- AC_INIT([suricata],[6.0.0-dev])
+ AC_INIT([suricata],[7.0.0-dev])
m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
- AC_CONFIG_HEADERS([config.h])
+ AC_CONFIG_HEADERS([src/autoconf.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
AM_INIT_AUTOMAKE([tar-ustar subdir-objects])
AC_LANG([C])
- AC_PROG_CC_C99
LT_INIT
PKG_PROG_PKG_CONFIG
case "$compiler" in
clang)
CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
- AC_MSG_CHECKING([clang __sync_bool_compare_and_swap support])
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdio.h>]],
- [[ unsigned int i = 0; (void)__sync_bool_compare_and_swap(&i, 1, 1);]])],
- [
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_1], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_2], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4], [1], [Fake GCC atomic support])
- AC_DEFINE([__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8], [1], [Fake GCC atomic support])
- AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])])
AC_SUBST(CLANG_CFLAGS)
;;
gcc)
AC_CHECK_HEADERS([sys/time.h time.h unistd.h sys/param.h])
AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h])
AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h])
- AC_CHECK_HEADERS([glob.h locale.h])
+ AC_CHECK_HEADERS([glob.h locale.h grp.h pwd.h])
AC_CHECK_HEADERS([dirent.h fnmatch.h])
AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
AC_CHECK_HEADERS([sys/random.h])
AC_CHECK_HEADERS([utime.h])
AC_CHECK_HEADERS([libgen.h])
AC_CHECK_HEADERS([mach/mach.h])
+ AC_CHECK_HEADERS([stdatomic.h])
+ AC_CHECK_HEADERS([sys/queue.h])
AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
[[#ifdef HAVE_SYS_SOCKET_H
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT64_T
+ AC_TYPE_UINT
+ AC_TYPE_USHORT
+ AC_TYPE_ULONG
+ AC_TYPE_UCHAR
AC_STRUCT_TIMEZONE
AC_CHECK_TYPES([ptrdiff_t])
AC_HEADER_STDBOOL
AC_CHECK_FUNCS([gettimeofday clock_gettime utime strptime tzset localtime_r])
AC_CHECK_FUNCS([socket setenv select putenv dup2 endgrent endpwent atexit munmap])
+ AC_CHECK_FUNCS([fwrite_unlocked])
+
AC_CHECK_DECL([getrandom],
AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
[], [
fi
echo -n "installation for $host OS... "
- RUST_SURICATA_LIBNAME="libsuricata.a"
+ RUST_SURICATA_LIBNAME="libsuricata_rust.a"
e_magic_file=""
e_magic_file_comment="#"
LDFLAGS="${LDFLAGS} -L/opt/local/lib"
;;
*-*-linux*)
+ # Always compile with -fPIC on Linux for shared library support.
+ CFLAGS="${CFLAGS} -fPIC"
RUST_LDADD="-ldl -lrt -lm"
+ can_build_shared_library="yes"
;;
*-*-mingw32*|*-*-msys)
CFLAGS="${CFLAGS} -DOS_WIN32"
- LDFLAGS="${LDFLAGS} -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid"
WINDOWS_PATH="yes"
PCAP_LIB_NAME="wpcap"
AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg])
- RUST_SURICATA_LIBNAME="suricata.lib"
- RUST_LDADD="-luserenv -lshell32 -ladvapi32 -lgcc_eh"
+ RUST_LDADD=" -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid -luserenv -lshell32 -ladvapi32 -lgcc_eh"
;;
*-*-cygwin)
LUA_LIB_NAME="lua"
esac
AC_MSG_RESULT(ok)
- # disable TLS on user request
- AC_ARG_ENABLE(threading-tls,
- AS_HELP_STRING([--disable-threading-tls], [Disable TLS (thread local storage)]), [enable_tls="$enableval"],[enable_tls=yes])
- AS_IF([test "x$enable_tls" = "xyes"], [
- # check if our target supports thread local storage
- AC_MSG_CHECKING(for thread local storage __thread support)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
- [[ static __thread int i; i = 1; i++; ]])],
- [AC_DEFINE([TLS], [1], [Thread local storage])
- AC_MSG_RESULT([yes])],
- [AC_MSG_RESULT([no])])
- ])
+ # check if our target supports c11
+ AC_MSG_CHECKING(for c11 support)
+ OCFLAGS=$CFLAGS
+ CFLAGS="-std=c11"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
+ [[ static _Thread_local int i; i = 1; i++; ]])],
+ AC_MSG_RESULT([yes])
+ [AC_DEFINE([TLS_C11], [1], [C11 Thread local storage])
+ CFLAGS="$OCFLAGS -std=c11"],
+ [AC_MSG_RESULT([no])
+ CFLAGS="$OCFLAGS"
+ have_c11=no
+ have_c11_tls=no])
+ if [ test "x$have_c11" = "xno" ]; then
+ CFLAGS="$CFLAGS -std=gnu99"
+ fi
+
+ # check if our target supports thread local storage
+ AC_MSG_CHECKING(for thread local storage gnu __thread support)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
+ [[ static __thread int i; i = 1; i++; ]])],
+ [AC_DEFINE([TLS_GNU], [1], [Thread local storage])
+ AC_MSG_RESULT([yes])],
+ [AC_MSG_RESULT([no])
+ have_gnu_tls=no])
+ if [ test "x$have_c11_tls" = "xno" ] && [ test "x$have_gnu_tls" = "xno" ]; then
+ AC_MSG_ERROR("no thread local support available.")
+ exit 1
+ fi
#Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found
#AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc.
AC_SUBST(SECLDFLAGS)
])
+ #check for plugin support
+ AC_CHECK_HEADERS([dlfcn.h])
+ AC_MSG_CHECKING([for plugin support])
+ TMPLDFLAGS="${LDFLAGS}"
+ LDFLAGS="${LDFLAGS} -rdynamic"
+ AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <dlfcn.h>]], [[]])],
+ [
+ AC_MSG_RESULT(yes)
+ has_rdynamic=yes
+ ],
+ [
+ AC_MSG_RESULT(no)
+ has_rdynamic=no
+ ])
+
+ if test "x$has_rdynamic" = "xyes"; then
+ plugin_support=yes
+ AC_DEFINE([HAVE_PLUGINS], [1], [Plugin support])
+ else
+ plugin_support=no
+ LDFLAGS="${TMPLDFLAGS}"
+ fi
+
#enable profile generation
AC_ARG_ENABLE(gccprofile,
AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),[enable_gccprofile=$enableval],[enable_gccprofile=no])
# options
- AC_ARG_ENABLE(fuzztargets,
- AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
- AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
- AC_PROG_CXX
- AS_IF([test "x$enable_fuzztargets" = "xyes"], [
- AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled])
- AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
- CFLAGS_ORIG=$CFLAGS
- CFLAGS="-Werror"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
- [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
- [])
- CFLAGS=$CFLAGS_ORIG
- AC_LANG_PUSH(C++)
- tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS
- AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [
- LIB_FUZZING_ENGINE=-fsanitize=fuzzer
- AC_SUBST(LIB_FUZZING_ENGINE)
- ])
- _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE"
- AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE])
- AC_LINK_IFELSE([AC_LANG_SOURCE([[
-#include <sys/types.h>
-extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
-extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
-(void)Data;
-(void)Size;
-return 0;
-}
- ]])],
- [ AC_MSG_RESULT(yes)
- has_sanitizefuzzer=yes],
- [ AC_MSG_RESULT(no) ]
- )
- _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags
- AC_LANG_POP()
- ])
-
- AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"])
-
# enable the running of unit tests
AC_ARG_ENABLE(unittests,
AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no])
[
AS_IF([test "$CLANG" != no],
[
- llc_candidates=$($CLANG --version | \
+ llc_candidates=$($CLANG --version | sed -e 's/.*clang version/clang version/' | \
awk '/^clang version/ {
split($3, v, ".");
printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output])
fi
])
+ AM_CONDITIONAL([DEBUG_VALIDATION], [test "x$enable_debug_validation" = "xyes"])
# profiling support
AC_ARG_ENABLE(profiling,
LIBS="${TMPLIBS} -lz"
fi
- #libpcre
- AC_ARG_WITH(libpcre_includes,
- [ --with-libpcre-includes=DIR libpcre include directory],
- [with_libpcre_includes="$withval"],[with_libpcre_includes="no"])
- AC_ARG_WITH(libpcre_libraries,
- [ --with-libpcre-libraries=DIR libpcre library directory],
- [with_libpcre_libraries="$withval"],[with_libpcre_libraries="no"])
-
- if test "$with_libpcre_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libpcre_includes}"
- fi
- AC_CHECK_HEADER(pcre.h,,[AC_MSG_ERROR(pcre.h not found ...)])
-
- if test "$with_libpcre_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libpcre_libraries}"
- fi
- PCRE=""
- AC_CHECK_LIB(pcre, pcre_get_substring,,PCRE="no")
- if test "$PCRE" = "no"; then
+ PCRE2=""
+ AC_CHECK_LIB(pcre2-8, pcre2_compile_8,,PCRE2="no")
+ if test "$PCRE2" = "no"; then
echo
- echo " ERROR! pcre library not found, go get it"
+ echo " ERROR! pcre2 library not found, go get it"
echo " from www.pcre.org. Or from packages:"
- echo " Debian/Ubuntu: apt install libpcre3-dev"
- echo " Fedora: dnf install pcre-devel"
- echo " CentOS/RHEL: yum install pcre-devel"
- echo
- exit 1
- fi
-
- # libpcre 8.35 (especially on debian) has a known issue that results in segfaults
- # see https://redmine.openinfosecfoundation.org/issues/1693
- if test "$with_libpcre_libraries" = "no"; then
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.35],[libpcre_buggy_found="yes"],[libprce_buggy_found="no"])
- if test "$libpcre_buggy_found" = "yes"; then
- echo
- echo " Warning! vulnerable libpcre version 8.35 found"
- echo " This version has a known issue that could result in segfaults"
- echo " please upgrade to a newer version of pcre which you can get from"
- echo " www.pcre.org. For more information, see issue #1693"
- echo
- echo " Continuing for now with JIT disabled..."
- echo
- fi
- fi
-
- # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
- # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
- PCRE=""
- TMPLIBS="${LIBS}"
- AC_CHECK_LIB(pcre, pcre_dfa_exec,, PCRE="no")
- if test "$PCRE" = "no"; then
- echo
- echo " ERROR! pcre library was found but version was < 6.0"
- echo " please upgrade to a newer version of pcre which you can get from"
- echo " www.pcre.org."
+ echo " Debian/Ubuntu: apt install libpcre2-dev"
+ echo " Fedora: dnf install pcre2-devel"
+ echo " CentOS/RHEL: yum install pcre2-devel"
echo
exit 1
fi
- LIBS="${TMPLIBS}"
-
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[ int eo = 0; eo |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; ]])],
- [ pcre_match_limit_recursion_available=yes ],[:]
- )
- if test "$pcre_match_limit_recursion_available" != "yes"; then
- echo
- echo " Warning! pcre extra opt PCRE_EXTRA_MATCH_LIMIT_RECURSION not found"
- echo " This could lead to potential DoS please upgrade to pcre >= 6.5"
- echo " from www.pcre.org."
- echo " Continuing for now...."
- echo
- AC_DEFINE([NO_PCRE_MATCH_RLIMIT],[1],[Pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION not available])
- fi
- TMPCFLAGS="${CFLAGS}"
- CFLAGS="-O0 -g -Werror -Wall"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[ pcre_extra *extra = NULL; pcre_free_study(extra); ]])],
- [ AC_DEFINE([HAVE_PCRE_FREE_STUDY], [1], [Pcre pcre_free_study supported])],[:]
- )
- CFLAGS="${TMPCFLAGS}"
-
- #enable support for PCRE-jit available since pcre-8.20
- AC_MSG_CHECKING(for PCRE JIT support)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
+ AC_DEFINE([PCRE2_CODE_UNIT_WIDTH], [8], [Pcre code unit width is 8 bits])
+ AC_MSG_CHECKING(for PCRE2 JIT support)
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre2.h> ]],
[[
int jit = 0;
- pcre_config(PCRE_CONFIG_JIT, &jit);
- ]])],[ pcre_jit_available=yes ],[ pcre_jit_available=no ]
+ pcre2_config(PCRE2_CONFIG_JIT, &jit);
+ ]])],[ pcre2_jit_available=yes ],[ pcre2_jit_available=no ]
)
-
- case $host in
- *powerpc64*)
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.39],[libpcre_ppc64_buggy_found1="yes"],[libprce_ppc64_buggy_found1="no"])
- PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.40],[libpcre_ppc64_buggy_found2="yes"],[libprce_ppc64_buggy_found2="no"])
-
- if test "$libprce_ppc64_buggy_found1" = "yes" || test "$libprce_ppc64_buggy_found2"; then
- # on powerpc64, both gcc and clang lead to SIGILL in
- # unittests when jit is enabled.
- pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64"
- fi
- ;;
- *)
- # bug 1693, libpcre 8.35 is broken and debian jessie is still using that
- if test "$libpcre_buggy_found" = "yes"; then
- pcre_jit_available="no, libpcre 8.35 blacklisted"
- fi
- ;;
- esac
-
- if test "x$pcre_jit_available" = "xyes"; then
- AC_MSG_RESULT(yes)
- AC_DEFINE([PCRE_HAVE_JIT], [1], [Pcre with JIT compiler support enabled])
-
- AC_MSG_CHECKING(for PCRE JIT support usability)
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]],
- [[
- const char *error;
- int err_offset;
- pcre *re = pcre_compile("(a|b|c|d)",0, &error, &err_offset,NULL);
- pcre_extra *extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
- if (extra == NULL)
- exit(EXIT_FAILURE);
- int jit = 0;
- int ret = pcre_fullinfo(re, extra, PCRE_INFO_JIT, &jit);
- if (ret != 0 || jit != 1)
- exit(EXIT_FAILURE);
- exit(EXIT_SUCCESS);
- ]])],[ pcre_jit_works=yes ],[:]
- )
- if test "x$pcre_jit_works" != "xyes"; then
- AC_MSG_RESULT(no)
- echo
- echo " PCRE JIT support detection worked but testing it failed"
- echo " something odd is going on, please file a bug report."
- echo
- exit 1
- else
- AC_MSG_RESULT(yes)
- fi
- else
- AC_MSG_RESULT(no)
- fi
-
- if test "x$pcre_jit_works" = "xyes"; then
-
- AC_MSG_CHECKING(for PCRE JIT EXEC support usability)
- AC_RUN_IFELSE([AC_LANG_PROGRAM([[
- #include <pcre.h>
- #include <string.h>
- ]],
- [[
- const char *error;
- int err_offset;
- pcre *re = pcre_compile("(a|b|c|d)", 0, &error, &err_offset,NULL);
- pcre_extra *study = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error);
- if (study == NULL)
- exit(EXIT_FAILURE);
- pcre_jit_stack *stack = pcre_jit_stack_alloc(32*1024,40*1024);
- if (stack == 0)
- exit(EXIT_FAILURE);
- int ret = pcre_jit_exec(re, study, "apple", 5, 0, 0, NULL, 0, stack);
- if (ret != 0)
- exit(EXIT_FAILURE);
- exit(EXIT_SUCCESS);
- ]])],[ pcre_jit_exec_works=yes ],[:]
- )
- if test "x$pcre_jit_exec_works" != "xyes"; then
- AC_MSG_RESULT(no)
- else
- AC_MSG_RESULT(yes)
- AC_DEFINE([PCRE_HAVE_JIT_EXEC], [1], [Pcre with JIT compiler support enabled supporting pcre_jit_exec])
- fi
+ if test "x$pcre2_jit_available" = "xyes"; then
+ AC_MSG_RESULT(yes)
+ AC_DEFINE([PCRE2_HAVE_JIT], [1], [Pcre2 with JIT compiler support enabled])
else
AC_MSG_RESULT(no)
fi
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
fi
- AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,[AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)])
+ AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,
+ [AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)],
+ [
+ #define _GNU_SOURCE
+ #include <sys/types.h>
+ #include <stdint.h>
+ ])
if test "$with_libnetfilter_queue_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
+ #define _GNU_SOURCE
+ #include <sys/types.h>
+ #include <stdint.h>
#include <stdio.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
],
fi
# /WinDivert
- # prelude
- AC_ARG_ENABLE(prelude,
- AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),[enable_prelude=$enableval],[enable_prelude=no])
- # Prelude doesn't work with -Werror
- STORECFLAGS="${CFLAGS}"
- CFLAGS="${CFLAGS} -Wno-error=unused-result"
-
- AS_IF([test "x$enable_prelude" = "xyes"], [
- AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no)
- if test "x${LIBPRELUDE_CFLAGS}" != "x"; then
- CPPFLAGS="${CPPFLAGS} ${LIBPRELUDE_CFLAGS}"
- fi
-
- if test "x${LIBPRELUDE_LDFLAGS}" != "x"; then
- LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LDFLAGS}"
- fi
-
- if test "x${LIBPRELUDE_LIBS}" != "x"; then
- LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LIBS}"
- fi
- AC_DEFINE([PRELUDE], [1], [Libprelude support enabled])
- ])
- CFLAGS="${STORECFLAGS}"
-
# libnet
AC_ARG_WITH(libnet_includes,
CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}"
fi
- AC_CHECK_HEADER(pcap.h,,[AC_MSG_ERROR(pcap.h not found ...)])
+ AC_CHECK_HEADERS([pcap.h],[],[AC_MSG_ERROR(pcap.h not found ...)],
+ [[
+ #ifdef HAVE_WINSOCK2_H
+ #include <winsock2.h>
+ #endif
+ #define _DEFAULT_SOURCE 1
+ ]])
if test "$with_libpcap_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcap_libraries}"
fi
- AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h])
+ AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h],[],[],
+ [[
+ #ifdef HAVE_WINSOCK2_H
+ #include <winsock2.h>
+ #endif
+ #define _DEFAULT_SOURCE 1
+ ]])
LIBPCAP=""
PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}"],[:])
#include <net/netmap_user.h>
],[
#ifndef NETMAP_API
- #error "outdated netmap, need one with NETMAP_API"
+ #error "Outdated netmap, need one with NETMAP_API"
#endif
- #if NETMAP_API < 11
- #error "outdated netmap, need at least api version 11"
+ #if NETMAP_API < 14
+ #error "Outdated netmap, need at least API version 14"
#endif
])], [have_recent_netmap="yes"])
if test "x$have_recent_netmap" != "xyes"; then
- echo "ERROR: outdated netmap"
+ echo "ERROR: outdated netmap; need at least v14"
exit 1
fi
- have_netmap_version="unknown"
- have_v11_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 11
- #error "not 11"
- #endif
- ])], [have_v11_netmap="yes"])
- if test "x$have_v11_netmap" = "xyes"; then
- have_netmap_version="v11"
- fi
- have_v12_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 12
- #error "not 12"
- #endif
- ])], [have_v12_netmap="yes"])
- if test "x$have_v12_netmap" = "xyes"; then
- have_netmap_version="v12"
- fi
- have_v13_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API != 13
- #error "not 13"
- #endif
- ])], [have_v13_netmap="yes"])
- if test "x$have_v13_netmap" = "xyes"; then
- have_netmap_version="v13"
- fi
- have_gtv13_netmap="no"
- AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
- #include <net/netmap_user.h>
- ],[
- #if NETMAP_API <= 13
- #error "not gt 13"
- #endif
- ])], [have_gtv13_netmap="yes"])
- if test "x$have_gtv13_netmap" = "xyes"; then
- have_netmap_version="> v13"
+ have_netmap_version="v14+"
+ AC_CHECK_HEADER(libnetmap.h,,[AC_MSG_ERROR(libnetmap.h not found ...)],)
+ LIBNETMAP=""
+ AC_SEARCH_LIBS([nmport_open],[netmap],,[LIBNETMAP="no"])
+ if test "$LIBNETMAP" = "no"; then
+ echo
+ echo " ERROR! libnetmap library not found!"
+ echo " Go get it from https://github.com/luigirizzo/netmap"
+ echo " or your distribution."
+ echo
+ exit 1
fi
+ AC_DEFINE([HAVE_NETMAP_V14],[1],(NETMAP API v14 support enabled))
])
# Suricata-Update.
# Test to see if suricata-update can be installed.
if test "x$have_suricata_update" != "xyes"; then
- install_suricata_update="not bundled"
+ install_suricata_update="no, "
+ install_suricata_update_reason="not bundled"
elif test "x$enable_python" != "xyes"; then
- install_suricata_update="no, requires python"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires python"
elif test "x$have_python_distutils" != "xyes"; then
- install_suricata_update="no, requires distutils"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires distutils"
elif test "x$have_python_yaml" != "xyes"; then
- install_suricata_update="no, requires pyyaml"
+ install_suricata_update="no, "
+ install_suricata_update_reason="requires pyyaml"
else
install_suricata_update="yes"
fi
AM_CONDITIONAL([INSTALL_SURICATA_UPDATE],
[test "x$install_suricata_update" = "xyes"])
+ AC_SUBST([install_suricata_update_reason])
# libhtp
AC_ARG_ENABLE(non-bundled-htp,
echo
exit 1
fi
- PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.32],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
+ PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.36],[libhtp_minver_found="yes"],[libhtp_minver_found="no"])
if test "$libhtp_minver_found" = "no"; then
PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"])
if test "$libhtp_devver_found" = "no"; then
echo
- echo " ERROR! libhtp was found but it is neither >= 0.5.32, nor the dev 0.5.X"
+ echo " ERROR! libhtp was found but it is neither >= 0.5.36, nor the dev 0.5.X"
echo
exit 1
fi
AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp])
AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) )
AC_CHECK_LIB([htp], [htp_config_set_lzma_memlimit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Found htp_config_set_lzma_memlimit function in libhtp]) ,,[-lhtp])
+ AC_CHECK_LIB([htp], [htp_config_set_lzma_layers],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Found htp_config_set_lzma_layers function in libhtp]) ,,[-lhtp])
AC_CHECK_LIB([htp], [htp_config_set_compression_bomb_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Found htp_config_set_compression_bomb_limit function in libhtp]) ,,[-lhtp])
+ AC_CHECK_LIB([htp], [htp_config_set_compression_time_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Found htp_config_set_compression_time_limit function in libhtp]) ,,[-lhtp])
])
if test "x$enable_non_bundled_htp" = "xno"; then
# enable when libhtp has been updated
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Assuming htp_config_set_lzma_memlimit function in bundled libhtp])
+ AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Assuming htp_config_set_lzma_layers function in bundled libhtp])
AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Assuming htp_config_set_compression_bomb_limit function in bundled libhtp])
+ AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Assuming htp_config_set_compression_time_limit function in bundled libhtp])
else
echo
echo " ERROR: Libhtp is not bundled. Get libhtp by doing:"
if test "$have_xdp" = "yes"; then
AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
fi
+ AC_CHECK_FUNCS(bpf_program__section_name)
fi;
# Check for DAG support.
AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled))
fi
-# libnspr (enabled by default)
- AC_ARG_ENABLE(nspr,
- AS_HELP_STRING([--disable-nspr],[Disable libnspr support]),
- [enable_nspr=$enableval],[enable_nspr="yes"])
-
- AC_ARG_WITH(libnspr_includes,
- [ --with-libnspr-includes=DIR libnspr include directory],
- [with_libnspr_includes="$withval"],[with_libnspr_includes="no"])
-
- AC_ARG_WITH(libnspr_libraries,
- [ --with-libnspr-libraries=DIR libnspr library directory],
- [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"])
-
- if test "$enable_nspr" != "no"; then
- # Try pkg-config first:
- PKG_CHECK_MODULES([libnspr],nspr,,[with_pkgconfig_nspr="no"])
-
- if test "$with_pkgconfig_nspr" != "no"; then
- CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}"
- LIBS="${LIBS} ${libnspr_LIBS}"
- fi
-
- if test "$with_libnspr_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}"
- fi
- TMPLIBS="${LIBS}"
- AC_CHECK_HEADER(nspr.h,
- AC_CHECK_LIB(nspr4,PR_GetCurrentThread,[AC_DEFINE([HAVE_NSPR],[1],[libnspr available])
- NSPR="yes"
- if test "$NSPR" = "yes"; then
- if test "$with_libnspr_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}"
- LIBS="${TMPLIBS}"
- else
- LIBS="${TMPLIBS}"
- fi
- fi]),NSPR="no")
-
- if test "$NSPR" = "no"; then
- echo
- echo " libnspr library not found, go get it"
- echo " from Mozilla or your distribution:"
- echo
- echo " Ubuntu: apt-get install libnspr4-dev"
- echo " Fedora: dnf install nspr-devel"
- echo " CentOS/RHEL: yum install nspr-devel"
- echo
- enable_nspr="no"
- fi
- fi
-
- # libnss (enabled by default)
-
- AC_ARG_ENABLE(nss,
- AS_HELP_STRING([--disable-nss],[Disable libnss support]),
- [enable_nss=$enableval],[enable_nss="yes"])
-
- AC_ARG_WITH(libnss_includes,
- [ --with-libnss-includes=DIR libnss include directory],
- [with_libnss_includes="$withval"],[with_libnss_includes="no"])
-
- AC_ARG_WITH(libnss_libraries,
- [ --with-libnss-libraries=DIR libnss library directory],
- [with_libnss_libraries="$withval"],[with_libnss_libraries="no"])
-
- if test "$enable_nss" != "no"; then
- # Try pkg-config first:
- PKG_CHECK_MODULES([libnss],nss,,[with_pkgconfig_nss="no"])
-
- if test "$with_pkgconfig_nss" != "no"; then
- CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}"
- LIBS="${LIBS} ${libnss_LIBS}"
- fi
-
- if test "$with_libnss_includes" != "no"; then
- CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}"
- fi
- TMPLIBS="${LIBS}"
-
- AC_CHECK_HEADER(sechash.h,
- AC_CHECK_LIB(nss3,HASH_Begin,[AC_DEFINE([HAVE_NSS],[1],[libnss available])
- NSS="yes"
- if test "$NSS" = "yes"; then
- if test "$with_libnss_libraries" != "no"; then
- LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}"
- LIBS="${TMPLIBS}"
- else
- LIBS="${TMPLIBS}"
- fi
- fi]),NSS="no")
-
- if test "$NSS" = "no"; then
- echo
- echo " libnss library not found, go get it"
- echo " from Mozilla or your distribution:"
- echo
- echo " Ubuntu: apt-get install libnss3-dev"
- echo " Fedora: dnf install nss-devel"
- echo " CentOS/RHEL: yum install nss-devel"
- echo
- enable_nss="no"
- fi
- fi
-
# libmagic
enable_magic="no"
AC_ARG_ENABLE(libmagic,
])
])
])
- LDFLAGS="${LDFLAGS} ${LUA_LIBS}"
+ LIBS="${LIBS} ${LUA_LIBS}"
fi
if test "$LUA" = "no"; then
LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit])
- LDFLAGS="${LDFLAGS} ${LUAJIT_LIBS}"
+ LIBS="${LIBS} ${LUAJIT_LIBS}"
fi
AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no")
AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
# If Lua is enabled, test the integer size.
- if test "x$enable_lua" = "xyes"; then
+ if test "x$enable_lua" = "xyes" -a "$cross_compiling" != "yes"; then
TMPLIBS="$LIBS"
LIBS=""
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
+# mscgen for devguide images
+ AC_PATH_PROG([HAVE_MSCGEN], mscgen, "no")
+ if test "$HAVE_MSCGEN" = "no"; then
+ enable_mscgen=no
+ echo "WARNING! mscgen package not installed."
+ echo " Devguide images won't be generated!"
+ echo " Get mscgen package:"
+ echo " https://www.mcternan.me.uk/mscgen/"
+ echo " or install it from your distribution"
+ fi
+ AM_CONDITIONAL([HAVE_MSCGEN], [test "x$enable_mscgen" != "xno" ])
+
# sphinx for documentation
AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no")
if test "$HAVE_SPHINXBUILD" = "no"; then
[])
AC_MSG_RESULT(yes)
+ RUST_FEATURES=""
+ AS_VERSION_COMPARE([$rustc_version], [1.38.0],
+ [],
+ [RUST_FEATURES="$RUST_FEATURES function-macro"],
+ [RUST_FEATURES="$RUST_FEATURES function-macro"])
+
rust_vendor_comment="# "
have_rust_vendor="no"
if test "x$cross_compiling" = "xyes"; then
RUST_SURICATA_LIB_XC_DIR="${host_alias}/"
else
- RUST_SURICATA_LIB_XC_DIR=
+ if test "x$CARGO_BUILD_TARGET" = "x"; then
+ RUST_SURICATA_LIB_XC_DIR=
+ else
+ RUST_SURICATA_LIB_XC_DIR="${CARGO_BUILD_TARGET}/"
+ fi
fi
if test "x$enable_debug" = "xyes"; then
- RUST_SURICATA_LIB="../rust/target/${RUST_SURICATA_LIB_XC_DIR}debug/${RUST_SURICATA_LIBNAME}"
+ RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}debug"
else
- RUST_SURICATA_LIB="../rust/target/${RUST_SURICATA_LIB_XC_DIR}release/${RUST_SURICATA_LIBNAME}"
+ RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}release"
fi
+ RUST_SURICATA_LIB="${RUST_SURICATA_LIBDIR}/${RUST_SURICATA_LIBNAME}"
- RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}"
- CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen"
+ CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen -I\${srcdir}/../rust/dist"
AC_SUBST(RUST_SURICATA_LIB)
AC_SUBST(RUST_LDADD)
if test "x$CARGO_HOME" = "x"; then
have_cargo_vendor=$have_cargo_vendor_bin
fi
- AC_CHECK_FILES([$srcdir/rust/gen], [have_rust_headers="yes"])
+ have_rust_headers="no"
+ AC_MSG_CHECKING(for $srcdir/rust/dist/rust-bindings.h)
+ if test -f "$srcdir/rust/dist/rust-bindings.h"; then
+ AC_MSG_RESULT(yes)
+ have_rust_headers="yes"
+ else
+ AC_MSG_RESULT(no)
+ AC_MSG_CHECKING(for $srcdir/rust/gen/rust-bindings.h)
+ if test -f "$srcdir/rust/gen/rust-bindings.h"; then
+ AC_MSG_RESULT(yes)
+ have_rust_headers="yes"
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+
AC_PATH_PROG(CBINDGEN, cbindgen, "no")
if test "x$CBINDGEN" != "xno"; then
cbindgen_version=$(cbindgen --version | cut -d' ' -f2-)
fi
fi
+ AC_SUBST([CBINDGEN], [$CBINDGEN])
+
# Require cbindgen if generated headers are not bundled.
if test "x$have_rust_headers" != "xyes"; then
if test "x$CBINDGEN" = "xno"; then
])
AC_SUBST(RUST_FEATURES)
+ AC_CHECK_LIB(fuzzpcap, FPC_IsFuzzPacketCapture, HAS_FUZZPCAP="yes")
+ AM_CONDITIONAL([HAS_FUZZPCAP], [test "x$HAS_FUZZPCAP" = "xyes"])
+ AC_ARG_ENABLE(fuzztargets,
+ AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
+ AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
+ AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo "$rust_compiler_version" | grep -q nightly && echo "$RUSTFLAGS" | grep -v -q coverage])
+ AC_PROG_CXX
+ AS_IF([test "x$enable_fuzztargets" = "xyes"], [
+ AS_IF([test "x$CARGO_BUILD_TARGET" = "x" && echo "$rust_compiler_version" | grep -q nightly], [
+ CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu
+ AC_SUBST(CARGO_BUILD_TARGET)
+ ])
+ AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled])
+ AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
+ CFLAGS_ORIG=$CFLAGS
+ CFLAGS="-Werror"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
+ [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])],
+ [])
+ CFLAGS=$CFLAGS_ORIG
+ AC_LANG_PUSH(C++)
+ tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS
+ AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [
+ LIB_FUZZING_ENGINE=-fsanitize=fuzzer
+ AC_SUBST(LIB_FUZZING_ENGINE)
+ ])
+ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE"
+ AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE])
+ AC_LINK_IFELSE([AC_LANG_SOURCE([[
+#include <sys/types.h>
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
+extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
+(void)Data;
+(void)Size;
+return 0;
+}
+ ]])],
+ [ AC_MSG_RESULT(yes)
+ has_sanitizefuzzer=yes],
+ [ AC_MSG_RESULT(no) ]
+ )
+ _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags
+ AC_LANG_POP()
+ ])
+
+ AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"])
+
# get revision
if test -f ./revision; then
REVISION=`cat ./revision`
AC_SUBST(CONFIGURE_LOCALSTATEDIR)
AC_SUBST(CONFIGURE_DATAROOTDIR)
AC_SUBST(PACKAGE_VERSION)
+AC_SUBST(RUST_FEATURES)
+AC_SUBST(RUST_SURICATA_LIBDIR)
+AC_SUBST(RUST_SURICATA_LIBNAME)
+AC_SUBST(enable_non_bundled_htp)
+
+AM_CONDITIONAL([BUILD_SHARED_LIBRARY], [test "x$enable_shared" = "xyes"] && [test "x$can_build_shared_library" = "xyes"])
-AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/.cargo/config)
+AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/derive/Cargo.toml rust/.cargo/config)
AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile doc/devguide/Makefile)
AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile)
AC_CONFIG_FILES(suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service)
AC_CONFIG_FILES(python/Makefile python/suricata/config/defaults.py)
AC_CONFIG_FILES(ebpf/Makefile)
+AC_CONFIG_FILES(libsuricata-config)
AC_OUTPUT
SURICATA_BUILD_CONF="Suricata Configuration:
Detection enabled: ${enable_detection}
Libmagic support: ${enable_magic}
- libnss support: ${enable_nss}
- libnspr support: ${enable_nspr}
libjansson support: ${enable_jansson}
hiredis support: ${enable_hiredis}
hiredis async with libevent: ${enable_hiredis_async}
- Prelude support: ${enable_prelude}
- PCRE jit: ${pcre_jit_available}
+ PCRE jit: ${pcre2_jit_available}
LUA support: ${enable_lua}
libluajit: ${enable_luajit}
GeoIP2 support: ${enable_geoip}
Non-bundled htp: ${enable_non_bundled_htp}
- Old barnyard2 support: ${enable_old_barnyard2}
Hyperscan support: ${enable_hyperscan}
Libnet support: ${enable_libnet}
liblz4 support: ${enable_liblz4}
Python yaml ${have_python_yaml}
Install suricatactl: ${install_suricatactl}
Install suricatasc: ${install_suricatactl}
- Install suricata-update: ${install_suricata_update}
+ Install suricata-update: ${install_suricata_update}${install_suricata_update_reason}
Profiling enabled: ${enable_profiling}
Profiling locks enabled: ${enable_profiling_locks}
+ Plugin support (experimental): ${plugin_support}
+
Development settings:
Coccinelle / spatch: ${enable_coccinelle}
Unit tests enabled: ${enable_unittests}