- AC_INIT([suricata],[5.0.0-dev])
+ AC_INIT([suricata],[7.0.0-dev])
m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
- AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_HEADERS([src/autoconf.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
- AM_INIT_AUTOMAKE
+ AM_INIT_AUTOMAKE([tar-ustar subdir-objects])
AC_LANG([C])
- AC_PROG_CC_C99
LT_INIT
PKG_PROG_PKG_CONFIG
case "$compiler" in
clang)
CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
- AC_MSG_CHECKING([clang __sync_bool_compare_and_swap support])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
- [[ unsigned int i = 0; (void)__sync_bool_compare_and_swap(&i, 1, 1);]])],
- [
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8], [1], [Fake GCC atomic support])
- AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])])
AC_SUBST(CLANG_CFLAGS)
;;
gcc)
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
+ AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_GREP
AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no")
- AM_CONDITIONAL([HAVE_CYGPATH], [test "x$enable_cygpath" = "xyes"])
+ AM_CONDITIONAL([HAVE_CYGPATH], [test "x$HAVE_CYGPATH" != "xno"])
AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no")
if test "$HAVE_PKG_CONFIG" = "no"; then
exit 1
fi
- python_version="not set"
python_path="not set"
AC_ARG_ENABLE(python,
AC_PATH_PROGS(HAVE_PYTHON, python3 python2.7 python2 python, "no")
if test "$HAVE_PYTHON" = "no"; then
echo
- echo " Warning! python not found, you will not be "
- echo " able to install suricatasc unix socket client "
+ echo " Warning! Python not found."
+ echo
+ echo " Python is required for additional tools like"
+ echo " suricatasc, suricatactl and suricata-update."
+ echo " It is also required when building from git."
echo
enable_python="no"
else
python_path="$HAVE_PYTHON"
- python_version="$($HAVE_PYTHON --version)"
fi
fi
AM_CONDITIONAL([HAVE_PYTHON], [test "x$enable_python" = "xyes"])
+ # Get the Python major version. This is only for information
+ # messages displayed during configure.
+ if test "x$HAVE_PYTHON" != "xno"; then
+ pymv="$($HAVE_PYTHON -c 'import sys; print(sys.version_info[[0]]);')"
+ fi
+
# Check for python-distutils (setup).
have_python_distutils="no"
if test "x$enable_python" = "xyes"; then
echo " Warning: Python distutils not found. Python tools will"
echo " not be installed."
echo ""
- echo " Ubuntu/Debian: apt install `basename ${HAVE_PYTHON}`-distutils"
+ echo " Install the distutils module for Python ${pymv} to enable"
+ echo " the Python tools."
echo ""
fi
AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h])
AC_CHECK_HEADERS([stdarg.h stdint.h stdio.h stdlib.h stdbool.h string.h strings.h sys/ioctl.h])
AC_CHECK_HEADERS([syslog.h sys/prctl.h sys/socket.h sys/stat.h sys/syscall.h])
- AC_CHECK_HEADERS([sys/time.h time.h unistd.h])
+ AC_CHECK_HEADERS([sys/time.h time.h unistd.h sys/param.h])
AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h])
AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h])
- AC_CHECK_HEADERS([glob.h])
+ AC_CHECK_HEADERS([glob.h locale.h grp.h pwd.h])
AC_CHECK_HEADERS([dirent.h fnmatch.h])
AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
AC_CHECK_HEADERS([sys/random.h])
AC_CHECK_HEADERS([utime.h])
AC_CHECK_HEADERS([libgen.h])
+ AC_CHECK_HEADERS([mach/mach.h])
+ AC_CHECK_HEADERS([stdatomic.h])
+ AC_CHECK_HEADERS([sys/queue.h])
AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
[[#ifdef HAVE_SYS_SOCKET_H
# Checks for typedefs, structures, and compiler characteristics.
AC_C_INLINE
+ AC_C_RESTRICT
AC_TYPE_PID_T
+ AC_TYPE_MODE_T
AC_TYPE_SIZE_T
+ AC_TYPE_SSIZE_T
+ AC_TYPE_INT8_T
+ AC_TYPE_INT16_T
AC_TYPE_INT32_T
+ AC_TYPE_INT64_T
+ AC_TYPE_UINT8_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT64_T
- AC_TYPE_UINT8_T
+ AC_TYPE_UINT
+ AC_TYPE_USHORT
+ AC_TYPE_ULONG
+ AC_TYPE_UCHAR
+ AC_STRUCT_TIMEZONE
+ AC_CHECK_TYPES([ptrdiff_t])
AC_HEADER_STDBOOL
# Checks for library functions.
AC_FUNC_MALLOC
AC_FUNC_REALLOC
- AC_CHECK_FUNCS([gettimeofday memset strcasecmp strchr strrchr strdup strndup strerror strncasecmp strtol strtoul memchr memrchr clock_gettime])
- AC_CHECK_FUNCS([strptime])
+ AC_FUNC_FORK
+ AC_FUNC_MKTIME
+ AC_FUNC_MMAP
+ AC_FUNC_STRTOD
+
+ AC_CHECK_FUNCS([memmem memset memchr memrchr memmove])
+ AC_CHECK_FUNCS([strcasecmp strchr strrchr strdup strndup strncasecmp strtol strtoul strstr strpbrk strtoull strtoumax])
+ AC_CHECK_FUNCS([strerror])
+ AC_CHECK_FUNCS([gethostname inet_ntoa uname])
+ AC_CHECK_FUNCS([gettimeofday clock_gettime utime strptime tzset localtime_r])
+ AC_CHECK_FUNCS([socket setenv select putenv dup2 endgrent endpwent atexit munmap])
+
+ AC_CHECK_FUNCS([fwrite_unlocked])
AC_CHECK_DECL([getrandom],
AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
#include <sys/random.h>
])
- AC_CHECK_FUNCS([utime])
-
OCFLAGS=$CFLAGS
CFLAGS=""
AC_CHECK_FUNCS([strlcpy strlcat])
fi
echo -n "installation for $host OS... "
- RUST_SURICATA_LIBNAME="libsuricata.a"
+ RUST_SURICATA_LIBNAME="libsuricata_rust.a"
e_magic_file=""
e_magic_file_comment="#"
LDFLAGS="${LDFLAGS} -L/opt/local/lib"
;;
*-*-linux*)
+ # Always compile with -fPIC on Linux for shared library support.
+ CFLAGS="${CFLAGS} -fPIC"
RUST_LDADD="-ldl -lrt -lm"
+ can_build_shared_library="yes"
;;
*-*-mingw32*|*-*-msys)
CFLAGS="${CFLAGS} -DOS_WIN32"
- LDFLAGS="${LDFLAGS} -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid"
WINDOWS_PATH="yes"
PCAP_LIB_NAME="wpcap"
AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg])
- RUST_SURICATA_LIBNAME="suricata.lib"
- RUST_LDADD="-luserenv -lshell32 -ladvapi32 -lgcc_eh"
+ RUST_LDADD=" -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid -luserenv -lshell32 -ladvapi32 -lgcc_eh"
;;
*-*-cygwin)
LUA_LIB_NAME="lua"
esac
AC_MSG_RESULT(ok)
- # enable modifications for AFL fuzzing
- AC_ARG_ENABLE(afl,
- AS_HELP_STRING([--enable-afl], Enable AFL fuzzing logic[])], [enable_afl="$enableval"],[enable_afl=no])
-
- AS_IF([test "x$enable_afl" = "xyes"], [
- AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
- AC_DEFINE([AFLFUZZ_DISABLE_MGTTHREADS], [1], [Disable all management threads])
- AC_DEFINE([AFLFUZZ_PCAP_RUNMODE], [1], [Enable special AFL 'single' runmode])
- AC_DEFINE([AFLFUZZ_CONF_TEST], [1], [Enable special --afl-parse-rules commandline option])
- AC_DEFINE([AFLFUZZ_APPLAYER], [1], [Enable --afl-$proto-request commandline option])
- AC_DEFINE([AFLFUZZ_MIME], [1], [Enable --afl-mime commandline option])
- AC_DEFINE([AFLFUZZ_DECODER], [1], [Enable --afl-decoder-$proto commandline option])
- AC_DEFINE([AFLFUZZ_DER], [1], [Enable --afl-der commandline option])
- AC_DEFINE([AFLFUZZ_RULES], [1], [Enable --afl-rules commandline option])
-
- # test for AFL PERSISTANT_MODE support
- CFLAGS_ORIG=$CFLAGS
- CFLAGS="-Werror"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
- [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
- [])
- CFLAGS=$CFLAGS_ORIG
- ])
-
- # disable TLS on user request
- AC_ARG_ENABLE(threading-tls,
- AS_HELP_STRING([--disable-threading-tls], [Disable TLS (thread local storage)]), [enable_tls="$enableval"],[enable_tls=yes])
- AS_IF([test "x$enable_tls" = "xyes"], [
- # check if our target supports thread local storage
- AC_MSG_CHECKING(for thread local storage __thread support)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
- [[ static __thread int i; i = 1; i++; ]])],
- [AC_DEFINE([TLS], [1], [Thread local storage])
- AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])])
- ])
+ # check if our target supports c11
+ AC_MSG_CHECKING(for c11 support)
+ OCFLAGS=$CFLAGS
+ CFLAGS="-std=c11"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
+ [[ static _Thread_local int i; i = 1; i++; ]])],
+ AC_MSG_RESULT([yes])
+ [AC_DEFINE([TLS_C11], [1], [C11 Thread local storage])
+ CFLAGS="$OCFLAGS -std=c11"],
+ [AC_MSG_RESULT([no])
+ CFLAGS="$OCFLAGS"
+ have_c11=no
+ have_c11_tls=no])
+ if [ test "x$have_c11" = "xno" ]; then
+ CFLAGS="$CFLAGS -std=gnu99"
+ fi
+
+ # check if our target supports thread local storage
+ AC_MSG_CHECKING(for thread local storage gnu __thread support)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
+ [[ static __thread int i; i = 1; i++; ]])],
+ [AC_DEFINE([TLS_GNU], [1], [Thread local storage])
+ AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])
+ have_gnu_tls=no])
+ if [ test "x$have_c11_tls" = "xno" ] && [ test "x$have_gnu_tls" = "xno" ]; then
+ AC_MSG_ERROR("no thread local support available.")
+ exit 1
+ fi
#Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found
#AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc.
AC_SUBST(SECLDFLAGS)
])
+ #check for plugin support
+ AC_CHECK_HEADERS([dlfcn.h])
+ AC_MSG_CHECKING([for plugin support])
+ TMPLDFLAGS="${LDFLAGS}"
+ LDFLAGS="${LDFLAGS} -rdynamic"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <dlfcn.h>]], [[]])],
+ [
+ AC_MSG_RESULT(yes)
+ has_rdynamic=yes
+ ],
+ [
+ AC_MSG_RESULT(no)
+ has_rdynamic=no
+ ])
+
+ if test "x$has_rdynamic" = "xyes"; then
+ plugin_support=yes
+ AC_DEFINE([HAVE_PLUGINS], [1], [Plugin support])
+ else
+ plugin_support=no
+ LDFLAGS="${TMPLDFLAGS}"
+ fi
+
#enable profile generation
AC_ARG_ENABLE(gccprofile,
AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),[enable_gccprofile=$enableval],[enable_gccprofile=no])
# options
+
# enable the running of unit tests
AC_ARG_ENABLE(unittests,
AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no])
[
AS_IF([test "$CLANG" != no],
[
- llc_candidates=$($CLANG --version | \
+ llc_candidates=$($CLANG --version | sed -e 's/.*clang version/clang version/' | \
awk '/^clang version/ {
split($3, v, ".");
printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
[AC_MSG_ERROR([clang needed to build ebpf files])])
])
- # enable workaround for old barnyard2 for unified alert output
- AC_ARG_ENABLE(old-barnyard2,
- AS_HELP_STRING([--enable-old-barnyard2], [Use workaround for old barnyard2 in unified2 output]),[enable_old_barnyard2=$enableval],[enable_old_barnyard2=no])
- AS_IF([test "x$enable_old_barnyard2" = "xyes"], [
- AC_DEFINE([HAVE_OLD_BARNYARD2],[1],[Use workaround for old barnyard2 in unified2 output])
- ])
-
# enable debug output
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug], [Enable debug output]),[enable_debug=$enableval],[enable_debug=no])
AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output])
fi
])
+ AM_CONDITIONAL([DEBUG_VALIDATION], [test "x$enable_debug_validation" = "xyes"])
# profiling support
AC_ARG_ENABLE(profiling,
LIBS="${TMPLIBS} -lz"
fi
- #libpcre
- AC_ARG_WITH(libpcre_includes,
- [ --with-libpcre-includes=DIR libpcre include directory],
- [with_libpcre_includes="$withval"],[with_libpcre_includes="no"])
- AC_ARG_WITH(libpcre_libraries,
- [ --with-libpcre-libraries=DIR libpcre library directory],
- [with_libpcre_libraries="$withval"],[with_libpcre_libraries="no"])
-
- if test "$with_libpcre_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libpcre_includes}"
- fi
- AC_CHECK_HEADER(pcre.h,,[AC_MSG_ERROR(pcre.h not found ...)])
-
- if test "$with_libpcre_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libpcre_libraries}"
- fi
- PCRE=""
- AC_CHECK_LIB(pcre, pcre_get_substring,,PCRE="no")
- if test "$PCRE" = "no"; then
+ PCRE2=""
+ AC_CHECK_LIB(pcre2-8, pcre2_compile_8,,PCRE2="no")
+ if test "$PCRE2" = "no"; then
echo
- echo " ERROR! pcre library not found, go get it"
+ echo " ERROR! pcre2 library not found, go get it"
echo " from www.pcre.org. Or from packages:"
- echo " Debian/Ubuntu: apt install libpcre3-dev"
- echo " Fedora: dnf install pcre-devel"
- echo " CentOS/RHEL: yum install pcre-devel"
- echo
- exit 1
- fi
-
- # libpcre 8.35 (especially on debian) has a known issue that results in segfaults
- # see https://redmine.openinfosecfoundation.org/issues/1693
- if test "$with_libpcre_libraries" = "no"; then
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.35],[libpcre_buggy_found="yes"],[libprce_buggy_found="no"])
- if test "$libpcre_buggy_found" = "yes"; then
- echo
- echo " Warning! vulnerable libpcre version 8.35 found"
- echo " This version has a known issue that could result in segfaults"
- echo " please upgrade to a newer version of pcre which you can get from"
- echo " www.pcre.org. For more information, see issue #1693"
- echo
- echo " Continuing for now with JIT disabled..."
- echo
- fi
- fi
-
- # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
- # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
- PCRE=""
- TMPLIBS="${LIBS}"
- AC_CHECK_LIB(pcre, pcre_dfa_exec,, PCRE="no")
- if test "$PCRE" = "no"; then
- echo
- echo " ERROR! pcre library was found but version was < 6.0"
- echo " please upgrade to a newer version of pcre which you can get from"
- echo " www.pcre.org."
+ echo " Debian/Ubuntu: apt install libpcre2-dev"
+ echo " Fedora: dnf install pcre2-devel"
+ echo " CentOS/RHEL: yum install pcre2-devel"
echo
exit 1
fi
- LIBS="${TMPLIBS}"
-
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[ int eo = 0; eo |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; ]])],
- [ pcre_match_limit_recursion_available=yes ],[:]
- )
- if test "$pcre_match_limit_recursion_available" != "yes"; then
- echo
- echo " Warning! pcre extra opt PCRE_EXTRA_MATCH_LIMIT_RECURSION not found"
- echo " This could lead to potential DoS please upgrade to pcre >= 6.5"
- echo " from www.pcre.org."
- echo " Continuing for now...."
- echo
- AC_DEFINE([NO_PCRE_MATCH_RLIMIT],[1],[Pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION not available])
- fi
-
- TMPCFLAGS="${CFLAGS}"
- CFLAGS="-O0 -g -Werror -Wall"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[ pcre_extra *extra = NULL; pcre_free_study(extra); ]])],
- [ AC_DEFINE([HAVE_PCRE_FREE_STUDY], [1], [Pcre pcre_free_study supported])],[:]
- )
- CFLAGS="${TMPCFLAGS}"
- #enable support for PCRE-jit available since pcre-8.20
- AC_MSG_CHECKING(for PCRE JIT support)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
+ AC_DEFINE([PCRE2_CODE_UNIT_WIDTH], [8], [Pcre code unit width is 8 bits])
+ AC_MSG_CHECKING(for PCRE2 JIT support)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre2.h> ]],
[[
int jit = 0;
- pcre_config(PCRE_CONFIG_JIT, &jit);
- ]])],[ pcre_jit_available=yes ],[ pcre_jit_available=no ]
+ pcre2_config(PCRE2_CONFIG_JIT, &jit);
+ ]])],[ pcre2_jit_available=yes ],[ pcre2_jit_available=no ]
)
-
- case $host in
- *powerpc64*)
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.39],[libpcre_ppc64_buggy_found1="yes"],[libprce_ppc64_buggy_found1="no"])
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.40],[libpcre_ppc64_buggy_found2="yes"],[libprce_ppc64_buggy_found2="no"])
-
- if test "$libprce_ppc64_buggy_found1" = "yes" || test "$libprce_ppc64_buggy_found2"; then
- # on powerpc64, both gcc and clang lead to SIGILL in
- # unittests when jit is enabled.
- pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64"
- fi
- ;;
- *)
- # bug 1693, libpcre 8.35 is broken and debian jessie is still using that
- if test "$libpcre_buggy_found" = "yes"; then
- pcre_jit_available="no, libpcre 8.35 blacklisted"
- fi
- ;;
- esac
-
- if test "x$pcre_jit_available" = "xyes"; then
- AC_MSG_RESULT(yes)
- AC_DEFINE([PCRE_HAVE_JIT], [1], [Pcre with JIT compiler support enabled])
-
- AC_MSG_CHECKING(for PCRE JIT support usability)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[
- const char* regexstr = "(a|b|c|d)";
- pcre *re;
- const char *error;
- pcre_extra *extra;
- int err_offset;
- re = pcre_compile(regexstr,0, &error, &err_offset,NULL);
- extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
- if (extra == NULL)
- exit(EXIT_FAILURE);
- int jit = 0;
- int ret = pcre_fullinfo(re, extra, PCRE_INFO_JIT, &jit);
- if (ret != 0 || jit != 1)
- exit(EXIT_FAILURE);
- exit(EXIT_SUCCESS);
- ]])],[ pcre_jit_works=yes ],[:]
- )
- if test "x$pcre_jit_works" != "xyes"; then
- AC_MSG_RESULT(no)
- echo
- echo " PCRE JIT support detection worked but testing it failed"
- echo " something odd is going on, please file a bug report."
- echo
- exit 1
- else
- AC_MSG_RESULT(yes)
- fi
+ if test "x$pcre2_jit_available" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE([PCRE2_HAVE_JIT], [1], [Pcre2 with JIT compiler support enabled])
else
AC_MSG_RESULT(no)
fi
if test "$NFNL" = "no"; then
echo
- echo " ERROR! nfnetlink library not found, go get it"
+ echo " nfnetlink library not found, go get it"
echo " from www.netfilter.org."
echo " we automatically append libnetfilter_queue/ when searching"
echo " for headers etc. when the --with-libnfnetlink-includes directive"
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
fi
- AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
+ AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,
+ [AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)],
+ [
+ #define _GNU_SOURCE
+ #include <sys/types.h>
+ #include <stdint.h>
+ ])
if test "$with_libnetfilter_queue_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
+ #define _GNU_SOURCE
+ #include <sys/types.h>
+ #include <stdint.h>
#include <stdio.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
],
fi
# /WinDivert
- # prelude
- AC_ARG_ENABLE(prelude,
- AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),[enable_prelude=$enableval],[enable_prelude=no])
- # Prelude doesn't work with -Werror
- STORECFLAGS="${CFLAGS}"
- CFLAGS="${CFLAGS} -Wno-error=unused-result"
-
- AS_IF([test "x$enable_prelude" = "xyes"], [
- AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
- if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
- CPPFLAGS="${CPPFLAGS} ${LIBPRELUDE_CFLAGS}"
- fi
-
- if test "x${LIBPRELUDE_LDFLAGS}" != "x"; then
- LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LDFLAGS}"
- fi
-
- if test "x${LIBPRELUDE_LIBS}" != "x"; then
- LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LIBS}"
- fi
- AC_DEFINE([PRELUDE], [1], [Libprelude support enabled])
- ])
- CFLAGS="${STORECFLAGS}"
-
# libnet
AC_ARG_WITH(libnet_includes,
CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}"
fi
- AC_CHECK_HEADER(pcap.h,,[AC_MSG_ERROR(pcap.h not found ...)])
+ AC_CHECK_HEADERS([pcap.h],[],[AC_MSG_ERROR(pcap.h not found ...)],
+ [[
+ #ifdef HAVE_WINSOCK2_H
+ #include <winsock2.h>
+ #endif
+ #define _DEFAULT_SOURCE 1
+ ]])
if test "$with_libpcap_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcap_libraries}"
fi
- AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
+ AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h],[],[],
+ [[
+ #ifdef HAVE_WINSOCK2_H
+ #include <winsock2.h>
+ #endif
+ #define _DEFAULT_SOURCE 1
+ ]])
LIBPCAP=""
+ PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}"],[:])
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no")
if test "$LIBPCAP" = "no"; then
echo
#include <net/netmap_user.h>
],[
#ifndef NETMAP_API
- #error "outdated netmap, need one with NETMAP_API"
+ #error "Outdated netmap, need one with NETMAP_API"
#endif
- #if NETMAP_API < 11
- #error "outdated netmap, need at least api version 11"
+ #if NETMAP_API < 14
+ #error "Outdated netmap, need at least API version 14"
#endif
])], [have_recent_netmap="yes"])
if test "x$have_recent_netmap" != "xyes"; then
- echo "ERROR: outdated netmap"
+ echo "ERROR: outdated netmap; need at least v14"
exit 1
fi
- have_netmap_version="unknown"
- have_v11_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 11
- #error "not 11"
- #endif
- ])], [have_v11_netmap="yes"])
- if test "x$have_v11_netmap" = "xyes"; then
- have_netmap_version="v11"
- fi
- have_v12_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 12
- #error "not 12"
- #endif
- ])], [have_v12_netmap="yes"])
- if test "x$have_v12_netmap" = "xyes"; then
- have_netmap_version="v12"
- fi
- have_v13_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 13
- #error "not 13"
- #endif
- ])], [have_v13_netmap="yes"])
- if test "x$have_v13_netmap" = "xyes"; then
- have_netmap_version="v13"
- fi
- have_gtv13_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API <= 13
- #error "not gt 13"
- #endif
- ])], [have_gtv13_netmap="yes"])
- if test "x$have_gtv13_netmap" = "xyes"; then
- have_netmap_version="> v13"
+ have_netmap_version="v14+"
+ AC_CHECK_HEADER(libnetmap.h,,[AC_MSG_ERROR(libnetmap.h not found ...)],)
+ LIBNETMAP=""
+ AC_SEARCH_LIBS([nmport_open],[netmap],,[LIBNETMAP="no"])
+ if test "$LIBNETMAP" = "no"; then
+ echo
+ echo " ERROR! libnetmap library not found!"
+ echo " Go get it from https://github.com/luigirizzo/netmap"
+ echo " or your distribution."
+ echo
+ exit 1
fi
+ AC_DEFINE([HAVE_NETMAP_V14],[1],(NETMAP API v14 support enabled))
])
# Suricata-Update.
ruledirprefix="$sysconfdir"
if test "$enable_suricata_update" = "yes"; then
- AC_CHECK_FILE([$srcdir/suricata-update/setup.py], [
- have_suricata_update="yes"], [])
+ if test -f "$srcdir/suricata-update/setup.py"; then
+ have_suricata_update="yes"
+ fi
fi
- AM_CONDITIONAL([HAVE_SURICATA_UPDATE],
- [test "x$have_suricata_update" != "xno"])
if test "$have_suricata_update" = "yes"; then
if test "$have_python_yaml" != "yes"; then
echo ""
echo " Warning: suricata-update will not be installed as the"
- echo " depedency python-yaml is not installed."
+ echo " Python yaml module is not installed.."
echo ""
- echo " Debian/Ubuntu: apt install python-yaml"
- echo " Fedora: dnf install python-yaml"
- echo " CentOS/RHEL: yum install python-yaml"
+ echo " Install the yaml module for Python ${pymv} to enable"
+ echo " suricata-update."
echo
else
SURICATA_UPDATE_DIR="suricata-update"
if test "x$enable_python" != "xyes"; then
install_suricatactl="requires python"
elif test "x$have_python_distutils" != "xyes"; then
- install_suricatactl="requires distutils"
+ install_suricatactl="no, requires distutils"
else
install_suricatactl="yes"
fi
# Test to see if suricata-update can be installed.
if test "x$have_suricata_update" != "xyes"; then
- install_suricata_update="not bundled"
+ install_suricata_update="no, "
+ install_suricata_update_reason="not bundled"
elif test "x$enable_python" != "xyes"; then
- install_suricata_update="requires python"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires python"
elif test "x$have_python_distutils" != "xyes"; then
- install_suricata_update="requires distutils"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires distutils"
elif test "x$have_python_yaml" != "xyes"; then
- install_suricata_update="requires pyyaml"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires pyyaml"
else
install_suricata_update="yes"
fi
+ AM_CONDITIONAL([INSTALL_SURICATA_UPDATE],
+ [test "x$install_suricata_update" = "xyes"])
+ AC_SUBST([install_suricata_update_reason])
+
# libhtp
AC_ARG_ENABLE(non-bundled-htp,
AS_HELP_STRING([--enable-non-bundled-htp], [Enable the use of an already installed version of htp]),[enable_non_bundled_htp=$enableval],[enable_non_bundled_htp=no])
echo
exit 1
fi
- PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.30],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
+ PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.36],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
if test "$libhtp_minver_found" = "no"; then
PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
if test "$libhtp_devver_found" = "no"; then
echo
- echo " ERROR! libhtp was found but it is neither >= 0.5.30, nor the dev 0.5.X"
+ echo " ERROR! libhtp was found but it is neither >= 0.5.36, nor the dev 0.5.X"
echo
exit 1
fi
AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp])
AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) )
AC_CHECK_LIB([htp], [htp_config_set_lzma_memlimit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Found htp_config_set_lzma_memlimit function in libhtp]) ,,[-lhtp])
+ AC_CHECK_LIB([htp], [htp_config_set_lzma_layers],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Found htp_config_set_lzma_layers function in libhtp]) ,,[-lhtp])
AC_CHECK_LIB([htp], [htp_config_set_compression_bomb_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Found htp_config_set_compression_bomb_limit function in libhtp]) ,,[-lhtp])
+ AC_CHECK_LIB([htp], [htp_config_set_compression_time_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Found htp_config_set_compression_time_limit function in libhtp]) ,,[-lhtp])
])
if test "x$enable_non_bundled_htp" = "xno"; then
# enable when libhtp has been updated
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Assuming htp_config_set_lzma_memlimit function in bundled libhtp])
+ AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Assuming htp_config_set_lzma_layers function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Assuming htp_config_set_compression_bomb_limit function in bundled libhtp])
+ AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Assuming htp_config_set_compression_time_limit function in bundled libhtp])
else
echo
echo " ERROR: Libhtp is not bundled. Get libhtp by doing:"
if test "$have_xdp" = "yes"; then
AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
fi
+ AC_CHECK_FUNCS(bpf_program__section_name)
fi;
# Check for DAG support.
AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled))
fi
-# libnspr (enabled by default)
- AC_ARG_ENABLE(nspr,
- AS_HELP_STRING([--disable-nspr],[Disable libnspr support]),
- [enable_nspr=$enableval],[enable_nspr="yes"])
-
- AC_ARG_WITH(libnspr_includes,
- [ --with-libnspr-includes=DIR libnspr include directory],
- [with_libnspr_includes="$withval"],[with_libnspr_includes="no"])
-
- AC_ARG_WITH(libnspr_libraries,
- [ --with-libnspr-libraries=DIR libnspr library directory],
- [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
-
- if test "$enable_nspr" != "no"; then
- # Try pkg-config first:
- PKG_CHECK_MODULES([libnspr],nspr,,[with_pkgconfig_nspr="no"])
-
- if test "$with_pkgconfig_nspr" != "no"; then
- CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
- LIBS="${LIBS} ${libnspr_LIBS}"
- fi
-
- if test "$with_libnspr_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
- fi
- TMPLIBS="${LIBS}"
- AC_CHECK_HEADER(nspr.h,
- AC_CHECK_LIB(nspr4,PR_GetCurrentThread,[AC_DEFINE([HAVE_NSPR],[1],[libnspr available])
- NSPR="yes"
- if test "$NSPR" = "yes"; then
- if test "$with_libnspr_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
- LIBS="${TMPLIBS}"
- else
- LIBS="${TMPLIBS}"
- fi
- fi]),NSPR="no")
-
- if test "$NSPR" = "no"; then
- echo
- echo " ERROR! libnspr library not found, go get it"
- echo " from Mozilla or your distribution:"
- echo
- echo " Ubuntu: apt-get install libnspr4-dev"
- echo " Fedora: dnf install nspr-devel"
- echo " CentOS/RHEL: yum install nspr-devel"
- echo
- fi
- fi
-
- # libnss (enabled by default)
-
- AC_ARG_ENABLE(nss,
- AS_HELP_STRING([--disable-nss],[Disable libnss support]),
- [enable_nss=$enableval],[enable_nss="yes"])
-
- AC_ARG_WITH(libnss_includes,
- [ --with-libnss-includes=DIR libnss include directory],
- [with_libnss_includes="$withval"],[with_libnss_includes="no"])
-
- AC_ARG_WITH(libnss_libraries,
- [ --with-libnss-libraries=DIR libnss library directory],
- [with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
-
- if test "$enable_nss" != "no"; then
- # Try pkg-config first:
- PKG_CHECK_MODULES([libnss],nss,,[with_pkgconfig_nss="no"])
-
- if test "$with_pkgconfig_nss" != "no"; then
- CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
- LIBS="${LIBS} ${libnss_LIBS}"
- fi
-
- if test "$with_libnss_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
- fi
- TMPLIBS="${LIBS}"
-
- AC_CHECK_HEADER(sechash.h,
- AC_CHECK_LIB(nss3,HASH_Begin,[AC_DEFINE([HAVE_NSS],[1],[libnss available])
- NSS="yes"
- if test "$NSS" = "yes"; then
- if test "$with_libnss_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
- LIBS="${TMPLIBS}"
- else
- LIBS="${TMPLIBS}"
- fi
- fi]),NSS="no")
-
- if test "$NSS" = "no"; then
- echo
- echo " ERROR! libnss library not found, go get it"
- echo " from Mozilla or your distribution:"
- echo
- echo " Ubuntu: apt-get install libnss3-dev"
- echo " Fedora: dnf install nss-devel"
- echo " CentOS/RHEL: yum install nss-devel"
- echo
- fi
- fi
-
# libmagic
enable_magic="no"
AC_ARG_ENABLE(libmagic,
fi
fi
- # Napatech - Using the 3GD API
+ # Napatech - Using the 3GD API
AC_ARG_ENABLE(napatech,
AS_HELP_STRING([--enable-napatech],[Enabled Napatech Devices]),
[ enable_napatech=$enableval ],
[ enable_napatech=no])
+ AC_ARG_ENABLE(napatech_bypass,
+ AS_HELP_STRING([--disable-napatech-bypass],[Disable Bypass feature on Napatech cards]),
+ [ napatech_bypass=$enableval ],
+ [ napatech_bypass=yes])
AC_ARG_WITH(napatech_includes,
[ --with-napatech-includes=DIR napatech include directory],
[with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"])
fi
AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support))
+ if test "$napatech_bypass" = "yes"; then
+ AC_CHECK_LIB(ntapi, NT_FlowOpenAttrInit,NTFLOW="yes",NTFLOW="no")
+ if test "$NTFLOW" = "yes"; then
+ echo " Napatech Flow Processing is Enabled (--disable-napatech-bypass if not needed)"
+ AC_DEFINE([NAPATECH_ENABLE_BYPASS],[1],(Napatech flowdirector support))
+ else
+ echo "Napatech Flow Processing is not available"
+ fi
+ else
+ echo "Napatech Flow Processing is Disabled."
+ fi
fi
# liblua
])
])
])
- LDFLAGS="${LDFLAGS} ${LUA_LIBS}"
+ LIBS="${LIBS} ${LUA_LIBS}"
fi
if test "$LUA" = "no"; then
LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit])
- LDFLAGS="${LDFLAGS} ${LUAJIT_LIBS}"
+ LIBS="${LIBS} ${LUAJIT_LIBS}"
fi
AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no")
AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
+ # If Lua is enabled, test the integer size.
+ if test "x$enable_lua" = "xyes" -a "$cross_compiling" != "yes"; then
+ TMPLIBS="$LIBS"
+ LIBS=""
+
+ AC_MSG_CHECKING([size of lua integer])
+ AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <lua.h>]],
+ [[
+ if (sizeof(lua_Integer) == 8) {
+ return 1;
+ }
+ return 0;
+ ]])],
+ [
+ AC_MSG_RESULT([4])
+ ],
+ [
+ AC_MSG_RESULT([8])
+ AC_SUBST([LUA_INT8], ["lua_int8"])
+ ])
+ LIBS="$TMPLIBS"
+ fi
+
# libmaxminddb
AC_ARG_ENABLE(geoip,
AS_HELP_STRING([--enable-geoip],[Enable GeoIP2 support]),
- [ enable_geoip="yes"],
+ [ enable_geoip="$enableval"],
[ enable_geoip="no"])
AC_ARG_WITH(libmaxminddb_includes,
[ --with-libmaxminddb-includes=DIR libmaxminddb include directory],
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
+# mscgen for devguide images
+ AC_PATH_PROG([HAVE_MSCGEN], mscgen, "no")
+ if test "$HAVE_MSCGEN" = "no"; then
+ enable_mscgen=no
+ echo "WARNING! mscgen package not installed."
+ echo " Devguide images won't be generated!"
+ echo " Get mscgen package:"
+ echo " https://www.mcternan.me.uk/mscgen/"
+ echo " or install it from your distribution"
+ fi
+ AM_CONDITIONAL([HAVE_MSCGEN], [test "x$enable_mscgen" != "xno" ])
+
# sphinx for documentation
AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no")
if test "$HAVE_SPHINXBUILD" = "no"; then
AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"])
# Cargo/Rust
+ AM_CONDITIONAL([RUST_CROSS_COMPILE], [test "x$cross_compiling" = "xyes"])
AC_PATH_PROG(RUSTC, rustc, "no")
if test "$RUSTC" = "no"; then
echo ""
enable_rust="yes"
rust_compiler_version=$($RUSTC --version)
rustc_version=$(echo "$rust_compiler_version" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/')
- rust_cargo_version=$($CARGO --version)
+ cargo_version_output=$($CARGO --version)
+ cargo_version=$(echo "$cargo_version_output" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/')
- MIN_RUSTC_VERSION="1.33.0"
+ MIN_RUSTC_VERSION="1.34.2"
AC_MSG_CHECKING(for Rust version $MIN_RUSTC_VERSION or newer)
AS_VERSION_COMPARE([$rustc_version], [$MIN_RUSTC_VERSION],
[
[])
AC_MSG_RESULT(yes)
+ RUST_FEATURES=""
+ AS_VERSION_COMPARE([$rustc_version], [1.38.0],
+ [],
+ [RUST_FEATURES="$RUST_FEATURES function-macro"],
+ [RUST_FEATURES="$RUST_FEATURES function-macro"])
+
rust_vendor_comment="# "
have_rust_vendor="no"
- # We may require Python if the Rust header stubs are not already
- # generated.
- if test "x$enable_python" != "xyes" && test ! -f rust/gen/c-headers/rust-core-gen.h; then
- echo ""
- echo " ERROR! Rust support requires Python."
- echo
- echo " Ubuntu: apt install python"
- echo
- exit 1
+ if test "x$cross_compiling" = "xyes"; then
+ RUST_SURICATA_LIB_XC_DIR="${host_alias}/"
+ else
+ if test "x$CARGO_BUILD_TARGET" = "x"; then
+ RUST_SURICATA_LIB_XC_DIR=
+ else
+ RUST_SURICATA_LIB_XC_DIR="${CARGO_BUILD_TARGET}/"
+ fi
fi
+
if test "x$enable_debug" = "xyes"; then
- RUST_SURICATA_LIB="../rust/target/debug/${RUST_SURICATA_LIBNAME}"
+ RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}debug"
else
- RUST_SURICATA_LIB="../rust/target/release/${RUST_SURICATA_LIBNAME}"
+ RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}release"
fi
+ RUST_SURICATA_LIB="${RUST_SURICATA_LIBDIR}/${RUST_SURICATA_LIBNAME}"
- RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}"
- CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen/c-headers"
+ CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen -I\${srcdir}/../rust/dist"
AC_SUBST(RUST_SURICATA_LIB)
AC_SUBST(RUST_LDADD)
if test "x$CARGO_HOME" = "x"; then
- AC_SUBST([CARGO_HOME], [~/.cargo])
+ if test "x$HAVE_CYGPATH" != "xno"; then
+ CYGPATH_CARGO_HOME=$(cygpath -a -t mixed ~/.cargo)
+ AC_SUBST([CARGO_HOME], [$CYGPATH_CARGO_HOME])
+ else
+ AC_SUBST([CARGO_HOME], [~/.cargo])
+ fi
else
AC_SUBST([CARGO_HOME], [$CARGO_HOME])
fi
- AC_CHECK_FILES([$srcdir/rust/vendor], [have_rust_vendor="yes"])
+
+ # Check for rustup. RUSTUP_HOME needs to be set if rustup is in
+ # use, and a user uses sudo (depending on configuration), or su to
+ # perform the install
+ rustup_home_path="no"
+ if test "x$RUSTUP_HOME" != "x"; then
+ rustup_home_path="$RUSTUP_HOME"
+ else
+ AC_PATH_PROG(have_rustup, rustup, "no")
+ if test "x$have_rustup" != "xno"; then
+ rustup_home_path=$($have_rustup show home 2>/dev/null || echo "no")
+ fi
+ fi
+ rustup_home=""
+ if test "x$rustup_home_path" != "xno"; then
+ rustup_home="RUSTUP_HOME=\$(RUSTUP_HOME_PATH)"
+ fi
+ AC_SUBST([RUSTUP_HOME_PATH], [$rustup_home_path])
+ AC_SUBST([rustup_home])
+
+ if test -e "$srcdir/rust/vendor"; then
+ have_rust_vendor="yes"
+ fi
+
if test "x$have_rust_vendor" = "xyes"; then
rust_vendor_comment=""
fi
AC_SUBST(rust_vendor_comment)
AM_CONDITIONAL([HAVE_RUST_VENDOR], [test "x$have_rust_vendor" = "xyes"])
- if test "x$enable_rust" = "xyes" || test "x$enable_rust" = "xyes (default)"; then
- AC_PATH_PROG(HAVE_CARGO_VENDOR, cargo-vendor, "no")
- if test "x$HAVE_CARGO_VENDOR" = "xno"; then
- echo " Warning: cargo-vendor not found, but it is only required"
- echo " for building the distribution"
- echo " To install: cargo install cargo-vendor"
+ # With Rust/Cargo 1.37 and greater, cargo-vendor is built-in.
+ AC_MSG_CHECKING(for cargo vendor support)
+ AS_VERSION_COMPARE([$cargo_version], [1.37.0],
+ [have_cargo_vendor="no"],
+ [have_cargo_vendor="yes"],
+ [have_cargo_vendor="yes"])
+ AC_MSG_RESULT($have_cargo_vendor)
+
+ # If Rust is older than 1.37, check for cargo-vendor as an
+ # external sub-command.
+ if test "x$have_cargo_vendor" != "xyes"; then
+ AC_CHECK_PROG(have_cargo_vendor_bin, cargo-vendor, yes, no)
+ have_cargo_vendor=$have_cargo_vendor_bin
+ fi
+
+ have_rust_headers="no"
+ AC_MSG_CHECKING(for $srcdir/rust/dist/rust-bindings.h)
+ if test -f "$srcdir/rust/dist/rust-bindings.h"; then
+ AC_MSG_RESULT(yes)
+ have_rust_headers="yes"
+ else
+ AC_MSG_RESULT(no)
+ AC_MSG_CHECKING(for $srcdir/rust/gen/rust-bindings.h)
+ if test -f "$srcdir/rust/gen/rust-bindings.h"; then
+ AC_MSG_RESULT(yes)
+ have_rust_headers="yes"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+
+ AC_PATH_PROG(CBINDGEN, cbindgen, "no")
+ if test "x$CBINDGEN" != "xno"; then
+ cbindgen_version=$(cbindgen --version | cut -d' ' -f2-)
+ min_cbindgen_version="0.10.0"
+ AS_VERSION_COMPARE([$cbindgen_version], [$min_cbindgen_version],
+ [cbindgen_ok="no"],
+ [cbindgen_ok="yes"],
+ [cbindgen_ok="yes"])
+ if test "x$cbindgen_ok" != "xyes"; then
+ echo " Warning: cbindgen must be at least version $min_cbindgen_version,"
+ echo " found $cbindgen_version."
+ echo " To update: cargo install --force cbindgen"
+ CBINDGEN="no"
+ else
+ have_rust_headers="no"
fi
fi
- AM_CONDITIONAL([HAVE_CARGO_VENDOR], [test "x$HAVE_CARGO_VENDOR" != "xno"])
+
+ AC_SUBST([CBINDGEN], [$CBINDGEN])
+
+ # Require cbindgen if generated headers are not bundled.
+ if test "x$have_rust_headers" != "xyes"; then
+ if test "x$CBINDGEN" = "xno"; then
+ echo " Warning: cbindgen too old or not found, it is required to "
+ echo " generate header files."
+ echo " To install: cargo install --force cbindgen"
+ AC_MSG_ERROR([cbindgen required])
+ fi
+ fi
+
+ AM_CONDITIONAL([HAVE_RUST_HEADERS], [test "x$have_rust_headers" = "xyes"])
+ AM_CONDITIONAL([HAVE_CBINDGEN], [test "x$CBINDGEN" != "xno"])
+ AM_CONDITIONAL([HAVE_CARGO_VENDOR], [test "x$have_cargo_vendor" != "xno"])
AC_ARG_ENABLE(rust_strict,
AS_HELP_STRING([--enable-rust-strict], [Rust warnings as errors]),[enable_rust_strict=$enableval],[enable_rust_strict=no])
])
AC_SUBST(RUST_FEATURES)
+ AC_CHECK_LIB(fuzzpcap, FPC_IsFuzzPacketCapture, HAS_FUZZPCAP="yes")
+ AM_CONDITIONAL([HAS_FUZZPCAP], [test "x$HAS_FUZZPCAP" = "xyes"])
+ AC_ARG_ENABLE(fuzztargets,
+ AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
+ AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
+ AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo "$rust_compiler_version" | grep -q nightly && echo "$RUSTFLAGS" | grep -v -q coverage])
+ AC_PROG_CXX
+ AS_IF([test "x$enable_fuzztargets" = "xyes"], [
+ AS_IF([test "x$CARGO_BUILD_TARGET" = "x" && echo "$rust_compiler_version" | grep -q nightly], [
+ CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu
+ AC_SUBST(CARGO_BUILD_TARGET)
+ ])
+ AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled])
+ AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
+ CFLAGS_ORIG=$CFLAGS
+ CFLAGS="-Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
+ [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
+ [])
+ CFLAGS=$CFLAGS_ORIG
+ AC_LANG_PUSH(C++)
+ tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS
+ AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [
+ LIB_FUZZING_ENGINE=-fsanitize=fuzzer
+ AC_SUBST(LIB_FUZZING_ENGINE)
+ ])
+ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE"
+ AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE])
+ AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
+(void)Data;
+(void)Size;
+return 0;
+}
+ ]])],
+ [ AC_MSG_RESULT(yes)
+ has_sanitizefuzzer=yes],
+ [ AC_MSG_RESULT(no) ]
+ )
+ _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags
+ AC_LANG_POP()
+ ])
+
+ AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"])
+
# get revision
if test -f ./revision; then
REVISION=`cat ./revision`
if test "${enable_ebpf}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD_MANAGER], [1],[Building flow bypass manager code])
fi
-if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_unittests}" = "yes"; then
+if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_napatech}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code])
fi
e_logfilesdir="$e_logdir\\\\files"
e_logcertsdir="$e_logdir\\\\certs"
e_datarulesdir="$e_winbase\\\\rules\\\\"
- if test "$HAVE_CYGPATH" != "no"; then
+ if test "x$HAVE_CYGPATH" != "xno"; then
# turn srcdir into abs path and convert to the
# mixed output (/c/Users/dev into c:/Users/dev)
e_rustdir="$(cygpath -a -t mixed ${srcdir})/rust"
AC_SUBST(CONFIGURE_LOCALSTATEDIR)
AC_SUBST(CONFIGURE_DATAROOTDIR)
AC_SUBST(PACKAGE_VERSION)
+AC_SUBST(RUST_FEATURES)
+AC_SUBST(RUST_SURICATA_LIBDIR)
+AC_SUBST(RUST_SURICATA_LIBNAME)
+AC_SUBST(enable_non_bundled_htp)
+
+AM_CONDITIONAL([BUILD_SHARED_LIBRARY], [test "x$enable_shared" = "xyes"] && [test "x$can_build_shared_library" = "xyes"])
-AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/.cargo/config)
+AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/derive/Cargo.toml rust/.cargo/config)
AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
-AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile)
+AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile doc/devguide/Makefile)
AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile)
AC_CONFIG_FILES(suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service)
AC_CONFIG_FILES(python/Makefile python/suricata/config/defaults.py)
AC_CONFIG_FILES(ebpf/Makefile)
+AC_CONFIG_FILES(libsuricata-config)
AC_OUTPUT
SURICATA_BUILD_CONF="Suricata Configuration:
Detection enabled: ${enable_detection}
Libmagic support: ${enable_magic}
- libnss support: ${enable_nss}
- libnspr support: ${enable_nspr}
libjansson support: ${enable_jansson}
hiredis support: ${enable_hiredis}
hiredis async with libevent: ${enable_hiredis_async}
- Prelude support: ${enable_prelude}
- PCRE jit: ${pcre_jit_available}
+ PCRE jit: ${pcre2_jit_available}
LUA support: ${enable_lua}
libluajit: ${enable_luajit}
GeoIP2 support: ${enable_geoip}
Non-bundled htp: ${enable_non_bundled_htp}
- Old barnyard2 support: ${enable_old_barnyard2}
Hyperscan support: ${enable_hyperscan}
Libnet support: ${enable_libnet}
liblz4 support: ${enable_liblz4}
Rust compiler path: ${RUSTC}
Rust compiler version: ${rust_compiler_version}
Cargo path: ${CARGO}
- Cargo version: ${rust_cargo_version}
+ Cargo version: ${cargo_version_output}
+ Cargo vendor: ${have_cargo_vendor}
Python support: ${enable_python}
Python path: ${python_path}
- Python version: ${python_version}
Python distutils ${have_python_distutils}
Python yaml ${have_python_yaml}
Install suricatactl: ${install_suricatactl}
Install suricatasc: ${install_suricatactl}
- Install suricata-update: ${install_suricata_update}
+ Install suricata-update: ${install_suricata_update}${install_suricata_update_reason}
Profiling enabled: ${enable_profiling}
Profiling locks enabled: ${enable_profiling_locks}
+ Plugin support (experimental): ${plugin_support}
+
Development settings:
Coccinelle / spatch: ${enable_coccinelle}
Unit tests enabled: ${enable_unittests}