 'make install-full' will install configuration
and rules and provide you a ready-to-run suricata."
echo
echo "To install Suricata into /usr/bin/suricata, have the config in
/etc/suricata and use /var/log/suricata as log dir, use:
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/"
echo
