aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,619 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '78715a5f3f'
${ noResults }
Commit Graph

469 Commits (78715a5f3f71d1a6f414791833940093b9de368c)

Author SHA1 Message Date
Victor Julien df79613fb5 privs: include headers in suricata-common.h 5 years ago
Victor Julien 794d9eeb83 fuzz: remove UNITTEST dependency 
Expose UTH flow builder to new 'FUZZ' define as well. Move UTHbufferToFile
as well and rename it to a more generic 'TestHelperBufferToFile'.

This way UNITTESTS can be disabled. This leads to smaller code size
and more realistic testing as in some parts of the code things
behave slightly differently when UNITTESTS are enabled.
 5 years ago
Eric Leblond 752fc77cdc configure: correctly display nss/nspr status 
If autodiscovery of libnss was used (default), then the line
 libnss support:                          yes
was never set to no.

Same behavior for libnspr.

Broken by commit 'configure: fix nspr check logic' (7ea269a212)
 5 years ago
Philippe Antoine 293eebd999 fuzz: remove obsolete AFL code 5 years ago
Philippe Antoine e15f3db474 configure: right test for AFLFUZZ_PERSISTANT_MODE 5 years ago
Pierre Chifflier 1d9f37a60e DER: remove the C parser for DER 5 years ago
Philippe Antoine 600b0d7c55 fuzz: adds eight fuzz targets 
And ways to compile them with enable-fuzztargets at configure time
Adds utility function in util-unittest-helper
 5 years ago
Jeff Lucovsky 94df0b08d4 configure: Determine whether pcre_jit_exec exists 
This commit adds logic to determine whether pcre_jit_exec is present in
the system's pcre library using AC_RUN_ELSEIF
 5 years ago
Shivani Bhardwaj 7b1699c5a8 doc: Add chassis for dev docs 
Closes redmine ticket 3344.
 5 years ago
Victor Julien 95e7246b75 rust: bump minimum supported version to 1.34.2 5 years ago
Jason Ish d86973b386 unified2: remove deprecated output unified2 
Ticket 2385:
https://redmine.openinfosecfoundation.org/issues/2385
 5 years ago
Phil Young 1c99536945 napatech: add hardware based bypass support 
Napatech hardware bypass support enables Suricata to utilize
capabilities of Napatech SmartNICs to selectively bypass flow-based
traffic.
 5 years ago
Victor Julien 99d48cc91f configure: update to match autoscan suggestions 5 years ago
Victor Julien a3ef1b307d configure: clean up func checks 5 years ago
Philippe Antoine f5190da67e util: UTHmemsearch to use memmem if defined 5 years ago
Victor Julien 9ae87e79a2 configure: fix cygpath check 5 years ago
Jason Ish 5fbe020585 rust/cbindgen: Revert Makefile to a more pre-cbindgen state 
The modifications as part of the cbindgen commit caused issues
with distcheck, revert the Makefile to how it was with the Python
generator, but still using cbindgen.

Also always assume we'll include the generated headers in the
distribution archive to fix make distcheck from distribution
archives with headers included, but no cbindgen.
 5 years ago
Danny Browning b573c16dd5 build: cbindgen 
Rust headers are now generated using cbindgen. If cbindgen is present, they can
be generated during dist, otherwise they will be available for builds.
 5 years ago
Jason Ish 593da166bb version: starting work on 6.0.0 
Bump version to 6.0.0-dev.
 5 years ago
Victor Julien ce0ae81d95 rust: fix vendor use on MinGW 5 years ago
Victor Julien 3d9071639b version: starting work on 5.0.2 5 years ago
Victor Julien f9840b513d version: release 5.0.1 5 years ago
Victor Julien 9bcc1118e1 configure: require libhtp 0.5.32 5 years ago
Jason Ish 3ca7dcd8d8 configure: fix test -f for rust/vendor, should be -e 
Introduced with commit: c08ec8d8b2
 5 years ago
Jason Ish f2117774f5 configure: assume cargo vendor if cargo >= 1.37 
Rust/Cargo 1.37 and greater has vendor support built-in.
 5 years ago
Fabrice Fontaine c08ec8d8b2 configure.ac: remove AC_CHECK_FILE 
The use of AC_CHECK_FILE and AC_CHECK_FILES cause the following error
when cross-compiling:

  configure: error: cannot check for file existence when cross compiling

The solution is to check for the file directly instead of using a macro.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Ciprian c9cd7559fd configure: fixing rust/cargo cross compile command 
adding --target argument to cargo command line when cross compiling
 5 years ago
Victor Julien 51ad701d8e version: starting work on 5.0.1 5 years ago
Jason Ish 412ae11bad automake: use tar-ustar for longer filenames 
According to the automake manual it should be considered
portable these days.

https://www.gnu.org/software/automake/manual/html_node/List-of-Automake-options.html

Required for the dist generation with Rust vendoring.
 5 years ago
Fabrice Fontaine b026fbb519 configure.ac: fix static build with pcap 
pcap can depends on nl-3 so use pkg-config to find these dependencies
otherwise all AC_CHECK_LIB calls will fail when building statically

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Jason Ish 03da49bfaa suricata-update: don't install if requirements not met 
Don't try to run suricata-update if its not installed.

The 'make install-rules' target would try to run suricata-update
when it was detected that it was bundled, but didn't consider
if suricata-update was actually installed.
 5 years ago
Victor Julien 728d19eaac configure: don't print ERROR if we don't exit 5 years ago
Jason Ish c44f82cf4c configure: fix python major version check on python 2.6 
Python 2.6 doesn't use a named tuple for the version info,
instead use the index of the major version which works
on Python 2.6 upwards.
 5 years ago
Jason Ish 389272f4c7 rustup: handle rustup for sudo and su 
If rustup is in use, and a user uses sudo or su for the make
install, the install may fail with a "no default toolchain"
error.

To prevent this, detect at configure if rustup is being used,
then set RUSTUP_HOME for all calls to cargo.
 5 years ago
Jason Ish a1ee536daa configure: no, followed by reason for python tools 
This:
  Install suricatactl:                     no, requires distutils
instead of this:
  Install suricatasc:                      requires distutils
 5 years ago
Jason Ish 109cf36866 configure: generic instructions for missing python modules 
Instead of telling the user what packages to install for missing
Python modules, give generic instructions about what module
needs to be installed.

It is getting tricky to get these package names correct
across distributions.
 5 years ago
Jason Ish c4b856ea99 configure: detect python major version 
For informational purposes only when notifying what Python
modules are required during ./configure.
 5 years ago
Jason Ish 00ad7a911f configure: don't detect python version 
Don't detect the Python version, it is not needed anyways,
all we need is the Python path.

Also, python2 --version prints to stderr, while python3
prints to stdout, leading to some odd output during
./configure (but fixable).
 5 years ago
Victor Julien ea3d9c3230 htp: require 0.5.31 5 years ago
Fabrice Fontaine 61becb29bf configure.ac: fix --disable-geoip 
$enableval should be used to know if the user has passed --enable-geoip
or --disable-geoip

Fixes:
 - http://autobuild.buildroot.org/results/a7a34f760ae5fe0922fdb720b8234dbcd85ed222

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Victor Julien 1e50b2e404 lua: fix lua int size detection 
Failed to work with non-bundled htp and with some stricter
compile flags.
 5 years ago
Jason Ish f9c9548b74 configure: detect lua integer size 
Lua 5.1 and 5.3 use a different integer size. Run a test program
to set the integer size used in the Rust FFI layer to Rust.
 5 years ago
Jason Ish 5f1c851716 configure: remove unused LUA_PC_NAME. 
This variable is no longer used. Instead multiple
lua pkg-config names are checked.
 5 years ago
Victor Julien 2da90a1cd8 posix: remove deprecated index/rindex calls 
Replace index by strchr and rindex by strrchr.

index(3) states "POSIX.1-2008 removes the specifications of index() and
rindex(), recommending strchr(3) and strrchr(3) instead."

Add index/rindex to banned function check so they don't get reintroduced.

Bug #1443.
 6 years ago
Philippe Antoine af4f816204 http: sets compression bomb limit 6 years ago
Philippe Antoine 94aa36df1b lzma: replaces liblzma with own sdk for swf decompression 
so as to avoid memory exhaustion
 6 years ago
Victor Julien c9c23d5cda htp: set lzma memlimit from config 6 years ago
Jason Ish 55852d0de3 rules: remove configuration for legacy rule handling 
Removes the autoconf, and suricata.yaml sections for using
the legacy style of rule management.
 6 years ago
Victor Julien 5d5612f98e suricata: --data-dir option 6 years ago
Victor Julien 6f80821ff0 configure: bump minimum htp to 0.5.30 6 years ago
Victor Julien dbbdfedb98 lzma: make mandatory 
Libhtp is starting to use it as well, so its safe to make it mandatory
here.

Remove guards for flash file decompression code.
 6 years ago
Jason Ish c9d569f410 rust: check for minimum Rust version of 1.33.0. 
Related Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2629
 6 years ago
Jason Ish d14fe372b4 configure.ac: prevent empty if block (llc check) 
As AC_SUBST doesn't expand to anything in the shell script, this
will generate a bad script on older versions of autoconf.

Change the logic to eliminate the possibility of an empty
if or else block.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3124
 6 years ago
Shivani Bhardwaj f750e4ca40 configure: Remove enable-rust-debug 
Get rid of enable-rust-debug flag and use enable-debug for acheiving the
desired functionality. From now, adding `--enable-debug` to `configure`
shall create an [unoptimitized + debuginfo] target. Rest behavior stays
the same.

Closes redmine ticket #3054
 6 years ago
Fabrice Fontaine 9b05db7db0 fix build on m68k with uclibc 
uclibc on m68k defines _POSIX_SPIN_LOCKS but does not define
pthread_spin_unlock so check for this function before using
pthread_spin_xxx functions

Fixes:
 - http://autobuild.buildroot.org/results/ed923bcc1454ce90444b8dac7c064b5f4ea4a0a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Eric Leblond 53a62953e9 bypass: introduce CAPTURE_OFFLOAD 
This define is used to remove reference to capture bypass in case
no capture method implementing this is active.

This patch also introduces CAPTURE_OFFLOAD_MANAGER that is defined
if we need the flow bypass manager code.
 6 years ago
Hilko Bengen f105bb724a ebpf: Use $(CLANG) to build eBPF programs 
This change makes it possible to generate the eBPF programs even if
Suricata itself is built a different C compiler. It also simplifies
how the correct llc program is detected.

Implements Feature https://redmine.openinfosecfoundation.org/issues/2789
 6 years ago
Hilko Bengen e3f00c3d30 configure: Introduce CLANG variable 6 years ago
Shivani Bhardwaj 8c2c78f0b6 configure: Add date with rev information 
Date makes it even clearer that when was the last commit for the build
that one is running. Add this info alongwith rev. Change inspired by
rustc.

Before
```
$ suricata -V
This is Suricata version 5.0.0-dev (rev 2d217e666)
```

After
```
This is Suricata version 5.0.0-dev (2d217e666 2019-07-12)
```

Closes redmine ticket #3092
 6 years ago
Bill Meeks d1525c6fb8 mem: add SCStrndup() function to wrap strndup(). 6 years ago
Bill Meeks a291209e47 detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 6 years ago
Andreas Herz 0795dc1e14 configure: update configure.ac to reflect modern autoconf syntax 6 years ago
Eric Leblond ccb8f3cd4b configure: libbpf path 6 years ago
jason taylor a4ec133a88 ci: updated travis and appveyor for nss/nspr 
* added nss and nspr requirements for appveyor build
* added nss and nspr requirements for travis builds
* added travis build without nss and nspr

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor dd2063a75e configure: fix nss check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor 7ea269a212 configure: fix nspr check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien 8a2b94c6f4 openbsd: fix rust linking 6 years ago
Jason Ish 75429bbe3e autoconf: make Rust required in configure 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2507
 6 years ago
Jason Ish e49c40428e autoconf: jansson is now required 
Jansson is required by the Suricata Rust support which
will also be mandatory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1970
 6 years ago
Phil Young 05271bfbe5 napatech: simplify integration with Napatech cards 
- There is now an option to automatically create streams on the
  correct NUMA node when using cpu affinity.

- When not using cpu affinity the user can specify streams to be
  created in the suricata.yaml file.  It is no longer required to
  use NTPL to create streams before running suricata.

- The legacy usage model of running NTPL to create streams is still
  available. This can be used for legacy configurations and complex
  configurations that cannot be satisfied by the auto-config option.
 6 years ago
Victor Julien 24d6a16459 rust/mingw: build fixes 
Fix path passed to cargo by using 'cygpath' if available.
 6 years ago
jason taylor b98c28a60d configure.ac: update lzma check and misc doc 
* the lzma check during configure wasn't properly displaying the
additional information on how to install if --enable-lzma was passed
but lzma devel files were not present

* updated additional information blocks to include distribution
package names

* minor formatting updates to add quotes around variables

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Jason Ish a69afd5cf9 autoconf/python: check for distutils 
Require distutils to install the Python tools. Update the logic
to only install suricatactl (and suricatasc) if Python and
distutils are found. Suricata-Update will only be installed if
bundled, and python-distutils and python-yaml are found.
 6 years ago
Jason Ish a228986caa autoconf: prefer python 3 over python 2 
When looking for Python, prefer "python3" over "python2" and
"python".

Also add information about the Python path and version to the
./configure summary.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2808
 6 years ago
Victor Julien 6fcd2db043 tile: remove files 6 years ago
Victor Julien 517b45ea2d netmap: switch to nm_* API 
Process multiple packets at nm_dispatch. Use zero copy for workers
recv mode.

Add configure check netmap check for API 11+ and find netmap api version.

Add netmap guide to the userguide.
 6 years ago
Eric Leblond 699fd6cbd7 configure: rust support requires Python 
Add error message to warn the user.
 6 years ago
Victor Julien bae83e61f8 configure: support msys target 6 years ago
Fabrice Fontaine d01ce2e58e configure.ac: fix --{disable,enable}-xxx options 
Currently, if the user provides --enable-libmagic or
--disable-libmagic, libmagic will be disabled because $enableval is not
used to know if the user provided --enable or --disable

Most of the options have this issue so fix them all by using $enableval

Fixes:
 - https://redmine.openinfosecfoundation.org/issues/2797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Victor Julien 705d3b6130 Open 5.0.0-dev branch 6 years ago
Eric Leblond 750651a45a configure.ac: better llc binary detection 
llc is needed to build the ebpf files and current autoconf code
was not working properly on Debian.
 6 years ago
Jason Ish 345ec58df4 configure: allow for --disable-suricata-update 
This is to prevent suricata-update from being installed if it
would otherwise be installed based on in being bundled, and
its dependencies being available.

Warn the user that Suricata-Update will not be installed if it
is bundled, but python-yaml is missing (this will also cover
the case where Python is missing).

Add "Install suricata-update" to the build summary. For consistency,
relable "Suricatasc install" as "Install suricatasc".
 6 years ago
Jason Ish db36708756 configure: check for python-yaml 
Don't install suricata-update if python-yaml does not
exist.
 6 years ago
Jason Ish 5eb7f0f77c configure: print datarootdir 
This is relevant now as its where Suricata engine rules
get installed.
 6 years ago
Victor Julien ed712768d5 rust: enable by default 
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
 6 years ago
Victor Julien 4ece6ba758 configure: fix and cleanup nss and nspr detection 6 years ago
Hilko Bengen 731c2b2e17 configure: Fixed "no" output for XDP, libnss, libnspr 7 years ago
jason taylor 4c1173ffcd configure: added rust install notes 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
jason taylor 015cd93014 configure: updated fedora/centos references 
* updated fedora yum references to dnf
* updated/added centos/rhel references

Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Victor Julien 6ffa0507d2 detect/filehash: try to open data file from rulefile dir 
If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.
 7 years ago
Jason Ish 64b6ff7392 config: better default rule file configuration 
Move the rule file configuration down near the bottom of the
configuration file under advanced settings. With the bundling
of Suricata-Update, any rule file configuration within
suricata.yaml could be considered advanced.

Add extra comments to the yaml to make it more clear which was
enabled at installation time.
 7 years ago
Jacob Masen-Smith ec77632e84 Adds WinDivert support to Windows builds 
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
    string]` command-line options to enable WinDivert IPS mode.
    `--windivert[-forward] true` will open a filter for all traffic. See
    https://www.reqrypt.org/windivert-doc.html#filter_language for more
    information.

Limitation: currently limited to `autofp` runmode.

Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
 7 years ago
Jason Ish 7e06e765f3 python: fixes for out of tree build 
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
 7 years ago
Max Fillinger 58e92392ea configure: Show installation info for liblz4 if not found 7 years ago
Max Fillinger b85a0b188b Add an option for compressing pcap-log files 
Introduces the option 'outputs.pcap-log.compression' which can be set
to 'none' or 'lz4', plus options to set the compression level and to
enable checksums. SCFmemopen is used to make pcap_dump() write to a
buffer which is then compressed using liblz4.
 7 years ago
Jason Ish e048a74ecd rules: set default rule dir to suricata-update if bundled 
If suricata-update is bundled, set the default-rule-dir
to lib/suricata/rules under the $localstatedir

For now use 2 rule-files section that are renamed depending
on if suricata-update is bundled or not.
 7 years ago
Jason Ish 732ce3f123 install-rules: use suricata-update if available 
If Suricata update was bundled, use it for "install-rules" instead
of curl or wget.
 7 years ago
Jason Ish b9e083a703 python: put some defaults on suricata.config.defaults 
This is a module that can contain installation default. For now
it includes the sysconfdir, and rules data directory for use
by suricata-update.
 7 years ago
Jason Ish 7bf490062c rules: install to $datadir/suricata/rules 
Common /usr/share/suricata/rules or /usr/local/share/suricata/rules.

The rules provided by the distribution are installed here as part
of the Suricata install process so will always be installed, even
without the use of install-rules.
 7 years ago
Eric Leblond f79f64097e configure: fix error hw timestamp check 
This fixes #2469
 7 years ago
Victor Julien 7ea80b5c57 configure: fix small issue with libevent check 7 years ago
Jason Ish a7d90162d1 suricatasc: move into python/ 
Will be built and installed as part of the Python code used
for suricatactl, which is intended to be the generic place
for all Python utility code that gets installed with Suricata.

No change to suricatasc code.
 7 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental' 
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
 7 years ago
Renato Botelho 8f926fb75a configure: allow to disable libnss and libnspr 
Let user chose to disable libnss and libnspr support even if these
libraries are installed in the system. Default remains to enable when
libraries are found and disable parameter were not used
 7 years ago
Jason Ish cbcbc0f6b0 suricata-update: bundle suricata update 
Add autoconf/automake support for installing suricata-update
if found in the top level suricata-update.
 7 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 7 years ago
Eric Leblond 027c903f50 ebpf: fix detection of llc 7 years ago
Eric Leblond 8c88087948 af-packet: implementation of XDP bypass 
This patch adds support for XDP bypass. It provides an XDP
filter that can be loaded to realize the bypass of flows.
 7 years ago
Eric Leblond 91e1256b01 af-packet: add support for eBPF cluster and filter 
This patch introduces the ebpf cluster mode. This mode is using
an extended BPF function that is loaded into the kernel and
provide the load balancing.

An example of cluster function is provided in the ebpf
subdirectory and provide ippair load balancing function.
This is a function which uses the same method as
the one used in autofp ippair to provide a symetrical
load balancing based on IP addresses.

A simple filter example allowing to drop IPv6 is added to the
source.

This patch also prepares the infrastructure to be able to load
and use map inside eBPF files. This will be used later for flow
bypass.
 7 years ago
Giuseppe Longo b60065caec configure: check for zlib and liblzma 
This checks if zlib and libzma are installed on the system
in order to decompress swf files.
 7 years ago
Jason Ish 50b5a3a56d suricatactl: a new python script for misc. tasks 
Use a new directory, Python to host the Suricata python modules.
One entry point is suricatactl, a control script for
miscalleneous tasks. Currently onl filestore pruning
is implemented.
 7 years ago
Jason Ish dbdac73784 configure: check for utime.h and utime() 7 years ago
Victor Julien 485663583a rust/mingw: fix linker issues on mingw 7 years ago
Victor Julien 746638b220 cuda: remove 
Remove CUDA support as it has been broken for a long time.

Ticket #2382.
 7 years ago
Victor Julien 1261d30df0 mingw/cygwin: explicitly disable unix socket 7 years ago
Victor Julien 6b75162194 mingw: use c:\Program Files\Suricata for w64 7 years ago
Victor Julien 46cb00ec6c strptime: add implementation from NetBSD 
As MinGW doesn't come with strptime take the BSD licensed
implementation from NetBSD. More specifically, the one from

https://github.com/Alexpux/MINGW-packages/blob/master/mingw-w64-libkml/strptime.c

It's slightly modified to get rid on 'uint'.
 7 years ago
Victor Julien d8ddd3b5bc mingw: work around mingw mkdir 
mingw doesn't come with a posix compliant mkdir as it only takes
a single argument.
 7 years ago
Victor Julien 6c251b8576 rust: add --enable-rust-debug 
Add option to put Rust code in non-'--release' mode, preserving
debug symbols.

Until now Suricata would have to be compiled with --enable-debug for
this.
 7 years ago
Victor Julien 56d93f426c configure: style fixup 7 years ago
Victor Julien 2a237bdfca detect: make glob.h optional 
glob.h is not available on MinGW.

Simply use the input on the rule list as a literal pattern.
 7 years ago
Alfredo Cardigliano b6baafb3e3 pfring: hw bypass support 
This patch adds support for hw bypass by enabling flow offload in the network
card (when supported) and implementing the BypassPacketsFlow callback.
Hw bypass support is disabled by default, and can be enabled by setting
"bypass: yes" in the pfring interface configuration section in suricata.yaml.
 7 years ago
Victor Julien e60bfc78c1 Open 4.1 development branch 7 years ago
Victor Julien 9b94679fce random: support getrandom(2) if available 
Ticket: #2193
 7 years ago
jason taylor 0f41172cc6 updated fedora libevent package names 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 8 years ago
Jason Ish 7cc0067be0 Sample systemd unit file for Suricata. 
Create a sample systemd unit file based on the build time
configuration.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2138
 8 years ago
Jason Ish ddf6bce5d8 Sample logrotate configuration file. 
Create a sample logrotate configuration file with filenames
set for the configuration.
 8 years ago
Victor Julien c02739e535 mingw: don't try to build unix socket 8 years ago
Victor Julien d1e839eabc windows: use wpcap instead of pcap 
Windows pcap libraries such as winpcap all use a library name of
wpcap instead of just pcap. Support this in configure.
 8 years ago
Victor Julien d1b6be99de mingw: fix random function 8 years ago
Jason Ish fd025ba3f5 rust: require jansson for rust build 8 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 8 years ago
Victor Julien 9dab3ec71e rust: enable/disable yaml settings 
Based on compile time settings, enable/disable app-layers
and loggers.
 8 years ago
Pierre Chifflier 4fe9292ed8 Autotools: add switch to build experimental Rust parsers 8 years ago
Jason Ish 61d9f4bb0a rust: make distcheck fixes 8 years ago
Jason Ish 14951e3f00 rust: save cargo and CARGO_HOME to variables 
During configure, substitute the path of cargo, as well as the
value of CARGO_HOME as variables. This fixes the case where a
user might do:
  make
  sudo make install
Which will cause the cargo bits to be rebuilt, including
re-downloading external crates.

By saving these to variables we can be sure that the same
values are used during make install as were used during
make which prevents the Rust artifacts from being rebuild
during "sudo make install".
 8 years ago
Jason Ish 6bddc4d3e0 python: use python path found during configure 
Also look for Python under more names. For example, on OpenBSD
if you just install Python 2, you will only get a python2.7
executable.
 8 years ago
Victor Julien d00b914ddb rust: make clear it's experimental 8 years ago
Jason Ish 9d687025e2 rust: lua wrapper 
Rust wrapper for working with lua state.
 8 years ago
Jason Ish 8f81792da5 rust: hook rust into the build 
Rust is currently optional, use the --enable-rust configure
argument to enable Rust.

By default Rust will be built in release mode. If debug is enabled
then it will be built in debug mode.

On make dist, "cargo vendor" will be run to make a local copy
of Rust dependencies for the distribution archive file.

Add autoconf checks to test for the vendored source, and if it
exists setup the build to use the vendored code instead of
fetching it from the network.

Also, as Cargo requires semantic versioning, the Suricata version
had to change from 4.0dev to 4.0.0-dev.
 8 years ago
Victor Julien 3ff5dc3653 nfq: remove obsolete and broken netfilterforwin support 8 years ago
Victor Julien 276125c1ef cleanup: remove unused ringbuffer code 8 years ago
Victor Julien cda6e0291f cleanup: remove libpcap < 1 support 8 years ago
Victor Julien 119115d3b6 configure: remove CentOS5 pkg-config fix 8 years ago
Victor Julien 0516b5d704 cleanup: from AS_VERSION_COMPARE CentOS5 workaround 8 years ago
fooinha a64e5e77c7 eve: async mode for redis output 
eve: detects libevent for async redis at configure
eve: moves redis output code to new file - util-log-redis.{c,h}
eve: redis ECHO and QUIT commands for async mode
eve: redis output defaults if conf is missing
 8 years ago
Victor Julien dd70b3fda0 random: improve random logic 
Improve random logic for hash tables.

Implement Windows random API if it is available.
 8 years ago
Victor Julien a4dce24151 core dumps: check for sys/resource.h 8 years ago
Victor Julien cee5c9fa60 pcre: on ppc64 disable only for specific versions 
Disable jit only for libpcre 8.39 and 8.40 as those were the buggy
versions.

Thanks to Zoltán Herczeg.
 8 years ago
Victor Julien bc480fa8c3 pcre: disable jit on powerpc64 
It appears that both using gcc and clang something gets misoptimised
around pcre's jit. So disable jit for now.
 8 years ago
Jason Ish 2c01985e73 autoconf - look for stdbool.h 8 years ago
Victor Julien 113a238e90 Open 4.0 development branch 8 years ago
Sascha Steinbiss e6044aaf1c mpm/spm: check for SSSE3 and enable/disable HS 
The new Hyperscan 4.4 API provides a function to check for SSSE3
presence at runtime. This allows us to fall back to non-Hyperscan
matchers on systems without SSSE3 even when the suricata executable
is built with Hyperscan support. Addresses Redmine issue #2010.

Signed-off-by: Sascha Steinbiss <sascha@steinbiss.name>
Tested-by: Arturo Borrero Gonzalez <arturo@debian.org>
 8 years ago
Andreas Herz a18af7325f configure: prevent combination of unittests and debug-validation 8 years ago
Victor Julien 810e43f373 magic: make optional 
Make libmagic optional. If installed it will be enabled by default in
configure. Use --disable-libmagic to disable.
 8 years ago
Jason Ish bbb93e487e pcap-log: seed ring buffer on start up 
On start, look for existing pcap log files and add them to
the ring buffer. This makes pcap-log self maintaining over
restarts removing the need for external tools to clear
orphaned files.
 8 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 8 years ago
Victor Julien 80bd59ae86 doc: improve install doc, configure 9 years ago
Victor Julien d4c7c2c2c7 cygwin: leave magic-file commented out in yaml 9 years ago
Jason Ish 7fa390de39 doc: bundle pre-built man page in distribution 9 years ago
Jason Ish 6eedd0068b doc: hook sphinx into build 9 years ago
Andreas Herz 15766ce2c4 configure: set correct cppflags for enabled nfqueue 
This change sets the correct CPPFLAGS received by PKG_CHECK to resolve
building issues with some systems like OpenSuse.
 9 years ago
Victor Julien 54503ef310 Open Suricata 3.2 development branch 9 years ago
Victor Julien 7847c4f8ee configure: detect SunOS and link against required libs 9 years ago
Victor Julien ec87123339 configure: check for strings.h: used by SunOS 9 years ago
Victor Julien 5db322045e configure: fix Ubuntu lua pkg suggestion 9 years ago
Victor Julien 37b10c13c1 configure: require libhtp 0.5.20 
Ticket #1839
 9 years ago
Victor Julien 66346e4632 libnet: work around older libnet type difference 
Older libnet 1.1.x have a non-const type for libnet_init's dev
argument.
 9 years ago
Victor Julien 9119007d00 pfring: no longer link against rt and numa libs 9 years ago
Victor Julien 5ec885e451 http: set of response body decompress limit 
This is a per personality setting.
 9 years ago
Victor Julien 439b62fe69 configure: cleanup configure output 
Don't present missing spatch as a warning. Remove verbose libnet
warnings as well.
 9 years ago
Victor Julien ffba26d04a configure: don't set -march=native for powerpc 9 years ago
Victor Julien f55dbca57b yaml: make eve log in yaml depend on libjansson 9 years ago
Eric Leblond a40f08a213 af-packet: ask for hardware timestamp 9 years ago
Eric Leblond c2d0d93806 af-packet: detect availability of tpacket_v3 
If TPACKET_V3 is not defined then it is not available and we should
not build anything related to tpacket_v3. This will allow us to
activate it dy default and fallback to v2 if not available.
 9 years ago
Jason Ish baf528e751 typos: surictsc -> suricatasc 
Reported by Markus Lude on the mailing list.
 9 years ago
Jason Ish 667e4e68bf configure.ac: escape $srcdir when used in a variable 
$srcdir needs to be escaped for proper expansion when used
as part of a Makefile variable.
 9 years ago
Victor Julien 1c8775b340 QA: --afl-rules for faster rule fuzzing 9 years ago
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 9 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE 
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
 9 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file> 
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
 9 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 9 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 9 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API 
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
 9 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 9 years ago
Alexander Gozman 365015c2d5 Support sending rejects via libnet when running under non-root. 
Since version 1.1.6 libnet handles capabilities correctly.
So changing libnet's version checking a little bit should do the trick.
 9 years ago
Victor Julien e27ad81a43 autotools: add AS_VERSION_COMPARE stub for CentOS 5 9 years ago
Victor Julien 3781b00dbc Open Suricata 3.1 development branch 9 years ago
Justin Viiret 13b87f5aff mpm: add Hyperscan integration 
This adds an MPM implementation that uses the Hyperscan regex engine
library from Intel, accessible as the "hs" mpm-algo.
 9 years ago
Andreas Herz c8399e8c51 configure: bypass libpcre 8.35 check 
When --with-libpcre-libraries is used we skip the libpcre 8.35 check
since pkg-config might still point to the 8.35 version installed
although newer version was passed with --with-libpcre-libraries.
 9 years ago
Victor Julien fde7a2f656 cuda: fix compilation 9 years ago
Victor Julien 6228f5f689 lua: if pkg-config fails, try -llua 9 years ago
Victor Julien 9858ae41be configure: OS X fixes 
Remove unnecessary -lpthread from tests.

Make linker warnings non-fatal with -Werror.
 9 years ago
Victor Julien e51707be90 pcre: blacklist 8.35 for JIT use (issue #1693) 9 years ago
Andreas Herz 8c0e575063 configure: warn if libpcre 8.35 is used 9 years ago
Victor Julien 4086938f1e pool: fix memory leak 
Due to pointer size mishandling, the pool code could consider a
block of memory inside the 'preallocated' block. It would then not
free the block.
 9 years ago
bladeswords 2a17e3e827 Fix typo of trailing ] in configure --help 
It is the small things that count.  This is an example of the fix

Before
--disable-threading-tls Disable TLS (thread local storage)]

After
--disable-threading-tls Disable TLS (thread local storage)
 9 years ago
Andreas Herz 15c98c6085 file-magic: improve libmagic handling on *nix systems 9 years ago
Andreas Herz 20dd593981 remove unnecessary braces 9 years ago
Andreas Herz dc1bd5b6bd configure: add --disable-python option 9 years ago