mirror of https://github.com/OISF/suricata
				
				
				
			
			You cannot select more than 25 topics
			Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
		
		
		
		
		
			
		
			
				
	
	
		
			2484 lines
		
	
	
		
			98 KiB
		
	
	
	
		
			Plaintext
		
	
			
		
		
	
	
			2484 lines
		
	
	
		
			98 KiB
		
	
	
	
		
			Plaintext
		
	
|     AC_INIT(suricata, 4.1.0-dev)
 | |
|     m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
 | |
|     AC_CONFIG_HEADERS([config.h])
 | |
|     AC_CONFIG_SRCDIR([src/suricata.c])
 | |
|     AC_CONFIG_MACRO_DIR(m4)
 | |
|     AM_INIT_AUTOMAKE
 | |
| 
 | |
|     AC_LANG_C
 | |
|     AC_PROG_CC_C99
 | |
|     AC_PROG_LIBTOOL
 | |
|     PKG_PROG_PKG_CONFIG
 | |
| 
 | |
|     dnl Taken from https://llvm.org/svn/llvm-project/llvm/trunk/autoconf/configure.ac
 | |
|     dnl check if we compile using clang or gcc. On some systems the gcc binary is
 | |
|     dnl is actually clang, so do a compile test.
 | |
|     AC_MSG_CHECKING([whether GCC or Clang is our compiler])
 | |
|     AC_LANG_PUSH([C])
 | |
|     compiler=unknown
 | |
|     AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __clang__
 | |
|                                         #error
 | |
|                                         #endif
 | |
|                                       ]])],
 | |
|                        compiler=clang,
 | |
|                       [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __GNUC__
 | |
|                                                            #error
 | |
|                                                            #endif
 | |
|                                                          ]])],
 | |
|                        compiler=gcc, [])])
 | |
|     AC_LANG_POP([C])
 | |
|     AC_MSG_RESULT([${compiler}])
 | |
| 
 | |
|     case "$compiler" in
 | |
|         clang)
 | |
|             CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
 | |
|             AC_MSG_CHECKING([clang __sync_bool_compare_and_swap support])
 | |
|             AC_TRY_COMPILE([#include <stdio.h>],
 | |
|                 [ unsigned int i = 0; (void)__sync_bool_compare_and_swap(&i, 1, 1);],
 | |
|                 [
 | |
|                     AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1], [1], [Fake GCC atomic support])
 | |
|                     AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2], [1], [Fake GCC atomic support])
 | |
|                     AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4], [1], [Fake GCC atomic support])
 | |
|                     AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8], [1], [Fake GCC atomic support])
 | |
|                     AC_MSG_RESULT([yes]) ],
 | |
|                 [AC_MSG_RESULT([no])])
 | |
|             AC_SUBST(CLANG_CFLAGS)
 | |
|             ;;
 | |
|         gcc)
 | |
|             dnl get gcc version
 | |
|             AC_MSG_CHECKING([gcc version])
 | |
|                     gccver=$($CC -dumpversion)
 | |
|                     gccvermajor=$(echo $gccver | cut -d . -f1)
 | |
|                     gccverminor=$(echo $gccver | cut -d . -f2)
 | |
|                     gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor)
 | |
|             AC_MSG_RESULT($gccver)
 | |
| 
 | |
|             if test "$gccvernum" -ge "400"; then
 | |
|                 dnl gcc 4.0 or later
 | |
|                 GCC_CFLAGS="-Wextra -Werror-implicit-function-declaration"
 | |
|             else
 | |
|                 GCC_CFLAGS="-W"
 | |
|             fi
 | |
|             AC_SUBST(GCC_CFLAGS)
 | |
|             ;;
 | |
|         *)
 | |
|             AC_MSG_WARN([unsupported/untested compiler, this may or may not work])
 | |
|             ;;
 | |
|     esac
 | |
| 
 | |
|     # Checks for programs.
 | |
|     AC_PROG_AWK
 | |
|     AC_PROG_CC
 | |
|     AC_PROG_CPP
 | |
|     AC_PROG_INSTALL
 | |
|     AC_PROG_LN_S
 | |
|     AC_PROG_MAKE_SET
 | |
|     AC_PROG_GREP
 | |
| 
 | |
|     AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no")
 | |
|     if test "$HAVE_PKG_CONFIG" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR! pkg-config not found, go get it  "
 | |
|         echo "   http://pkg-config.freedesktop.org/wiki/ "
 | |
|         echo "   or install from your distribution       "
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|     AC_ARG_ENABLE(python,
 | |
|            AS_HELP_STRING([--enable-python], [Enable python]),,[enable_python=yes])
 | |
|     AC_PATH_PROGS(HAVE_PYTHON, python python2 python2.7, "no")
 | |
|     if test "x$enable_python" = "xno" ; then
 | |
|         echo
 | |
|         echo "   Warning! python disabled, you will not be      "
 | |
|         echo "   able to install suricatasc unix socket client   "
 | |
|         echo
 | |
|         enable_python="no"
 | |
|     fi
 | |
|     if test "$HAVE_PYTHON" = "no"; then
 | |
|         echo
 | |
|         echo "   Warning! python not found, you will not be     "
 | |
|         echo "   able to install suricatasc unix socket client   "
 | |
|         echo
 | |
|         enable_python="no"
 | |
|     fi
 | |
|     AM_CONDITIONAL([HAVE_PYTHON], [test "x$enable_python" = "xyes"])
 | |
| 
 | |
|     AC_PATH_PROG(HAVE_WGET, wget, "no")
 | |
|     if test "$HAVE_WGET" = "no"; then
 | |
|         AC_PATH_PROG(HAVE_CURL, curl, "no")
 | |
|         if test "$HAVE_CURL" = "no"; then
 | |
|             echo
 | |
|             echo "   Warning curl or wget not found, you won't be able to"
 | |
|             echo "   download latest ruleset with 'make install-rules'"
 | |
|         fi
 | |
|     fi
 | |
|     AM_CONDITIONAL([HAVE_FETCH_COMMAND], [test "x$HAVE_WGET" != "xno" || test "x$HAVE_CURL" != "xno"])
 | |
|     AM_CONDITIONAL([HAVE_WGET_COMMAND], [test "x$HAVE_WGET" != "xno"])
 | |
| 
 | |
|     # Checks for libraries.
 | |
| 
 | |
|     # Checks for header files.
 | |
|     AC_CHECK_HEADERS([stddef.h])
 | |
|     AC_CHECK_HEADERS([arpa/inet.h assert.h ctype.h errno.h fcntl.h inttypes.h])
 | |
|     AC_CHECK_HEADERS([getopt.h])
 | |
|     AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h])
 | |
|     AC_CHECK_HEADERS([stdarg.h stdint.h stdio.h stdlib.h stdbool.h string.h strings.h sys/ioctl.h])
 | |
|     AC_CHECK_HEADERS([syslog.h sys/prctl.h sys/socket.h sys/stat.h sys/syscall.h])
 | |
|     AC_CHECK_HEADERS([sys/time.h time.h unistd.h])
 | |
|     AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h])
 | |
|     AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h])
 | |
|     AC_CHECK_HEADERS([glob.h])
 | |
|     AC_CHECK_HEADERS([dirent.h fnmatch.h])
 | |
|     AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
 | |
|     AC_CHECK_HEADERS([sys/random.h])
 | |
|     AC_CHECK_HEADERS([utime.h])
 | |
|     AC_CHECK_HEADERS([libgen.h])
 | |
| 
 | |
|     AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
 | |
|     [[#ifdef HAVE_SYS_SOCKET_H
 | |
|         #include <sys/types.h>
 | |
|         #include <sys/socket.h>
 | |
|         #endif
 | |
|     ]])
 | |
| 
 | |
|     AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h w32api/wtypes.h], [], [],
 | |
|                     [[
 | |
|                         #ifndef _X86_
 | |
|                         #define _X86_
 | |
|                         #endif
 | |
|                      ]])
 | |
|     AC_CHECK_HEADERS([w32api/winbase.h wincrypt.h], [], [],
 | |
|                     [[
 | |
|                         #ifndef _X86_
 | |
|                         #define _X86_
 | |
|                         #endif
 | |
|                         #include <windows.h>
 | |
|                      ]])
 | |
| 
 | |
|     # Checks for typedefs, structures, and compiler characteristics.
 | |
|     AC_C_INLINE
 | |
|     AC_TYPE_PID_T
 | |
|     AC_TYPE_SIZE_T
 | |
|     AC_TYPE_INT32_T
 | |
|     AC_TYPE_UINT16_T
 | |
|     AC_TYPE_UINT32_T
 | |
|     AC_TYPE_UINT64_T
 | |
|     AC_TYPE_UINT8_T
 | |
|     AC_HEADER_STDBOOL
 | |
| 
 | |
|     # Checks for library functions.
 | |
|     AC_FUNC_MALLOC
 | |
|     AC_FUNC_REALLOC
 | |
|     AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strdup strerror strncasecmp strtol strtoul memchr memrchr clock_gettime])
 | |
|     AC_CHECK_FUNCS([strptime])
 | |
| 
 | |
|     AC_CHECK_DECL([getrandom],
 | |
|         AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
 | |
|         [], [
 | |
|             #include <sys/random.h> 
 | |
|             ])
 | |
| 
 | |
|     AC_CHECK_FUNCS([utime])
 | |
| 
 | |
|     OCFLAGS=$CFLAGS
 | |
|     CFLAGS=""
 | |
|     AC_CHECK_FUNCS([strlcpy strlcat])
 | |
|     CFLAGS=$OCFLAGS
 | |
| 
 | |
|     # Add large file support
 | |
|     AC_SYS_LARGEFILE
 | |
| 
 | |
|     #check for os
 | |
|     AC_MSG_CHECKING([host os])
 | |
| 
 | |
|     # lua pkg-config name differs per OS
 | |
|     LUA_PC_NAME="lua5.1"
 | |
|     LUA_LIB_NAME="lua5.1"
 | |
| 
 | |
|     # If no host os was detected, try with uname
 | |
|     if test -z "$host" ; then
 | |
| 	    host="`uname`"
 | |
|     fi
 | |
|     echo -n "installation for $host OS... "
 | |
| 
 | |
|     RUST_SURICATA_LIBNAME="libsuricata.a"
 | |
| 
 | |
|     e_magic_file=""
 | |
|     e_magic_file_comment="#"
 | |
|     PCAP_LIB_NAME="pcap"
 | |
|     case "$host" in
 | |
|         *-*-*freebsd*)
 | |
|             LUA_PC_NAME="lua-5.1"
 | |
|             LUA_LIB_NAME="lua-5.1"
 | |
|             CFLAGS="${CFLAGS} -DOS_FREEBSD"
 | |
|             CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet11"
 | |
|             LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/usr/local/lib/libnet11"
 | |
|             RUST_LDADD="-lrt -lm"
 | |
|             ;;
 | |
|         *-*-openbsd*)
 | |
|             LUA_PC_NAME="lua51"
 | |
|             CFLAGS="${CFLAGS} -D__OpenBSD__"
 | |
|             CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet-1.1"
 | |
|             LDFLAGS="${LDFLAGS} -L/usr/local/lib -I/usr/local/lib/libnet-1.1"
 | |
|             ;;
 | |
|         *darwin*|*Darwin*)
 | |
|             LUA_PC_NAME="lua-5.1"
 | |
|             LUA_LIB_NAME="lua-5.1"
 | |
|             CFLAGS="${CFLAGS} -DOS_DARWIN"
 | |
|             CPPFLAGS="${CPPFLAGS} -I/opt/local/include"
 | |
|             LDFLAGS="${LDFLAGS} -L/opt/local/lib"
 | |
|             ;;
 | |
|         *-*-linux*)
 | |
|             RUST_LDADD="-ldl -lrt -lm"
 | |
|             ;;
 | |
|         *-*-mingw32*)
 | |
|             CFLAGS="${CFLAGS} -DOS_WIN32"
 | |
|             LDFLAGS="${LDFLAGS} -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid"
 | |
|             WINDOWS_PATH="yes"
 | |
|             PCAP_LIB_NAME="wpcap"
 | |
|             AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg])
 | |
|             RUST_SURICATA_LIBNAME="suricata.lib"
 | |
|             RUST_LDADD="-luserenv -lshell32 -ladvapi32 -lgcc_eh"
 | |
|             ;;
 | |
|         *-*-cygwin)
 | |
|             LUA_PC_NAME="lua"
 | |
|             LUA_LIB_NAME="lua"
 | |
|             WINDOWS_PATH="yes"
 | |
|             PCAP_LIB_NAME="wpcap"
 | |
|             ;;
 | |
|         *-*-solaris*)
 | |
|             AC_MSG_WARN([support for Solaris/Illumos/SunOS is experimental])
 | |
|             LDFLAGS="${LDFLAGS} -lsocket -lnsl"
 | |
|             ;;
 | |
|         *)
 | |
|             AC_MSG_WARN([unsupported OS this may or may not work])
 | |
|             ;;
 | |
|     esac
 | |
|     AC_MSG_RESULT(ok)
 | |
| 
 | |
|     # enable modifications for AFL fuzzing
 | |
|     AC_ARG_ENABLE(afl,
 | |
|            AS_HELP_STRING([--enable-afl], Enable AFL fuzzing logic[])], [enable_afl="$enableval"],[enable_afl=no])
 | |
| 
 | |
|     AS_IF([test "x$enable_afl" = "xyes"], [
 | |
|         AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
 | |
|         AC_DEFINE([AFLFUZZ_DISABLE_MGTTHREADS], [1], [Disable all management threads])
 | |
|         AC_DEFINE([AFLFUZZ_PCAP_RUNMODE], [1], [Enable special AFL 'single' runmode])
 | |
|         AC_DEFINE([AFLFUZZ_CONF_TEST], [1], [Enable special --afl-parse-rules commandline option])
 | |
|         AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
 | |
|         AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
 | |
|         AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
 | |
|         AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
 | |
|         AC_DEFINE([AFLFUZZ_RULES], [1], [Enable --afl-rules commandline option])
 | |
| 
 | |
|         # test for AFL PERSISTANT_MODE support
 | |
|         CFLAGS_ORIG=$CFLAGS
 | |
|         CFLAGS="-Werror"
 | |
|         AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
 | |
|                 [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
 | |
|                 [])
 | |
|         CFLAGS=$CFLAGS_ORIG
 | |
|     ])
 | |
| 
 | |
|   # disable TLS on user request
 | |
|     AC_ARG_ENABLE(threading-tls,
 | |
|            AS_HELP_STRING([--disable-threading-tls], [Disable TLS (thread local storage)]), [enable_tls="$enableval"],[enable_tls=yes])
 | |
|     AS_IF([test "x$enable_tls" = "xyes"], [
 | |
|         # check if our target supports thread local storage
 | |
|         AC_MSG_CHECKING(for thread local storage __thread support)
 | |
|         AC_TRY_COMPILE([#include <stdlib.h>],
 | |
|             [ static __thread int i; i = 1; i++; ],
 | |
|             [AC_DEFINE([TLS], [1], [Thread local storage])
 | |
|              AC_MSG_RESULT([yes]) ],
 | |
|             [AC_MSG_RESULT([no])])
 | |
|     ])
 | |
| 
 | |
|     #Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found
 | |
|     #AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc.
 | |
|     #These flags seem to be supported on CentOS 5+, Ubuntu 8.04+, and FedoreCore 11+
 | |
|     #Options are taken from https://wiki.ubuntu.com/CompilerFlags
 | |
|     AC_ARG_ENABLE(gccprotect,
 | |
|            AS_HELP_STRING([--enable-gccprotect], [Detect and use gcc hardening options]),,[enable_gccprotect=no])
 | |
| 
 | |
|     AS_IF([test "x$enable_gccprotect" = "xyes"], [
 | |
|         #buffer overflow protection
 | |
|         AC_MSG_CHECKING(for -fstack-protector)
 | |
|         TMPCFLAGS="${CFLAGS}"
 | |
|         CFLAGS="${CFLAGS} -fstack-protector"
 | |
|         AC_TRY_LINK(,,SECCFLAGS="-fstack-protector"
 | |
|             AC_MSG_RESULT(yes),
 | |
|             AC_MSG_RESULT(no))
 | |
|         CFLAGS="${TMPCFLAGS}"
 | |
| 
 | |
|         #compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions
 | |
|         AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2)
 | |
|         TMPCFLAGS="${CFLAGS}"
 | |
|         CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
 | |
|         AC_TRY_COMPILE(,,SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2"
 | |
|             AC_MSG_RESULT(yes),
 | |
|             AC_MSG_RESULT(no))
 | |
|         CFLAGS="${TMPCFLAGS}"
 | |
| 
 | |
|         #compile-time warnings about misuse of format strings
 | |
|         AC_MSG_CHECKING(for -Wformat -Wformat-security)
 | |
|         TMPCFLAGS="${CFLAGS}"
 | |
|         CFLAGS="${CFLAGS} -Wformat -Wformat-security"
 | |
|         AC_TRY_COMPILE(,,SECCFLAGS="${SECCFLAGS} -Wformat -Wformat-security"
 | |
|             AC_MSG_RESULT(yes),
 | |
|             AC_MSG_RESULT(no))
 | |
|         CFLAGS="${TMPCFLAGS}"
 | |
| 
 | |
|         #provides a read-only relocation table area in the final ELF
 | |
|         AC_MSG_CHECKING(for -z relro)
 | |
|         TMPLDFLAGS="${LDFLAGS}"
 | |
|         LDFLAGS="${LDFLAGS} -z relro"
 | |
|         AC_TRY_LINK(,,SECLDFLAGS="${SECLDFLAGS} -z relro"
 | |
|             AC_MSG_RESULT(yes),
 | |
|             AC_MSG_RESULT(no))
 | |
|         LDFLAGS="${TMPLDFLAGS}"
 | |
| 
 | |
|         #forces all relocations to be resolved at run-time
 | |
|         AC_MSG_CHECKING(for -z now)
 | |
|         TMPLDFLAGS="${LDFLAGS}"
 | |
|         LDFLAGS="${LDFLAGS} -z now"
 | |
|         AC_TRY_LINK(,,SECLDFLAGS="${SECLDFLAGS} -z now"
 | |
|             AC_MSG_RESULT(yes),
 | |
|             AC_MSG_RESULT(no))
 | |
|         LDFLAGS="${TMPLDFLAGS}"
 | |
| 
 | |
|         AC_SUBST(SECCFLAGS)
 | |
|         AC_SUBST(SECLDFLAGS)
 | |
|     ])
 | |
| 
 | |
|     #enable profile generation
 | |
|     AC_ARG_ENABLE(gccprofile,
 | |
|            AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),,[enable_gccprofile=no])
 | |
|     AS_IF([test "x$enable_gccprofile" = "xyes"], [
 | |
|         CFLAGS="${CFLAGS} -pg"
 | |
|     ])
 | |
| 
 | |
|     #enable gcc march=native gcc 4.2 or later
 | |
|     AC_ARG_ENABLE(gccmarch_native,
 | |
|            AS_HELP_STRING([--enable-gccmarch-native], [Enable gcc march=native gcc 4.2 and later only]),,[enable_gccmarch_native=yes])
 | |
|     AS_IF([test "x$enable_gccmarch_native" = "xyes"], [
 | |
|         case "$host" in
 | |
|             *powerpc*)
 | |
|                 ;;
 | |
|             *)
 | |
|             OFLAGS="$CFLAGS"
 | |
|             CFLAGS="$CFLAGS -march=native"
 | |
|             AC_MSG_CHECKING([checking if $CC supports -march=native])
 | |
|             AC_COMPILE_IFELSE(  [AC_LANG_PROGRAM([[#include <stdlib.h>]])],
 | |
|                         [
 | |
|                           AC_MSG_RESULT([yes])
 | |
|                           OPTIMIZATION_CFLAGS="-march=native"
 | |
|                           AC_SUBST(OPTIMIZATION_CFLAGS)
 | |
|                         ],
 | |
|                         [
 | |
|                           AC_MSG_RESULT([no])
 | |
|                           CFLAGS="$OFLAGS"
 | |
|                           enable_gccmarch_native=no
 | |
|                         ]
 | |
|                      )
 | |
|                 ;;
 | |
|         esac
 | |
|     ])
 | |
| 
 | |
| # options
 | |
| 
 | |
|   # enable the running of unit tests
 | |
|     AC_ARG_ENABLE(unittests,
 | |
|            AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),,[enable_unittests=no])
 | |
|     AS_IF([test "x$enable_unittests" = "xyes"], [
 | |
|         AC_DEFINE([UNITTESTS],[1],[Enable built-in unittests])
 | |
|     ])
 | |
|     AM_CONDITIONAL([BUILD_UNITTESTS], [test "x$enable_unittests" = "xyes"])
 | |
| 
 | |
|   # enable the building of ebpf files 
 | |
|     AC_ARG_ENABLE(ebpf-build,
 | |
|            AS_HELP_STRING([--enable-ebpf-build], [Enable compilation of ebpf files]),,[enable_ebpf_build=no])
 | |
|     AM_CONDITIONAL([BUILD_EBPF], [test "x$enable_ebpf_build" = "xyes"])
 | |
| 
 | |
|     if test "x$enable_ebpf_build" = "xyes"; then
 | |
|         if echo $CC | grep clang; then
 | |
|             if test "x$CC" = "xclang"; then
 | |
|                 AC_MSG_CHECKING([llc binary])
 | |
|                 AC_PATH_PROG(HAVE_LLC, llc, "yes", "no")
 | |
|                 if test "$HAVE_LLC" = "yes"; then
 | |
|                     LLC="llc"
 | |
|                     AC_SUBST(LLC)
 | |
|                 else
 | |
|                     AC_MSG_CHECKING([llc binary for clang version])
 | |
|                     llc_version_line=$($CC --version|$GREP version)
 | |
|                     llc_version=$(echo $llc_version_line| cut -d '(' -f 1 | $GREP -E -o '@<:@0-9@:>@\.@<:@0-9@:>@')
 | |
|                     AC_MSG_RESULT($llc_version)
 | |
|                     LLC="llc-$llc_version"
 | |
|                     AC_SUBST(LLC)
 | |
|                 fi
 | |
|             else
 | |
|                 AC_MSG_CHECKING([llc binary for clang version])
 | |
|                 llc_version_line=$($CC --version|$GREP version)
 | |
|                 llc_version=$(echo $llc_version_line| cut -d '(' -f 1 | $GREP -E -o '@<:@0-9@:>@\.@<:@0-9@:>@')
 | |
|                 AC_MSG_RESULT($llc_version)
 | |
|                 LLC="llc-$llc_version"
 | |
|                 AC_SUBST(LLC)
 | |
|             fi
 | |
|         else
 | |
|             echo "clang needed to build ebpf files"
 | |
|             exit 1        
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # enable workaround for old barnyard2 for unified alert output
 | |
|     AC_ARG_ENABLE(old-barnyard2,
 | |
|            AS_HELP_STRING([--enable-old-barnyard2], [Use workaround for old barnyard2 in unified2 output]),,[enable_old_barnyard2=no])
 | |
|     AS_IF([test "x$enable_old_barnyard2" = "xyes"], [
 | |
|         AC_DEFINE([HAVE_OLD_BARNYARD2],[1],[Use workaround for old barnyard2 in unified2 output])
 | |
|     ])
 | |
| 
 | |
|   # enable debug output
 | |
|     AC_ARG_ENABLE(debug,
 | |
|            AS_HELP_STRING([--enable-debug], [Enable debug output]),,[enable_debug=no])
 | |
|     AS_IF([test "x$enable_debug" = "xyes"], [
 | |
|         AC_DEFINE([DEBUG],[1],[Enable debug output])
 | |
|     ])
 | |
|     AM_CONDITIONAL([DEBUG], [test "x$enable_debug" = "xyes"])
 | |
| 
 | |
|   # enable debug validation functions & macro's output
 | |
|     AC_ARG_ENABLE(debug-validation,
 | |
|            AS_HELP_STRING([--enable-debug-validation], [Enable (debug) validation code output]),,[enable_debug_validation=no])
 | |
|     AS_IF([test "x$enable_debug_validation" = "xyes"], [
 | |
|         if test "$enable_unittests" = "yes"; then
 | |
|             AC_MSG_ERROR([debug_validation can't be enabled with enabled unittests!])
 | |
|         else
 | |
|             AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output])
 | |
|         fi
 | |
|     ])
 | |
| 
 | |
|   # profiling support
 | |
|     AC_ARG_ENABLE(profiling,
 | |
|            AS_HELP_STRING([--enable-profiling], [Enable performance profiling]),,[enable_profiling=no])
 | |
|     AS_IF([test "x$enable_profiling" = "xyes"], [
 | |
|     case "$host" in
 | |
|         *-*-openbsd*)
 | |
|             AC_MSG_ERROR([profiling is not supported on OpenBSD])
 | |
|             ;;
 | |
|         *)
 | |
|             AC_DEFINE([PROFILING],[1],[Enable performance profiling])
 | |
|             ;;
 | |
|     esac
 | |
|     ])
 | |
| 
 | |
|   # profiling support, locking
 | |
|     AC_ARG_ENABLE(profiling-locks,
 | |
|            AS_HELP_STRING([--enable-profiling-locks], [Enable performance profiling for locks]),,[enable_profiling_locks=no])
 | |
|     AS_IF([test "x$enable_profiling_locks" = "xyes"], [
 | |
|         AC_DEFINE([PROFILING],[1],[Enable performance profiling])
 | |
|         AC_DEFINE([PROFILE_LOCKING],[1],[Enable performance profiling for locks])
 | |
|     ])
 | |
| 
 | |
|   # enable support for IPFW
 | |
|     AC_ARG_ENABLE(ipfw,
 | |
|             AS_HELP_STRING([--enable-ipfw], [Enable FreeBSD IPFW support for inline IDP]),,[enable_ipfw=no])
 | |
|     AS_IF([test "x$enable_ipfw" = "xyes"], [
 | |
|         AC_DEFINE([IPFW],[1],[Enable FreeBSD IPFW support for inline IDP])
 | |
|     ])
 | |
| 
 | |
|     AC_ARG_ENABLE(coccinelle,
 | |
|            AS_HELP_STRING([--disable-coccinelle], [Disable coccinelle QA steps during make check]),[enable_coccinelle="$enableval"],[enable_coccinelle=yes])
 | |
|     AS_IF([test "x$enable_coccinelle" = "xyes"], [
 | |
|         AC_PATH_PROG(HAVE_COCCINELLE_CONFIG, spatch, "no")
 | |
|         if test "$HAVE_COCCINELLE_CONFIG" = "no"; then
 | |
|             enable_coccinelle=no
 | |
|         fi
 | |
|     ])
 | |
|     AM_CONDITIONAL([HAVE_COCCINELLE], [test "x$enable_coccinelle" != "xno"])
 | |
| 
 | |
|   # disable detection
 | |
|     AC_ARG_ENABLE(detection,
 | |
|            AS_HELP_STRING([--disable-detection], [Disable Detection Modules]), [enable_detection="$enableval"],[enable_detection=yes])
 | |
|     AS_IF([test "x$enable_detection" = "xno"], [
 | |
|         AC_DEFINE([HAVE_DETECT_DISABLED], [1], [Detection is disabled])
 | |
|     ])
 | |
| 
 | |
|   # Tilera PCIE logging
 | |
|     AM_CONDITIONAL([BUILD_PCIE_LOGGING], [test ! -z "$TILERA_ROOT"])
 | |
| 
 | |
| # libraries
 | |
| 
 | |
|   # zlib
 | |
|     AC_ARG_WITH(zlib_includes,
 | |
|             [  --with-zlib-includes=DIR  zlib include directory],
 | |
|             [with_zlib_includes="$withval"],[with_zlib_includes=no])
 | |
|     AC_ARG_WITH(zlib_libraries,
 | |
|             [  --with-zlib-libraries=DIR    zlib library directory],
 | |
|             [with_zlib_libraries="$withval"],[with_zlib_libraries="no"])
 | |
| 
 | |
|     if test "$with_zlib_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_zlib_includes}"
 | |
|     fi
 | |
| 
 | |
|     AC_CHECK_HEADER(zlib.h, ZLIB="yes",ZLIB="no")
 | |
|     if test "$ZLIB" = "yes"; then
 | |
|         if test "$with_zlib_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_zlib_libraries}"
 | |
|         fi
 | |
| 
 | |
|         # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|         # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|         ZLIB=""
 | |
|         TMPLIBS="${LIBS}"
 | |
|         AC_CHECK_LIB(z,inflate,,ZLIB="no")
 | |
| 
 | |
|         if test "$ZLIB" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR!  zlib library not found, go get it"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|         LIBS="${TMPLIBS} -lz"
 | |
|     fi
 | |
| 
 | |
|   # liblzma
 | |
|     enable_liblzma=no
 | |
| 
 | |
|     AC_ARG_WITH(liblzma_includes,
 | |
|             [  --with-liblzma-includes=DIR  liblzma include directory],
 | |
|             [with_liblzma_includes="$withval"],[with_liblzma_includes=no])
 | |
|     AC_ARG_WITH(liblzma_libraries,
 | |
|             [  --with-liblzma-libraries=DIR    liblzma library directory],
 | |
|             [with_liblzma_libraries="$withval"],[with_liblzma_libraries="no"])
 | |
| 
 | |
|     if test "$with_liblzma_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_liblzma_includes}"
 | |
|     fi
 | |
| 
 | |
|     AC_CHECK_HEADER(lzma.h,LIBLZMA="yes",LIBLZMA="no")
 | |
|     if test "$LIBLZMA" = "yes"; then
 | |
|         if test "$with_liblzma_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_liblzma_libraries}"
 | |
|         fi
 | |
| 
 | |
|         # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|         # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|         LIBLZMA=""
 | |
|         TMPLIBS="${LIBS}"
 | |
|         AC_CHECK_LIB(lzma,lzma_code,,LIBLZMA="no")
 | |
| 
 | |
|         if test "$LIBLZMA" = "no"; then
 | |
|             echo
 | |
|             echo "   Warning! liblzma library not found, you will not be"
 | |
|             echo "   able to decompress flash file compressed with lzma."
 | |
|             echo
 | |
|             enable_liblzma=no
 | |
|         else
 | |
|             enable_liblzma=yes
 | |
|             AC_DEFINE([HAVE_LIBLZMA],[1],[liblzma available])
 | |
|             LIBS="${TMPLIBS} -llzma"
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|     AC_MSG_CHECKING([for Mpipe])
 | |
|     AC_COMPILE_IFELSE(
 | |
|         [AC_LANG_PROGRAM([[#include <gxio/mpipe.h>]])],
 | |
|         [
 | |
|         AC_MSG_RESULT([yes])
 | |
|         AC_DEFINE([HAVE_MPIPE],[1],[mPIPE support is available])
 | |
|         LDFLAGS="$LDFLAGS -lgxpci -lgxio -ltmc"
 | |
|         ],
 | |
|         [AC_MSG_RESULT([no])])
 | |
| 
 | |
|   #libpcre
 | |
|     AC_ARG_WITH(libpcre_includes,
 | |
|             [  --with-libpcre-includes=DIR  libpcre include directory],
 | |
|             [with_libpcre_includes="$withval"],[with_libpcre_includes=no])
 | |
|     AC_ARG_WITH(libpcre_libraries,
 | |
|             [  --with-libpcre-libraries=DIR    libpcre library directory],
 | |
|             [with_libpcre_libraries="$withval"],[with_libpcre_libraries="no"])
 | |
| 
 | |
|     if test "$with_libpcre_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libpcre_includes}"
 | |
|     fi
 | |
|     AC_CHECK_HEADER(pcre.h,,[AC_ERROR(pcre.h not found ...)])
 | |
| 
 | |
|     if test "$with_libpcre_libraries" != "no"; then
 | |
|         LDFLAGS="${LDFLAGS} -L${with_libpcre_libraries}"
 | |
|     fi
 | |
|     PCRE=""
 | |
|     AC_CHECK_LIB(pcre, pcre_get_substring,, PCRE="no")
 | |
|     if test "$PCRE" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR!  pcre library not found, go get it"
 | |
|         echo "   from www.pcre.org."
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|     # libpcre 8.35 (especially on debian) has a known issue that results in segfaults
 | |
|     # see https://redmine.openinfosecfoundation.org/issues/1693
 | |
|     if test "$with_libpcre_libraries" = "no"; then
 | |
|         PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.35],[libpcre_buggy_found="yes"],[libprce_buggy_found="no"])
 | |
|         if test "$libpcre_buggy_found" = "yes"; then
 | |
|             echo
 | |
|             echo "   Warning! vulnerable libpcre version 8.35 found"
 | |
|             echo "   This version has a known issue that could result in segfaults"
 | |
|             echo "   please upgrade to a newer version of pcre which you can get from"
 | |
|             echo "   www.pcre.org. For more information, see issue #1693"
 | |
|             echo
 | |
|             echo "   Continuing for now with JIT disabled..."
 | |
|             echo
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|     # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|     # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|     PCRE=""
 | |
|     TMPLIBS="${LIBS}"
 | |
|     AC_CHECK_LIB(pcre, pcre_dfa_exec,, PCRE="no")
 | |
|     if test "$PCRE" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR!  pcre library was found but version was < 6.0"
 | |
|         echo "   please upgrade to a newer version of pcre which you can get from"
 | |
|         echo "   www.pcre.org."
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
|     LIBS="${TMPLIBS}"
 | |
| 
 | |
|     AC_TRY_COMPILE([ #include <pcre.h> ],
 | |
|         [ int eo = 0; eo |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; ],
 | |
|         [ pcre_match_limit_recursion_available=yes ], [:]
 | |
|     )
 | |
|     if test "$pcre_match_limit_recursion_available" != "yes"; then
 | |
|         echo
 | |
|         echo "   Warning! pcre extra opt PCRE_EXTRA_MATCH_LIMIT_RECURSION not found"
 | |
|         echo "   This could lead to potential DoS please upgrade to pcre >= 6.5"
 | |
|         echo "   from www.pcre.org."
 | |
|         echo "   Continuing for now...."
 | |
|         echo
 | |
|         AC_DEFINE([NO_PCRE_MATCH_RLIMIT],[1],[Pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION not available])
 | |
|     fi
 | |
| 
 | |
|     TMPCFLAGS="${CFLAGS}"
 | |
|     CFLAGS="-O0 -g -Werror -Wall"
 | |
|     AC_TRY_COMPILE([ #include <pcre.h> ],
 | |
|         [ pcre_extra *extra = NULL; pcre_free_study(extra); ],
 | |
|         [ AC_DEFINE([HAVE_PCRE_FREE_STUDY], [1], [Pcre pcre_free_study supported])], [:]
 | |
|     )
 | |
|     CFLAGS="${TMPCFLAGS}"
 | |
| 
 | |
|     #enable support for PCRE-jit available since pcre-8.20
 | |
|     AC_MSG_CHECKING(for PCRE JIT support)
 | |
|     AC_TRY_COMPILE([ #include <pcre.h> ],
 | |
|         [
 | |
|         int jit = 0;
 | |
|         pcre_config(PCRE_CONFIG_JIT, &jit);
 | |
|         ],
 | |
|         [ pcre_jit_available=yes ], [ pcre_jit_available=no ]
 | |
|         )
 | |
| 
 | |
|     case $host in
 | |
|         *powerpc64*)
 | |
|             PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.39],[libpcre_ppc64_buggy_found1="yes"],[libprce_ppc64_buggy_found1="no"])
 | |
|             PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.40],[libpcre_ppc64_buggy_found2="yes"],[libprce_ppc64_buggy_found2="no"])
 | |
| 
 | |
|             if test "$libprce_ppc64_buggy_found1" = "yes" || test "$libprce_ppc64_buggy_found2"; then
 | |
|                 # on powerpc64, both gcc and clang lead to SIGILL in
 | |
|                 # unittests when jit is enabled.
 | |
|                 pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64"
 | |
|             fi
 | |
|         ;;
 | |
|         *)
 | |
|             # bug 1693, libpcre 8.35 is broken and debian jessie is still using that
 | |
|             if test "$libpcre_buggy_found" = "yes"; then
 | |
|                 pcre_jit_available="no, libpcre 8.35 blacklisted"
 | |
|             fi
 | |
|         ;;
 | |
|     esac
 | |
| 
 | |
|     if test "x$pcre_jit_available" = "xyes"; then
 | |
|        AC_MSG_RESULT(yes)
 | |
|        AC_DEFINE([PCRE_HAVE_JIT], [1], [Pcre with JIT compiler support enabled])
 | |
| 
 | |
|        AC_MSG_CHECKING(for PCRE JIT support usability)
 | |
|        AC_TRY_COMPILE([ #include <pcre.h> ],
 | |
|            [
 | |
|            const char* regexstr = "(a|b|c|d)";
 | |
|            pcre *re;
 | |
|            const char *error;
 | |
|            pcre_extra *extra;
 | |
|            int err_offset;
 | |
|            re = pcre_compile(regexstr,0, &error, &err_offset,NULL);
 | |
|            extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
 | |
|            if (extra == NULL)
 | |
|                exit(EXIT_FAILURE);
 | |
|            int jit = 0;
 | |
|            int ret = pcre_fullinfo(re, extra, PCRE_INFO_JIT, &jit);
 | |
|            if (ret != 0 || jit != 1)
 | |
|                exit(EXIT_FAILURE);
 | |
|            exit(EXIT_SUCCESS);
 | |
|            ],
 | |
|            [ pcre_jit_works=yes ], [:]
 | |
|        )
 | |
|        if test "x$pcre_jit_works" != "xyes"; then
 | |
|            AC_MSG_RESULT(no)
 | |
|            echo
 | |
|            echo "   PCRE JIT support detection worked but testing it failed"
 | |
|            echo "   something odd is going on, please file a bug report."
 | |
|            echo
 | |
|            exit 1
 | |
|        else
 | |
|            AC_MSG_RESULT(yes)
 | |
|        fi
 | |
|     else
 | |
|         AC_MSG_RESULT(no)
 | |
|     fi
 | |
| 
 | |
|   # libhs
 | |
|     enable_hyperscan="no"
 | |
| 
 | |
|     # Try pkg-config first:
 | |
|     PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no])
 | |
|     if test "$with_pkgconfig_libhs" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} ${libhs_CFLAGS}"
 | |
|         LIBS="${LIBS} ${libhs_LIBS}"
 | |
|     fi
 | |
| 
 | |
|     AC_ARG_WITH(libhs_includes,
 | |
|             [  --with-libhs-includes=DIR  libhs include directory],
 | |
|             [with_libhs_includes="$withval"],[with_libhs_includes=no])
 | |
|     AC_ARG_WITH(libhs_libraries,
 | |
|             [  --with-libhs-libraries=DIR    libhs library directory],
 | |
|             [with_libhs_libraries="$withval"],[with_libhs_libraries="no"])
 | |
| 
 | |
|     if test "$with_libhs_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libhs_includes}"
 | |
|     fi
 | |
|     AC_CHECK_HEADER(hs.h,HYPERSCAN="yes",HYPERSCAN="no")
 | |
|     if test "$HYPERSCAN" = "yes"; then
 | |
|         if test "$with_libhs_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_libhs_libraries}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_LIB(hs,hs_compile,,HYPERSCAN="no")
 | |
|         AC_CHECK_FUNCS(hs_valid_platform)
 | |
|         enable_hyperscan="yes"
 | |
|         if test "$HYPERSCAN" = "no"; then
 | |
|             echo
 | |
|             echo "   Hyperscan headers are present, but link test failed."
 | |
|             echo "   Check that you have a shared library and C++ linkage available."
 | |
|             echo
 | |
|             enable_hyperscan="no"
 | |
|         fi
 | |
|     fi
 | |
|     AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])])
 | |
| 
 | |
|   # libyaml
 | |
|     AC_ARG_WITH(libyaml_includes,
 | |
|             [  --with-libyaml-includes=DIR  libyaml include directory],
 | |
|             [with_libyaml_includes="$withval"],[with_libyaml_includes=no])
 | |
|     AC_ARG_WITH(libyaml_libraries,
 | |
|             [  --with-libyaml-libraries=DIR    libyaml library directory],
 | |
|             [with_libyaml_libraries="$withval"],[with_libyaml_libraries="no"])
 | |
| 
 | |
|     if test "$with_libyaml_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libyaml_includes}"
 | |
|     fi
 | |
| 
 | |
|     AC_CHECK_HEADER(yaml.h,,LIBYAML="no")
 | |
| 
 | |
|     if test "$with_libyaml_libraries" != "no"; then
 | |
|         LDFLAGS="${LDFLAGS} -L${with_libyaml_libraries}"
 | |
|     fi
 | |
| 
 | |
|     LIBYAML=""
 | |
|     AC_CHECK_LIB(yaml,yaml_parser_initialize,,LIBYAML="no")
 | |
| 
 | |
|     if test "$LIBYAML" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR!  libyaml library not found, go get it"
 | |
|         echo "   from http://pyyaml.org/wiki/LibYAML "
 | |
|         echo "   or your distribution:"
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install libyaml-dev"
 | |
|         echo "   Fedora: dnf install libyaml-devel"
 | |
|         echo "   CentOS/RHEL: yum install libyaml-devel"
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|   # libpthread
 | |
|     AC_ARG_WITH(libpthread_includes,
 | |
|             [  --with-libpthread-includes=DIR  libpthread include directory],
 | |
|             [with_libpthread_includes="$withval"],[with_libpthread_includes=no])
 | |
|     AC_ARG_WITH(libpthread_libraries,
 | |
|             [  --with-libpthread-libraries=DIR    libpthread library directory],
 | |
|             [with_libpthread_libraries="$withval"],[with_libpthread_libraries="no"])
 | |
| 
 | |
|     if test "$with_libpthread_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libpthread_includes}"
 | |
|     fi
 | |
| 
 | |
|     dnl AC_CHECK_HEADER(pthread.h,,[AC_ERROR(pthread.h not found ...)])
 | |
| 
 | |
|     if test "$with_libpthread_libraries" != "no"; then
 | |
|         LDFLAGS="${LDFLAGS}  -L${with_libpthread_libraries}"
 | |
|     fi
 | |
| 
 | |
|     PTHREAD=""
 | |
|     AC_CHECK_LIB(pthread, pthread_create,, PTHREAD="no")
 | |
| 
 | |
|     if test "$PTHREAD" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR! libpthread library not found, glibc problem?"
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|   # libjansson
 | |
|     enable_jansson="no"
 | |
|     AC_ARG_WITH(libjansson_includes,
 | |
|             [  --with-libjansson-includes=DIR  libjansson include directory],
 | |
|             [with_libjansson_includes="$withval"],[with_libjansson_includes=no])
 | |
|     AC_ARG_WITH(libjansson_libraries,
 | |
|             [  --with-libjansson-libraries=DIR    libjansson library directory],
 | |
|             [with_libjansson_libraries="$withval"],[with_libjansson_libraries="no"])
 | |
| 
 | |
|     if test "$with_libjansson_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libjansson_includes}"
 | |
|     fi
 | |
| 
 | |
|     enable_jansson="no"
 | |
|     enable_unixsocket="no"
 | |
| 
 | |
|     AC_ARG_ENABLE(unix-socket,
 | |
|            AS_HELP_STRING([--enable-unix-socket], [Enable unix socket [default=test]]),[enable_unixsocket="$enableval"],[enable_unixsocket=test])
 | |
| 
 | |
|     AC_CHECK_HEADER(jansson.h,JANSSON="yes",JANSSON="no")
 | |
|     if test "$JANSSON" = "yes"; then
 | |
|         if test "$with_libjansson_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_libjansson_libraries}"
 | |
|         fi
 | |
| 
 | |
| 	    AC_CHECK_LIB(jansson, json_dump_callback,, JANSSON="no")
 | |
|         enable_jansson="yes"
 | |
|         if test "$JANSSON" = "no"; then
 | |
|             echo
 | |
|             echo "   Jansson >= 2.2 is required for features like unix socket"
 | |
|             echo "   Go get it from your distribution or from:"
 | |
|             echo "     http://www.digip.org/jansson/"
 | |
|             echo
 | |
|             if test "x$enable_unixsocket" = "xyes"; then
 | |
|                 exit 1
 | |
|             fi
 | |
|             enable_unixsocket="no"
 | |
|             enable_jansson="no"
 | |
|         else
 | |
|             case $host in
 | |
|                 *-*-mingw32*)
 | |
|                     enable_unixsocket="no"
 | |
|                     ;;
 | |
|                 *-*-cygwin)
 | |
|                     enable_unixsocket="no"
 | |
|                     ;;
 | |
|                 *)
 | |
|                     if test "x$enable_unixsocket" = "xtest"; then
 | |
|                         enable_unixsocket="yes"
 | |
|                     fi
 | |
|                     ;;
 | |
|             esac
 | |
|         fi
 | |
|     else
 | |
|         if test "x$enable_unixsocket" = "xyes"; then
 | |
|             echo
 | |
|             echo "   Jansson >= 2.2 is required for features like unix socket"
 | |
|             echo "   Go get it from your distribution or from:"
 | |
|             echo "     http://www.digip.org/jansson/"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|         enable_unixsocket="no"
 | |
|     fi
 | |
| 
 | |
|     AS_IF([test "x$enable_unixsocket" = "xyes"], [AC_DEFINE([BUILD_UNIX_SOCKET], [1], [Unix socket support enabled])])
 | |
|     e_enable_evelog=$enable_jansson
 | |
| 
 | |
|     AC_ARG_ENABLE(nflog,
 | |
|             AS_HELP_STRING([--enable-nflog],[Enable libnetfilter_log support]),
 | |
|                            [ enable_nflog="yes"],
 | |
|                            [ enable_nflog="no"])
 | |
|     AC_ARG_ENABLE(nfqueue,
 | |
|            AS_HELP_STRING([--enable-nfqueue], [Enable NFQUEUE support for inline IDP]),[enable_nfqueue=yes],[enable_nfqueue=no])
 | |
|     if test "$enable_nfqueue" != "no"; then
 | |
|         PKG_CHECK_MODULES([libnetfilter_queue], [libnetfilter_queue], [enable_nfqueue=yes], [enable_nfqueue=no])
 | |
|         CPPFLAGS="${CPPFLAGS} ${libnetfilter_queue_CFLAGS}"
 | |
|     fi
 | |
| 
 | |
|     if test "x$enable_nflog" = "xyes" || test  "x$enable_nfqueue" = "xyes"; then
 | |
|   # libnfnetlink
 | |
|         case $host in
 | |
|         *-*-mingw32*)
 | |
|             ;;
 | |
|         *)
 | |
|             AC_ARG_WITH(libnfnetlink_includes,
 | |
|                     [  --with-libnfnetlink-includes=DIR  libnfnetlink include directory],
 | |
|                     [with_libnfnetlink_includes="$withval"],[with_libnfnetlink_includes=no])
 | |
|             AC_ARG_WITH(libnfnetlink_libraries,
 | |
|                     [  --with-libnfnetlink-libraries=DIR    libnfnetlink library directory],
 | |
|                     [with_libnfnetlink_libraries="$withval"],[with_libnfnetlink_libraries="no"])
 | |
| 
 | |
|             if test "$with_libnfnetlink_includes" != "no"; then
 | |
|                 CPPFLAGS="${CPPFLAGS} -I${with_libnfnetlink_includes}"
 | |
|             fi
 | |
| 
 | |
|             if test "$with_libnfnetlink_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libnfnetlink_libraries}"
 | |
|             fi
 | |
| 
 | |
|             NFNL=""
 | |
|             AC_CHECK_LIB(nfnetlink, nfnl_fd,, NFNL="no")
 | |
| 
 | |
|             if test "$NFNL" = "no"; then
 | |
|                 echo
 | |
|                 echo "   ERROR!  nfnetlink library not found, go get it"
 | |
|                 echo "   from www.netfilter.org."
 | |
|                 echo "   we automatically append libnetfilter_queue/ when searching"
 | |
|                 echo "   for headers etc. when the --with-libnfnetlink-includes directive"
 | |
|                 echo "   is used"
 | |
|                 echo
 | |
|             fi
 | |
|             ;;
 | |
|         esac
 | |
|     fi
 | |
| 
 | |
|     # enable support for NFQUEUE
 | |
|     if test "x$enable_nfqueue" = "xyes"; then
 | |
|         AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP])
 | |
| 
 | |
|       #libnetfilter_queue
 | |
|         AC_ARG_WITH(libnetfilter_queue_includes,
 | |
|             [  --with-libnetfilter_queue-includes=DIR  libnetfilter_queue include directory],
 | |
|             [with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no])
 | |
|         AC_ARG_WITH(libnetfilter_queue_libraries,
 | |
|             [  --with-libnetfilter_queue-libraries=DIR    libnetfilter_queue library directory],
 | |
|             [with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"])
 | |
| 
 | |
|         if test "$with_libnetfilter_queue_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
 | |
| 
 | |
|         if test "$with_libnetfilter_queue_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_libnetfilter_queue_libraries}"
 | |
|         fi
 | |
| 
 | |
|         NFQ=""
 | |
|         AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",)
 | |
|         AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink])
 | |
|         AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink])
 | |
|         AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_flags],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_QUEUE_FLAGS],[1],[Found nfq_set_queue_flags function in netfilter_queue]) ,,[-lnfnetlink])
 | |
|         AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict_batch],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT_BATCH],[1],[Found nfq_set_verdict_batch function in netfilter_queue]) ,,[-lnfnetlink])
 | |
| 
 | |
|         # check if the argument to nfq_get_payload is signed or unsigned
 | |
|         AC_MSG_CHECKING([for signed nfq_get_payload payload argument])
 | |
|         STORECFLAGS="${CFLAGS}"
 | |
|         if test `basename $CC` = "clang"; then
 | |
|             CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
 | |
|         else
 | |
|             CFLAGS="${CFLAGS} -Werror"
 | |
|         fi
 | |
|         AC_COMPILE_IFELSE(
 | |
|             [AC_LANG_PROGRAM(
 | |
|                 [
 | |
|                     #include <stdio.h>
 | |
|                     #include <libnetfilter_queue/libnetfilter_queue.h>
 | |
|                 ],
 | |
|                 [
 | |
|                     char *pktdata;
 | |
|                     nfq_get_payload(NULL, &pktdata);
 | |
|                 ])],
 | |
|             [libnetfilter_queue_nfq_get_payload_signed="yes"],
 | |
|             [libnetfilter_queue_nfq_get_payload_signed="no"])
 | |
|         AC_MSG_RESULT($libnetfilter_queue_nfq_get_payload_signed)
 | |
|         if test "x$libnetfilter_queue_nfq_get_payload_signed" = "xyes"; then
 | |
|             AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload])
 | |
|         fi
 | |
|         CFLAGS="${STORECFLAGS}"
 | |
| 
 | |
|         if test "$NFQ" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR!  libnetfilter_queue library not found, go get it"
 | |
|             echo "   from www.netfilter.org."
 | |
|             echo "   we automatically append libnetfilter_queue/ when searching"
 | |
|             echo "   for headers etc. when the --with-libnfq-includes directive"
 | |
|             echo "   is used"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # libnetfilter_log
 | |
|     AC_ARG_WITH(libnetfilter_log_includes,
 | |
|             [  --with-libnetfilter_log-includes=DIR  libnetfilter_log include directory],
 | |
|             [with_libnetfilter_log_includes="$withval"],[with_libnetfilter_log_includes="no"])
 | |
|     AC_ARG_WITH(libnetfilter_log_libraries,
 | |
|             [  --with-libnetfilter_log-libraries=DIR    libnetfilter_log library directory],
 | |
|             [with_libnetfilter_log_libraries="$withval"],[with_libnetfilter_log_libraries="no"])
 | |
| 
 | |
|     if test "$enable_nflog" = "yes"; then
 | |
|         if test "$with_libnetfilter_log_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_log_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(libnetfilter_log/libnetfilter_log.h,,[AC_ERROR(libnetfilter_log.h not found ...)])
 | |
| 
 | |
|         if test "$with_libnetfilter_log_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_libnetfilter_log_libraries}"
 | |
|         fi
 | |
| 
 | |
|         NFLOG=""
 | |
|         AC_CHECK_LIB(netfilter_log, nflog_open,, NFLOG="no")
 | |
| 
 | |
|         if test "$NFLOG" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR!  libnetfilter_log library not found, go get it"
 | |
|             echo "   from http://www.netfilter.org."
 | |
|             echo
 | |
|             exit 1
 | |
|         else
 | |
|             AC_DEFINE([HAVE_NFLOG],[1],[nflog available])
 | |
|             enable_nflog="yes"
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # WinDivert support
 | |
|     AC_ARG_ENABLE(windivert,
 | |
|         AS_HELP_STRING([--enable-windivert],[Enable WinDivert support [default=no]]),,
 | |
|         [enable_windivert="no"])
 | |
|     
 | |
|   # WinDivert can only be enabled on Windows builds
 | |
|     AC_CHECK_DECL([OS_WIN32],,[enable_windivert="no"])
 | |
| 
 | |
|     if test "x$enable_windivert" = "xyes"; then
 | |
|         # WinDivert requires Vista at a minimum. If the user has selected their own NTDDI_VERSION
 | |
|         # then don't override it.
 | |
|         AC_CHECK_DECL([NTDDI_VERSION],,
 | |
|                 [CFLAGS="${CFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"])
 | |
| 
 | |
|         AC_DEFINE_UNQUOTED([WINDIVERT],[1],[Enable Windows WinDivert support for inline IDP])
 | |
| 
 | |
|         AC_ARG_WITH(windivert_include,
 | |
|                 [  --with-windivert-include=DIR WinDivert include path],
 | |
|                 [with_windivert_include="$withval"],[with_windivert_include="no"])
 | |
|         AC_ARG_WITH(windivert_libraries,
 | |
|                 [  --with-windivert-libraries=DIR WinDivert library path],
 | |
|                 [with_windivert_libraries="$withval"],[with_windivert_libraries="no"])
 | |
| 
 | |
|         if test "$with_windivert_include" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_windivert_include}"
 | |
|         fi
 | |
| 
 | |
|         if test "$with_windivert_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS} -L${with_windivert_libraries}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(windivert.h,,WINDIVERT_INC="no")
 | |
|         AC_CHECK_LIB(WinDivert, WinDivertOpen,, WINDIVERT_LIB="no")
 | |
| 
 | |
|         if test "$WINDIVERT_LIB" = "no" || test "$WINDIVERT_INC" = "no"; then
 | |
|             echo
 | |
|             echo "    ERROR! WinDivert not found, go get it from"
 | |
|             echo "    https://www.reqrypt.org/windivert.html"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|     fi
 | |
|   # /WinDivert
 | |
| 
 | |
|   # prelude
 | |
|     AC_ARG_ENABLE(prelude,
 | |
|             AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),,[enable_prelude=no])
 | |
|     # Prelude doesn't work with -Werror
 | |
|     STORECFLAGS="${CFLAGS}"
 | |
|     CFLAGS="${CFLAGS} -Wno-error=unused-result"
 | |
| 
 | |
|     AS_IF([test "x$enable_prelude" = "xyes"], [
 | |
|         AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
 | |
|         if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
 | |
|             CPPFLAGS="${CPPFLAGS} ${LIBPRELUDE_CFLAGS}"
 | |
|         fi
 | |
| 
 | |
|         if test "x${LIBPRELUDE_LDFLAGS}" != "x"; then
 | |
|             LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LDFLAGS}"
 | |
|         fi
 | |
| 
 | |
|         if test "x${LIBPRELUDE_LIBS}" != "x"; then
 | |
|             LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LIBS}"
 | |
|         fi
 | |
|         AC_DEFINE([PRELUDE], [1], [Libprelude support enabled])
 | |
|     ])
 | |
|     CFLAGS="${STORECFLAGS}"
 | |
| 
 | |
| 
 | |
|   # libnet
 | |
|     AC_ARG_WITH(libnet_includes,
 | |
|             [  --with-libnet-includes=DIR     libnet include directory],
 | |
|             [with_libnet_includes="$withval"],[with_libnet_includes="no"])
 | |
| 
 | |
|     AC_ARG_WITH(libnet_libraries,
 | |
|             [  --with-libnet-libraries=DIR    libnet library directory],
 | |
|             [with_libnet_libraries="$withval"],[with_libnet_libraries="no"])
 | |
| 
 | |
|     if test "x$with_libnet_includes" != "xno"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}"
 | |
|         libnet_dir="${with_libnet_includes}"
 | |
|     else
 | |
|         libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include /usr/local/include/libnet-1.1"
 | |
|     fi
 | |
| 
 | |
|     if test "x$with_libnet_libraries" != "xno"; then
 | |
|         LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}"
 | |
|     fi
 | |
| 
 | |
|     LIBNET_DETECT_FAIL="no"
 | |
|     LIBNET_INC_DIR=""
 | |
| 
 | |
|     for i in $libnet_dir; do
 | |
|     if test -r "$i/libnet.h"; then
 | |
|         LIBNET_INC_DIR="$i"
 | |
|     fi
 | |
|     done
 | |
| 
 | |
|     enable_libnet="no"
 | |
|     AC_MSG_CHECKING(for libnet.h version 1.1.x)
 | |
|     if test "$LIBNET_INC_DIR" != ""; then
 | |
|         LIBNET_VER=`grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep '1.[[12]]' | sed 's/[[^"]]*"\([[^"]]*\).*/\1/'`
 | |
| 
 | |
|         if test -z "$LIBNET_VER" ; then
 | |
|             AC_MSG_RESULT(no)
 | |
|         else
 | |
|             AC_MSG_RESULT(yes)
 | |
|         fi
 | |
| 
 | |
|         #CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems
 | |
|         #to have been depreciated but all distro's seem to include it as part of the package.
 | |
|         if test "$LIBNET_DETECT_FAIL" = "no"; then
 | |
|             LLIBNET=""
 | |
|             AC_CHECK_LIB(net, libnet_write,, LLIBNET="no")
 | |
|             if test "$LLIBNET" != "no"; then
 | |
|                 AC_DEFINE([HAVE_LIBNET11],[1],(libnet 1.1 available))
 | |
|                 AC_DEFINE([_DEFAULT_SOURCE],[1],(default source))
 | |
|                 AC_DEFINE([_BSD_SOURCE],[1],(bsd source))
 | |
|                 AC_DEFINE([__BSD_SOURCE],[1],(bsd source))
 | |
|                 AC_DEFINE([__FAVOR_BSD],[1],(favor bsd))
 | |
|                 AC_DEFINE([HAVE_NET_ETHERNET_H],[1],(ethernet.h))
 | |
|                 enable_libnet="yes"
 | |
|             fi
 | |
| 
 | |
|             # see if we have the patched libnet 1.1
 | |
|             # https://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html
 | |
|             #
 | |
|             # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|             # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|             if test "$enable_libnet" = "yes"; then
 | |
|                 LLIBNET=""
 | |
|                 TMPLIBS="${LIBS}"
 | |
|                 AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no")
 | |
|                 if test "$LLIBNET" != "no"; then
 | |
|                     AC_DEFINE([HAVE_LIBNET_ICMPV6_UNREACH],[1],(libnet_build_icmpv6_unreach available))
 | |
|                 fi
 | |
|                 LIBS="${TMPLIBS}"
 | |
|             fi
 | |
| 
 | |
|             # See if we have libnet 1.1.6 or newer - these versions handle capabilities correctly
 | |
|             # Some patched 1.1.4 versions are also good, but it's not guaranteed for all distros.
 | |
|             #
 | |
|             # Details: https://bugzilla.redhat.com/show_bug.cgi?id=589770
 | |
|             AS_VERSION_COMPARE([LIBNET_VER], [1.1.6],
 | |
|                 [],
 | |
|                 [AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))],
 | |
|                 [AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))])
 | |
| 
 | |
| 
 | |
|             # check if the argument to libnet_init is char* or const char*
 | |
|             AC_MSG_CHECKING([libnet_init dev type])
 | |
|             STORECFLAGS="${CFLAGS}"
 | |
|             if test `basename $CC` = "clang"; then
 | |
|                 CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
 | |
|             else
 | |
|                 CFLAGS="${CFLAGS} -Werror"
 | |
|             fi
 | |
|             AC_COMPILE_IFELSE(
 | |
|                 [AC_LANG_PROGRAM(
 | |
|                     [
 | |
|                     #include <stdio.h>
 | |
|                     #include <libnet.h>
 | |
|                     ],
 | |
|                     [[
 | |
|                     const char dev[32] = "";
 | |
|                     char ebuf[LIBNET_ERRBUF_SIZE];
 | |
|                     (void)libnet_init(LIBNET_LINK, dev, ebuf);
 | |
|                     ]])],
 | |
|                 [libnet_init_const="yes"],
 | |
|                 [libnet_init_const="no"])
 | |
|             AC_MSG_RESULT($libnet_init_const)
 | |
|             if test "x$libnet_init_const" = "xyes"; then
 | |
|                 AC_DEFINE([HAVE_LIBNET_INIT_CONST], [1], [libnet_init takes const argument])
 | |
|             fi
 | |
|             CFLAGS="${STORECFLAGS}"
 | |
|         fi
 | |
|     else
 | |
|         AC_MSG_RESULT(no)
 | |
|     fi
 | |
| 
 | |
|   # libpcap
 | |
|     AC_ARG_WITH(libpcap_includes,
 | |
|             [  --with-libpcap-includes=DIR  libpcap include directory],
 | |
|             [with_libpcap_includes="$withval"],[with_libpcap_includes=no])
 | |
|     AC_ARG_WITH(libpcap_libraries,
 | |
|             [  --with-libpcap-libraries=DIR    libpcap library directory],
 | |
|             [with_libpcap_libraries="$withval"],[with_libpcap_libraries="no"])
 | |
| 
 | |
|     if test "$with_libpcap_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}"
 | |
|     fi
 | |
| 
 | |
|     AC_CHECK_HEADER(pcap.h,,[AC_ERROR(pcap.h not found ...)])
 | |
| 
 | |
|     if test "$with_libpcap_libraries" != "no"; then
 | |
|         LDFLAGS="${LDFLAGS}  -L${with_libpcap_libraries}"
 | |
|     fi
 | |
|     AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
 | |
| 
 | |
|     LIBPCAP=""
 | |
|     AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no")
 | |
|     if test "$LIBPCAP" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR!  libpcap library not found, go get it"
 | |
|         echo "   from http://www.tcpdump.org or your distribution:"
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install libpcap-dev"
 | |
|         echo "   Fedora: dnf install libpcap-devel"
 | |
|         echo "   CentOS/RHEL: yum install libpcap-devel"
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|     # pcap_activate and pcap_create only exists in libpcap >= 1.0
 | |
|     LIBPCAPVTEST=""
 | |
|     #To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|     #see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|     TMPLIBS="${LIBS}"
 | |
|     AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_activate,, LPCAPVTEST="no")
 | |
|     if test "$LPCAPVTEST" = "no"; then
 | |
|         echo
 | |
|         echo "   ERROR!  libpcap library too old, need at least 1+, "
 | |
|         echo "   go get it from http://www.tcpdump.org or your distribution:"
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install libpcap-dev"
 | |
|         echo "   Fedora: dnf install libpcap-devel"
 | |
|         echo "   CentOS/RHEL: yum install libpcap-devel"
 | |
|         echo
 | |
|         exit 1
 | |
|     fi
 | |
|     AC_PATH_PROG(HAVE_PCAP_CONFIG, pcap-config, "no")
 | |
|     if test "$HAVE_PCAP_CONFIG" = "no" -o "$cross_compiling" = "yes"; then
 | |
|         AC_MSG_RESULT(no pcap-config is use)
 | |
|     else
 | |
|         PCAP_CFLAGS="$(pcap-config --defines) $(pcap-config --cflags)"
 | |
|         AC_SUBST(PCAP_CFLAGS)
 | |
|     fi
 | |
|     LIBS="${TMPLIBS}"
 | |
| 
 | |
|     #Appears as if pcap_set_buffer_size is linux only?
 | |
|     LIBPCAPSBUFF=""
 | |
|     #To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
 | |
|     #see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
 | |
|     TMPLIBS="${LIBS}"
 | |
|     AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_set_buffer_size,, LPCAPSBUFF="no")
 | |
|     if test "$LPCAPSBUFF" != "no"; then
 | |
|         AC_DEFINE([HAVE_PCAP_SET_BUFF],[1],(libpcap has pcap_set_buffer_size function))
 | |
|     fi
 | |
|     LIBS="${TMPLIBS}"
 | |
| 
 | |
|   # libpfring
 | |
|     # libpfring (currently only supported for libpcap enabled pfring)
 | |
|     # Error on the side of caution. If libpfring enabled pcap is being used and we don't link against -lpfring compilation will fail.
 | |
|     AC_ARG_ENABLE(pfring,
 | |
|            AS_HELP_STRING([--enable-pfring], [Enable Native PF_RING support]),,[enable_pfring=no])
 | |
|     AS_IF([test "x$enable_pfring" = "xyes"], [
 | |
|         AC_DEFINE([HAVE_PFRING],[1],(PF_RING support enabled))
 | |
| 
 | |
|         #We have to set CFLAGS for AC_TRY_COMPILE as it doesn't pay attention to CPPFLAGS
 | |
|         AC_ARG_WITH(libpfring_includes,
 | |
|                 [  --with-libpfring-includes=DIR  libpfring include directory],
 | |
|                 [with_libpfring_includes="$withval"],[with_libpfring_includes=no])
 | |
|         AC_ARG_WITH(libpfring_libraries,
 | |
|                 [  --with-libpfring-libraries=DIR    libpfring library directory],
 | |
|                 [with_libpfring_libraries="$withval"],[with_libpfring_libraries="no"])
 | |
| 
 | |
|         if test "$with_libpfring_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libpfring_includes}"
 | |
|         fi
 | |
| 
 | |
|         if test "$with_libpfring_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS}  -L${with_libpfring_libraries}"
 | |
|         fi
 | |
| 
 | |
|         LIBPFRING=""
 | |
|         AC_CHECK_LIB(pfring, pfring_open,, LIBPFRING="no", [-lpcap])
 | |
|         if test "$LIBPFRING" != "no"; then
 | |
|             STORECFLAGS="${CFLAGS}"
 | |
|             CFLAGS="${CFLAGS} -Werror"
 | |
|             AC_COMPILE_IFELSE(
 | |
|                 [AC_LANG_PROGRAM(
 | |
|                     [
 | |
|                     #include <pfring.h>
 | |
|                     ],
 | |
|                     [
 | |
|                     pfring_recv_chunk(NULL, NULL, 0, 0);
 | |
|                     ])],
 | |
|                 [pfring_recv_chunk="yes"],
 | |
|                 [pfring_recv_chunk="no"])
 | |
|             CFLAGS="${STORECFLAGS}"
 | |
|             if test "x$pfring_recv_chunk" != "xyes"; then
 | |
|                 if test "x$enable_pfring" = "xyes"; then
 | |
|                 echo
 | |
|                 echo "   ERROR! --enable-pfring was passed but the library version is < 6, go get it"
 | |
|                 echo "   from http://www.ntop.org/products/pf_ring/"
 | |
|                 echo
 | |
|                 exit 1
 | |
|                 fi
 | |
|             fi
 | |
|             AC_COMPILE_IFELSE(
 | |
|                 [AC_LANG_SOURCE([[
 | |
|                     #include <pfring.h>
 | |
|                     #ifndef PF_RING_FLOW_OFFLOAD
 | |
|                     # error PF_RING_FLOW_OFFLOAD not defined
 | |
|                     #endif
 | |
|                 ]])],
 | |
|                 [
 | |
|                     AC_DEFINE([HAVE_PF_RING_FLOW_OFFLOAD], [1], [PF_RING bypass support enabled])
 | |
|                 ],
 | |
|                 [
 | |
|                     echo
 | |
|                     echo "   Warning! Pfring hw bypass not supported by this library version < 7,"
 | |
|                     echo "   please upgrade to a newer version to use this feature."
 | |
|                     echo
 | |
|                     echo "   Continuing for now with hw bypass support disabled..."
 | |
|                     echo
 | |
|                 ])
 | |
|         else
 | |
|             if test "x$enable_pfring" = "xyes"; then
 | |
|             echo
 | |
|             echo "   ERROR! --enable-pfring was passed but the library was not found, go get it"
 | |
|             echo "   from http://www.ntop.org/products/pf_ring/"
 | |
|             echo
 | |
|             exit 1
 | |
|             fi
 | |
|         fi
 | |
|     ])
 | |
| 
 | |
|   # AF_PACKET support
 | |
|     AC_ARG_ENABLE(af-packet,
 | |
|            AS_HELP_STRING([--enable-af-packet], [Enable AF_PACKET support [default=yes]]),
 | |
|                         ,[enable_af_packet=yes])
 | |
|     AS_IF([test "x$enable_af_packet" = "xyes"], [
 | |
|         AC_CHECK_DECL([TPACKET_V2],
 | |
|             AC_DEFINE([HAVE_AF_PACKET],[1],[AF_PACKET support is available]),
 | |
|             [enable_af_packet="no"],
 | |
|             [[#include <sys/socket.h>
 | |
|               #include <linux/if_packet.h>]])
 | |
|         AC_CHECK_DECL([PACKET_FANOUT_QM],
 | |
|             AC_DEFINE([HAVE_PACKET_FANOUT],[1],[Recent packet fanout support is available]),
 | |
|             [],
 | |
|             [[#include <linux/if_packet.h>]])
 | |
|         AC_CHECK_DECL([TPACKET_V3],
 | |
|             AC_DEFINE([HAVE_TPACKET_V3],[1],[AF_PACKET tpcket_v3 support is available]),
 | |
|             [],
 | |
|             [[#include <sys/socket.h>
 | |
|               #include <linux/if_packet.h>]])
 | |
|         AC_CHECK_DECL([SOF_TIMESTAMPING_RAW_HARDWARE],
 | |
|             AC_DEFINE([HAVE_HW_TIMESTAMPING],[1],[Hardware timestamping support is available]),
 | |
|             [],
 | |
|             [[#include <linux/net_tstamp.h>]])
 | |
|     ])
 | |
| 
 | |
|   # Netmap support
 | |
|     AC_ARG_ENABLE(netmap,
 | |
|             AS_HELP_STRING([--enable-netmap], [Enable Netmap support]),,[enable_netmap=no])
 | |
|     AC_ARG_WITH(netmap_includes,
 | |
|             [  --with-netmap-includes=DIR netmap include directory],
 | |
|             [with_netmap_includes="$withval"],[with_netmap_includes=no])
 | |
| 
 | |
|     AS_IF([test "x$enable_netmap" = "xyes"], [
 | |
|         AC_DEFINE([HAVE_NETMAP],[1],(NETMAP support enabled))
 | |
| 
 | |
|         if test "$with_netmap_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_netmap_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(net/netmap_user.h,,[AC_ERROR(net/netmap_user.h not found ...)],)
 | |
|   ])
 | |
| 
 | |
|   # suricata-update
 | |
|   have_suricata_update="no"
 | |
|   ruledirprefix="$sysconfdir"
 | |
|   suricata_update_rule_files="suricata-update-rule-files"
 | |
|   AC_CHECK_FILE([$srcdir/suricata-update/setup.py], [
 | |
|       SURICATA_UPDATE_DIR="suricata-update"
 | |
|       AC_SUBST(SURICATA_UPDATE_DIR)
 | |
|       AC_OUTPUT(suricata-update/Makefile)
 | |
|       have_suricata_update="yes"
 | |
|       ruledirprefix="$localstatedir/lib"
 | |
|       no_suricata_update_comment=""
 | |
|       has_suricata_update_comment="#"
 | |
|   ], [
 | |
|       no_suricata_update_comment="#"
 | |
|       has_suricata_update_comment=""
 | |
|   ])
 | |
|   AM_CONDITIONAL([HAVE_SURICATA_UPDATE], [test "x$have_suricata_update" != "xno"])
 | |
| 
 | |
|   # libhtp
 | |
|     AC_ARG_ENABLE(non-bundled-htp,
 | |
|            AS_HELP_STRING([--enable-non-bundled-htp], [Enable the use of an already installed version of htp]),,[enable_non_bundled_htp=no])
 | |
|     AS_IF([test "x$enable_non_bundled_htp" = "xyes"], [
 | |
|         PKG_CHECK_MODULES([libhtp], htp,, [with_pkgconfig_htp=no])
 | |
|         if test "$with_pkgconfig_htp" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} ${libhtp_CFLAGS}"
 | |
|             LIBS="${LIBS} ${libhtp_LIBS}"
 | |
|         fi
 | |
| 
 | |
|         AC_ARG_WITH(libhtp_includes,
 | |
|                 [  --with-libhtp-includes=DIR  libhtp include directory],
 | |
|                 [with_libhtp_includes="$withval"],[with_libhtp_includes=no])
 | |
|         AC_ARG_WITH(libhtp_libraries,
 | |
|                 [  --with-libhtp-libraries=DIR    libhtp library directory],
 | |
|                 [with_libhtp_libraries="$withval"],[with_libhtp_libraries="no"])
 | |
| 
 | |
|         if test "$with_libhtp_includes" != "no"; then
 | |
|             CPPFLAGS="-I${with_libhtp_includes} ${CPPFLAGS}"
 | |
|         fi
 | |
| 
 | |
|         if test "$with_libhtp_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS} -L${with_libhtp_libraries}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(htp/htp.h,,[AC_ERROR(htp/htp.h not found ...)])
 | |
| 
 | |
|         LIBHTP=""
 | |
|         AC_CHECK_LIB(htp, htp_conn_create,, LIBHTP="no")
 | |
|         if test "$LIBHTP" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR! libhtp library not found"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|         PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.20],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
 | |
|         if test "$libhtp_minver_found" = "no"; then
 | |
|             PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
 | |
|             if test "$libhtp_devver_found" = "no"; then
 | |
|                 echo
 | |
|                 echo "   ERROR! libhtp was found but it is neither >= 0.5.20, nor the dev 0.5.X"
 | |
|                 echo
 | |
|                 exit 1
 | |
|             fi
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_LIB([htp], [htp_config_register_request_uri_normalize],AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Found htp_config_register_request_uri_normalize function in libhtp]) ,,[-lhtp])
 | |
|         # check for htp_tx_get_response_headers_raw
 | |
|         AC_CHECK_LIB([htp], [htp_tx_get_response_headers_raw],AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Found htp_tx_get_response_headers_raw in libhtp]) ,,[-lhtp])
 | |
|         AC_CHECK_LIB([htp], [htp_decode_query_inplace],AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Found htp_decode_query_inplace function in libhtp]) ,,[-lhtp])
 | |
|         AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp])
 | |
|         AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) )
 | |
|     ])
 | |
| 
 | |
|     if test "x$enable_non_bundled_htp" = "xno"; then
 | |
|         # test if we have a bundled htp
 | |
|         if test -d "$srcdir/libhtp"; then
 | |
|             AC_CONFIG_SUBDIRS([libhtp])
 | |
|             HTP_DIR="libhtp"
 | |
|             AC_SUBST(HTP_DIR)
 | |
|             HTP_LDADD="../libhtp/htp/libhtp.la"
 | |
|             AC_SUBST(HTP_LDADD)
 | |
|             # make sure libhtp is added to the includes
 | |
|             CPPFLAGS="-I\${srcdir}/../libhtp/ ${CPPFLAGS}"
 | |
| 
 | |
|             AC_CHECK_HEADER(iconv.h,,[AC_ERROR(iconv.h not found ...)])
 | |
|             AC_CHECK_LIB(iconv, libiconv_close)
 | |
|             AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Assuming htp_config_register_request_uri_normalize function in bundled libhtp])
 | |
|             AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Assuming htp_tx_get_response_headers_raw function in bundled libhtp])
 | |
|             AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Assuming htp_decode_query_inplace function in bundled libhtp])
 | |
|             # enable when libhtp has been updated
 | |
|             AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp])
 | |
|         else
 | |
|             echo
 | |
|             echo "  ERROR: Libhtp is not bundled. Get libhtp by doing:"
 | |
|             echo "     git clone https://github.com/OISF/libhtp"
 | |
|             echo "  Then re-run Suricata's autogen.sh and configure script."
 | |
|             echo "  Or, if libhtp is installed in a different location,"
 | |
|             echo "  pass --enable-non-bundled-htp to Suricata's configure script."
 | |
|             echo "  Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if"
 | |
|             echo "  libhtp is not installed in the include and library paths."
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
| 
 | |
|   # Check for libcap-ng
 | |
|     case $host in
 | |
|     *-*-linux*)
 | |
|     AC_ARG_WITH(libcap_ng_includes,
 | |
|             [  --with-libcap_ng-includes=DIR  libcap_ng include directory],
 | |
|             [with_libcap_ng_includes="$withval"],[with_libcap_ng_includes=no])
 | |
|     AC_ARG_WITH(libcap_ng_libraries,
 | |
|             [  --with-libcap_ng-libraries=DIR    libcap_ng library directory],
 | |
|             [with_libcap_ng_libraries="$withval"],[with_libcap_ng_libraries="no"])
 | |
| 
 | |
|     if test "$with_libcap_ng_includes" != "no"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_libcap_ng_includes}"
 | |
|     fi
 | |
| 
 | |
|     if test "$with_libcap_ng_libraries" != "no"; then
 | |
|         LDFLAGS="${LDFLAGS}  -L${with_libcap_ng_libraries}"
 | |
|     fi
 | |
| 
 | |
|     AC_CHECK_HEADER(cap-ng.h,,LIBCAP_NG="no")
 | |
|     if test "$LIBCAP_NG" != "no"; then
 | |
|         LIBCAP_NG=""
 | |
|         AC_CHECK_LIB(cap-ng,capng_clear,,LIBCAP_NG="no")
 | |
|     fi
 | |
| 
 | |
|     if test "$LIBCAP_NG" != "no"; then
 | |
|         AC_DEFINE([HAVE_LIBCAP_NG],[1],[Libpcap-ng support])
 | |
|     fi
 | |
| 
 | |
|     if test "$LIBCAP_NG" = "no"; then
 | |
|         echo
 | |
|         echo "   WARNING!  libcap-ng library not found, go get it"
 | |
|         echo "   from http://people.redhat.com/sgrubb/libcap-ng/"
 | |
|         echo "   or your distribution:"
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install libcap-ng-dev"
 | |
|         echo "   Fedora: dnf install libcap-ng-devel"
 | |
|         echo "   CentOS/RHEL: yum install libcap-ng-devel"
 | |
|         echo
 | |
|         echo "   Suricata will be built without support for dropping privs."
 | |
|         echo
 | |
|     fi
 | |
|     ;;
 | |
|     esac
 | |
| 
 | |
| 
 | |
|     AC_ARG_ENABLE(ebpf,
 | |
| 	        AS_HELP_STRING([--enable-ebpf],[Enable eBPF support]),
 | |
| 	        [ enable_ebpf="yes"],
 | |
| 	        [ enable_ebpf="no"])
 | |
| 
 | |
|     have_xdp="no"
 | |
|     if test "$enable_ebpf" = "yes"; then
 | |
|         AC_CHECK_LIB(elf,elf_begin,,LIBELF="no")
 | |
|         if test "$LIBELF" = "no"; then
 | |
|             echo
 | |
|             echo "   libelf library and development headers not found but"
 | |
|             echo "   but needed to use eBPF code"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi;
 | |
| 
 | |
|         AC_CHECK_LIB(bpf,bpf_object__open,,LIBBPF="no")
 | |
|         if test "$LIBBPF" = "no"; then
 | |
|             echo
 | |
|             echo "   libbpf library and development headers not found but"
 | |
|             echo "   but needed to use eBPF code. It can be found in the"
 | |
|             echo "   Linux kernel tree under tools/lib/bpf"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi;
 | |
|         AC_CHECK_DECL([PACKET_FANOUT_EBPF],
 | |
|             AC_DEFINE([HAVE_PACKET_EBPF],[1],[Recent ebpf fanout support is available]),
 | |
|             [],
 | |
|             [[#include <linux/if_packet.h>]])
 | |
|         AC_CHECK_LIB(bpf, bpf_set_link_xdp_fd,have_xdp="yes")
 | |
|         if test "$have_xdp" = "yes"; then
 | |
|             AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
 | |
|         fi
 | |
|     fi;
 | |
| 
 | |
|   # Check for DAG support.
 | |
|     AC_ARG_ENABLE(dag,
 | |
| 	        AS_HELP_STRING([--enable-dag],[Enable DAG capture]),
 | |
| 	        [ enable_dag=yes ],
 | |
| 	        [ enable_dag=no])
 | |
|     AC_ARG_WITH(dag_includes,
 | |
|             [  --with-dag-includes=DIR  dagapi include directory],
 | |
|             [with_dag_includes="$withval"],[with_dag_includes="no"])
 | |
|     AC_ARG_WITH(dag_libraries,
 | |
|             [  --with-dag-libraries=DIR  dagapi library directory],
 | |
|             [with_dag_libraries="$withval"],[with_dag_libraries="no"])
 | |
| 
 | |
|     if test "$enable_dag" = "yes"; then
 | |
| 
 | |
|     	if test "$with_dag_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_dag_includes}"
 | |
|         fi
 | |
| 
 | |
|         if test "$with_dag_libraries" != "no"; then
 | |
|             LDFLAGS="${LDFLAGS} -L${with_dag_libraries}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(dagapi.h,DAG="yes",DAG="no")
 | |
|         if test "$DAG" != "no"; then
 | |
|             DAG=""
 | |
| 	        AC_CHECK_LIB(dag,dag_open,,DAG="no",)
 | |
|         fi
 | |
| 
 | |
|         if test "$DAG" = "no"; then
 | |
|             echo
 | |
|             echo "  ERROR! libdag library not found"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
| 
 | |
|         AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled))
 | |
|     fi
 | |
| 
 | |
| # libnspr
 | |
|     AC_ARG_ENABLE(nspr,
 | |
|             AS_HELP_STRING([--disable-nspr],[Disable libnspr support]),
 | |
|             [enable_nspr=$enableval],[enable_nspr="yes"])
 | |
|     AC_ARG_WITH(libnspr_includes,
 | |
|             [  --with-libnspr-includes=DIR  libnspr include directory],
 | |
|             [with_libnspr_includes="$withval"],[with_libnspr_includes=no])
 | |
|     AC_ARG_WITH(libnspr_libraries,
 | |
|             [  --with-libnspr-libraries=DIR    libnspr library directory],
 | |
|             [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
 | |
| 
 | |
|     if test "$enable_nspr" != "no"; then
 | |
|         # Try pkg-config first:
 | |
|         PKG_CHECK_MODULES([libnspr], nspr,, [with_pkgconfig_nspr=no])
 | |
|         if test "$with_pkgconfig_nspr" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
 | |
|             LIBS="${LIBS} ${libnspr_LIBS}"
 | |
|         fi
 | |
| 
 | |
|         if test "$with_libnspr_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(nspr.h,NSPR="yes",NSPR="no")
 | |
|         if test "$NSPR" = "yes"; then
 | |
|             if test "$with_libnspr_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libnspr_libraries}"
 | |
|             fi
 | |
| 
 | |
|             AC_CHECK_LIB(nspr4, PR_GetCurrentThread,, NSPR="no")
 | |
| 
 | |
|             if test "$NSPR" = "no"; then
 | |
|                 echo
 | |
|                 echo "   ERROR!  libnspr library not found, go get it"
 | |
|                 echo "   from Mozilla or your distribution:"
 | |
|                 echo
 | |
|                 echo "   Ubuntu: apt-get install libnspr4-dev"
 | |
|                 echo "   Fedora: dnf install nspr-devel"
 | |
|                 echo "   CentOS/RHEL: yum install nspr-devel"
 | |
|                 echo
 | |
|                 exit 1
 | |
|             fi
 | |
|         else
 | |
|             enable_nspr="no"
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # libnss
 | |
|     AC_ARG_ENABLE(nss,
 | |
|             AS_HELP_STRING([--disable-nss],[Disable libnss support]),
 | |
|             [enable_nss=$enableval],[enable_nss="yes"])
 | |
|     AC_ARG_WITH(libnss_includes,
 | |
|             [  --with-libnss-includes=DIR  libnss include directory],
 | |
|             [with_libnss_includes="$withval"],[with_libnss_includes="no"])
 | |
|     AC_ARG_WITH(libnss_libraries,
 | |
|             [  --with-libnss-libraries=DIR    libnss library directory],
 | |
|             [with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
 | |
| 
 | |
|     if test "$enable_nss" != "no"; then
 | |
|         # Try pkg-config first:
 | |
|         PKG_CHECK_MODULES([libnss], nss,, [with_pkgconfig_nss=no])
 | |
|         if test "$with_pkgconfig_nss" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
 | |
|             LIBS="${LIBS} ${libnss_LIBS}"
 | |
|         fi
 | |
|         if test "$with_libnss_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no")
 | |
|         if test "$NSS" = "yes"; then
 | |
|             if test "$with_libnss_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libnss_libraries}"
 | |
|             fi
 | |
| 
 | |
|             AC_CHECK_LIB(nss3, HASH_Begin,, NSS="no")
 | |
|             if test "$NSS" = "no"; then
 | |
|                 echo
 | |
|                 echo "   ERROR!  libnss library not found, go get it"
 | |
|                 echo "   from Mozilla or your distribution:"
 | |
|                 echo
 | |
|                 echo "   Ubuntu: apt-get install libnss3-dev"
 | |
|                 echo "   Fedora: dnf install nss-devel"
 | |
|                 echo "   CentOS/RHEL: yum install nss-devel"
 | |
|                 echo
 | |
|                 exit 1
 | |
|             fi
 | |
| 
 | |
|             AC_DEFINE([HAVE_NSS],[1],[libnss available for md5/sha1/sha256])
 | |
|             enable_nss="yes"
 | |
|         else
 | |
|             enable_nss="no"
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # libmagic
 | |
|     enable_magic="no"
 | |
|     AC_ARG_ENABLE(libmagic,
 | |
|            AS_HELP_STRING([--enable-libmagic], [Enable libmagic support [default=yes]]),
 | |
|                         ,[enable_magic=yes])
 | |
|     if test "$enable_magic" = "yes"; then
 | |
|         AC_ARG_WITH(libmagic_includes,
 | |
|                 [  --with-libmagic-includes=DIR  libmagic include directory],
 | |
|                 [with_libmagic_includes="$withval"],[with_libmagic_includes=no])
 | |
|         AC_ARG_WITH(libmagic_libraries,
 | |
|                 [  --with-libmagic-libraries=DIR    libmagic library directory],
 | |
|                 [with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
 | |
| 
 | |
|         if test "$with_libmagic_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(magic.h,,MAGIC="no")
 | |
|         if test "$MAGIC" != "no"; then
 | |
|             MAGIC=""
 | |
|             AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
 | |
|         fi
 | |
| 
 | |
|         if test "x$MAGIC" != "xno"; then
 | |
|             if test "$with_libmagic_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libmagic_libraries}"
 | |
|             fi
 | |
|             AC_DEFINE([HAVE_MAGIC],[1],(Libmagic for file handling))
 | |
|         else
 | |
|             echo
 | |
|             echo "   WARNING!  magic library not found, go get it"
 | |
|             echo "   from http://www.darwinsys.com/file/ or your distribution:"
 | |
|             echo
 | |
|             echo "   Ubuntu: apt-get install libmagic-dev"
 | |
|             echo "   Fedora: dnf install file-devel"
 | |
|             echo "   CentOS/RHEL: yum install file-devel"
 | |
|             echo
 | |
|             enable_magic="no"
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # Napatech - Using the 3GD API
 | |
|     AC_ARG_ENABLE(napatech,
 | |
|                 AS_HELP_STRING([--enable-napatech],[Enabled Napatech Devices]),
 | |
|                 [ enable_napatech=yes ],
 | |
|                 [ enable_napatech=no])
 | |
|     AC_ARG_WITH(napatech_includes,
 | |
|                 [  --with-napatech-includes=DIR   napatech include directory],
 | |
|                 [with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"])
 | |
|     AC_ARG_WITH(napatech_libraries,
 | |
|                 [  --with-napatech-libraries=DIR  napatech library directory],
 | |
|                 [with_napatech_libraries="$withval"],[with_napatech_libraries="/opt/napatech3/lib"])
 | |
| 
 | |
|     if test "$enable_napatech" = "yes"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -I${with_napatech_includes}"
 | |
|         LDFLAGS="${LDFLAGS} -L${with_napatech_libraries} -lntapi"
 | |
|         AC_CHECK_HEADER(nt.h,NAPATECH="yes",NAPATECH="no")
 | |
|         if test "$NAPATECH" != "no"; then
 | |
|             NAPATECH=""
 | |
|             AC_CHECK_LIB(ntapi, NT_Init,NAPATECH="yes",NAPATECH="no")
 | |
|         fi
 | |
| 
 | |
|         if test "$NAPATECH" = "no"; then
 | |
|             echo
 | |
|             echo "  ERROR! libntapi library not found"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
| 
 | |
|         AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support))
 | |
|     fi
 | |
| 
 | |
|   # liblua
 | |
|     AC_ARG_ENABLE(lua,
 | |
| 	        AS_HELP_STRING([--enable-lua],[Enable Lua support]),
 | |
| 	        [ enable_lua="yes"],
 | |
| 	        [ enable_lua="no"])
 | |
|     AC_ARG_ENABLE(luajit,
 | |
| 	        AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
 | |
| 	        [ enable_luajit="yes"],
 | |
| 	        [ enable_luajit="no"])
 | |
|     if test "$enable_lua" = "yes"; then
 | |
|         if test "$enable_luajit" = "yes"; then
 | |
|             echo "ERROR: can't enable liblua and luajit at the same time."
 | |
|             echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)"
 | |
|             echo "support, use just --enable-lua."
 | |
|             echo "Both options will enable the Lua scripting capabilities"
 | |
|             echo "in Suricata".
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|     AC_ARG_WITH(liblua_includes,
 | |
|             [  --with-liblua-includes=DIR  liblua include directory],
 | |
|             [with_liblua_includes="$withval"],[with_liblua_includes="no"])
 | |
|     AC_ARG_WITH(liblua_libraries,
 | |
|             [  --with-liblua-libraries=DIR    liblua library directory],
 | |
|             [with_liblua_libraries="$withval"],[with_liblua_libraries="no"])
 | |
| 
 | |
|     if test "$enable_lua" = "yes"; then
 | |
|         if test "$with_liblua_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_liblua_includes}"
 | |
|         else
 | |
|             # lua lua51 lua5.1 lua-5.1
 | |
|             PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [
 | |
|                 PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [
 | |
|                     PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [
 | |
|                         PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [
 | |
|                             LUA="no"
 | |
|                         ])
 | |
|                     ])
 | |
|                 ])
 | |
|             ])
 | |
|             CPPFLAGS="${CPPFLAGS} ${LUA_CFLAGS}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(lualib.h,LUA="yes",LUA="no")
 | |
|         if test "$LUA" = "yes"; then
 | |
|             if test "$with_liblua_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_liblua_libraries}"
 | |
|                 AC_CHECK_LIB(${LUA_LIB_NAME}, luaL_openlibs,, LUA="no")
 | |
|                 if test "$LUA" = "no"; then
 | |
|                     echo
 | |
|                     echo "   ERROR!  liblua library not found, go get it"
 | |
|                     echo "   from http://lua.org/index.html or your distribution:"
 | |
|                     echo
 | |
|                     echo "   Ubuntu: apt-get install liblua5.1-dev"
 | |
|                     echo "   Fedora: dnf install lua-devel"
 | |
|                     echo "   CentOS/RHEL: yum install lua-devel"
 | |
|                     echo
 | |
|                     echo "   If you installed software in a non-standard prefix"
 | |
|                     echo "   consider adjusting the PKG_CONFIG_PATH environment variable"
 | |
|                     echo "   or use --with-liblua-libraries configure option."
 | |
|                     echo
 | |
|                     exit 1
 | |
|                 fi
 | |
|             else
 | |
|                 # lua lua51 lua5.1 lua-5.1
 | |
|                 PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [
 | |
|                     PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [
 | |
|                         PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [
 | |
|                             PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [
 | |
|                                 LUA="no"
 | |
|                             ])
 | |
|                         ])
 | |
|                     ])
 | |
|                 ])
 | |
|                 LDFLAGS="${LDFLAGS} ${LUA_LIBS}"
 | |
|             fi
 | |
| 
 | |
|             if test "$LUA" = "no"; then
 | |
|                 AC_CHECK_LIB(lua, luaL_openlibs,, LUA="no")
 | |
|             fi
 | |
| 
 | |
|             if test "$LUA" = "yes"; then
 | |
|                 AC_DEFINE([HAVE_LUA],[1],[liblua available])
 | |
|                 enable_lua="yes"
 | |
|             fi
 | |
|         else
 | |
| 	        echo
 | |
|                 echo "   ERROR!  liblua headers not found, go get them"
 | |
|                 echo "   from http://lua.org/index.html or your distribution:"
 | |
|                 echo
 | |
|                 echo "   Ubuntu: apt-get install liblua5.1-dev"
 | |
|                 echo "   Fedora: dnf install lua-devel"
 | |
|                 echo "   CentOS/RHEL: yum install lua-devel"
 | |
|                 echo
 | |
|                 echo "   If you installed software in a non-standard prefix"
 | |
|                 echo "   consider adjusting the PKG_CONFIG_PATH environment variable"
 | |
|                 echo "   or use --with-liblua-includes and --with-liblua-libraries"
 | |
|                 echo "   configure option."
 | |
|                 echo
 | |
|                 exit 1
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|   # libluajit
 | |
|     AC_ARG_WITH(libluajit_includes,
 | |
|             [  --with-libluajit-includes=DIR  libluajit include directory],
 | |
|             [with_libluajit_includes="$withval"],[with_libluajit_includes="no"])
 | |
|     AC_ARG_WITH(libluajit_libraries,
 | |
|             [  --with-libluajit-libraries=DIR    libluajit library directory],
 | |
|             [with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"])
 | |
| 
 | |
|     if test "$enable_luajit" = "yes"; then
 | |
|         if test "$with_libluajit_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}"
 | |
|         else
 | |
|             PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no")
 | |
|             CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no")
 | |
|         if test "$LUAJIT" = "yes"; then
 | |
|             if test "$with_libluajit_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libluajit_libraries}"
 | |
|             else
 | |
|                 PKG_CHECK_MODULES([LUAJIT], [luajit])
 | |
|                 LDFLAGS="${LDFLAGS} ${LUAJIT_LIBS}"
 | |
|             fi
 | |
| 
 | |
|             AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no")
 | |
| 
 | |
|             if test "$LUAJIT" = "no"; then
 | |
|                 echo
 | |
|                 echo "   ERROR!  libluajit library not found, go get it"
 | |
|                 echo "   from http://luajit.org/index.html or your distribution:"
 | |
|                 echo
 | |
|                 echo "   Ubuntu: apt-get install libluajit-5.1-dev"
 | |
|                 echo
 | |
|                 echo "   If you installed software in a non-standard prefix"
 | |
|                 echo "   consider adjusting the PKG_CONFIG_PATH environment variable"
 | |
|                 echo "   or use --with-libluajit-libraries configure option."
 | |
|                 echo
 | |
|                 exit 1
 | |
|             fi
 | |
| 
 | |
|             AC_DEFINE([HAVE_LUA],[1],[lua support available])
 | |
|             AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available])
 | |
|             enable_lua="yes, through luajit"
 | |
|             enable_luajit="yes"
 | |
|         else
 | |
| 	        echo
 | |
|                 echo "   ERROR!  libluajit headers not found, go get them"
 | |
|                 echo "   from http://luajit.org/index.html or your distribution:"
 | |
|                 echo
 | |
|                 echo "   Ubuntu: apt-get install libluajit-5.1-dev"
 | |
|                 echo
 | |
|                 echo "   If you installed software in a non-standard prefix"
 | |
|                 echo "   consider adjusting the PKG_CONFIG_PATH environment variable"
 | |
|                 echo "   or use --with-libluajit-includes and --with-libluajit-libraries"
 | |
|                 echo "   configure option."
 | |
|                 echo
 | |
|                 exit 1
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
|     AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
 | |
| 
 | |
|   # libgeoip
 | |
|     AC_ARG_ENABLE(geoip,
 | |
| 	        AS_HELP_STRING([--enable-geoip],[Enable GeoIP support]),
 | |
| 	        [ enable_geoip="yes"],
 | |
| 	        [ enable_geoip="no"])
 | |
|     AC_ARG_WITH(libgeoip_includes,
 | |
|             [  --with-libgeoip-includes=DIR  libgeoip include directory],
 | |
|             [with_libgeoip_includes="$withval"],[with_libgeoip_includes="no"])
 | |
|     AC_ARG_WITH(libgeoip_libraries,
 | |
|             [  --with-libgeoip-libraries=DIR    libgeoip library directory],
 | |
|             [with_libgeoip_libraries="$withval"],[with_libgeoip_libraries="no"])
 | |
| 
 | |
|     if test "$enable_geoip" = "yes"; then
 | |
|         if test "$with_libgeoip_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libgeoip_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER(GeoIP.h,GEOIP="yes",GEOIP="no")
 | |
|         if test "$GEOIP" = "yes"; then
 | |
|             if test "$with_libgeoip_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS} -L${with_libgeoip_libraries}"
 | |
|             fi
 | |
|             AC_CHECK_LIB(GeoIP, GeoIP_country_code_by_ipnum,, GEOIP="no")
 | |
|         fi
 | |
|         if test "$GEOIP" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR!  libgeoip library not found, go get it"
 | |
|             echo "   from http://www.maxmind.com/en/geolite or your distribution:"
 | |
|             echo
 | |
|             echo "   Ubuntu: apt-get install libgeoip-dev"
 | |
|             echo "   Fedora: dnf install GeoIP-devel"
 | |
|             echo "   CentOS/RHEL: yum install GeoIP-devel"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
| 
 | |
|         AC_DEFINE([HAVE_GEOIP],[1],[libgeoip available])
 | |
|         enable_geoip="yes"
 | |
|     fi
 | |
| 
 | |
|   # Position Independent Executable
 | |
|     AC_ARG_ENABLE(pie,
 | |
|                 AS_HELP_STRING([--enable-pie],[Enable compiling as a position independent executable]),
 | |
|                 [ enable_pie="yes"],
 | |
|                 [ enable_pie="no"])
 | |
|     if test "$enable_pie" = "yes"; then
 | |
|         CPPFLAGS="${CPPFLAGS} -fPIC"
 | |
|         LDFLAGS="${LDFLAGS} -pie"
 | |
|     fi
 | |
| 
 | |
| #libevent includes and libraries
 | |
|     AC_ARG_WITH(libevent_includes,
 | |
|             [  --with-libevent-includes=DIR  libevent include directory],
 | |
|             [with_libevent_includes="$withval"],[with_libevent_includes="no"])
 | |
|     AC_ARG_WITH(libevent_libraries,
 | |
|             [  --with-libevent-libraries=DIR    libevent library directory],
 | |
|             [with_libevent_libraries="$withval"],[with_libevent_libraries="no"])
 | |
| 
 | |
| # libhiredis
 | |
|     AC_ARG_ENABLE(hiredis,
 | |
| 	        AS_HELP_STRING([--enable-hiredis],[Enable Redis support]),
 | |
| 	        [ enable_hiredis="yes"],
 | |
| 	        [ enable_hiredis="no"])
 | |
|     AC_ARG_WITH(libhiredis_includes,
 | |
|             [  --with-libhiredis-includes=DIR  libhiredis include directory],
 | |
|             [with_libhiredis_includes="$withval"],[with_libhiredis_includes="no"])
 | |
|     AC_ARG_WITH(libhiredis_libraries,
 | |
|             [  --with-libhiredis-libraries=DIR    libhiredis library directory],
 | |
|             [with_libhiredis_libraries="$withval"],[with_libhiredis_libraries="no"])
 | |
| 
 | |
|     enable_hiredis_async="no"
 | |
|     if test "$enable_hiredis" = "yes"; then
 | |
|         if test "$with_libhiredis_includes" != "no"; then
 | |
|             CPPFLAGS="${CPPFLAGS} -I${with_libhiredis_includes}"
 | |
|         fi
 | |
| 
 | |
|         AC_CHECK_HEADER("hiredis/hiredis.h",HIREDIS="yes",HIREDIS="no")
 | |
|         if test "$HIREDIS" = "yes"; then
 | |
|             if test "$with_libhiredis_libraries" != "no"; then
 | |
|                 LDFLAGS="${LDFLAGS}  -L${with_libhiredis_libraries}"
 | |
|             fi
 | |
|             AC_CHECK_LIB(hiredis, redisConnect,, HIREDIS="no")
 | |
|         fi
 | |
|         if test "$HIREDIS" = "no"; then
 | |
|             echo
 | |
|             echo "   ERROR!  libhiredis library not found, go get it"
 | |
|             echo "   from https://github.com/redis/hiredis or your distribution:"
 | |
|             echo
 | |
|             echo "   Ubuntu: apt-get install libhiredis-dev"
 | |
|             echo "   Fedora: dnf install hiredis-devel"
 | |
|             echo "   CentOS/RHEL: yum install hiredis-devel"
 | |
|             echo
 | |
|             exit 1
 | |
|         fi
 | |
|         if test "$HIREDIS" = "yes"; then
 | |
|             AC_DEFINE([HAVE_LIBHIREDIS],[1],[libhiredis available])
 | |
|             enable_hiredis="yes"
 | |
|             #
 | |
|             # Check if async adapters and libevent is installed
 | |
|             #
 | |
|             AC_CHECK_HEADER("hiredis/adapters/libevent.h",HIREDIS_LIBEVENT_ADAPTER="yes",HIREDIS_LIBEVENT_ADAPTER="no")
 | |
|             if test "$HIREDIS_LIBEVENT_ADAPTER" = "yes"; then
 | |
|                 #Look for libevent headers
 | |
|                 if test "$with_libevent_includes" != "no"; then
 | |
|                     CPPFLAGS="${CPPFLAGS} -I${with_libevent_includes}"
 | |
|                 fi
 | |
|                 AC_CHECK_HEADER("event.h",LIBEVENT="yes",LIBEVENT="no")
 | |
|                 if test "$LIBEVENT" = "yes"; then
 | |
|                     if test "$with_libevent_libraries" != "no"; then
 | |
|                         LDFLAGS="${LDFLAGS}  -L${with_libevent_libraries}"
 | |
|                     fi
 | |
|                     AC_CHECK_LIB(event, event_base_free,, HAVE_LIBEVENT="no")
 | |
|                     AC_CHECK_LIB(event_pthreads, evthread_use_pthreads,, HAVE_LIBEVENT_PTHREADS="no")
 | |
|                 fi
 | |
|                 if [ test "$HAVE_LIBEVENT" = "no" ] && [ -o test "$HAVE_LIBEVENT_PTHREADS" = "no"]; then
 | |
|                     if test "$HAVE_LIBEVENT" = "no"; then
 | |
|                         echo
 | |
|                         echo "  Async mode for redis output will not be available."
 | |
|                         echo "  To enable it install libevent"
 | |
|                         echo
 | |
|                         echo "   Ubuntu: apt-get install libevent-dev"
 | |
|                         echo "   Fedora: dnf install libevent-devel"
 | |
|                         echo "   CentOS/RHEL: yum install libevent-devel"
 | |
|                         echo
 | |
|                    fi
 | |
|                    if test "$HAVE_LIBEVENT_PTHREADS" = "no"; then
 | |
|                         echo
 | |
|                         echo "  Async mode for redis output will not be available."
 | |
|                         echo "  To enable it install libevent with pthreads support"
 | |
|                         echo
 | |
|                         echo "   Ubuntu: apt-get install libevent-pthreads-2.0-5"
 | |
|                         echo
 | |
|                    fi
 | |
|                 else
 | |
|                     AC_DEFINE([HAVE_LIBEVENT],[1],[libevent available])
 | |
|                     enable_hiredis_async="yes"
 | |
|                 fi
 | |
|             fi
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
| # Check for lz4
 | |
| enable_liblz4="yes"
 | |
| AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
 | |
| 
 | |
| if test "$enable_liblz4" = "no"; then
 | |
|     echo
 | |
|     echo "  Compressed pcap logging is not available without liblz4."
 | |
|     echo "  If you want to enable compression, you need to install it."
 | |
|     echo
 | |
|     echo "  Ubuntu: apt-get install liblz4-dev"
 | |
|     echo "  Fedora: dnf install lz4-devel"
 | |
|     echo "  CentOS/RHEL: yum install epel-release"
 | |
|     echo "               yum install lz4-devel"
 | |
|     echo
 | |
| fi
 | |
| 
 | |
| # get cache line size
 | |
|     AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
 | |
|     if test "$HAVE_GETCONF_CMD" != "no"; then
 | |
|         CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
 | |
|         if [test "$CLS" != "" && test "$CLS" != "0"]; then
 | |
|             AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size])
 | |
|         else
 | |
|             AC_DEFINE([CLS],[64],[L1 cache line size])
 | |
|         fi
 | |
|     else
 | |
|         AC_DEFINE([CLS],[64],[L1 cache line size])
 | |
|     fi
 | |
| 
 | |
| # sphinx for documentation
 | |
|     AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no")
 | |
|     if test "$HAVE_SPHINXBUILD" = "no"; then
 | |
|        enable_sphinxbuild=no
 | |
|        if test -e "$srcdir/doc/userguide/suricata.1"; then
 | |
|            have_suricata_man=yes
 | |
|        fi
 | |
|     fi
 | |
|     AM_CONDITIONAL([HAVE_SPHINXBUILD], [test "x$enable_sphinxbuild" != "xno"])
 | |
|     AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
 | |
| 
 | |
| # pdflatex for the pdf version of the user manual
 | |
|     AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
 | |
|     if test "$HAVE_PDFLATEX" = "no"; then
 | |
|        enable_pdflatex=no
 | |
|     fi
 | |
|     AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"])
 | |
| 
 | |
| # Cargo/Rust.
 | |
|     AC_ARG_ENABLE([rust], AS_HELP_STRING([--enable-rust], [Enable Rust support]),
 | |
|             [enable_rust="$enableval"], [enable_rust="yes (default)"])
 | |
| 
 | |
|     rust_config_enabled="no"        # used in suricata.yaml.in to enable/disable app-layers
 | |
|     rust_config_comment="#"         # used in suricata.yaml.in to enable/disable eve loggers
 | |
|     rust_vendor_comment="# "
 | |
|     have_rust_vendor="no"
 | |
|     rust_compiler_version="not set"
 | |
|     rust_cargo_version="not set"
 | |
| 
 | |
| 
 | |
|     if test "x$enable_rust" != "xyes" && test "x$enable_rust" != "xyes (default)"; then
 | |
|       enable_rust="no"
 | |
|     elif test "x$enable_python" != "xyes" && test ! -f rust/gen/c-headers/rust-core-gen.h; then
 | |
|       enable_rust="no"
 | |
|     else
 | |
|       # Rust require jansson (json support).
 | |
|       if test "x$enable_jansson" = "xno"; then
 | |
|         echo ""
 | |
|         echo "   ERROR! Rust support requires libjansson."
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install libjansson-dev"
 | |
|         echo "   Fedora: dnf install jansson-devel"
 | |
|         echo "   CentOS/RHEL: yum install jansson-devel"
 | |
|         echo ""
 | |
|         if test "x$enable_rust" = "xyes"; then
 | |
|             exit 1
 | |
|         fi
 | |
|         echo "   Rust support will be disabled."
 | |
|         enable_rust="no"
 | |
|       fi
 | |
| 
 | |
|       AC_PATH_PROG(HAVE_CARGO, cargo, "no")
 | |
|       AC_PATH_PROG(HAVE_RUSTC, rustc, "no")
 | |
| 
 | |
|       # Deal with the case where Rust was requested but rustc or cargo
 | |
|       # cannot be found.
 | |
|       if test "x$HAVE_CARGO" = "xno"; then
 | |
|         echo ""
 | |
|         echo "   ERROR! Rust support requested but cargo not found."
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install cargo"
 | |
|         echo "   Fedora: dnf install cargo"
 | |
|         echo "   CentOS/RHEL: yum install cargo"
 | |
|         echo ""
 | |
|         if test "x$enable_rust" = "xyes"; then
 | |
|             exit 1
 | |
|         fi
 | |
|         echo "   Rust support will be disabled."
 | |
|         enable_rust="no"
 | |
|       fi
 | |
|       if test "x$HAVE_RUST" = "xno"; then
 | |
|         echo ""
 | |
|         echo "   ERROR! Rust support requested but rustc not found."
 | |
|         echo
 | |
|         echo "   Ubuntu: apt-get install rustc"
 | |
|         echo "   Debian <= 9: use rustup to install"
 | |
|         echo "   Debian 10: apt-get install rustc"
 | |
|         echo "   Fedora: dnf install rust"
 | |
|         echo "   CentOS/RHEL: yum install rust"
 | |
|         echo ""
 | |
|         if test "x$enable_rust" = "xyes"; then
 | |
|             exit 1
 | |
|         fi
 | |
|         echo "   Rust support will be disabled."
 | |
|         enable_rust="no"
 | |
|       fi
 | |
| 
 | |
|       if test "x$enable_rust" != "xno"; then
 | |
|         if test "x$HAVE_CARGO" != "xno"; then
 | |
|           if test "x$HAVE_RUSTC" != "xno"; then
 | |
|             AC_DEFINE([HAVE_RUST],[1],[Enable Rust language])
 | |
|             if test "x$enable_debug" = "xyes"; then
 | |
|               RUST_SURICATA_LIB="../rust/target/debug/${RUST_SURICATA_LIBNAME}"
 | |
|             else
 | |
|               RUST_SURICATA_LIB="../rust/target/release/${RUST_SURICATA_LIBNAME}"
 | |
|             fi
 | |
|             RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}"
 | |
|             CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen/c-headers"
 | |
|             AC_SUBST(RUST_SURICATA_LIB)
 | |
|             AC_SUBST(RUST_LDADD)
 | |
|             AC_SUBST([CARGO], [$HAVE_CARGO])
 | |
|             if test "x$CARGO_HOME" = "x"; then
 | |
|               AC_SUBST([CARGO_HOME], [~/.cargo])
 | |
|             else
 | |
| 	          AC_SUBST([CARGO_HOME], [$CARGO_HOME])
 | |
|             fi
 | |
|             AC_CHECK_FILES([$srcdir/rust/vendor], [have_rust_vendor="yes"])
 | |
|             if test "x$have_rust_vendor" = "xyes"; then
 | |
| 	          rust_vendor_comment=""
 | |
|             fi
 | |
| 
 | |
|             rust_config_enabled="yes"
 | |
|             rust_config_comment=""
 | |
|             rust_compiler_version=$(rustc --version)
 | |
|             rust_cargo_version=$(cargo --version)
 | |
|           fi
 | |
|         fi
 | |
|       fi
 | |
|     fi
 | |
| 
 | |
|     AM_CONDITIONAL([HAVE_RUST], [test "x$enable_rust" = "xyes" || test "x$enable_rust" = "xyes (default)"])
 | |
|     AC_SUBST(rust_vendor_comment)
 | |
|     AC_SUBST(rust_config_enabled)
 | |
|     AC_SUBST(rust_config_comment)
 | |
|     AM_CONDITIONAL([HAVE_RUST_VENDOR], [test "x$have_rust_vendor" = "xyes"])
 | |
| 
 | |
|     if test "x$enable_rust" = "xyes" || test "x$enable_rust" = "xyes (default)"; then
 | |
|       AC_PATH_PROG(HAVE_CARGO_VENDOR, cargo-vendor, "no")
 | |
|       if test "x$HAVE_CARGO_VENDOR" = "xno"; then
 | |
|         echo "   Warning: cargo-vendor not found, but it is only required"
 | |
|         echo "       for building the distribution"
 | |
|         echo "   To install: cargo install cargo-vendor"
 | |
|       fi
 | |
|     fi
 | |
|     AM_CONDITIONAL([HAVE_CARGO_VENDOR], [test "x$HAVE_CARGO_VENDOR" != "xno"])
 | |
| 
 | |
|     AC_ARG_ENABLE(rust_strict,
 | |
|            AS_HELP_STRING([--enable-rust-strict], [Rust warnings as errors]),,[enable_rust_strict=no])
 | |
|     AS_IF([test "x$enable_rust_strict" = "xyes"], [
 | |
|         RUST_FEATURES="strict"
 | |
|     ])
 | |
|     AC_SUBST(RUST_FEATURES)
 | |
| 
 | |
|     AC_ARG_ENABLE(rust_debug,
 | |
|            AS_HELP_STRING([--enable-rust-debug], [Rust not in --release mode]),,[enable_rust_debug=no])
 | |
|     AM_CONDITIONAL([RUST_DEBUG], [test "x$enable_rust_debug" = "xyes"])
 | |
|     AC_SUBST(RUST_DEBUG)
 | |
| 
 | |
| # get revision
 | |
|     if test -f ./revision; then
 | |
|         REVISION=`cat ./revision`
 | |
|         AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision])
 | |
|     else
 | |
|         AC_PATH_PROG(HAVE_GIT_CMD, git, "no")
 | |
|         if test "$HAVE_GIT_CMD" != "no"; then
 | |
|             if [ test -d .git ]; then
 | |
|                 REVISION=`git rev-parse --short HEAD`
 | |
|                 AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision])
 | |
|             fi
 | |
|         fi
 | |
|     fi
 | |
| 
 | |
| AC_SUBST(CFLAGS)
 | |
| AC_SUBST(LDFLAGS)
 | |
| AC_SUBST(CPPFLAGS)
 | |
| 
 | |
| define([EXPAND_VARIABLE],
 | |
| [$2=[$]$1
 | |
| if test $prefix = 'NONE'; then
 | |
| 	prefix="/usr/local"
 | |
| fi
 | |
| while true; do
 | |
|   case "[$]$2" in
 | |
|     *\[$]* ) eval "$2=[$]$2" ;;
 | |
|     *) break ;;
 | |
|   esac
 | |
| done
 | |
| eval "$2=[$]$2$3"
 | |
| ])dnl EXPAND_VARIABLE
 | |
| 
 | |
| # suricata log dir
 | |
| if test "$WINDOWS_PATH" = "yes"; then
 | |
|     case $host in
 | |
|         x86_64-w64-mingw32)
 | |
|             e_winbase="C:\\\\Program Files\\\\Suricata"
 | |
|             ;;
 | |
|         *)
 | |
|             systemtype="`systeminfo | grep \"based PC\"`"
 | |
|             case "$systemtype" in
 | |
|             *x64*)
 | |
|                 e_winbase="C:\\\\Program Files (x86)\\\\Suricata"
 | |
|                 ;;
 | |
|             *)
 | |
|                 e_winbase="C:\\\\Program Files\\\\Suricata"
 | |
|                 ;;
 | |
|         esac
 | |
|     esac
 | |
| 
 | |
|     e_sysconfdir="${e_winbase}\\\\"
 | |
|     e_sysconfrulesdir="$e_winbase\\\\rules\\\\"
 | |
|     e_defaultruledir="$e_winbase\\\\rules\\\\"
 | |
|     e_magic_file="$e_winbase\\\\magic.mgc"
 | |
|     e_logdir="$e_winbase\\\\log"
 | |
|     e_logfilesdir="$e_logdir\\\\files"
 | |
|     e_logcertsdir="$e_logdir\\\\certs"
 | |
|     e_datarulesdir="$e_winbase\\\\rules\\\\"
 | |
| else
 | |
|     EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
 | |
|     EXPAND_VARIABLE(localstatedir, e_rundir, "/run/")
 | |
|     EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files")
 | |
|     EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs")
 | |
|     EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/")
 | |
|     EXPAND_VARIABLE(sysconfdir, e_sysconfrulesdir, "/suricata/rules")
 | |
|     EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata")
 | |
|     EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules")
 | |
|     EXPAND_VARIABLE(ruledirprefix, e_defaultruledir, "/suricata/rules")
 | |
| fi
 | |
| AC_SUBST(e_logdir)
 | |
| AC_SUBST(e_rundir)
 | |
| AC_SUBST(e_logfilesdir)
 | |
| AC_SUBST(e_logcertsdir)
 | |
| AC_SUBST(e_sysconfdir)
 | |
| AC_SUBST(e_sysconfrulesdir)
 | |
| AC_SUBST(e_localstatedir)
 | |
| AC_DEFINE_UNQUOTED([CONFIG_DIR],["$e_sysconfdir"],[Our CONFIG_DIR])
 | |
| AC_SUBST(e_magic_file)
 | |
| AC_SUBST(e_magic_file_comment)
 | |
| AC_SUBST(e_enable_evelog)
 | |
| AC_SUBST(e_datarulesdir)
 | |
| AC_SUBST(e_defaultruledir)
 | |
| AC_SUBST(has_suricata_update_comment)
 | |
| AC_SUBST(no_suricata_update_comment)
 | |
| 
 | |
| EXPAND_VARIABLE(prefix, CONFIGURE_PREFIX)
 | |
| EXPAND_VARIABLE(sysconfdir, CONFIGURE_SYSCONDIR)
 | |
| EXPAND_VARIABLE(localstatedir, CONFIGURE_LOCALSTATEDIR)
 | |
| AC_SUBST(CONFIGURE_PREFIX)
 | |
| AC_SUBST(CONFIGURE_SYSCONDIR)
 | |
| AC_SUBST(CONFIGURE_LOCALSTATEDIR)
 | |
| AC_SUBST(PACKAGE_VERSION)
 | |
| 
 | |
| AC_OUTPUT(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/.cargo/config qa/Makefile qa/coccinelle/Makefile rules/Makefile doc/Makefile doc/userguide/Makefile contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile contrib/tile_pcie_logd/Makefile suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service python/Makefile python/suricata/config/defaults.py ebpf/Makefile)
 | |
| 
 | |
| SURICATA_BUILD_CONF="Suricata Configuration:
 | |
|   AF_PACKET support:                       ${enable_af_packet}
 | |
|   eBPF support:                            ${enable_ebpf}
 | |
|   XDP support:                             ${have_xdp}
 | |
|   PF_RING support:                         ${enable_pfring}
 | |
|   NFQueue support:                         ${enable_nfqueue}
 | |
|   NFLOG support:                           ${enable_nflog}
 | |
|   IPFW support:                            ${enable_ipfw}
 | |
|   Netmap support:                          ${enable_netmap}
 | |
|   DAG enabled:                             ${enable_dag}
 | |
|   Napatech enabled:                        ${enable_napatech}
 | |
|   WinDivert enabled:                       ${enable_windivert}
 | |
| 
 | |
|   Unix socket enabled:                     ${enable_unixsocket}
 | |
|   Detection enabled:                       ${enable_detection}
 | |
| 
 | |
|   Libmagic support:                        ${enable_magic}
 | |
|   libnss support:                          ${enable_nss}
 | |
|   libnspr support:                         ${enable_nspr}
 | |
|   libjansson support:                      ${enable_jansson}
 | |
|   liblzma support:                         ${enable_liblzma}
 | |
|   hiredis support:                         ${enable_hiredis}
 | |
|   hiredis async with libevent:             ${enable_hiredis_async}
 | |
|   Prelude support:                         ${enable_prelude}
 | |
|   PCRE jit:                                ${pcre_jit_available}
 | |
|   LUA support:                             ${enable_lua}
 | |
|   libluajit:                               ${enable_luajit}
 | |
|   libgeoip:                                ${enable_geoip}
 | |
|   Non-bundled htp:                         ${enable_non_bundled_htp}
 | |
|   Old barnyard2 support:                   ${enable_old_barnyard2}
 | |
|   Hyperscan support:                       ${enable_hyperscan}
 | |
|   Libnet support:                          ${enable_libnet}
 | |
|   liblz4 support:                          ${enable_liblz4}
 | |
| 
 | |
|   Rust support:                            ${enable_rust}
 | |
|   Rust strict mode:                        ${enable_rust_strict}
 | |
|   Rust debug mode:                         ${enable_rust_debug}
 | |
|   Rust compiler:                           ${rust_compiler_version}
 | |
|   Rust cargo:                              ${rust_cargo_version}
 | |
| 
 | |
|   Suricatasc install:                      ${enable_python}
 | |
| 
 | |
|   Profiling enabled:                       ${enable_profiling}
 | |
|   Profiling locks enabled:                 ${enable_profiling_locks}
 | |
| 
 | |
| Development settings:
 | |
|   Coccinelle / spatch:                     ${enable_coccinelle}
 | |
|   Unit tests enabled:                      ${enable_unittests}
 | |
|   Debug output enabled:                    ${enable_debug}
 | |
|   Debug validation enabled:                ${enable_debug_validation}
 | |
| 
 | |
| Generic build parameters:
 | |
|   Installation prefix:                     ${prefix}
 | |
|   Configuration directory:                 ${e_sysconfdir}
 | |
|   Log directory:                           ${e_logdir}
 | |
| 
 | |
|   --prefix                                 ${CONFIGURE_PREFIX}
 | |
|   --sysconfdir                             ${CONFIGURE_SYSCONDIR}
 | |
|   --localstatedir                          ${CONFIGURE_LOCALSTATEDIR}
 | |
| 
 | |
|   Host:                                    ${host}
 | |
|   Compiler:                                ${CC} (exec name) / ${compiler} (real)
 | |
|   GCC Protect enabled:                     ${enable_gccprotect}
 | |
|   GCC march native enabled:                ${enable_gccmarch_native}
 | |
|   GCC Profile enabled:                     ${enable_gccprofile}
 | |
|   Position Independent Executable enabled: ${enable_pie}
 | |
|   CFLAGS                                   ${CFLAGS}
 | |
|   PCAP_CFLAGS                              ${PCAP_CFLAGS}
 | |
|   SECCFLAGS                                ${SECCFLAGS}"
 | |
| 
 | |
| echo
 | |
| echo "$SURICATA_BUILD_CONF"
 | |
| echo "printf(" >src/build-info.h
 | |
| echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h
 | |
| echo ");" >>src/build-info.h
 | |
| 
 | |
| echo "
 | |
| To build and install run 'make' and 'make install'.
 | |
| 
 | |
| You can run 'make install-conf' if you want to install initial configuration
 | |
| files to ${e_sysconfdir}. Running 'make install-full' will install configuration
 | |
| and rules and provide you a ready-to-run suricata."
 | |
| echo
 | |
| echo "To install Suricata into /usr/bin/suricata, have the config in
 | |
| /etc/suricata and use /var/log/suricata as log dir, use:
 | |
| ./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/"
 | |
| echo
 |