Commit Graph

385 Commits (a6bda3596bdd1a0ac04afe5553609c6f7cba0023)

Author SHA1 Message Date
Victor Julien ed712768d5 rust: enable by default
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
7 years ago
Victor Julien 4ece6ba758 configure: fix and cleanup nss and nspr detection 7 years ago
Hilko Bengen 731c2b2e17 configure: Fixed "no" output for XDP, libnss, libnspr 7 years ago
jason taylor 4c1173ffcd configure: added rust install notes
Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
jason taylor 015cd93014 configure: updated fedora/centos references
* updated fedora yum references to dnf
* updated/added centos/rhel references

Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
Victor Julien 6ffa0507d2 detect/filehash: try to open data file from rulefile dir
If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.
7 years ago
Jason Ish 64b6ff7392 config: better default rule file configuration
Move the rule file configuration down near the bottom of the
configuration file under advanced settings. With the bundling
of Suricata-Update, any rule file configuration within
suricata.yaml could be considered advanced.

Add extra comments to the yaml to make it more clear which was
enabled at installation time.
7 years ago
Jacob Masen-Smith ec77632e84 Adds WinDivert support to Windows builds
Enables IPS functionality on Windows using the open-source
(LGPLv3/GPLv2) WinDivert driver and API.

From https://www.reqrypt.org/windivert-doc.html : "WinDivert is a
user-mode capture/sniffing/modification/blocking/re-injection package
for Windows Vista, Windows Server 2008, Windows 7, and Windows 8.
WinDivert can be used to implement user-mode packet filters, packet
sniffers, firewalls, NAT, VPNs, tunneling applications, etc., without
the need to write kernel-mode code."

- adds `--windivert [filter string]` and `--windivert-forward [filter
    string]` command-line options to enable WinDivert IPS mode.
    `--windivert[-forward] true` will open a filter for all traffic. See
    https://www.reqrypt.org/windivert-doc.html#filter_language for more
    information.

Limitation: currently limited to `autofp` runmode.

Additionally:
- `tmm_modules` now zeroed during `RegisterAllModules`
- fixed Windows Vista+ `inet_ntop` call in `PrintInet`
- fixed `GetRandom` bug (nonexistent keys) on fresh Windows installs
- fixed `RandomGetClock` building on Windows builds
- Added WMI queries for MTU
7 years ago
Jason Ish 7e06e765f3 python: fixes for out of tree build
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
8 years ago
Max Fillinger 58e92392ea configure: Show installation info for liblz4 if not found 8 years ago
Max Fillinger b85a0b188b Add an option for compressing pcap-log files
Introduces the option 'outputs.pcap-log.compression' which can be set
to 'none' or 'lz4', plus options to set the compression level and to
enable checksums. SCFmemopen is used to make pcap_dump() write to a
buffer which is then compressed using liblz4.
8 years ago
Jason Ish e048a74ecd rules: set default rule dir to suricata-update if bundled
If suricata-update is bundled, set the default-rule-dir
to lib/suricata/rules under the $localstatedir

For now use 2 rule-files section that are renamed depending
on if suricata-update is bundled or not.
8 years ago
Jason Ish 732ce3f123 install-rules: use suricata-update if available
If Suricata update was bundled, use it for "install-rules" instead
of curl or wget.
8 years ago
Jason Ish b9e083a703 python: put some defaults on suricata.config.defaults
This is a module that can contain installation default. For now
it includes the sysconfdir, and rules data directory for use
by suricata-update.
8 years ago
Jason Ish 7bf490062c rules: install to $datadir/suricata/rules
Common /usr/share/suricata/rules or /usr/local/share/suricata/rules.

The rules provided by the distribution are installed here as part
of the Suricata install process so will always be installed, even
without the use of install-rules.
8 years ago
Eric Leblond f79f64097e configure: fix error hw timestamp check
This fixes #2469
8 years ago
Victor Julien 7ea80b5c57 configure: fix small issue with libevent check 8 years ago
Jason Ish a7d90162d1 suricatasc: move into python/
Will be built and installed as part of the Python code used
for suricatactl, which is intended to be the generic place
for all Python utility code that gets installed with Suricata.

No change to suricatasc code.
8 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental'
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
8 years ago
Renato Botelho 8f926fb75a configure: allow to disable libnss and libnspr
Let user chose to disable libnss and libnspr support even if these
libraries are installed in the system. Default remains to enable when
libraries are found and disable parameter were not used
8 years ago
Jason Ish cbcbc0f6b0 suricata-update: bundle suricata update
Add autoconf/automake support for installing suricata-update
if found in the top level suricata-update.
8 years ago
Andreas Herz 2e8678a5ff docs: replace redmine links and enforce https on oisf urls 8 years ago
Eric Leblond 027c903f50 ebpf: fix detection of llc 8 years ago
Eric Leblond 8c88087948 af-packet: implementation of XDP bypass
This patch adds support for XDP bypass. It provides an XDP
filter that can be loaded to realize the bypass of flows.
8 years ago
Eric Leblond 91e1256b01 af-packet: add support for eBPF cluster and filter
This patch introduces the ebpf cluster mode. This mode is using
an extended BPF function that is loaded into the kernel and
provide the load balancing.

An example of cluster function is provided in the ebpf
subdirectory and provide ippair load balancing function.
This is a function which uses the same method as
the one used in autofp ippair to provide a symetrical
load balancing based on IP addresses.

A simple filter example allowing to drop IPv6 is added to the
source.

This patch also prepares the infrastructure to be able to load
and use map inside eBPF files. This will be used later for flow
bypass.
8 years ago
Giuseppe Longo b60065caec configure: check for zlib and liblzma
This checks if zlib and libzma are installed on the system
in order to decompress swf files.
8 years ago
Jason Ish 50b5a3a56d suricatactl: a new python script for misc. tasks
Use a new directory, Python to host the Suricata python modules.
One entry point is suricatactl, a control script for
miscalleneous tasks. Currently onl filestore pruning
is implemented.
8 years ago
Jason Ish dbdac73784 configure: check for utime.h and utime() 8 years ago
Victor Julien 485663583a rust/mingw: fix linker issues on mingw 8 years ago
Victor Julien 746638b220 cuda: remove
Remove CUDA support as it has been broken for a long time.

Ticket #2382.
8 years ago
Victor Julien 1261d30df0 mingw/cygwin: explicitly disable unix socket 8 years ago
Victor Julien 6b75162194 mingw: use c:\Program Files\Suricata for w64 8 years ago
Victor Julien 46cb00ec6c strptime: add implementation from NetBSD
As MinGW doesn't come with strptime take the BSD licensed
implementation from NetBSD. More specifically, the one from

https://github.com/Alexpux/MINGW-packages/blob/master/mingw-w64-libkml/strptime.c

It's slightly modified to get rid on 'uint'.
8 years ago
Victor Julien d8ddd3b5bc mingw: work around mingw mkdir
mingw doesn't come with a posix compliant mkdir as it only takes
a single argument.
8 years ago
Victor Julien 6c251b8576 rust: add --enable-rust-debug
Add option to put Rust code in non-'--release' mode, preserving
debug symbols.

Until now Suricata would have to be compiled with --enable-debug for
this.
8 years ago
Victor Julien 56d93f426c configure: style fixup 8 years ago
Victor Julien 2a237bdfca detect: make glob.h optional
glob.h is not available on MinGW.

Simply use the input on the rule list as a literal pattern.
8 years ago
Alfredo Cardigliano b6baafb3e3 pfring: hw bypass support
This patch adds support for hw bypass by enabling flow offload in the network
card (when supported) and implementing the BypassPacketsFlow callback.
Hw bypass support is disabled by default, and can be enabled by setting
"bypass: yes" in the pfring interface configuration section in suricata.yaml.
8 years ago
Victor Julien e60bfc78c1 Open 4.1 development branch 8 years ago
Victor Julien 9b94679fce random: support getrandom(2) if available
Ticket: #2193
8 years ago
jason taylor 0f41172cc6 updated fedora libevent package names
Signed-off-by: jason taylor <jtfas90@gmail.com>
8 years ago
Jason Ish 7cc0067be0 Sample systemd unit file for Suricata.
Create a sample systemd unit file based on the build time
configuration.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2138
8 years ago
Jason Ish ddf6bce5d8 Sample logrotate configuration file.
Create a sample logrotate configuration file with filenames
set for the configuration.
8 years ago
Victor Julien c02739e535 mingw: don't try to build unix socket 8 years ago
Victor Julien d1e839eabc windows: use wpcap instead of pcap
Windows pcap libraries such as winpcap all use a library name of
wpcap instead of just pcap. Support this in configure.
8 years ago
Victor Julien d1b6be99de mingw: fix random function 8 years ago
Jason Ish fd025ba3f5 rust: require jansson for rust build 8 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 8 years ago
Victor Julien 9dab3ec71e rust: enable/disable yaml settings
Based on compile time settings, enable/disable app-layers
and loggers.
8 years ago
Pierre Chifflier 4fe9292ed8 Autotools: add switch to build experimental Rust parsers 8 years ago
Jason Ish 61d9f4bb0a rust: make distcheck fixes 8 years ago
Jason Ish 14951e3f00 rust: save cargo and CARGO_HOME to variables
During configure, substitute the path of cargo, as well as the
value of CARGO_HOME as variables. This fixes the case where a
user might do:
  make
  sudo make install
Which will cause the cargo bits to be rebuilt, including
re-downloading external crates.

By saving these to variables we can be sure that the same
values are used during make install as were used during
make which prevents the Rust artifacts from being rebuild
during "sudo make install".
8 years ago
Jason Ish 6bddc4d3e0 python: use python path found during configure
Also look for Python under more names. For example, on OpenBSD
if you just install Python 2, you will only get a python2.7
executable.
8 years ago
Victor Julien d00b914ddb rust: make clear it's experimental 9 years ago
Jason Ish 9d687025e2 rust: lua wrapper
Rust wrapper for working with lua state.
9 years ago
Jason Ish 8f81792da5 rust: hook rust into the build
Rust is currently optional, use the --enable-rust configure
argument to enable Rust.

By default Rust will be built in release mode. If debug is enabled
then it will be built in debug mode.

On make dist, "cargo vendor" will be run to make a local copy
of Rust dependencies for the distribution archive file.

Add autoconf checks to test for the vendored source, and if it
exists setup the build to use the vendored code instead of
fetching it from the network.

Also, as Cargo requires semantic versioning, the Suricata version
had to change from 4.0dev to 4.0.0-dev.
9 years ago
Victor Julien 3ff5dc3653 nfq: remove obsolete and broken netfilterforwin support 9 years ago
Victor Julien 276125c1ef cleanup: remove unused ringbuffer code 9 years ago
Victor Julien cda6e0291f cleanup: remove libpcap < 1 support 9 years ago
Victor Julien 119115d3b6 configure: remove CentOS5 pkg-config fix 9 years ago
Victor Julien 0516b5d704 cleanup: from AS_VERSION_COMPARE CentOS5 workaround 9 years ago
fooinha a64e5e77c7 eve: async mode for redis output
eve: detects libevent for async redis at configure
eve: moves redis output code to new file - util-log-redis.{c,h}
eve: redis ECHO and QUIT commands for async mode
eve: redis output defaults if conf is missing
9 years ago
Victor Julien dd70b3fda0 random: improve random logic
Improve random logic for hash tables.

Implement Windows random API if it is available.
9 years ago
Victor Julien a4dce24151 core dumps: check for sys/resource.h 9 years ago
Victor Julien cee5c9fa60 pcre: on ppc64 disable only for specific versions
Disable jit only for libpcre 8.39 and 8.40 as those were the buggy
versions.

Thanks to Zoltán Herczeg.
9 years ago
Victor Julien bc480fa8c3 pcre: disable jit on powerpc64
It appears that both using gcc and clang something gets misoptimised
around pcre's jit. So disable jit for now.
9 years ago
Jason Ish 2c01985e73 autoconf - look for stdbool.h 9 years ago
Victor Julien 113a238e90 Open 4.0 development branch 9 years ago
Sascha Steinbiss e6044aaf1c mpm/spm: check for SSSE3 and enable/disable HS
The new Hyperscan 4.4 API provides a function to check for SSSE3
presence at runtime. This allows us to fall back to non-Hyperscan
matchers on systems without SSSE3 even when the suricata executable
is built with Hyperscan support. Addresses Redmine issue #2010.

Signed-off-by: Sascha Steinbiss <sascha@steinbiss.name>
Tested-by: Arturo Borrero Gonzalez <arturo@debian.org>
9 years ago
Andreas Herz a18af7325f configure: prevent combination of unittests and debug-validation 9 years ago
Victor Julien 810e43f373 magic: make optional
Make libmagic optional. If installed it will be enabled by default in
configure. Use --disable-libmagic to disable.
9 years ago
Jason Ish bbb93e487e pcap-log: seed ring buffer on start up
On start, look for existing pcap log files and add them to
the ring buffer. This makes pcap-log self maintaining over
restarts removing the need for external tools to clear
orphaned files.
9 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 9 years ago
Victor Julien 80bd59ae86 doc: improve install doc, configure 9 years ago
Victor Julien d4c7c2c2c7 cygwin: leave magic-file commented out in yaml 9 years ago
Jason Ish 7fa390de39 doc: bundle pre-built man page in distribution 9 years ago
Jason Ish 6eedd0068b doc: hook sphinx into build 9 years ago
Andreas Herz 15766ce2c4 configure: set correct cppflags for enabled nfqueue
This change sets the correct CPPFLAGS received by PKG_CHECK to resolve
building issues with some systems like OpenSuse.
9 years ago
Victor Julien 54503ef310 Open Suricata 3.2 development branch 9 years ago
Victor Julien 7847c4f8ee configure: detect SunOS and link against required libs 9 years ago
Victor Julien ec87123339 configure: check for strings.h: used by SunOS 9 years ago
Victor Julien 5db322045e configure: fix Ubuntu lua pkg suggestion 9 years ago
Victor Julien 37b10c13c1 configure: require libhtp 0.5.20
Ticket #1839
9 years ago
Victor Julien 66346e4632 libnet: work around older libnet type difference
Older libnet 1.1.x have a non-const type for libnet_init's dev
argument.
10 years ago
Victor Julien 9119007d00 pfring: no longer link against rt and numa libs 10 years ago
Victor Julien 5ec885e451 http: set of response body decompress limit
This is a per personality setting.
10 years ago
Victor Julien 439b62fe69 configure: cleanup configure output
Don't present missing spatch as a warning. Remove verbose libnet
warnings as well.
10 years ago
Victor Julien ffba26d04a configure: don't set -march=native for powerpc 10 years ago
Victor Julien f55dbca57b yaml: make eve log in yaml depend on libjansson 10 years ago
Eric Leblond a40f08a213 af-packet: ask for hardware timestamp 10 years ago
Eric Leblond c2d0d93806 af-packet: detect availability of tpacket_v3
If TPACKET_V3 is not defined then it is not available and we should
not build anything related to tpacket_v3. This will allow us to
activate it dy default and fallback to v2 if not available.
10 years ago
Jason Ish baf528e751 typos: surictsc -> suricatasc
Reported by Markus Lude on the mailing list.
10 years ago
Jason Ish 667e4e68bf configure.ac: escape $srcdir when used in a variable
$srcdir needs to be escaped for proper expansion when used
as part of a Makefile variable.
10 years ago
Victor Julien 1c8775b340 QA: --afl-rules for faster rule fuzzing 10 years ago
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 10 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
10 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file>
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
10 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 10 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 10 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
10 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 10 years ago
Alexander Gozman 365015c2d5 Support sending rejects via libnet when running under non-root.
Since version 1.1.6 libnet handles capabilities correctly.
So changing libnet's version checking a little bit should do the trick.
10 years ago
Victor Julien e27ad81a43 autotools: add AS_VERSION_COMPARE stub for CentOS 5 10 years ago
Victor Julien 3781b00dbc Open Suricata 3.1 development branch 10 years ago
Justin Viiret 13b87f5aff mpm: add Hyperscan integration
This adds an MPM implementation that uses the Hyperscan regex engine
library from Intel, accessible as the "hs" mpm-algo.
10 years ago
Andreas Herz c8399e8c51 configure: bypass libpcre 8.35 check
When --with-libpcre-libraries is used we skip the libpcre 8.35 check
since pkg-config might still point to the 8.35 version installed
although newer version was passed with --with-libpcre-libraries.
10 years ago
Victor Julien fde7a2f656 cuda: fix compilation 10 years ago
Victor Julien 6228f5f689 lua: if pkg-config fails, try -llua 10 years ago
Victor Julien 9858ae41be configure: OS X fixes
Remove unnecessary -lpthread from tests.

Make linker warnings non-fatal with -Werror.
10 years ago
Victor Julien e51707be90 pcre: blacklist 8.35 for JIT use (issue #1693) 10 years ago
Andreas Herz 8c0e575063 configure: warn if libpcre 8.35 is used 10 years ago
Victor Julien 4086938f1e pool: fix memory leak
Due to pointer size mishandling, the pool code could consider a
block of memory inside the 'preallocated' block. It would then not
free the block.
10 years ago
bladeswords 2a17e3e827 Fix typo of trailing ] in configure --help
It is the small things that count.  This is an example of the fix

Before
--disable-threading-tls Disable TLS (thread local storage)]

After
--disable-threading-tls Disable TLS (thread local storage)
10 years ago
Andreas Herz 15c98c6085 file-magic: improve libmagic handling on *nix systems 10 years ago
Andreas Herz 20dd593981 remove unnecessary braces 10 years ago
Andreas Herz dc1bd5b6bd configure: add --disable-python option 10 years ago
Victor Julien 84c4566a14 Update dev version to reflect we're doing 3.0 now 10 years ago
Eric Leblond eef5678e5e output-json: add redis support
This patch adds redis support to JSON output.
10 years ago
Alexander Gozman 437fe40660 Feature 1527: ability to compile as a position independent executable
Adds corresponding configure option which enables proper CPPFLAGS
and LDFLAGS.
10 years ago
Eric Leblond f8b8b6f753 configure: use pkg_config for libhtp
It was not possible to simply specify PKG_CONFIG_PATH to build
with an non bundled libhtp. With this patch we don't need anymore
the htp lib and include configure options.
10 years ago
Victor Julien ba81c4d290 autotools: cleanup
Remove most of the CFLAGS updates from configure. Flags are now (mostly)
set in AM_CLFLAGS.

Update all -DBLAH additions to CFLAGS to use AC_DEFINE([BLAH], ...)

Improve Lua vs LuaJIT checking.

Improve the configure output a bit.

Lots of smaller cleanups.
10 years ago
Eric Leblond 851fcef962 af-packet: sync header with latest features
Sync the replacement define with the latest Linux code.
This patch also updates the detection part in configure.ac
to do a declaration of all fields if the newest features are
not present.
10 years ago
Helmut Schaa 91efdadf8e Disable pcap-config use during cross compilation
This allows cross compilation where the host system has pcap-config
installed and would create an invalid entry in the cross-CFLAGS.
10 years ago
Alexander Gozman f11e237d77 Feature #1440: support wildcards in rule filenames 11 years ago
Jason Ish 972037248d Define _DEFAULT_SOURCE. Its the replacement for _BSD_SOURCE which
which has been deprecated as of glibc 2.20.
11 years ago
Eric Leblond 5f4b745f92 build: don't link with libnfnetlink
Don't link suricata with libnfnetlink when we don't have support
for NFQUEUE or NFLOG. Previously, suricata was linked with this
library without reason.
11 years ago
Victor Julien 3f44bd504a CentOS 5.11 pkg-config fix
Check for the minimal pkg-config 0.21 version. Without it, CentOS'
pkg-config will fail with the warning:

configure: error: The pkg-config script could not be found or is too old.
11 years ago
gureedo 10104066e1 netmap support 11 years ago
Victor Julien 8e946b92b7 Fix compilation on OS X Yosemite
Due to our unconditional declaration of the strlcat and strlcpy
functions, compilation failed on OS X Yosemite.

Bug #1192
11 years ago
Victor Julien 6fa8922ccd configure: add switch to disable __thread use
Add --disable-threading-tls switch to force the posix thread local
storage code paths even if __thread is available.

Goal is to make it easier to QA the posix code path.
11 years ago
Giuseppe Longo dde78e499c pfring: checks if the lib version is >= 6
Checks if the PF_RING version installed on the system is 6,
so old version won't be supported.
11 years ago
Ken Steele 2c9c0f1e8f Fix typo in configure message about nfnetlink 11 years ago
Mats Klepsland 0d15d4f6c3 configure.ac: Moved libpcap before libpfring
Moved the libpcap section in configure.ac before libpfring to
enable libpfring to use the specified libpcap includes and
libraries when testing for libpfring support.

Bug #1294
11 years ago
Victor Julien da1fe75975 lua: improve configure checks
The base 'lua' library has different names on different OS' and even
Linux distro's. Instead of selecting the proper one, we now just try
all. This way no OS/distro specific knowledge about the name is needed.
11 years ago
Victor Julien d258a11f0d autotools: enable silent mode
Add check to make sure that if the functionality isn't available, we
don't error out.
11 years ago
Victor Julien cba043da39 Open 2.1 development in the master branch. 11 years ago
Victor Julien 3beaa80aa2 Fix __thread configure check on Clang
AC_TRY_COMPILE puts the code in a function already, and Clang didn't like
the function within the function declaration. This lead to test failure.

Clang now properly detects __thread support.
11 years ago
Victor Julien 1177d48920 lua: fix liblua use on OS X with macports
Set the correct lua pkg-config name used by macports.
12 years ago
Victor Julien f01027e972 Fix libcap-ng configure typo. 12 years ago
Victor Julien 43c5b949d2 cygwin: fix lua configure
Fix lua configure for cygwin. Tested with lua 5.1.5.
12 years ago
Victor Julien 7396237c2a lua: deal with FreeBSD and OpenBSD
FreeBSD pkg-config lua-5.1.pc, lib liblua-5.1.so
OpenBSD pkg-config lua51.pc, lib liblua5.1.so

Default (linux) pkg-config: lua5.1.pc, lib liblua5.1.so
12 years ago
Victor Julien e366c62cf0 lua: support regular lua C library
Not all systems have luajit or a need for luajit. For low bandwidth
and offline support regular lua may be sufficient.
12 years ago
Giuseppe Longo 4851568a41 Checks if libnetfilter_log is found on the system
and enable it if it's specified.
12 years ago
Ken Steele 0011e01e05 Change configure to allow statically linking libpcre.
Statically linking libpcre requires using -lpthread, which is added
when building Suricata, but not while checking for libpcre in configure.
12 years ago
Victor Julien 0f70e8f225 OpenBSD: set correct magic path
For all 5.x OpenBSDs it seems the magic path is:
    /usr/local/share/misc/magic.mgc
12 years ago
Victor Julien ddf9b417d7 configure: simplify OpenBSD handling
Treat all OpenBSD versions in the same way. No more -fgnu89-inline.
12 years ago
Victor Julien 42227e8713 configure: fix typo in libjansson warning message 12 years ago
Ken Steele 65d8ae937d Remove extra ] configure.ac for HAVE_DETECT_DISABLED
Saw a warning about unknow command ']' running distcheck and tracked it back
to this error.
12 years ago
Ken Steele 497575d38e Add option on Tile-Gx for logging for fast.log alerts over PCIe
When running on a TILEncore-Gx PCIe card, setting the filetype of fast.log
to pcie, will open a connection over PCIe to a host application caleld
tile-pcie-logd, that receives the alert strings and writes them to a file
on the host. The file name to open is also passed over the PCIe link.

This allows running Suricata on the TILEncore-Gx PCIe card, but have the
alerts logged to the host system's file system efficiently. The PCIe API that
is used is the Tilera Packet Queue (PQ) API which can access PCIe from User
Space, thus avoiding system calls.

Created util-logopenfile-tile.c and util-logopen-tile.h for the TILE
specific PCIe logging functionality.

Using Write() and Close() function pointers in LogFileCtx, which
default to standard write and close for files and sockets, but are
changed to PCIe write and close functions when a PCIe channel is
openned for logging.

Moved Logging contex out of tm-modules.h into util-logopenfile.h,
where it makes more sense. This required including util-logopenfile.h
into a couple of alert-*.c files, which previously were getting the
definitions from tm-modules.h.

The source and Makefile for tile-pcie-logd are added in contrib/tile-pcie-logd.

By default, the file name for fast.log specified in suricata.yaml is used as
the filename on the host. An optional argument to tile-pcie-logd, --prefix=,
can be added to prepend the supplied file path. For example, is the file
in suricata.yaml is specified as "/var/log/fast.log" and --prefix="/tmp",
then the file will be written to "/tmp/var/log/fast.log".

Check for TILERA_ROOT environment variable before building tile_pcie_logd

Building tile_pcie_logd on x86 requires the Tilera MDE for its PCIe libraries
and API header files. Configure now checs for TILERA_ROOT before enabling
builing tile_pcie_logd in contrib/tile_pcie_logd
12 years ago
Victor Julien 8623b8f941 prelude: fix configure and cleanup
Fixes configure enabling of prelude. CFLAGS is reset, so the previous
adding of -DPRELUDE was nixed. Using AC_DEFINE now.

Cleanups:
- make functions static
- simplify handling of no prelude support
- move registration to the bottom
12 years ago
Victor Julien f4872a2f08 Add --disable-detection configure option
Add --disable-detection configure option to compile Suricata with
detection disabled.
12 years ago
Victor Julien 06f9b0adbf Cygwin: make configure pass with -Werror 12 years ago
Victor Julien 2eeddf969d Cygwin: fix compilation
tm-threads.c:1190:5: error: unknown type name ‘DWORD’
12 years ago
Victor Julien e4b39a413a Fix coccinelle autotools check 12 years ago
Victor Julien 7fb860ac47 coccinelle: add --disable-coccinelle to configure
This allows disabling of the expensive cocci QA checks during
QA.
12 years ago
Ken Steele bc29684df4 Remove GCC -no-strict-aliasing compiler flag.
GCC typically generates better code without the -no-strict-aliasing flag.
It is only required if code makes assumptiosn that break strict aliasing.
The unit tests pass on x86 and Tile without the flag.
12 years ago
Ken Steele f0c785cc1d Fix configuring Prelude with -Werror
Running with:

CFLAGS="-Werror" ./configure

would fail when configuring libprelude because of an unused-result
warning. Ignore that one warning.
12 years ago
Eric Leblond a75911e02f pfring: workaround potential librt deps
It seems some version of pfring needs to be link with librt.
12 years ago
Ken Steele 3d81e50ab3 Check for compiler for -march=native support
Check all compilers to see if they support the -march=native flags, rather
than assuming gcc 4.2 or later does. Tile GCC doesn't currently support it,
so not checking break Tile compiles.
12 years ago
Eric Leblond fcc8759561 util-ioctl: add GRO/LRO detection capabilities
This patch adds a new function GetIfaceOffloading which return 0
if LRO and GRO are not set on a interface and 1 if not the case.
12 years ago
Eric Leblond 64cd49da31 configure: accept libnet 1.1 and 1.2. 12 years ago
Victor Julien 0bfba8352d pcre: check for pcre_free_study, fall back to pcre_free if it unavailable 12 years ago
Victor Julien c8b71938ff Add a fallback memrchr implementation for those platforms that dont support it. Bug #963. 12 years ago
Eric Leblond daa9dcb75f Use wget or curl to download ruleset. 12 years ago
Victor Julien 900918a5d1 Bug #948: detect thread local storage support 12 years ago
Ken Steele 1bbbcf5120 Make the missing libhtp error message more clear.
Use exact git clone command and then rerun autogen.sh and configure.
12 years ago
Ken Steele 149d2a0793 Fix typo in configure.ac echo message 12 years ago
Anoop Saldanha f85a2dc84b fix for #875.
Update configure.ac to check for either 0.5.5 and 0.5.x version of libhtp.
12 years ago
Victor Julien 8060ef41af configure: add iconv.h check to configure if bundled libhtp is used 12 years ago
Victor Julien 83014adcfa Fix autogen on older systems 12 years ago
Eric Leblond 0cef0b8808 configure: minor cleaning 12 years ago
Eric Leblond 7dbc97b01c autotools: AM_INIT_AUTOMAKE with args is deprecated 12 years ago
Eric Leblond c099349550 configure: check for iconv in htp embedded mode
At least on freebsd, suricata fails to build in htp embedded mode
due to iconv linking issue.
12 years ago
Eric Leblond 0c37f76fa2 Check for local include first. 12 years ago
Victor Julien fdc3b5ba15 Fix CLS configure check 12 years ago
Anoop Saldanha 48cf0585fb Suricata upgrade to libhtp 0.5.x.
Remove the support for now unsupported personalities from libhtp -
TOMCAT_6_0, APACHE and APACHE_2_2.  We instead use the APACHE_2
personality.
12 years ago
Victor Julien 4749420f32 Use relative dir instead of ac_builddir
When generating src/build-info.h the use of ac_builddir was problematic.
There were several cases where it was undefined leading to the absolute
path /src/build-info.h. ./configure should be called from the parent dir
to the actual src dir, so this should work. Make distcheck and normal builds
complete fine.
12 years ago
Victor Julien aafc65c757 Autotools: move libhtp conditionals to configure
In preparation of the libhtp upgrade, move all libhtp related conditionals
to configure. This allows for one set of build scripts that works regardless
of the presence of a local libhtp dir.
12 years ago
Victor Julien 55625d738a TLS: create certs dir on 'make install-full'. Bug #711. 12 years ago
Anoop Saldanha 68847d12e3 Update configure.ac to use the default value of 64 for the cache line size
for systems which return a value of 0.
12 years ago
Ken Steele 3db717db6d Update configure.ac to detect Tile architecture.
Detect if the architecture supports the Tilera mPipe packet processing
hardware. It it does, add the requried libraries and define HAVE_MPIPE.
13 years ago
Victor Julien 71c22ddfee Move fallback to CLS detection to configure script. 13 years ago
Victor Julien 0ddd57cb05 Fix CLS detection on systems that have getconf, but don't support the LEVEL1_DCACHE_LINESIZE option. 13 years ago
Victor Julien 724ad9e8e7 Detect L1 cache line size at build time. Fall back to 64 bytes if detection failed. 13 years ago
Victor Julien b7c759fdf4 NFQ: fix configure check for finding out signed/unsigned args for nfq_get_payload 13 years ago
Florian Westphal 8da02115c9 nfq: add support for batch verdicts
Normally, there is one verdict per packet, i.e., we receive a packet,
process it, and then tell the kernel what to do with that packet (eg.
DROP or ACCEPT).

recv(), packet id x
send verdict v, packet id x
recv(), packet id x+1
send verdict v, packet id x+1
[..]
recv(), packet id x+n
send verdict v, packet id x+n

An alternative is to process several packets from the queue, and then send
a batch-verdict.

recv(), packet id x
recv(), packet id x+1
[..]
recv(), packet id x+n
send batch verdict v, packet id x+n

A batch verdict affects all previous packets (packet_id <= x+n),
we thus only need to remember the last packet_id seen.

Caveats:
- can't modify payload
- verdict is applied to all packets
- nfmark (if set) will be set for all packets
- increases latency (packets remain queued by the kernel
  until batch verdict is sent).

To solve this, we only defer verdict for up to 20 packets and
send pending batch-verdict immediately if:
- no packets are currently queue
- current packet should be dropped
- current packet has different nfmark
- payload of packet was modified

This patch adds a configurable batch verdict support for workers runmode.
The batch verdicts are turned off by default.

Problem is that batch verdicts only work with kernels >= 3.1, i.e.
using newer libnetfilter_queue with an old kernel means non-working
suricata. So the functionnality has to be disabled by default.
13 years ago
Eric Leblond 6913109bf3 configure: use correct syntax for help string 13 years ago
Eric Leblond 7d706563ef configure: add --enable-unix-socket flag
This new flag allows the user to force unix socket build or to
disallow it completely. Default which is test is maintained.
13 years ago
Eric Leblond 0470c0f678 jansson: change function test to be sure of version 13 years ago
Victor Julien 04d7d00df6 Try to use pkg-config to resolve libnspr and related dependencies. 13 years ago
Christian Kreibich cb8e5bc533 Try to use pkg-config to resolve libnss and related dependencies. 13 years ago
Victor Julien eeb439c1a3 Open 2.0 dev branch 13 years ago
Jason Ish eae4de9850 Replace the deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS.
Addresses bug #704 for building on a Mac.  More generically
it addresses the issue building using newers versions of automake.
13 years ago
Eric Leblond cd305c3a78 suricatasc: update python packaging
'make install' install now suricatasc script and Python module to
the system. The suricatasc client module can now be used in other
Python projects by using 'import suricatasc'.

A transformation was needed for distribution of a module and a script.
Module in src directory is now containing most of the code and the
script only handle argument parsing and the creation of a unix socket
client through 'suricatasc' module.
13 years ago
Eric Leblond 6d225378e4 Workaround function missing in libhtp include
As reported in bug #688, htp_config_set_path_decode_u_encoding
function is not included in libhtp header before 0.3.0. Result
is that suricata compilation fail with an external htp library.
The following patch detect the issue and adds the missing
declaration.
13 years ago
Eric Leblond d472d606e9 configure: update htp version dependancy 13 years ago
Victor Julien cc51eec59d Use new libhtp query string normalization. Bug #739. 13 years ago
Eric Leblond 8d7b9703af Fix latest build-info modification
The creation of build-info.h should have been made in build
directory and not in source directory. This should fix changes
introduced in #738.
13 years ago
Eric Leblond 84f50ba49f build-info: use printf instead of SCLogInfo
This change results in a more readable and reusable output.
13 years ago
Eric Leblond 668113af77 add configure summary to build-info output 13 years ago