Commit Graph

232 Commits (90dfcf490729494da989d259666fb76a781ea1bd)

Author SHA1 Message Date
jason taylor 4c1173ffcd configure: added rust install notes
Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
jason taylor 015cd93014 configure: updated fedora/centos references
* updated fedora yum references to dnf
* updated/added centos/rhel references

Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
Victor Julien 6ffa0507d2 detect/filehash: try to open data file from rulefile dir
If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.
7 years ago
Jason Ish 64b6ff7392 config: better default rule file configuration
Move the rule file configuration down near the bottom of the
configuration file under advanced settings. With the bundling
of Suricata-Update, any rule file configuration within
suricata.yaml could be considered advanced.

Add extra comments to the yaml to make it more clear which was
enabled at installation time.
7 years ago
Jacob Masen-Smith ec77632e84 Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
    string]` command-line options to enable WinDivert IPS mode.
    `--windivert[-forward] true` will open a filter for all traffic. See
    https://www.reqrypt.org/windivert-doc.html#filter_language for more
    information.

Limitation: currently limited to `autofp` runmode.

Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
7 years ago
Jason Ish 7e06e765f3 python: fixes for out of tree build
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
8 years ago
Max Fillinger 58e92392ea configure: Show installation info for liblz4 if not found 8 years ago
Max Fillinger b85a0b188b Add an option for compressing pcap-log files
Introduces the option 'outputs.pcap-log.compression' which can be set
to 'none' or 'lz4', plus options to set the compression level and to
enable checksums. SCFmemopen is used to make pcap_dump() write to a
buffer which is then compressed using liblz4.
8 years ago
Jason Ish e048a74ecd rules: set default rule dir to suricata-update if bundled
If suricata-update is bundled, set the default-rule-dir
to lib/suricata/rules under the $localstatedir

For now use 2 rule-files section that are renamed depending
on if suricata-update is bundled or not.
8 years ago
Jason Ish 732ce3f123 install-rules: use suricata-update if available
If Suricata update was bundled, use it for "install-rules" instead
of curl or wget.
8 years ago
Jason Ish b9e083a703 python: put some defaults on suricata.config.defaults
This is a module that can contain installation default. For now
it includes the sysconfdir, and rules data directory for use
by suricata-update.
8 years ago
Jason Ish 7bf490062c rules: install to $datadir/suricata/rules
Common /usr/share/suricata/rules or /usr/local/share/suricata/rules.

The rules provided by the distribution are installed here as part
of the Suricata install process so will always be installed, even
without the use of install-rules.
8 years ago
Eric Leblond f79f64097e configure: fix error hw timestamp check
This fixes #2469
8 years ago
Victor Julien 7ea80b5c57 configure: fix small issue with libevent check 8 years ago
Jason Ish a7d90162d1 suricatasc: move into python/
Will be built and installed as part of the Python code used
for suricatactl, which is intended to be the generic place
for all Python utility code that gets installed with Suricata.

No change to suricatasc code.
8 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental'
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
8 years ago
Renato Botelho 8f926fb75a configure: allow to disable libnss and libnspr
Let user chose to disable libnss and libnspr support even if these
libraries are installed in the system. Default remains to enable when
libraries are found and disable parameter were not used
8 years ago
Jason Ish cbcbc0f6b0 suricata-update: bundle suricata update
Add autoconf/automake support for installing suricata-update
if found in the top level suricata-update.
8 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 8 years ago
Eric Leblond 027c903f50 ebpf: fix detection of llc 8 years ago
Eric Leblond 8c88087948 af-packet: implementation of XDP bypass
This patch adds support for XDP bypass. It provides an XDP
filter that can be loaded to realize the bypass of flows.
8 years ago
Eric Leblond 91e1256b01 af-packet: add support for eBPF cluster and filter
This patch introduces the ebpf cluster mode. This mode is using
an extended BPF function that is loaded into the kernel and
provide the load balancing.

An example of cluster function is provided in the ebpf
subdirectory and provide ippair load balancing function.
This is a function which uses the same method as
the one used in autofp ippair to provide a symetrical
load balancing based on IP addresses.

A simple filter example allowing to drop IPv6 is added to the
source.

This patch also prepares the infrastructure to be able to load
and use map inside eBPF files. This will be used later for flow
bypass.
8 years ago
Giuseppe Longo b60065caec configure: check for zlib and liblzma
This checks if zlib and libzma are installed on the system
in order to decompress swf files.
8 years ago
Jason Ish 50b5a3a56d suricatactl: a new python script for misc. tasks
Use a new directory, Python to host the Suricata python modules.
One entry point is suricatactl, a control script for
miscalleneous tasks. Currently onl filestore pruning
is implemented.
8 years ago
Jason Ish dbdac73784 configure: check for utime.h and utime() 8 years ago
Victor Julien 485663583a rust/mingw: fix linker issues on mingw 8 years ago
Victor Julien 746638b220 cuda: remove
Remove CUDA support as it has been broken for a long time.

Ticket #2382.
8 years ago
Victor Julien 1261d30df0 mingw/cygwin: explicitly disable unix socket 8 years ago
Victor Julien 6b75162194 mingw: use c:\Program Files\Suricata for w64 8 years ago
Victor Julien 46cb00ec6c strptime: add implementation from NetBSD
As MinGW doesn't come with strptime take the BSD licensed
implementation from NetBSD. More specifically, the one from

https://github.com/Alexpux/MINGW-packages/blob/master/mingw-w64-libkml/strptime.c

It's slightly modified to get rid on 'uint'.
8 years ago
Victor Julien d8ddd3b5bc mingw: work around mingw mkdir
mingw doesn't come with a posix compliant mkdir as it only takes
a single argument.
8 years ago
Victor Julien 6c251b8576 rust: add --enable-rust-debug
Add option to put Rust code in non-'--release' mode, preserving
debug symbols.

Until now Suricata would have to be compiled with --enable-debug for
this.
8 years ago
Victor Julien 56d93f426c configure: style fixup 8 years ago
Victor Julien 2a237bdfca detect: make glob.h optional
glob.h is not available on MinGW.

Simply use the input on the rule list as a literal pattern.
8 years ago
Alfredo Cardigliano b6baafb3e3 pfring: hw bypass support
This patch adds support for hw bypass by enabling flow offload in the network
card (when supported) and implementing the BypassPacketsFlow callback.
Hw bypass support is disabled by default, and can be enabled by setting
"bypass: yes" in the pfring interface configuration section in suricata.yaml.
8 years ago
Victor Julien e60bfc78c1 Open 4.1 development branch 8 years ago
Victor Julien 9b94679fce random: support getrandom(2) if available
Ticket: #2193
8 years ago
jason taylor 0f41172cc6 updated fedora libevent package names
Signed-off-by: jason taylor <jtfas90@gmail.com>
8 years ago
Jason Ish 7cc0067be0 Sample systemd unit file for Suricata.
Create a sample systemd unit file based on the build time
configuration.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2138
8 years ago
Jason Ish ddf6bce5d8 Sample logrotate configuration file.
Create a sample logrotate configuration file with filenames
set for the configuration.
8 years ago
Victor Julien c02739e535 mingw: don't try to build unix socket 8 years ago
Victor Julien d1e839eabc windows: use wpcap instead of pcap
Windows pcap libraries such as winpcap all use a library name of
wpcap instead of just pcap. Support this in configure.
8 years ago
Victor Julien d1b6be99de mingw: fix random function 8 years ago
Jason Ish fd025ba3f5 rust: require jansson for rust build 8 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 8 years ago
Victor Julien 9dab3ec71e rust: enable/disable yaml settings
Based on compile time settings, enable/disable app-layers
and loggers.
8 years ago
Pierre Chifflier 4fe9292ed8 Autotools: add switch to build experimental Rust parsers 8 years ago
Jason Ish 61d9f4bb0a rust: make distcheck fixes 8 years ago
Jason Ish 14951e3f00 rust: save cargo and CARGO_HOME to variables
During configure, substitute the path of cargo, as well as the
value of CARGO_HOME as variables. This fixes the case where a
user might do:
  make
  sudo make install
Which will cause the cargo bits to be rebuilt, including
re-downloading external crates.

By saving these to variables we can be sure that the same
values are used during make install as were used during
make which prevents the Rust artifacts from being rebuild
during "sudo make install".
8 years ago
Jason Ish 6bddc4d3e0 python: use python path found during configure
Also look for Python under more names. For example, on OpenBSD
if you just install Python 2, you will only get a python2.7
executable.
8 years ago