1 AC_INIT([suricata],[6.0.4]) 2 m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes]) 3 AC_CONFIG_HEADERS([src/autoconf.h]) 4 AC_CONFIG_SRCDIR([src/suricata.c]) 5 AC_CONFIG_MACRO_DIR(m4) 6 AM_INIT_AUTOMAKE([tar-ustar subdir-objects]) 7 8 AC_LANG([C]) 9 LT_INIT 10 PKG_PROG_PKG_CONFIG 11 12 dnl Taken from https://llvm.org/svn/llvm-project/llvm/trunk/autoconf/configure.ac 13 dnl check if we compile using clang or gcc. On some systems the gcc binary is 14 dnl is actually clang, so do a compile test. 15 AC_MSG_CHECKING([whether GCC or Clang is our compiler]) 16 AC_LANG_PUSH([C]) 17 compiler=unknown 18 AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __clang__ 19 #error 20 #endif 21 ]])], 22 compiler=clang, 23 [AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __GNUC__ 24 #error 25 #endif 26 ]])], 27 compiler=gcc, [])]) 28 AC_LANG_POP([C]) 29 AC_MSG_RESULT([${compiler}]) 30 31 AC_ARG_WITH([clang], 32 [ --with-clang=PROGRAM path to Clang for compiling eBPF code. Use if the main C compiler is not Clang.], 33 [CLANG="$withval"], 34 [AS_IF([test "$compiler" = clang], 35 [CLANG="$CC"], 36 [AC_PATH_PROG([CLANG],[clang])])]) 37 38 AC_SUBST([CLANG]) 39 40 case "$compiler" in 41 clang) 42 CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument" 43 AC_SUBST(CLANG_CFLAGS) 44 ;; 45 gcc) 46 dnl get gcc version 47 AC_MSG_CHECKING([gcc version]) 48 gccver=$($CC -dumpversion) 49 gccvermajor=$(echo $gccver | cut -d . -f1) 50 gccverminor=$(echo $gccver | cut -d . -f2) 51 gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor) 52 AC_MSG_RESULT($gccver) 53 54 if test "$gccvernum" -ge "400"; then 55 dnl gcc 4.0 or later 56 GCC_CFLAGS="-Wextra -Werror-implicit-function-declaration" 57 else 58 GCC_CFLAGS="-W" 59 fi 60 AC_SUBST(GCC_CFLAGS) 61 ;; 62 *) 63 AC_MSG_WARN([unsupported/untested compiler, this may or may not work]) 64 ;; 65 esac 66 67 # Checks for programs. 68 AC_PROG_AWK 69 AC_PROG_CC 70 AC_PROG_CPP 71 AC_PROG_RANLIB 72 AC_PROG_INSTALL 73 AC_PROG_LN_S 74 AC_PROG_MAKE_SET 75 AC_PROG_GREP 76 77 AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no") 78 AM_CONDITIONAL([HAVE_CYGPATH], [test "x$HAVE_CYGPATH" != "xno"]) 79 80 AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no") 81 if test "$HAVE_PKG_CONFIG" = "no"; then 82 echo 83 echo " ERROR! pkg-config not found, go get it " 84 echo " http://pkg-config.freedesktop.org/wiki/ " 85 echo " or install from your distribution " 86 echo 87 exit 1 88 fi 89 90 python_path="not set" 91 92 AC_ARG_ENABLE(python, 93 AS_HELP_STRING([--enable-python], [Enable python]), 94 [enable_python=$enableval],[enable_python=yes]) 95 if test "x$enable_python" != "xyes"; then 96 enable_python="no" 97 else 98 AC_PATH_PROGS(HAVE_PYTHON, python3.8, "no") 99 if test "$HAVE_PYTHON" = "no"; then 100 echo 101 echo " Warning! Python not found." 102 echo 103 echo " Python is required for additional tools like" 104 echo " suricatasc, suricatactl and suricata-update." 105 echo " It is also required when building from git." 106 echo 107 enable_python="no" 108 else 109 python_path="$HAVE_PYTHON" 110 fi 111 fi 112 AM_CONDITIONAL([HAVE_PYTHON], [test "x$enable_python" = "xyes"]) 113 114 # Get the Python major version. This is only for information 115 # messages displayed during configure. 116 if test "x$HAVE_PYTHON" != "xno"; then 117 pymv="$($HAVE_PYTHON -c 'import sys; print(sys.version_info[[0]]);')" 118 fi 119 120 # Check for python-distutils (setup). 121 have_python_distutils="no" 122 if test "x$enable_python" = "xyes"; then 123 AC_MSG_CHECKING([for python-distutils]) 124 if $HAVE_PYTHON -c "import distutils; from distutils.core import setup" 2>/dev/null; then 125 AC_MSG_RESULT([yes]) 126 have_python_distutils="yes" 127 else 128 AC_MSG_RESULT([no]) 129 fi 130 fi 131 AM_CONDITIONAL([HAVE_PYTHON_DISTUTILS], 132 [test "x$have_python_distutils" = "xyes"]) 133 if test "$have_python_distutils" = "no"; then 134 echo "" 135 echo " Warning: Python distutils not found. Python tools will" 136 echo " not be installed." 137 echo "" 138 echo " Install the distutils module for Python ${pymv} to enable" 139 echo " the Python tools." 140 echo "" 141 fi 142 143 # Check for python-yaml. 144 have_python_yaml="no" 145 if test "x$enable_python" = "xyes"; then 146 AC_MSG_CHECKING([for python-yaml]) 147 if $HAVE_PYTHON -c "import yaml" 2>/dev/null; then 148 have_python_yaml="yes" 149 AC_MSG_RESULT([yes]) 150 else 151 AC_MSG_RESULT([no]) 152 fi 153 fi 154 AM_CONDITIONAL([HAVE_PYTHON_YAML], [test "x$have_python_yaml" = "xyes"]) 155 156 AC_PATH_PROG(HAVE_WGET, wget, "no") 157 if test "$HAVE_WGET" = "no"; then 158 AC_PATH_PROG(HAVE_CURL, curl, "no") 159 if test "$HAVE_CURL" = "no"; then 160 echo 161 echo " Warning curl or wget not found, you won't be able to" 162 echo " download latest ruleset with 'make install-rules'" 163 fi 164 fi 165 AM_CONDITIONAL([HAVE_FETCH_COMMAND], [test "x$HAVE_WGET" != "xno" || test "x$HAVE_CURL" != "xno"]) 166 AM_CONDITIONAL([HAVE_WGET_COMMAND], [test "x$HAVE_WGET" != "xno"]) 167 168 # Checks for libraries. 169 170 # Checks for header files. 171 AC_CHECK_HEADERS([stddef.h]) 172 AC_CHECK_HEADERS([arpa/inet.h assert.h ctype.h errno.h fcntl.h inttypes.h]) 173 AC_CHECK_HEADERS([getopt.h]) 174 AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h]) 175 AC_CHECK_HEADERS([stdarg.h stdint.h stdio.h stdlib.h stdbool.h string.h strings.h sys/ioctl.h]) 176 AC_CHECK_HEADERS([syslog.h sys/prctl.h sys/socket.h sys/stat.h sys/syscall.h]) 177 AC_CHECK_HEADERS([sys/time.h time.h unistd.h sys/param.h]) 178 AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h]) 179 AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h]) 180 AC_CHECK_HEADERS([glob.h locale.h grp.h pwd.h]) 181 AC_CHECK_HEADERS([dirent.h fnmatch.h]) 182 AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h]) 183 AC_CHECK_HEADERS([sys/random.h]) 184 AC_CHECK_HEADERS([utime.h]) 185 AC_CHECK_HEADERS([libgen.h]) 186 AC_CHECK_HEADERS([mach/mach.h]) 187 AC_CHECK_HEADERS([stdatomic.h]) 188 189 AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [], 190 [[#ifdef HAVE_SYS_SOCKET_H 191 #include <sys/types.h> 192 #include <sys/socket.h> 193 #endif 194 ]]) 195 196 AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h w32api/wtypes.h], [], [], 197 [[ 198 #ifndef _X86_ 199 #define _X86_ 200 #endif 201 ]]) 202 AC_CHECK_HEADERS([w32api/winbase.h wincrypt.h], [], [], 203 [[ 204 #ifndef _X86_ 205 #define _X86_ 206 #endif 207 #include <windows.h> 208 ]]) 209 210 # Checks for typedefs, structures, and compiler characteristics. 211 AC_C_INLINE 212 AC_C_RESTRICT 213 AC_TYPE_PID_T 214 AC_TYPE_MODE_T 215 AC_TYPE_SIZE_T 216 AC_TYPE_SSIZE_T 217 AC_TYPE_INT8_T 218 AC_TYPE_INT16_T 219 AC_TYPE_INT32_T 220 AC_TYPE_INT64_T 221 AC_TYPE_UINT8_T 222 AC_TYPE_UINT16_T 223 AC_TYPE_UINT32_T 224 AC_TYPE_UINT64_T 225 AC_TYPE_UINT 226 AC_TYPE_USHORT 227 AC_TYPE_ULONG 228 AC_TYPE_UCHAR 229 AC_STRUCT_TIMEZONE 230 AC_CHECK_TYPES([ptrdiff_t]) 231 AC_HEADER_STDBOOL 232 233 # Checks for library functions. 234 AC_FUNC_MALLOC 235 AC_FUNC_REALLOC 236 AC_FUNC_FORK 237 AC_FUNC_MKTIME 238 AC_FUNC_MMAP 239 AC_FUNC_STRTOD 240 241 AC_CHECK_FUNCS([memmem memset memchr memrchr memmove]) 242 AC_CHECK_FUNCS([strcasecmp strchr strrchr strdup strndup strncasecmp strtol strtoul strstr strpbrk strtoull strtoumax]) 243 AC_CHECK_FUNCS([strerror]) 244 AC_CHECK_FUNCS([gethostname inet_ntoa uname]) 245 AC_CHECK_FUNCS([gettimeofday clock_gettime utime strptime tzset localtime_r]) 246 AC_CHECK_FUNCS([socket setenv select putenv dup2 endgrent endpwent atexit munmap]) 247 248 AC_CHECK_FUNCS([fwrite_unlocked]) 249 250 AC_CHECK_DECL([getrandom], 251 AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]), 252 [], [ 253 #include <sys/random.h> 254 ]) 255 256 OCFLAGS=$CFLAGS 257 CFLAGS="" 258 AC_CHECK_FUNCS([strlcpy strlcat]) 259 CFLAGS=$OCFLAGS 260 261 # Add large file support 262 AC_SYS_LARGEFILE 263 264 #check for os 265 AC_MSG_CHECKING([host os]) 266 267 # Default lua libname if not detected otherwise. 268 LUA_LIB_NAME="lua5.1" 269 270 # If no host os was detected, try with uname 271 if test -z "$host" ; then 272 host="`uname`" 273 fi 274 echo -n "installation for $host OS... " 275 276 RUST_SURICATA_LIBNAME="libsuricata.a" 277 278 e_magic_file="" 279 e_magic_file_comment="#" 280 PCAP_LIB_NAME="pcap" 281 case "$host" in 282 *-*-*freebsd*) 283 LUA_LIB_NAME="lua-5.1" 284 CFLAGS="${CFLAGS} -DOS_FREEBSD" 285 CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet11" 286 LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/usr/local/lib/libnet11" 287 RUST_LDADD="-lrt -lm" 288 ;; 289 *-*-openbsd*) 290 CFLAGS="${CFLAGS} -D__OpenBSD__" 291 CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet-1.1" 292 LDFLAGS="${LDFLAGS} -L/usr/local/lib -I/usr/local/lib/libnet-1.1" 293 RUST_LDADD="-lm -lc++ -lc++abi" 294 ;; 295 *darwin*|*Darwin*) 296 LUA_LIB_NAME="lua-5.1" 297 CFLAGS="${CFLAGS} -DOS_DARWIN" 298 CPPFLAGS="${CPPFLAGS} -I/opt/local/include" 299 LDFLAGS="${LDFLAGS} -L/opt/local/lib" 300 ;; 301 *-*-linux*) 302 RUST_LDADD="-ldl -lrt -lm" 303 ;; 304 *-*-mingw32*|*-*-msys) 305 CFLAGS="${CFLAGS} -DOS_WIN32" 306 WINDOWS_PATH="yes" 307 PCAP_LIB_NAME="wpcap" 308 AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg]) 309 RUST_LDADD=" -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid -luserenv -lshell32 -ladvapi32 -lgcc_eh" 310 ;; 311 *-*-cygwin) 312 LUA_LIB_NAME="lua" 313 WINDOWS_PATH="yes" 314 PCAP_LIB_NAME="wpcap" 315 ;; 316 *-*-solaris*) 317 AC_MSG_WARN([support for Solaris/Illumos/SunOS is experimental]) 318 LDFLAGS="${LDFLAGS} -lsocket -lnsl" 319 ;; 320 *) 321 AC_MSG_WARN([unsupported OS this may or may not work]) 322 ;; 323 esac 324 AC_MSG_RESULT(ok) 325 326 # check if our target supports c11 327 AC_MSG_CHECKING(for c11 support) 328 OCFLAGS=$CFLAGS 329 CFLAGS="-std=c11" 330 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]], 331 [[ static _Thread_local int i; i = 1; i++; ]])], 332 AC_MSG_RESULT([yes]) 333 [AC_DEFINE([TLS_C11], [1], [C11 Thread local storage]) 334 CFLAGS="$OCFLAGS -std=c11"], 335 [AC_MSG_RESULT([no]) 336 CFLAGS="$OCFLAGS" 337 have_c11=no 338 have_c11_tls=no]) 339 if [ test "x$have_c11" = "xno" ]; then 340 CFLAGS="$CFLAGS -std=gnu99" 341 fi 342 343 # check if our target supports thread local storage 344 AC_MSG_CHECKING(for thread local storage gnu __thread support) 345 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]], 346 [[ static __thread int i; i = 1; i++; ]])], 347 [AC_DEFINE([TLS_GNU], [1], [Thread local storage]) 348 AC_MSG_RESULT([yes])], 349 [AC_MSG_RESULT([no]) 350 have_gnu_tls=no]) 351 if [ test "x$have_c11_tls" = "xno" ] && [ test "x$have_gnu_tls" = "xno" ]; then 352 AC_MSG_ERROR("no thread local support available.") 353 exit 1 354 fi 355 356 #Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found 357 #AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc. 358 #These flags seem to be supported on CentOS 5+, Ubuntu 8.04+, and FedoreCore 11+ 359 #Options are taken from https://wiki.ubuntu.com/CompilerFlags 360 AC_ARG_ENABLE(gccprotect, 361 AS_HELP_STRING([--enable-gccprotect], [Detect and use gcc hardening options]),[enable_gccprotect=$enableval],[enable_gccprotect=no]) 362 363 AS_IF([test "x$enable_gccprotect" = "xyes"], [ 364 #buffer overflow protection 365 AC_MSG_CHECKING(for -fstack-protector) 366 TMPCFLAGS="${CFLAGS}" 367 CFLAGS="${CFLAGS} -fstack-protector" 368 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="-fstack-protector" 369 AC_MSG_RESULT(yes)], 370 [AC_MSG_RESULT(no)]) 371 CFLAGS="${TMPCFLAGS}" 372 373 #compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions 374 AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2) 375 TMPCFLAGS="${CFLAGS}" 376 CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2" 377 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2" 378 AC_MSG_RESULT(yes)], 379 [AC_MSG_RESULT(no)]) 380 CFLAGS="${TMPCFLAGS}" 381 382 #compile-time warnings about misuse of format strings 383 AC_MSG_CHECKING(for -Wformat -Wformat-security) 384 TMPCFLAGS="${CFLAGS}" 385 CFLAGS="${CFLAGS} -Wformat -Wformat-security" 386 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -Wformat -Wformat-security" 387 AC_MSG_RESULT(yes)], 388 [AC_MSG_RESULT(no)]) 389 CFLAGS="${TMPCFLAGS}" 390 391 #provides a read-only relocation table area in the final ELF 392 AC_MSG_CHECKING(for -z relro) 393 TMPLDFLAGS="${LDFLAGS}" 394 LDFLAGS="${LDFLAGS} -z relro" 395 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z relro" 396 AC_MSG_RESULT(yes)], 397 [AC_MSG_RESULT(no)]) 398 LDFLAGS="${TMPLDFLAGS}" 399 400 #forces all relocations to be resolved at run-time 401 AC_MSG_CHECKING(for -z now) 402 TMPLDFLAGS="${LDFLAGS}" 403 LDFLAGS="${LDFLAGS} -z now" 404 AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z now" 405 AC_MSG_RESULT(yes)], 406 [AC_MSG_RESULT(no)]) 407 LDFLAGS="${TMPLDFLAGS}" 408 409 AC_SUBST(SECCFLAGS) 410 AC_SUBST(SECLDFLAGS) 411 ]) 412 413 #check for plugin support 414 AC_CHECK_HEADERS([dlfcn.h]) 415 AC_MSG_CHECKING([for plugin support]) 416 TMPLDFLAGS="${LDFLAGS}" 417 LDFLAGS="${LDFLAGS} -rdynamic" 418 AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <dlfcn.h>]], [[]])], 419 [ 420 AC_MSG_RESULT(yes) 421 has_rdynamic=yes 422 ], 423 [ 424 AC_MSG_RESULT(no) 425 has_rdynamic=no 426 ]) 427 428 if test "x$has_rdynamic" = "xyes"; then 429 plugin_support=yes 430 AC_DEFINE([HAVE_PLUGINS], [1], [Plugin support]) 431 else 432 plugin_support=no 433 LDFLAGS="${TMPLDFLAGS}" 434 fi 435 436 #enable profile generation 437 AC_ARG_ENABLE(gccprofile, 438 AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),[enable_gccprofile=$enableval],[enable_gccprofile=no]) 439 AS_IF([test "x$enable_gccprofile" = "xyes"], [ 440 CFLAGS="${CFLAGS} -pg" 441 ]) 442 443 #enable gcc march=native gcc 4.2 or later 444 AC_ARG_ENABLE(gccmarch_native, 445 AS_HELP_STRING([--enable-gccmarch-native], [Enable gcc march=native gcc 4.2 and later only]),[enable_gccmarch_native=$enableval],[enable_gccmarch_native=yes]) 446 AS_IF([test "x$enable_gccmarch_native" = "xyes"], [ 447 case "$host" in 448 *powerpc*) 449 ;; 450 *) 451 OFLAGS="$CFLAGS" 452 CFLAGS="$CFLAGS -march=native" 453 AC_MSG_CHECKING([checking if $CC supports -march=native]) 454 AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[#include <stdlib.h>]])], 455 [ 456 AC_MSG_RESULT([yes]) 457 OPTIMIZATION_CFLAGS="-march=native" 458 AC_SUBST(OPTIMIZATION_CFLAGS) 459 ], 460 [ 461 AC_MSG_RESULT([no]) 462 CFLAGS="$OFLAGS" 463 enable_gccmarch_native=no 464 ] 465 ) 466 ;; 467 esac 468 ]) 469 470# options 471 472 473 # enable the running of unit tests 474 AC_ARG_ENABLE(unittests, 475 AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no]) 476 AS_IF([test "x$enable_unittests" = "xyes"], [ 477 AC_DEFINE([UNITTESTS],[1],[Enable built-in unittests]) 478 ]) 479 AM_CONDITIONAL([BUILD_UNITTESTS], [test "x$enable_unittests" = "xyes"]) 480 481 # enable the building of ebpf files 482 AC_ARG_ENABLE(ebpf-build, 483 AS_HELP_STRING([--enable-ebpf-build], [Enable compilation of ebpf files]),[enable_ebpf_build=$enableval],[enable_ebpf_build=no]) 484 AM_CONDITIONAL([BUILD_EBPF], [test "x$enable_ebpf_build" = "xyes"]) 485 486 AS_IF([test "x$enable_ebpf_build" = "xyes"], 487 [ 488 AS_IF([test "$CLANG" != no], 489 [ 490 llc_candidates=$($CLANG --version | \ 491 awk '/^clang version/ { 492 split($3, v, "."); 493 printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]]) 494 }') 495 AC_CHECK_PROGS([LLC], [$llc_candidates], "no") 496 if test "$LLC" = "no"; then 497 AC_MSG_ERROR([unable to find any of $llc_candidates needed to build ebpf files]) 498 fi 499 AC_SUBST(LLC) 500 ], 501 [AC_MSG_ERROR([clang needed to build ebpf files])]) 502 ]) 503 504 # enable debug output 505 AC_ARG_ENABLE(debug, 506 AS_HELP_STRING([--enable-debug], [Enable debug output]),[enable_debug=$enableval],[enable_debug=no]) 507 AS_IF([test "x$enable_debug" = "xyes"], [ 508 AC_DEFINE([DEBUG],[1],[Enable debug output]) 509 ]) 510 AM_CONDITIONAL([DEBUG], [test "x$enable_debug" = "xyes"]) 511 512 # enable debug validation functions & macro's output 513 AC_ARG_ENABLE(debug-validation, 514 AS_HELP_STRING([--enable-debug-validation], [Enable (debug) validation code output]),[enable_debug_validation=$enableval],[enable_debug_validation=no]) 515 AS_IF([test "x$enable_debug_validation" = "xyes"], [ 516 if test "$enable_unittests" = "yes"; then 517 AC_MSG_ERROR([debug_validation can't be enabled with enabled unittests!]) 518 else 519 AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output]) 520 fi 521 ]) 522 AM_CONDITIONAL([DEBUG_VALIDATION], [test "x$enable_debug_validation" = "xyes"]) 523 524 # enable http2 decompression 525 AC_ARG_ENABLE(http2-decompression, 526 AS_HELP_STRING([--enable-http2-decompression], [Enable http2 decompression]),[enable_http2_decompression=$enableval],[enable_http2_decompression=no]) 527 AS_IF([test "x$enable_http2_decompression" = "xyes"], [ 528 AC_DEFINE([HTTP2_DECOMPRESSION],[1],[Enable http2 decompression]) 529 ]) 530 AM_CONDITIONAL([HTTP2_DECOMPRESSION], [test "x$enable_http2_decompression" = "xyes"]) 531 532 # profiling support 533 AC_ARG_ENABLE(profiling, 534 AS_HELP_STRING([--enable-profiling], [Enable performance profiling]),[enable_profiling=$enableval],[enable_profiling=no]) 535 AS_IF([test "x$enable_profiling" = "xyes"], [ 536 case "$host" in 537 *-*-openbsd*) 538 AC_MSG_ERROR([profiling is not supported on OpenBSD]) 539 ;; 540 *) 541 AC_DEFINE([PROFILING],[1],[Enable performance profiling]) 542 ;; 543 esac 544 ]) 545 546 # profiling support, locking 547 AC_ARG_ENABLE(profiling-locks, 548 AS_HELP_STRING([--enable-profiling-locks], [Enable performance profiling for locks]),[enable_profiling_locks=$enableval],[enable_profiling_locks=no]) 549 AS_IF([test "x$enable_profiling_locks" = "xyes"], [ 550 AC_DEFINE([PROFILING],[1],[Enable performance profiling]) 551 AC_DEFINE([PROFILE_LOCKING],[1],[Enable performance profiling for locks]) 552 ]) 553 554 # enable support for IPFW 555 AC_ARG_ENABLE(ipfw, 556 AS_HELP_STRING([--enable-ipfw], [Enable FreeBSD IPFW support for inline IDP]),[enable_ipfw=$enableval],[enable_ipfw=no]) 557 AS_IF([test "x$enable_ipfw" = "xyes"], [ 558 AC_DEFINE([IPFW],[1],[Enable FreeBSD IPFW support for inline IDP]) 559 ]) 560 561 AC_ARG_ENABLE(coccinelle, 562 AS_HELP_STRING([--disable-coccinelle], [Disable coccinelle QA steps during make check]),[enable_coccinelle="$enableval"],[enable_coccinelle=yes]) 563 AS_IF([test "x$enable_coccinelle" = "xyes"], [ 564 AC_PATH_PROG(HAVE_COCCINELLE_CONFIG, spatch, "no") 565 if test "$HAVE_COCCINELLE_CONFIG" = "no"; then 566 enable_coccinelle=no 567 fi 568 ]) 569 AM_CONDITIONAL([HAVE_COCCINELLE], [test "x$enable_coccinelle" != "xno"]) 570 571 # disable detection 572 AC_ARG_ENABLE(detection, 573 AS_HELP_STRING([--disable-detection], [Disable Detection Modules]), [enable_detection="$enableval"],[enable_detection=yes]) 574 AS_IF([test "x$enable_detection" = "xno"], [ 575 AC_DEFINE([HAVE_DETECT_DISABLED], [1], [Detection is disabled]) 576 ]) 577 578# libraries 579 580 # zlib 581 AC_ARG_WITH(zlib_includes, 582 [ --with-zlib-includes=DIR zlib include directory], 583 [with_zlib_includes="$withval"],[with_zlib_includes=no]) 584 AC_ARG_WITH(zlib_libraries, 585 [ --with-zlib-libraries=DIR zlib library directory], 586 [with_zlib_libraries="$withval"],[with_zlib_libraries="no"]) 587 588 if test "$with_zlib_includes" != "no"; then 589 CPPFLAGS="${CPPFLAGS} -I${with_zlib_includes}" 590 fi 591 592 AC_CHECK_HEADER(zlib.h, ZLIB="yes",ZLIB="no") 593 if test "$ZLIB" = "yes"; then 594 if test "$with_zlib_libraries" != "no"; then 595 LDFLAGS="${LDFLAGS} -L${with_zlib_libraries}" 596 fi 597 598 # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work 599 # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful 600 ZLIB="" 601 TMPLIBS="${LIBS}" 602 AC_CHECK_LIB(z,inflate,,ZLIB="no") 603 604 if test "$ZLIB" = "no"; then 605 echo 606 echo " ERROR! zlib library not found, go get it" 607 echo " Debian/Ubuntu: apt install zlib1g-dev" 608 echo " Fedora: dnf install zlib-devel" 609 echo " CentOS/RHEL: yum install zlib-devel" 610 echo 611 exit 1 612 fi 613 LIBS="${TMPLIBS} -lz" 614 fi 615 616 #libpcre 617 AC_ARG_WITH(libpcre_includes, 618 [ --with-libpcre-includes=DIR libpcre include directory], 619 [with_libpcre_includes="$withval"],[with_libpcre_includes="no"]) 620 AC_ARG_WITH(libpcre_libraries, 621 [ --with-libpcre-libraries=DIR libpcre library directory], 622 [with_libpcre_libraries="$withval"],[with_libpcre_libraries="no"]) 623 624 if test "$with_libpcre_includes" != "no"; then 625 CPPFLAGS="${CPPFLAGS} -I${with_libpcre_includes}" 626 fi 627 AC_CHECK_HEADER(pcre.h,,[AC_MSG_ERROR(pcre.h not found ...)]) 628 629 if test "$with_libpcre_libraries" != "no"; then 630 LDFLAGS="${LDFLAGS} -L${with_libpcre_libraries}" 631 fi 632 PCRE="" 633 AC_CHECK_LIB(pcre, pcre_get_substring,,PCRE="no") 634 if test "$PCRE" = "no"; then 635 echo 636 echo " ERROR! pcre library not found, go get it" 637 echo " from www.pcre.org. Or from packages:" 638 echo " Debian/Ubuntu: apt install libpcre3-dev" 639 echo " Fedora: dnf install pcre-devel" 640 echo " CentOS/RHEL: yum install pcre-devel" 641 echo 642 exit 1 643 fi 644 645 # libpcre 8.35 (especially on debian) has a known issue that results in segfaults 646 # see https://redmine.openinfosecfoundation.org/issues/1693 647 if test "$with_libpcre_libraries" = "no"; then 648 PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.35],[libpcre_buggy_found="yes"],[libprce_buggy_found="no"]) 649 if test "$libpcre_buggy_found" = "yes"; then 650 echo 651 echo " Warning! vulnerable libpcre version 8.35 found" 652 echo " This version has a known issue that could result in segfaults" 653 echo " please upgrade to a newer version of pcre which you can get from" 654 echo " www.pcre.org. For more information, see issue #1693" 655 echo 656 echo " Continuing for now with JIT disabled..." 657 echo 658 fi 659 fi 660 661 # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work 662 # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful 663 PCRE="" 664 TMPLIBS="${LIBS}" 665 AC_CHECK_LIB(pcre, pcre_dfa_exec,, PCRE="no") 666 if test "$PCRE" = "no"; then 667 echo 668 echo " ERROR! pcre library was found but version was < 6.0" 669 echo " please upgrade to a newer version of pcre which you can get from" 670 echo " www.pcre.org." 671 echo 672 exit 1 673 fi 674 LIBS="${TMPLIBS}" 675 676 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]], 677 [[ int eo = 0; eo |= PCRE_EXTRA_MATCH_LIMIT_RECURSION; ]])], 678 [ pcre_match_limit_recursion_available=yes ],[:] 679 ) 680 if test "$pcre_match_limit_recursion_available" != "yes"; then 681 echo 682 echo " Warning! pcre extra opt PCRE_EXTRA_MATCH_LIMIT_RECURSION not found" 683 echo " This could lead to potential DoS please upgrade to pcre >= 6.5" 684 echo " from www.pcre.org." 685 echo " Continuing for now...." 686 echo 687 AC_DEFINE([NO_PCRE_MATCH_RLIMIT],[1],[Pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION not available]) 688 fi 689 690 TMPCFLAGS="${CFLAGS}" 691 CFLAGS="-O0 -g -Werror -Wall" 692 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]], 693 [[ pcre_extra *extra = NULL; pcre_free_study(extra); ]])], 694 [ AC_DEFINE([HAVE_PCRE_FREE_STUDY], [1], [Pcre pcre_free_study supported])],[:] 695 ) 696 CFLAGS="${TMPCFLAGS}" 697 698 #enable support for PCRE-jit available since pcre-8.20 699 AC_MSG_CHECKING(for PCRE JIT support) 700 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]], 701 [[ 702 int jit = 0; 703 pcre_config(PCRE_CONFIG_JIT, &jit); 704 ]])],[ pcre_jit_available=yes ],[ pcre_jit_available=no ] 705 ) 706 707 case $host in 708 *powerpc64*) 709 PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.39],[libpcre_ppc64_buggy_found1="yes"],[libprce_ppc64_buggy_found1="no"]) 710 PKG_CHECK_MODULES(LIBPCREVERSION, [libpcre = 8.40],[libpcre_ppc64_buggy_found2="yes"],[libprce_ppc64_buggy_found2="no"]) 711 712 if test "$libprce_ppc64_buggy_found1" = "yes" || test "$libprce_ppc64_buggy_found2"; then 713 # on powerpc64, both gcc and clang lead to SIGILL in 714 # unittests when jit is enabled. 715 pcre_jit_available="no, pcre 8.39/8.40 jit disabled for powerpc64" 716 fi 717 ;; 718 *) 719 # bug 1693, libpcre 8.35 is broken and debian jessie is still using that 720 if test "$libpcre_buggy_found" = "yes"; then 721 pcre_jit_available="no, libpcre 8.35 blacklisted" 722 fi 723 ;; 724 esac 725 726 if test "x$pcre_jit_available" = "xyes"; then 727 AC_MSG_RESULT(yes) 728 AC_DEFINE([PCRE_HAVE_JIT], [1], [Pcre with JIT compiler support enabled]) 729 730 AC_MSG_CHECKING(for PCRE JIT support usability) 731 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre.h> ]], 732 [[ 733 const char *error; 734 int err_offset; 735 pcre *re = pcre_compile("(a|b|c|d)",0, &error, &err_offset,NULL); 736 pcre_extra *extra = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error); 737 if (extra == NULL) 738 exit(EXIT_FAILURE); 739 int jit = 0; 740 int ret = pcre_fullinfo(re, extra, PCRE_INFO_JIT, &jit); 741 if (ret != 0 || jit != 1) 742 exit(EXIT_FAILURE); 743 exit(EXIT_SUCCESS); 744 ]])],[ pcre_jit_works=yes ],[:] 745 ) 746 if test "x$pcre_jit_works" != "xyes"; then 747 AC_MSG_RESULT(no) 748 echo 749 echo " PCRE JIT support detection worked but testing it failed" 750 echo " something odd is going on, please file a bug report." 751 echo 752 exit 1 753 else 754 AC_MSG_RESULT(yes) 755 fi 756 else 757 AC_MSG_RESULT(no) 758 fi 759 760 if test "x$pcre_jit_works" = "xyes"; then 761 762 AC_MSG_CHECKING(for PCRE JIT exec availability) 763 AC_LINK_IFELSE( 764 [AC_LANG_PROGRAM( 765 [ 766 #include <pcre.h> 767 #include <string.h> 768 ], 769 [ 770 const char *error; 771 int err_offset; 772 pcre *re = pcre_compile("(a|b|c|d)", 0, &error, &err_offset,NULL); 773 pcre_extra *study = pcre_study(re, PCRE_STUDY_JIT_COMPILE, &error); 774 if (study == NULL) 775 exit(EXIT_FAILURE); 776 pcre_jit_stack *stack = pcre_jit_stack_alloc(32*1024,40*1024); 777 if (stack == 0) 778 exit(EXIT_FAILURE); 779 int ret = pcre_jit_exec(re, study, "apple", 5, 0, 0, NULL, 0, stack); 780 exit(ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE); 781 ])], 782 [pcre_jit_exec_available="yes" ], 783 [pcre_jit_exec_available="no" ]) 784 if test "x$pcre_jit_exec_available" != "xyes"; then 785 AC_MSG_RESULT(no) 786 else 787 AC_MSG_RESULT(yes) 788 AC_DEFINE([PCRE_HAVE_JIT_EXEC], [1], [PCRE with JIT compiler support enabled supporting pcre_jit_exec]) 789 fi 790 else 791 AC_MSG_RESULT(no) 792 fi 793 794 # libhs 795 enable_hyperscan="no" 796 797 # Try pkg-config first: 798 PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no]) 799 if test "$with_pkgconfig_libhs" != "no"; then 800 CPPFLAGS="${CPPFLAGS} ${libhs_CFLAGS}" 801 LIBS="${LIBS} ${libhs_LIBS}" 802 fi 803 804 AC_ARG_WITH(libhs_includes, 805 [ --with-libhs-includes=DIR libhs include directory], 806 [with_libhs_includes="$withval"],[with_libhs_includes=no]) 807 AC_ARG_WITH(libhs_libraries, 808 [ --with-libhs-libraries=DIR libhs library directory], 809 [with_libhs_libraries="$withval"],[with_libhs_libraries="no"]) 810 811 if test "$with_libhs_includes" != "no"; then 812 CPPFLAGS="${CPPFLAGS} -I${with_libhs_includes}" 813 fi 814 AC_CHECK_HEADER(hs.h,HYPERSCAN="yes",HYPERSCAN="no") 815 if test "$HYPERSCAN" = "yes"; then 816 if test "$with_libhs_libraries" != "no"; then 817 LDFLAGS="${LDFLAGS} -L${with_libhs_libraries}" 818 fi 819 820 AC_CHECK_LIB(hs,hs_compile,,HYPERSCAN="no") 821 AC_CHECK_FUNCS(hs_valid_platform) 822 enable_hyperscan="yes" 823 if test "$HYPERSCAN" = "no"; then 824 echo 825 echo " Hyperscan headers are present, but link test failed." 826 echo " Check that you have a shared library and C++ linkage available." 827 echo 828 enable_hyperscan="no" 829 fi 830 fi 831 AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])]) 832 833 # libyaml 834 AC_ARG_WITH(libyaml_includes, 835 [ --with-libyaml-includes=DIR libyaml include directory], 836 [with_libyaml_includes="$withval"],[with_libyaml_includes=no]) 837 AC_ARG_WITH(libyaml_libraries, 838 [ --with-libyaml-libraries=DIR libyaml library directory], 839 [with_libyaml_libraries="$withval"],[with_libyaml_libraries="no"]) 840 841 if test "$with_libyaml_includes" != "no"; then 842 CPPFLAGS="${CPPFLAGS} -I${with_libyaml_includes}" 843 fi 844 845 AC_CHECK_HEADER(yaml.h,,LIBYAML="no") 846 847 if test "$with_libyaml_libraries" != "no"; then 848 LDFLAGS="${LDFLAGS} -L${with_libyaml_libraries}" 849 fi 850 851 LIBYAML="" 852 AC_CHECK_LIB(yaml,yaml_parser_initialize,,LIBYAML="no") 853 854 if test "$LIBYAML" = "no"; then 855 echo 856 echo " ERROR! libyaml library not found, go get it" 857 echo " from http://pyyaml.org/wiki/LibYAML " 858 echo " or your distribution:" 859 echo 860 echo " Ubuntu: apt-get install libyaml-dev" 861 echo " Fedora: dnf install libyaml-devel" 862 echo " CentOS/RHEL: yum install libyaml-devel" 863 echo 864 exit 1 865 fi 866 867 # libpthread 868 AC_ARG_WITH(libpthread_includes, 869 [ --with-libpthread-includes=DIR libpthread include directory], 870 [with_libpthread_includes="$withval"],[with_libpthread_includes=no]) 871 AC_ARG_WITH(libpthread_libraries, 872 [ --with-libpthread-libraries=DIR libpthread library directory], 873 [with_libpthread_libraries="$withval"],[with_libpthread_libraries="no"]) 874 875 if test "$with_libpthread_includes" != "no"; then 876 CPPFLAGS="${CPPFLAGS} -I${with_libpthread_includes}" 877 fi 878 879 dnl AC_CHECK_HEADER(pthread.h,,[AC_MSG_ERROR(pthread.h not found ...)]) 880 881 if test "$with_libpthread_libraries" != "no"; then 882 LDFLAGS="${LDFLAGS} -L${with_libpthread_libraries}" 883 fi 884 885 PTHREAD="" 886 AC_CHECK_LIB(pthread, pthread_create,, PTHREAD="no") 887 888 if test "$PTHREAD" = "no"; then 889 echo 890 echo " ERROR! libpthread library not found, glibc problem?" 891 echo 892 exit 1 893 fi 894 895 AC_CHECK_FUNCS([pthread_spin_unlock]) 896 897 # libjansson 898 AC_ARG_WITH(libjansson_includes, 899 [ --with-libjansson-includes=DIR libjansson include directory], 900 [with_libjansson_includes="$withval"],[with_libjansson_includes=no]) 901 AC_ARG_WITH(libjansson_libraries, 902 [ --with-libjansson-libraries=DIR libjansson library directory], 903 [with_libjansson_libraries="$withval"],[with_libjansson_libraries="no"]) 904 905 if test "$with_libjansson_includes" != "no"; then 906 CPPFLAGS="${CPPFLAGS} -I${with_libjansson_includes}" 907 fi 908 909 if test "$with_libjansson_libraries" != "no"; then 910 LDFLAGS="${LDFLAGS} -L${with_libjansson_libraries}" 911 fi 912 913 AC_CHECK_HEADER(jansson.h,JANSSON="yes",JANSSON="no") 914 AC_CHECK_LIB(jansson, json_dump_callback,, JANSSON="no") 915 916 if test "$JANSSON" = "no"; then 917 echo "" 918 echo " ERROR: Jansson is now required." 919 echo "" 920 echo " Go get it from your distribution or from:" 921 echo " http://www.digip.org/jansson/" 922 echo "" 923 echo " Ubuntu/Debian: apt install libjansson-dev" 924 echo " CentOS: yum install jansson-devel" 925 echo " Fedora: dnf install jansson-devel" 926 echo "" 927 exit 1 928 fi 929 930 enable_jansson="yes" 931 enable_unixsocket="no" 932 933 AC_ARG_ENABLE(unix-socket, 934 AS_HELP_STRING([--enable-unix-socket], [Enable unix socket [default=test]]),[enable_unixsocket="$enableval"],[enable_unixsocket=test]) 935 936 if test "$JANSSON" = "yes"; then 937 enable_jansson="yes" 938 if test "$JANSSON" = "no"; then 939 echo 940 echo " Jansson >= 2.2 is required for features like unix socket" 941 echo " Go get it from your distribution or from:" 942 echo " http://www.digip.org/jansson/" 943 echo " Ubuntu: apt-get install libjansson-dev" 944 echo " Fedora: dnf install jansson-devel" 945 echo " CentOS/RHEL: yum install jansson-devel" 946 echo 947 if test "x$enable_unixsocket" = "xyes"; then 948 exit 1 949 fi 950 enable_unixsocket="no" 951 enable_jansson="no" 952 else 953 case $host in 954 *-*-mingw32*|*-*-msys*|*-*-cygwin) 955 enable_unixsocket="no" 956 ;; 957 *) 958 if test "x$enable_unixsocket" = "xtest"; then 959 enable_unixsocket="yes" 960 fi 961 ;; 962 esac 963 fi 964 else 965 if test "x$enable_unixsocket" = "xyes"; then 966 echo 967 echo " Jansson >= 2.2 is required for features like unix socket" 968 echo " Go get it from your distribution or from:" 969 echo " http://www.digip.org/jansson/" 970 echo " Ubuntu: apt-get install libjansson-dev" 971 echo " Fedora: dnf install jansson-devel" 972 echo " CentOS/RHEL: yum install jansson-devel" 973 echo 974 exit 1 975 fi 976 enable_unixsocket="no" 977 fi 978 979 AS_IF([test "x$enable_unixsocket" = "xyes"], [AC_DEFINE([BUILD_UNIX_SOCKET], [1], [Unix socket support enabled])]) 980 e_enable_evelog=$enable_jansson 981 982 AC_ARG_ENABLE(nflog, 983 AS_HELP_STRING([--enable-nflog],[Enable libnetfilter_log support]), 984 [ enable_nflog="$enableval"], 985 [ enable_nflog="no"]) 986 AC_ARG_ENABLE(nfqueue, 987 AS_HELP_STRING([--enable-nfqueue], [Enable NFQUEUE support for inline IDP]),[enable_nfqueue=$enableval],[enable_nfqueue=no]) 988 if test "$enable_nfqueue" != "no"; then 989 PKG_CHECK_MODULES([libnetfilter_queue], [libnetfilter_queue], [enable_nfqueue=yes], [enable_nfqueue=no]) 990 CPPFLAGS="${CPPFLAGS} ${libnetfilter_queue_CFLAGS}" 991 fi 992 993 if test "x$enable_nflog" = "xyes" || test "x$enable_nfqueue" = "xyes"; then 994 # libnfnetlink 995 case $host in 996 *-*-mingw32*) 997 ;; 998 *) 999 AC_ARG_WITH(libnfnetlink_includes, 1000 [ --with-libnfnetlink-includes=DIR libnfnetlink include directory], 1001 [with_libnfnetlink_includes="$withval"],[with_libnfnetlink_includes=no]) 1002 AC_ARG_WITH(libnfnetlink_libraries, 1003 [ --with-libnfnetlink-libraries=DIR libnfnetlink library directory], 1004 [with_libnfnetlink_libraries="$withval"],[with_libnfnetlink_libraries="no"]) 1005 1006 if test "$with_libnfnetlink_includes" != "no"; then 1007 CPPFLAGS="${CPPFLAGS} -I${with_libnfnetlink_includes}" 1008 fi 1009 1010 if test "$with_libnfnetlink_libraries" != "no"; then 1011 LDFLAGS="${LDFLAGS} -L${with_libnfnetlink_libraries}" 1012 fi 1013 1014 NFNL="" 1015 AC_CHECK_LIB(nfnetlink, nfnl_fd,, NFNL="no") 1016 1017 if test "$NFNL" = "no"; then 1018 echo 1019 echo " nfnetlink library not found, go get it" 1020 echo " from www.netfilter.org." 1021 echo " we automatically append libnetfilter_queue/ when searching" 1022 echo " for headers etc. when the --with-libnfnetlink-includes directive" 1023 echo " is used" 1024 echo " Ubuntu: apt-get install libnetfilter-queue-dev" 1025 echo " Fedora: dnf install libnetfilter_queue-devel" 1026 echo " CentOS/RHEL: yum install libnetfilter_queue-devel" 1027 echo 1028 fi 1029 ;; 1030 esac 1031 fi 1032 1033 # enable support for NFQUEUE 1034 if test "x$enable_nfqueue" = "xyes"; then 1035 AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP]) 1036 1037 #libnetfilter_queue 1038 AC_ARG_WITH(libnetfilter_queue_includes, 1039 [ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory], 1040 [with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no]) 1041 AC_ARG_WITH(libnetfilter_queue_libraries, 1042 [ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory], 1043 [with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"]) 1044 1045 if test "$with_libnetfilter_queue_includes" != "no"; then 1046 CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}" 1047 fi 1048 1049 AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,, 1050 [AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)], 1051 [ 1052 #define _GNU_SOURCE 1053 #include <sys/types.h> 1054 #include <stdint.h> 1055 ]) 1056 1057 if test "$with_libnetfilter_queue_libraries" != "no"; then 1058 LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}" 1059 fi 1060 1061 NFQ="" 1062 AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",) 1063 AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink]) 1064 AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink]) 1065 AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_flags],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_QUEUE_FLAGS],[1],[Found nfq_set_queue_flags function in netfilter_queue]) ,,[-lnfnetlink]) 1066 AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict_batch],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT_BATCH],[1],[Found nfq_set_verdict_batch function in netfilter_queue]) ,,[-lnfnetlink]) 1067 1068 # check if the argument to nfq_get_payload is signed or unsigned 1069 AC_MSG_CHECKING([for signed nfq_get_payload payload argument]) 1070 STORECFLAGS="${CFLAGS}" 1071 if test `basename $CC` = "clang"; then 1072 CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types" 1073 else 1074 CFLAGS="${CFLAGS} -Werror" 1075 fi 1076 AC_COMPILE_IFELSE( 1077 [AC_LANG_PROGRAM( 1078 [ 1079 #define _GNU_SOURCE 1080 #include <sys/types.h> 1081 #include <stdint.h> 1082 #include <stdio.h> 1083 #include <libnetfilter_queue/libnetfilter_queue.h> 1084 ], 1085 [ 1086 char *pktdata; 1087 nfq_get_payload(NULL, &pktdata); 1088 ])], 1089 [libnetfilter_queue_nfq_get_payload_signed="yes"], 1090 [libnetfilter_queue_nfq_get_payload_signed="no"]) 1091 AC_MSG_RESULT($libnetfilter_queue_nfq_get_payload_signed) 1092 if test "x$libnetfilter_queue_nfq_get_payload_signed" = "xyes"; then 1093 AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload]) 1094 fi 1095 CFLAGS="${STORECFLAGS}" 1096 1097 if test "$NFQ" = "no"; then 1098 echo 1099 echo " ERROR! libnetfilter_queue library not found, go get it" 1100 echo " from www.netfilter.org." 1101 echo " we automatically append libnetfilter_queue/ when searching" 1102 echo " for headers etc. when the --with-libnfq-includes directive" 1103 echo " is used" 1104 echo " Ubuntu: apt-get install libnetfilter-queue-dev" 1105 echo " Fedora: dnf install libnetfilter_queue-devel" 1106 echo " CentOS/RHEL: yum install libnetfilter_queue-devel" 1107 echo 1108 exit 1 1109 fi 1110 fi 1111 1112 # libnetfilter_log 1113 AC_ARG_WITH(libnetfilter_log_includes, 1114 [ --with-libnetfilter_log-includes=DIR libnetfilter_log include directory], 1115 [with_libnetfilter_log_includes="$withval"],[with_libnetfilter_log_includes="no"]) 1116 AC_ARG_WITH(libnetfilter_log_libraries, 1117 [ --with-libnetfilter_log-libraries=DIR libnetfilter_log library directory], 1118 [with_libnetfilter_log_libraries="$withval"],[with_libnetfilter_log_libraries="no"]) 1119 1120 if test "$enable_nflog" = "yes"; then 1121 if test "$with_libnetfilter_log_includes" != "no"; then 1122 CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_log_includes}" 1123 fi 1124 1125 AC_CHECK_HEADER(libnetfilter_log/libnetfilter_log.h,,[AC_MSG_ERROR(libnetfilter_log.h not found ...)]) 1126 1127 if test "$with_libnetfilter_log_libraries" != "no"; then 1128 LDFLAGS="${LDFLAGS} -L${with_libnetfilter_log_libraries}" 1129 fi 1130 1131 NFLOG="" 1132 AC_CHECK_LIB(netfilter_log, nflog_open,, NFLOG="no") 1133 1134 if test "$NFLOG" = "no"; then 1135 echo 1136 echo " ERROR! libnetfilter_log library not found, go get it" 1137 echo " from http://www.netfilter.org." 1138 echo 1139 exit 1 1140 else 1141 AC_DEFINE([HAVE_NFLOG],[1],[nflog available]) 1142 enable_nflog="yes" 1143 fi 1144 fi 1145 1146 # WinDivert support 1147 AC_ARG_ENABLE(windivert, 1148 AS_HELP_STRING([--enable-windivert],[Enable WinDivert support [default=no]]),[enable_windivert=$enableval], 1149 [enable_windivert="no"]) 1150 1151 # WinDivert can only be enabled on Windows builds 1152 AC_CHECK_DECL([OS_WIN32],,[enable_windivert="no"]) 1153 1154 if test "x$enable_windivert" = "xyes"; then 1155 # WinDivert requires Vista at a minimum. If the user has selected their own NTDDI_VERSION 1156 # then don't override it. 1157 AC_CHECK_DECL([NTDDI_VERSION],, 1158 [CFLAGS="${CFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"]) 1159 1160 AC_DEFINE_UNQUOTED([WINDIVERT],[1],[Enable Windows WinDivert support for inline IDP]) 1161 1162 AC_ARG_WITH(windivert_include, 1163 [ --with-windivert-include=DIR WinDivert include path], 1164 [with_windivert_include="$withval"],[with_windivert_include="no"]) 1165 AC_ARG_WITH(windivert_libraries, 1166 [ --with-windivert-libraries=DIR WinDivert library path], 1167 [with_windivert_libraries="$withval"],[with_windivert_libraries="no"]) 1168 1169 if test "$with_windivert_include" != "no"; then 1170 CPPFLAGS="${CPPFLAGS} -I${with_windivert_include}" 1171 fi 1172 1173 if test "$with_windivert_libraries" != "no"; then 1174 LDFLAGS="${LDFLAGS} -L${with_windivert_libraries}" 1175 fi 1176 1177 AC_CHECK_HEADER(windivert.h,,WINDIVERT_INC="no") 1178 AC_CHECK_LIB(WinDivert, WinDivertOpen,, WINDIVERT_LIB="no") 1179 1180 if test "$WINDIVERT_LIB" = "no" || test "$WINDIVERT_INC" = "no"; then 1181 echo 1182 echo " ERROR! WinDivert not found, go get it from" 1183 echo " https://www.reqrypt.org/windivert.html" 1184 echo 1185 exit 1 1186 fi 1187 fi 1188 # /WinDivert 1189 1190 # prelude 1191 AC_ARG_ENABLE(prelude, 1192 AS_HELP_STRING([--enable-prelude], [Enable Prelude support for alerts]),[enable_prelude=$enableval],[enable_prelude=no]) 1193 # Prelude doesn't work with -Werror 1194 STORECFLAGS="${CFLAGS}" 1195 AX_CHECK_COMPILE_FLAG([-Wno-error=unused-result], 1196 [CFLAGS="${CFLAGS} -Wno-error=unused-result"], 1197 []) 1198 1199 AS_IF([test "x$enable_prelude" = "xyes"], [ 1200 AM_PATH_LIBPRELUDE(0.9.9, , AC_MSG_ERROR(Cannot find libprelude: Is libprelude-config in the path?), no) 1201 if test "x${LIBPRELUDE_CFLAGS}" != "x"; then 1202 CPPFLAGS="${CPPFLAGS} ${LIBPRELUDE_CFLAGS}" 1203 fi 1204 1205 if test "x${LIBPRELUDE_LDFLAGS}" != "x"; then 1206 LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LDFLAGS}" 1207 fi 1208 1209 if test "x${LIBPRELUDE_LIBS}" != "x"; then 1210 LDFLAGS="${LDFLAGS} ${LIBPRELUDE_LIBS}" 1211 fi 1212 AC_DEFINE([PRELUDE], [1], [Libprelude support enabled]) 1213 ]) 1214 CFLAGS="${STORECFLAGS}" 1215 1216 1217 # libnet 1218 AC_ARG_WITH(libnet_includes, 1219 [ --with-libnet-includes=DIR libnet include directory], 1220 [with_libnet_includes="$withval"],[with_libnet_includes="no"]) 1221 1222 AC_ARG_WITH(libnet_libraries, 1223 [ --with-libnet-libraries=DIR libnet library directory], 1224 [with_libnet_libraries="$withval"],[with_libnet_libraries="no"]) 1225 1226 if test "x$with_libnet_includes" != "xno"; then 1227 CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}" 1228 libnet_dir="${with_libnet_includes}" 1229 else 1230 libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include /usr/local/include/libnet-1.1" 1231 fi 1232 1233 if test "x$with_libnet_libraries" != "xno"; then 1234 LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}" 1235 fi 1236 1237 LIBNET_DETECT_FAIL="no" 1238 LIBNET_INC_DIR="" 1239 1240 for i in $libnet_dir; do 1241 if test -r "$i/libnet.h"; then 1242 LIBNET_INC_DIR="$i" 1243 fi 1244 done 1245 1246 enable_libnet="no" 1247 AC_MSG_CHECKING(for libnet.h version 1.1.x) 1248 if test "$LIBNET_INC_DIR" != ""; then 1249 LIBNET_VER=`grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep '1.[[12]]' | sed 's/[[^"]]*"\([[^"]]*\).*/\1/'` 1250 1251 if test -z "$LIBNET_VER" ; then 1252 AC_MSG_RESULT(no) 1253 else 1254 AC_MSG_RESULT(yes) 1255 fi 1256 1257 #CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems 1258 #to have been depreciated but all distro's seem to include it as part of the package. 1259 if test "$LIBNET_DETECT_FAIL" = "no"; then 1260 LLIBNET="" 1261 AC_CHECK_LIB(net, libnet_write,, LLIBNET="no") 1262 if test "$LLIBNET" != "no"; then 1263 AC_DEFINE([HAVE_LIBNET11],[1],(libnet 1.1 available)) 1264 AC_DEFINE([_DEFAULT_SOURCE],[1],(default source)) 1265 AC_DEFINE([_BSD_SOURCE],[1],(bsd source)) 1266 AC_DEFINE([__BSD_SOURCE],[1],(bsd source)) 1267 AC_DEFINE([__FAVOR_BSD],[1],(favor bsd)) 1268 AC_DEFINE([HAVE_NET_ETHERNET_H],[1],(ethernet.h)) 1269 enable_libnet="yes" 1270 fi 1271 1272 # see if we have the patched libnet 1.1 1273 # https://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html 1274 # 1275 # To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work 1276 # see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful 1277 if test "$enable_libnet" = "yes"; then 1278 LLIBNET="" 1279 TMPLIBS="${LIBS}" 1280 AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no") 1281 if test "$LLIBNET" != "no"; then 1282 AC_DEFINE([HAVE_LIBNET_ICMPV6_UNREACH],[1],(libnet_build_icmpv6_unreach available)) 1283 fi 1284 LIBS="${TMPLIBS}" 1285 fi 1286 1287 # See if we have libnet 1.1.6 or newer - these versions handle capabilities correctly 1288 # Some patched 1.1.4 versions are also good, but it's not guaranteed for all distros. 1289 # 1290 # Details: https://bugzilla.redhat.com/show_bug.cgi?id=589770 1291 AS_VERSION_COMPARE([LIBNET_VER], [1.1.6], 1292 [], 1293 [AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))], 1294 [AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))]) 1295 1296 1297 # check if the argument to libnet_init is char* or const char* 1298 AC_MSG_CHECKING([libnet_init dev type]) 1299 STORECFLAGS="${CFLAGS}" 1300 if test `basename $CC` = "clang"; then 1301 CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types" 1302 else 1303 CFLAGS="${CFLAGS} -Werror" 1304 fi 1305 AC_COMPILE_IFELSE( 1306 [AC_LANG_PROGRAM( 1307 [ 1308 #include <stdio.h> 1309 #include <libnet.h> 1310 ], 1311 [[ 1312 const char dev[32] = ""; 1313 char ebuf[LIBNET_ERRBUF_SIZE]; 1314 (void)libnet_init(LIBNET_LINK, dev, ebuf); 1315 ]])], 1316 [libnet_init_const="yes"], 1317 [libnet_init_const="no"]) 1318 AC_MSG_RESULT($libnet_init_const) 1319 if test "x$libnet_init_const" = "xyes"; then 1320 AC_DEFINE([HAVE_LIBNET_INIT_CONST], [1], [libnet_init takes const argument]) 1321 fi 1322 CFLAGS="${STORECFLAGS}" 1323 fi 1324 else 1325 AC_MSG_RESULT(no) 1326 fi 1327 1328 # libpcap 1329 AC_ARG_WITH(libpcap_includes, 1330 [ --with-libpcap-includes=DIR libpcap include directory], 1331 [with_libpcap_includes="$withval"],[with_libpcap_includes=no]) 1332 AC_ARG_WITH(libpcap_libraries, 1333 [ --with-libpcap-libraries=DIR libpcap library directory], 1334 [with_libpcap_libraries="$withval"],[with_libpcap_libraries="no"]) 1335 1336 if test "$with_libpcap_includes" != "no"; then 1337 CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}" 1338 fi 1339 1340 AC_CHECK_HEADERS([pcap.h],[],[AC_MSG_ERROR(pcap.h not found ...)], 1341 [[ 1342 #ifdef HAVE_WINSOCK2_H 1343 #include <winsock2.h> 1344 #endif 1345 #define _DEFAULT_SOURCE 1 1346 ]]) 1347 1348 if test "$with_libpcap_libraries" != "no"; then 1349 LDFLAGS="${LDFLAGS} -L${with_libpcap_libraries}" 1350 fi 1351 AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h],[],[], 1352 [[ 1353 #ifdef HAVE_WINSOCK2_H 1354 #include <winsock2.h> 1355 #endif 1356 #define _DEFAULT_SOURCE 1 1357 ]]) 1358 1359 LIBPCAP="" 1360 PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}"],[:]) 1361 AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_open_live,, LIBPCAP="no") 1362 if test "$LIBPCAP" = "no"; then 1363 echo 1364 echo " ERROR! libpcap library not found, go get it" 1365 echo " from http://www.tcpdump.org or your distribution:" 1366 echo 1367 echo " Ubuntu: apt-get install libpcap-dev" 1368 echo " Fedora: dnf install libpcap-devel" 1369 echo " CentOS/RHEL: yum install libpcap-devel" 1370 echo 1371 exit 1 1372 fi 1373 1374 # pcap_activate and pcap_create only exists in libpcap >= 1.0 1375 LIBPCAPVTEST="" 1376 #To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work 1377 #see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful 1378 TMPLIBS="${LIBS}" 1379 AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_activate,, LPCAPVTEST="no") 1380 if test "$LPCAPVTEST" = "no"; then 1381 echo 1382 echo " ERROR! libpcap library too old, need at least 1+, " 1383 echo " go get it from http://www.tcpdump.org or your distribution:" 1384 echo 1385 echo " Ubuntu: apt-get install libpcap-dev" 1386 echo " Fedora: dnf install libpcap-devel" 1387 echo " CentOS/RHEL: yum install libpcap-devel" 1388 echo 1389 exit 1 1390 fi 1391 AC_PATH_PROG(HAVE_PCAP_CONFIG, pcap-config, "no") 1392 if test "$HAVE_PCAP_CONFIG" = "no" -o "$cross_compiling" = "yes"; then 1393 AC_MSG_RESULT(no pcap-config is use) 1394 else 1395 PCAP_CFLAGS="$(pcap-config --defines) $(pcap-config --cflags)" 1396 AC_SUBST(PCAP_CFLAGS) 1397 fi 1398 LIBS="${TMPLIBS}" 1399 1400 #Appears as if pcap_set_buffer_size is linux only? 1401 LIBPCAPSBUFF="" 1402 #To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work 1403 #see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful 1404 TMPLIBS="${LIBS}" 1405 AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_set_buffer_size,, LPCAPSBUFF="no") 1406 if test "$LPCAPSBUFF" != "no"; then 1407 AC_DEFINE([HAVE_PCAP_SET_BUFF],[1],(libpcap has pcap_set_buffer_size function)) 1408 fi 1409 LIBS="${TMPLIBS}" 1410 1411 # libpfring 1412 # libpfring (currently only supported for libpcap enabled pfring) 1413 # Error on the side of caution. If libpfring enabled pcap is being used and we don't link against -lpfring compilation will fail. 1414 AC_ARG_ENABLE(pfring, 1415 AS_HELP_STRING([--enable-pfring], [Enable Native PF_RING support]),[enable_pfring=$enableval],[enable_pfring=no]) 1416 AS_IF([test "x$enable_pfring" = "xyes"], [ 1417 AC_DEFINE([HAVE_PFRING],[1],(PF_RING support enabled)) 1418 1419 #We have to set CFLAGS for AC_COMPILE_IFELSE as it doesn't pay attention to CPPFLAGS 1420 AC_ARG_WITH(libpfring_includes, 1421 [ --with-libpfring-includes=DIR libpfring include directory], 1422 [with_libpfring_includes="$withval"],[with_libpfring_includes=no]) 1423 AC_ARG_WITH(libpfring_libraries, 1424 [ --with-libpfring-libraries=DIR libpfring library directory], 1425 [with_libpfring_libraries="$withval"],[with_libpfring_libraries="no"]) 1426 1427 if test "$with_libpfring_includes" != "no"; then 1428 CPPFLAGS="${CPPFLAGS} -I${with_libpfring_includes}" 1429 fi 1430 1431 if test "$with_libpfring_libraries" != "no"; then 1432 LDFLAGS="${LDFLAGS} -L${with_libpfring_libraries}" 1433 fi 1434 1435 LIBPFRING="" 1436 AC_CHECK_LIB(pfring, pfring_open,, LIBPFRING="no", [-lpcap]) 1437 if test "$LIBPFRING" != "no"; then 1438 STORECFLAGS="${CFLAGS}" 1439 CFLAGS="${CFLAGS} -Werror" 1440 AC_COMPILE_IFELSE( 1441 [AC_LANG_PROGRAM( 1442 [ 1443 #include <pfring.h> 1444 ], 1445 [ 1446 pfring_recv_chunk(NULL, NULL, 0, 0); 1447 ])], 1448 [pfring_recv_chunk="yes"], 1449 [pfring_recv_chunk="no"]) 1450 CFLAGS="${STORECFLAGS}" 1451 if test "x$pfring_recv_chunk" != "xyes"; then 1452 if test "x$enable_pfring" = "xyes"; then 1453 echo 1454 echo " ERROR! --enable-pfring was passed but the library version is < 6, go get it" 1455 echo " from http://www.ntop.org/products/pf_ring/" 1456 echo 1457 exit 1 1458 fi 1459 fi 1460 AC_COMPILE_IFELSE( 1461 [AC_LANG_SOURCE([[ 1462 #include <pfring.h> 1463 #ifndef PF_RING_FLOW_OFFLOAD 1464 # error PF_RING_FLOW_OFFLOAD not defined 1465 #endif 1466 ]])], 1467 [ 1468 AC_DEFINE([HAVE_PF_RING_FLOW_OFFLOAD], [1], [PF_RING bypass support enabled]) 1469 ], 1470 [ 1471 echo 1472 echo " Warning! Pfring hw bypass not supported by this library version < 7," 1473 echo " please upgrade to a newer version to use this feature." 1474 echo 1475 echo " Continuing for now with hw bypass support disabled..." 1476 echo 1477 ]) 1478 else 1479 if test "x$enable_pfring" = "xyes"; then 1480 echo 1481 echo " ERROR! --enable-pfring was passed but the library was not found, go get it" 1482 echo " from http://www.ntop.org/products/pf_ring/" 1483 echo 1484 exit 1 1485 fi 1486 fi 1487 ]) 1488 1489 # AF_PACKET support 1490 AC_ARG_ENABLE(af-packet, 1491 AS_HELP_STRING([--enable-af-packet], [Enable AF_PACKET support [default=yes]]), 1492 [enable_af_packet=$enableval],[enable_af_packet=yes]) 1493 AS_IF([test "x$enable_af_packet" = "xyes"], [ 1494 AC_CHECK_DECL([TPACKET_V2], 1495 AC_DEFINE([HAVE_AF_PACKET],[1],[AF_PACKET support is available]), 1496 [enable_af_packet="no"], 1497 [[#include <sys/socket.h> 1498 #include <linux/if_packet.h>]]) 1499 AC_CHECK_DECL([PACKET_FANOUT_QM], 1500 AC_DEFINE([HAVE_PACKET_FANOUT],[1],[Recent packet fanout support is available]), 1501 [], 1502 [[#include <linux/if_packet.h>]]) 1503 AC_CHECK_DECL([TPACKET_V3], 1504 AC_DEFINE([HAVE_TPACKET_V3],[1],[AF_PACKET tpcket_v3 support is available]), 1505 [], 1506 [[#include <sys/socket.h> 1507 #include <linux/if_packet.h>]]) 1508 AC_CHECK_DECL([SOF_TIMESTAMPING_RAW_HARDWARE], 1509 AC_DEFINE([HAVE_HW_TIMESTAMPING],[1],[Hardware timestamping support is available]), 1510 [], 1511 [[#include <linux/net_tstamp.h>]]) 1512 ]) 1513 1514 # Netmap support 1515 AC_ARG_ENABLE(netmap, 1516 AS_HELP_STRING([--enable-netmap], [Enable Netmap support]),[enable_netmap=$enableval],[enable_netmap=no]) 1517 AC_ARG_WITH(netmap_includes, 1518 [ --with-netmap-includes=DIR netmap include directory], 1519 [with_netmap_includes="$withval"],[with_netmap_includes=no]) 1520 1521 AS_IF([test "x$enable_netmap" = "xyes"], [ 1522 AC_DEFINE([HAVE_NETMAP],[1],(NETMAP support enabled)) 1523 1524 if test "$with_netmap_includes" != "no"; then 1525 CPPFLAGS="${CPPFLAGS} -I${with_netmap_includes}" 1526 fi 1527 1528 AC_CHECK_HEADER(net/netmap_user.h,,[AC_MSG_ERROR(net/netmap_user.h not found ...)],) 1529 1530 have_recent_netmap="no" 1531 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 1532 #include <net/netmap_user.h> 1533 ],[ 1534 #ifndef NETMAP_API 1535 #error "outdated netmap, need one with NETMAP_API" 1536 #endif 1537 #if NETMAP_API < 11 1538 #error "outdated netmap, need at least api version 11" 1539 #endif 1540 ])], [have_recent_netmap="yes"]) 1541 if test "x$have_recent_netmap" != "xyes"; then 1542 echo "ERROR: outdated netmap" 1543 exit 1 1544 fi 1545 have_netmap_version="unknown" 1546 have_v11_netmap="no" 1547 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 1548 #include <net/netmap_user.h> 1549 ],[ 1550 #if NETMAP_API != 11 1551 #error "not 11" 1552 #endif 1553 ])], [have_v11_netmap="yes"]) 1554 if test "x$have_v11_netmap" = "xyes"; then 1555 have_netmap_version="v11" 1556 fi 1557 have_v12_netmap="no" 1558 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 1559 #include <net/netmap_user.h> 1560 ],[ 1561 #if NETMAP_API != 12 1562 #error "not 12" 1563 #endif 1564 ])], [have_v12_netmap="yes"]) 1565 if test "x$have_v12_netmap" = "xyes"; then 1566 have_netmap_version="v12" 1567 fi 1568 have_v13_netmap="no" 1569 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 1570 #include <net/netmap_user.h> 1571 ],[ 1572 #if NETMAP_API != 13 1573 #error "not 13" 1574 #endif 1575 ])], [have_v13_netmap="yes"]) 1576 if test "x$have_v13_netmap" = "xyes"; then 1577 have_netmap_version="v13" 1578 fi 1579 have_gtv13_netmap="no" 1580 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ 1581 #include <net/netmap_user.h> 1582 ],[ 1583 #if NETMAP_API <= 13 1584 #error "not gt 13" 1585 #endif 1586 ])], [have_gtv13_netmap="yes"]) 1587 if test "x$have_gtv13_netmap" = "xyes"; then 1588 have_netmap_version="> v13" 1589 fi 1590 ]) 1591 1592 # Suricata-Update. 1593 AC_ARG_ENABLE([suricata-update], AS_HELP_STRING([--disable-suricata-update], 1594 [Disable suricata-update]), [enable_suricata_update=$enableval], 1595 [enable_suricata_update="yes"]) 1596 1597 # Assume suircata-update will not be installed. 1598 have_suricata_update="no" 1599 ruledirprefix="$sysconfdir" 1600 1601 if test "$enable_suricata_update" = "yes"; then 1602 if test -f "$srcdir/suricata-update/setup.py"; then 1603 have_suricata_update="yes" 1604 fi 1605 fi 1606 1607 if test "$have_suricata_update" = "yes"; then 1608 if test "$have_python_yaml" != "yes"; then 1609 echo "" 1610 echo " Warning: suricata-update will not be installed as the" 1611 echo " Python yaml module is not installed.." 1612 echo "" 1613 echo " Install the yaml module for Python ${pymv} to enable" 1614 echo " suricata-update." 1615 echo 1616 else 1617 SURICATA_UPDATE_DIR="suricata-update" 1618 AC_SUBST(SURICATA_UPDATE_DIR) 1619 AC_CONFIG_FILES(suricata-update/Makefile) 1620 AC_OUTPUT 1621 ruledirprefix="$localstatedir/lib" 1622 fi 1623 fi 1624 1625 # Test to see if suricatactl (and suricatasc) can be installed. 1626 if test "x$enable_python" != "xyes"; then 1627 install_suricatactl="requires python" 1628 elif test "x$have_python_distutils" != "xyes"; then 1629 install_suricatactl="no, requires distutils" 1630 else 1631 install_suricatactl="yes" 1632 fi 1633 1634 # Test to see if suricata-update can be installed. 1635 if test "x$have_suricata_update" != "xyes"; then 1636 install_suricata_update="not bundled" 1637 elif test "x$enable_python" != "xyes"; then 1638 install_suricata_update="no, requires python" 1639 elif test "x$have_python_distutils" != "xyes"; then 1640 install_suricata_update="no, requires distutils" 1641 elif test "x$have_python_yaml" != "xyes"; then 1642 install_suricata_update="no, requires pyyaml" 1643 else 1644 install_suricata_update="yes" 1645 fi 1646 1647 AM_CONDITIONAL([INSTALL_SURICATA_UPDATE], 1648 [test "x$install_suricata_update" = "xyes"]) 1649 1650 # libhtp 1651 AC_ARG_ENABLE(non-bundled-htp, 1652 AS_HELP_STRING([--enable-non-bundled-htp], [Enable the use of an already installed version of htp]),[enable_non_bundled_htp=$enableval],[enable_non_bundled_htp=no]) 1653 AS_IF([test "x$enable_non_bundled_htp" = "xyes"], [ 1654 PKG_CHECK_MODULES([libhtp], htp,, [with_pkgconfig_htp=no]) 1655 if test "$with_pkgconfig_htp" != "no"; then 1656 CPPFLAGS="${CPPFLAGS} ${libhtp_CFLAGS}" 1657 LIBS="${LIBS} ${libhtp_LIBS}" 1658 fi 1659 1660 AC_ARG_WITH(libhtp_includes, 1661 [ --with-libhtp-includes=DIR libhtp include directory], 1662 [with_libhtp_includes="$withval"],[with_libhtp_includes=no]) 1663 AC_ARG_WITH(libhtp_libraries, 1664 [ --with-libhtp-libraries=DIR libhtp library directory], 1665 [with_libhtp_libraries="$withval"],[with_libhtp_libraries="no"]) 1666 1667 if test "$with_libhtp_includes" != "no"; then 1668 CPPFLAGS="-I${with_libhtp_includes} ${CPPFLAGS}" 1669 fi 1670 1671 if test "$with_libhtp_libraries" != "no"; then 1672 LDFLAGS="${LDFLAGS} -L${with_libhtp_libraries}" 1673 fi 1674 1675 AC_CHECK_HEADER(htp/htp.h,,[AC_MSG_ERROR(htp/htp.h not found ...)]) 1676 1677 LIBHTP="" 1678 AC_CHECK_LIB(htp, htp_conn_create,, LIBHTP="no") 1679 if test "$LIBHTP" = "no"; then 1680 echo 1681 echo " ERROR! libhtp library not found" 1682 echo 1683 exit 1 1684 fi 1685 PKG_CHECK_MODULES(LIBHTPMINVERSION, [htp >= 0.5.39],[libhtp_minver_found="yes"],[libhtp_minver_found="no"]) 1686 if test "$libhtp_minver_found" = "no"; then 1687 PKG_CHECK_MODULES(LIBHTPDEVVERSION, [htp = 0.5.X],[libhtp_devver_found="yes"],[libhtp_devver_found="no"]) 1688 if test "$libhtp_devver_found" = "no"; then 1689 echo 1690 echo " ERROR! libhtp was found but it is neither >= 0.5.39, nor the dev 0.5.X" 1691 echo 1692 exit 1 1693 fi 1694 fi 1695 1696 AC_CHECK_LIB([htp], [htp_config_register_request_uri_normalize],AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Found htp_config_register_request_uri_normalize function in libhtp]) ,,[-lhtp]) 1697 # check for htp_tx_get_response_headers_raw 1698 AC_CHECK_LIB([htp], [htp_tx_get_response_headers_raw],AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Found htp_tx_get_response_headers_raw in libhtp]) ,,[-lhtp]) 1699 AC_CHECK_LIB([htp], [htp_decode_query_inplace],AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Found htp_decode_query_inplace function in libhtp]) ,,[-lhtp]) 1700 AC_CHECK_LIB([htp], [htp_config_set_response_decompression_layer_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Found htp_config_set_response_decompression_layer_limit function in libhtp]) ,,[-lhtp]) 1701 AC_EGREP_HEADER(htp_config_set_path_decode_u_encoding, htp/htp.h, AC_DEFINE_UNQUOTED([HAVE_HTP_SET_PATH_DECODE_U_ENCODING],[1],[Found usable htp_config_set_path_decode_u_encoding function in libhtp]) ) 1702 AC_CHECK_LIB([htp], [htp_config_set_lzma_memlimit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Found htp_config_set_lzma_memlimit function in libhtp]) ,,[-lhtp]) 1703 AC_CHECK_LIB([htp], [htp_config_set_lzma_layers],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Found htp_config_set_lzma_layers function in libhtp]) ,,[-lhtp]) 1704 AC_CHECK_LIB([htp], [htp_config_set_compression_bomb_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Found htp_config_set_compression_bomb_limit function in libhtp]) ,,[-lhtp]) 1705 AC_CHECK_LIB([htp], [htp_config_set_compression_time_limit],AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Found htp_config_set_compression_time_limit function in libhtp]) ,,[-lhtp]) 1706 ]) 1707 1708 if test "x$enable_non_bundled_htp" = "xno"; then 1709 # test if we have a bundled htp 1710 if test -d "$srcdir/libhtp"; then 1711 AC_CONFIG_SUBDIRS([libhtp]) 1712 HTP_DIR="libhtp" 1713 AC_SUBST(HTP_DIR) 1714 HTP_LDADD="../libhtp/htp/libhtp.la" 1715 AC_SUBST(HTP_LDADD) 1716 # make sure libhtp is added to the includes 1717 CPPFLAGS="-I\${srcdir}/../libhtp/ ${CPPFLAGS}" 1718 1719 AC_CHECK_HEADER(iconv.h,,[AC_MSG_ERROR(iconv.h not found ...)]) 1720 AC_CHECK_LIB(iconv, libiconv_close) 1721 AC_DEFINE_UNQUOTED([HAVE_HTP_URI_NORMALIZE_HOOK],[1],[Assuming htp_config_register_request_uri_normalize function in bundled libhtp]) 1722 AC_DEFINE_UNQUOTED([HAVE_HTP_TX_GET_RESPONSE_HEADERS_RAW],[1],[Assuming htp_tx_get_response_headers_raw function in bundled libhtp]) 1723 AC_DEFINE_UNQUOTED([HAVE_HTP_DECODE_QUERY_INPLACE],[1],[Assuming htp_decode_query_inplace function in bundled libhtp]) 1724 # enable when libhtp has been updated 1725 AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_RESPONSE_DECOMPRESSION_LAYER_LIMIT],[1],[Assuming htp_config_set_response_decompression_layer_limit function in bundled libhtp]) 1726 AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_MEMLIMIT],[1],[Assuming htp_config_set_lzma_memlimit function in bundled libhtp]) 1727 AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_LZMA_LAYERS],[1],[Assuming htp_config_set_lzma_layers function in bundled libhtp]) 1728 AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_BOMB_LIMIT],[1],[Assuming htp_config_set_compression_bomb_limit function in bundled libhtp]) 1729 AC_DEFINE_UNQUOTED([HAVE_HTP_CONFIG_SET_COMPRESSION_TIME_LIMIT],[1],[Assuming htp_config_set_compression_time_limit function in bundled libhtp]) 1730 else 1731 echo 1732 echo " ERROR: Libhtp is not bundled. Get libhtp by doing:" 1733 echo " git clone https://github.com/OISF/libhtp" 1734 echo " Then re-run Suricata's autogen.sh and configure script." 1735 echo " Or, if libhtp is installed in a different location," 1736 echo " pass --enable-non-bundled-htp to Suricata's configure script." 1737 echo " Add --with-libhtp-includes=<dir> and --with-libhtp-libraries=<dir> if" 1738 echo " libhtp is not installed in the include and library paths." 1739 echo 1740 exit 1 1741 fi 1742 fi 1743 1744 1745 # Check for libcap-ng 1746 case $host in 1747 *-*-linux*) 1748 AC_ARG_WITH(libcap_ng_includes, 1749 [ --with-libcap_ng-includes=DIR libcap_ng include directory], 1750 [with_libcap_ng_includes="$withval"],[with_libcap_ng_includes=no]) 1751 AC_ARG_WITH(libcap_ng_libraries, 1752 [ --with-libcap_ng-libraries=DIR libcap_ng library directory], 1753 [with_libcap_ng_libraries="$withval"],[with_libcap_ng_libraries="no"]) 1754 1755 if test "$with_libcap_ng_includes" != "no"; then 1756 CPPFLAGS="${CPPFLAGS} -I${with_libcap_ng_includes}" 1757 fi 1758 1759 if test "$with_libcap_ng_libraries" != "no"; then 1760 LDFLAGS="${LDFLAGS} -L${with_libcap_ng_libraries}" 1761 fi 1762 1763 AC_CHECK_HEADER(cap-ng.h,,LIBCAP_NG="no") 1764 if test "$LIBCAP_NG" != "no"; then 1765 LIBCAP_NG="" 1766 AC_CHECK_LIB(cap-ng,capng_clear,,LIBCAP_NG="no") 1767 fi 1768 1769 if test "$LIBCAP_NG" != "no"; then 1770 AC_DEFINE([HAVE_LIBCAP_NG],[1],[Libpcap-ng support]) 1771 fi 1772 1773 if test "$LIBCAP_NG" = "no"; then 1774 echo 1775 echo " WARNING! libcap-ng library not found, go get it" 1776 echo " from http://people.redhat.com/sgrubb/libcap-ng/" 1777 echo " or your distribution:" 1778 echo 1779 echo " Ubuntu: apt-get install libcap-ng-dev" 1780 echo " Fedora: dnf install libcap-ng-devel" 1781 echo " CentOS/RHEL: yum install libcap-ng-devel" 1782 echo 1783 echo " Suricata will be built without support for dropping privs." 1784 echo 1785 fi 1786 ;; 1787 esac 1788 1789 1790 AC_ARG_ENABLE(ebpf, 1791 AS_HELP_STRING([--enable-ebpf],[Enable eBPF support]), 1792 [ enable_ebpf="$enableval"], 1793 [ enable_ebpf="no"]) 1794 1795 have_xdp="no" 1796 if test "$enable_ebpf" = "yes"; then 1797 AC_CHECK_LIB(elf,elf_begin,,LIBELF="no") 1798 if test "$LIBELF" = "no"; then 1799 echo 1800 echo " libelf library and development headers not found but" 1801 echo " but needed to use eBPF code" 1802 echo 1803 exit 1 1804 fi; 1805 1806 AC_CHECK_LIB(bpf,bpf_object__open,,LIBBPF="no") 1807 if test "$LIBBPF" = "no"; then 1808 echo 1809 echo " libbpf library and development headers not found but" 1810 echo " needed to use eBPF code. It can be found at" 1811 echo " https://github.com/libbpf/libbpf" 1812 echo 1813 exit 1 1814 fi; 1815 AC_CHECK_DECL([PACKET_FANOUT_EBPF], 1816 AC_DEFINE([HAVE_PACKET_EBPF],[1],[Recent ebpf fanout support is available]), 1817 [], 1818 [[#include <linux/if_packet.h>]]) 1819 AC_CHECK_LIB(bpf, bpf_set_link_xdp_fd,have_xdp="yes") 1820 if test "$have_xdp" = "yes"; then 1821 AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available]) 1822 fi 1823 fi; 1824 1825 # Check for DAG support. 1826 AC_ARG_ENABLE(dag, 1827 AS_HELP_STRING([--enable-dag],[Enable DAG capture]), 1828 [ enable_dag=$enableval ], 1829 [ enable_dag=no]) 1830 AC_ARG_WITH(dag_includes, 1831 [ --with-dag-includes=DIR dagapi include directory], 1832 [with_dag_includes="$withval"],[with_dag_includes="no"]) 1833 AC_ARG_WITH(dag_libraries, 1834 [ --with-dag-libraries=DIR dagapi library directory], 1835 [with_dag_libraries="$withval"],[with_dag_libraries="no"]) 1836 1837 if test "$enable_dag" = "yes"; then 1838 1839 if test "$with_dag_includes" != "no"; then 1840 CPPFLAGS="${CPPFLAGS} -I${with_dag_includes}" 1841 fi 1842 1843 if test "$with_dag_libraries" != "no"; then 1844 LDFLAGS="${LDFLAGS} -L${with_dag_libraries}" 1845 fi 1846 1847 AC_CHECK_HEADER(dagapi.h,DAG="yes",DAG="no") 1848 if test "$DAG" != "no"; then 1849 DAG="" 1850 AC_CHECK_LIB(dag,dag_open,,DAG="no",) 1851 fi 1852 1853 if test "$DAG" = "no"; then 1854 echo 1855 echo " ERROR! libdag library not found" 1856 echo 1857 exit 1 1858 fi 1859 1860 AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled)) 1861 fi 1862 1863# libnspr (enabled by default) 1864 AC_ARG_ENABLE(nspr, 1865 AS_HELP_STRING([--disable-nspr],[Disable libnspr support]), 1866 [enable_nspr=$enableval],[enable_nspr="yes"]) 1867 1868 AC_ARG_WITH(libnspr_includes, 1869 [ --with-libnspr-includes=DIR libnspr include directory], 1870 [with_libnspr_includes="$withval"],[with_libnspr_includes="no"]) 1871 1872 AC_ARG_WITH(libnspr_libraries, 1873 [ --with-libnspr-libraries=DIR libnspr library directory], 1874 [with_libnspr_libraries="$withval"],[with_libnspr_libraries="no"]) 1875 1876 if test "$enable_nspr" != "no"; then 1877 # Try pkg-config first: 1878 PKG_CHECK_MODULES([libnspr],nspr,,[with_pkgconfig_nspr="no"]) 1879 1880 if test "$with_pkgconfig_nspr" != "no"; then 1881 CPPFLAGS="${CPPFLAGS} ${libnspr_CFLAGS}" 1882 LIBS="${LIBS} ${libnspr_LIBS}" 1883 fi 1884 1885 if test "$with_libnspr_includes" != "no"; then 1886 CPPFLAGS="${CPPFLAGS} -I${with_libnspr_includes}" 1887 fi 1888 TMPLIBS="${LIBS}" 1889 AC_CHECK_HEADER(nspr.h, 1890 AC_CHECK_LIB(nspr4,PR_GetCurrentThread,[AC_DEFINE([HAVE_NSPR],[1],[libnspr available]) 1891 NSPR="yes" 1892 if test "$NSPR" = "yes"; then 1893 if test "$with_libnspr_libraries" != "no"; then 1894 LDFLAGS="${LDFLAGS} -L${with_libnspr_libraries}" 1895 LIBS="${TMPLIBS}" 1896 else 1897 LIBS="${TMPLIBS}" 1898 fi 1899 fi]),NSPR="no") 1900 1901 if test "$NSPR" = "no"; then 1902 echo 1903 echo " libnspr library not found, go get it" 1904 echo " from Mozilla or your distribution:" 1905 echo 1906 echo " Ubuntu: apt-get install libnspr4-dev" 1907 echo " Fedora: dnf install nspr-devel" 1908 echo " CentOS/RHEL: yum install nspr-devel" 1909 echo 1910 enable_nspr="no" 1911 fi 1912 fi 1913 1914 # libnss (enabled by default) 1915 1916 AC_ARG_ENABLE(nss, 1917 AS_HELP_STRING([--disable-nss],[Disable libnss support]), 1918 [enable_nss=$enableval],[enable_nss="yes"]) 1919 1920 AC_ARG_WITH(libnss_includes, 1921 [ --with-libnss-includes=DIR libnss include directory], 1922 [with_libnss_includes="$withval"],[with_libnss_includes="no"]) 1923 1924 AC_ARG_WITH(libnss_libraries, 1925 [ --with-libnss-libraries=DIR libnss library directory], 1926 [with_libnss_libraries="$withval"],[with_libnss_libraries="no"]) 1927 1928 if test "$enable_nss" != "no"; then 1929 # Try pkg-config first: 1930 PKG_CHECK_MODULES([libnss],nss,,[with_pkgconfig_nss="no"]) 1931 1932 if test "$with_pkgconfig_nss" != "no"; then 1933 CPPFLAGS="${CPPFLAGS} ${libnss_CFLAGS}" 1934 LIBS="${LIBS} ${libnss_LIBS}" 1935 fi 1936 1937 if test "$with_libnss_includes" != "no"; then 1938 CPPFLAGS="${CPPFLAGS} -I${with_libnss_includes}" 1939 fi 1940 TMPLIBS="${LIBS}" 1941 1942 AC_CHECK_HEADER(sechash.h, 1943 AC_CHECK_LIB(nss3,HASH_Begin,[AC_DEFINE([HAVE_NSS],[1],[libnss available]) 1944 NSS="yes" 1945 if test "$NSS" = "yes"; then 1946 if test "$with_libnss_libraries" != "no"; then 1947 LDFLAGS="${LDFLAGS} -L${with_libnss_libraries}" 1948 LIBS="${TMPLIBS}" 1949 else 1950 LIBS="${TMPLIBS}" 1951 fi 1952 fi]),NSS="no") 1953 1954 if test "$NSS" = "no"; then 1955 echo 1956 echo " libnss library not found, go get it" 1957 echo " from Mozilla or your distribution:" 1958 echo 1959 echo " Ubuntu: apt-get install libnss3-dev" 1960 echo " Fedora: dnf install nss-devel" 1961 echo " CentOS/RHEL: yum install nss-devel" 1962 echo 1963 enable_nss="no" 1964 fi 1965 fi 1966 1967 # libmagic 1968 enable_magic="no" 1969 AC_ARG_ENABLE(libmagic, 1970 AS_HELP_STRING([--enable-libmagic], [Enable libmagic support [default=yes]]), 1971 [enable_magic=$enableval],[enable_magic=yes]) 1972 if test "$enable_magic" = "yes"; then 1973 AC_ARG_WITH(libmagic_includes, 1974 [ --with-libmagic-includes=DIR libmagic include directory], 1975 [with_libmagic_includes="$withval"],[with_libmagic_includes=no]) 1976 AC_ARG_WITH(libmagic_libraries, 1977 [ --with-libmagic-libraries=DIR libmagic library directory], 1978 [with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"]) 1979 1980 if test "$with_libmagic_includes" != "no"; then 1981 CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}" 1982 fi 1983 1984 AC_CHECK_HEADER(magic.h,,MAGIC="no") 1985 if test "$MAGIC" != "no"; then 1986 MAGIC="" 1987 AC_CHECK_LIB(magic, magic_open,, MAGIC="no") 1988 fi 1989 1990 if test "x$MAGIC" != "xno"; then 1991 if test "$with_libmagic_libraries" != "no"; then 1992 LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}" 1993 fi 1994 AC_DEFINE([HAVE_MAGIC],[1],(Libmagic for file handling)) 1995 else 1996 echo 1997 echo " WARNING! magic library not found, go get it" 1998 echo " from http://www.darwinsys.com/file/ or your distribution:" 1999 echo 2000 echo " Ubuntu: apt-get install libmagic-dev" 2001 echo " Fedora: dnf install file-devel" 2002 echo " CentOS/RHEL: yum install file-devel" 2003 echo 2004 enable_magic="no" 2005 fi 2006 fi 2007 2008 # Napatech - Using the 3GD API 2009 AC_ARG_ENABLE(napatech, 2010 AS_HELP_STRING([--enable-napatech],[Enabled Napatech Devices]), 2011 [ enable_napatech=$enableval ], 2012 [ enable_napatech=no]) 2013 AC_ARG_ENABLE(napatech_bypass, 2014 AS_HELP_STRING([--disable-napatech-bypass],[Disable Bypass feature on Napatech cards]), 2015 [ napatech_bypass=$enableval ], 2016 [ napatech_bypass=yes]) 2017 AC_ARG_WITH(napatech_includes, 2018 [ --with-napatech-includes=DIR napatech include directory], 2019 [with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"]) 2020 AC_ARG_WITH(napatech_libraries, 2021 [ --with-napatech-libraries=DIR napatech library directory], 2022 [with_napatech_libraries="$withval"],[with_napatech_libraries="/opt/napatech3/lib"]) 2023 2024 if test "$enable_napatech" = "yes"; then 2025 CPPFLAGS="${CPPFLAGS} -I${with_napatech_includes}" 2026 LDFLAGS="${LDFLAGS} -L${with_napatech_libraries} -lntapi" 2027 AC_CHECK_HEADER(nt.h,NAPATECH="yes",NAPATECH="no") 2028 if test "$NAPATECH" != "no"; then 2029 NAPATECH="" 2030 AC_CHECK_LIB(ntapi, NT_Init,NAPATECH="yes",NAPATECH="no") 2031 fi 2032 2033 if test "$NAPATECH" = "no"; then 2034 echo 2035 echo " ERROR! libntapi library not found" 2036 echo 2037 exit 1 2038 else 2039 AC_CHECK_LIB(numa, numa_available,, LIBNUMA="no") 2040 if test "$LIBNUMA" = "no"; then 2041 echo 2042 echo " WARNING: libnuma is required to use Napatech auto-config" 2043 echo " libnuma is not found. Go get it" 2044 echo " from http://github.com/numactl/numactl or your distribution:" 2045 echo " Ubuntu: apt-get install libnuma-dev" 2046 echo " Fedora: dnf install numactl-devel" 2047 echo " CentOS/RHEL: yum install numactl-devel" 2048 echo 2049 exit 1 2050 fi 2051 fi 2052 2053 AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support)) 2054 if test "$napatech_bypass" = "yes"; then 2055 AC_CHECK_LIB(ntapi, NT_FlowOpenAttrInit,NTFLOW="yes",NTFLOW="no") 2056 if test "$NTFLOW" = "yes"; then 2057 echo " Napatech Flow Processing is Enabled (--disable-napatech-bypass if not needed)" 2058 AC_DEFINE([NAPATECH_ENABLE_BYPASS],[1],(Napatech flowdirector support)) 2059 else 2060 echo "Napatech Flow Processing is not available" 2061 fi 2062 else 2063 echo "Napatech Flow Processing is Disabled." 2064 fi 2065 fi 2066 2067 # liblua 2068 AC_ARG_ENABLE(lua, 2069 AS_HELP_STRING([--enable-lua],[Enable Lua support]), 2070 [ enable_lua="$enableval"], 2071 [ enable_lua="no"]) 2072 AC_ARG_ENABLE(luajit, 2073 AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), 2074 [ enable_luajit="$enableval"], 2075 [ enable_luajit="no"]) 2076 if test "$enable_lua" = "yes"; then 2077 if test "$enable_luajit" = "yes"; then 2078 echo "ERROR: can't enable liblua and luajit at the same time." 2079 echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)" 2080 echo "support, use just --enable-lua." 2081 echo "Both options will enable the Lua scripting capabilities" 2082 echo "in Suricata". 2083 echo 2084 exit 1 2085 fi 2086 fi 2087 2088 AC_ARG_WITH(liblua_includes, 2089 [ --with-liblua-includes=DIR liblua include directory], 2090 [with_liblua_includes="$withval"],[with_liblua_includes="no"]) 2091 AC_ARG_WITH(liblua_libraries, 2092 [ --with-liblua-libraries=DIR liblua library directory], 2093 [with_liblua_libraries="$withval"],[with_liblua_libraries="no"]) 2094 2095 if test "$enable_lua" = "yes"; then 2096 if test "$with_liblua_includes" != "no"; then 2097 CPPFLAGS="${CPPFLAGS} -I${with_liblua_includes}" 2098 else 2099 # lua lua51 lua5.1 lua-5.1 2100 PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [ 2101 PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [ 2102 PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [ 2103 PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [ 2104 LUA="no" 2105 ]) 2106 ]) 2107 ]) 2108 ]) 2109 CPPFLAGS="${CPPFLAGS} ${LUA_CFLAGS}" 2110 fi 2111 2112 AC_CHECK_HEADER(lualib.h,LUA="yes",LUA="no") 2113 if test "$LUA" = "yes"; then 2114 if test "$with_liblua_libraries" != "no"; then 2115 LDFLAGS="${LDFLAGS} -L${with_liblua_libraries}" 2116 AC_CHECK_LIB(${LUA_LIB_NAME}, luaL_openlibs,, LUA="no") 2117 if test "$LUA" = "no"; then 2118 echo 2119 echo " ERROR! liblua library not found, go get it" 2120 echo " from http://lua.org/index.html or your distribution:" 2121 echo 2122 echo " Ubuntu: apt-get install liblua5.1-dev" 2123 echo " Fedora: dnf install lua-devel" 2124 echo " CentOS/RHEL: yum install lua-devel" 2125 echo 2126 echo " If you installed software in a non-standard prefix" 2127 echo " consider adjusting the PKG_CONFIG_PATH environment variable" 2128 echo " or use --with-liblua-libraries configure option." 2129 echo 2130 exit 1 2131 fi 2132 else 2133 # lua lua51 lua5.1 lua-5.1 2134 PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [ 2135 PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [ 2136 PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [ 2137 PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [ 2138 LUA="no" 2139 ]) 2140 ]) 2141 ]) 2142 ]) 2143 LDFLAGS="${LDFLAGS} ${LUA_LIBS}" 2144 fi 2145 2146 if test "$LUA" = "no"; then 2147 AC_CHECK_LIB(lua, luaL_openlibs,, LUA="no") 2148 fi 2149 2150 if test "$LUA" = "yes"; then 2151 AC_DEFINE([HAVE_LUA],[1],[liblua available]) 2152 enable_lua="yes" 2153 fi 2154 else 2155 echo 2156 echo " ERROR! liblua headers not found, go get them" 2157 echo " from http://lua.org/index.html or your distribution:" 2158 echo 2159 echo " Ubuntu: apt-get install liblua5.1-dev" 2160 echo " Fedora: dnf install lua-devel" 2161 echo " CentOS/RHEL: yum install lua-devel" 2162 echo 2163 echo " If you installed software in a non-standard prefix" 2164 echo " consider adjusting the PKG_CONFIG_PATH environment variable" 2165 echo " or use --with-liblua-includes and --with-liblua-libraries" 2166 echo " configure option." 2167 echo 2168 exit 1 2169 fi 2170 fi 2171 2172 # libluajit 2173 AC_ARG_WITH(libluajit_includes, 2174 [ --with-libluajit-includes=DIR libluajit include directory], 2175 [with_libluajit_includes="$withval"],[with_libluajit_includes="no"]) 2176 AC_ARG_WITH(libluajit_libraries, 2177 [ --with-libluajit-libraries=DIR libluajit library directory], 2178 [with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"]) 2179 2180 if test "$enable_luajit" = "yes"; then 2181 if test "$with_libluajit_includes" != "no"; then 2182 CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}" 2183 else 2184 PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no") 2185 CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}" 2186 fi 2187 2188 AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no") 2189 if test "$LUAJIT" = "yes"; then 2190 if test "$with_libluajit_libraries" != "no"; then 2191 LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}" 2192 else 2193 PKG_CHECK_MODULES([LUAJIT], [luajit]) 2194 LDFLAGS="${LDFLAGS} ${LUAJIT_LIBS}" 2195 fi 2196 2197 AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no") 2198 2199 if test "$LUAJIT" = "no"; then 2200 echo 2201 echo " ERROR! libluajit library not found, go get it" 2202 echo " from http://luajit.org/index.html or your distribution:" 2203 echo 2204 echo " Ubuntu: apt-get install libluajit-5.1-dev" 2205 echo 2206 echo " If you installed software in a non-standard prefix" 2207 echo " consider adjusting the PKG_CONFIG_PATH environment variable" 2208 echo " or use --with-libluajit-libraries configure option." 2209 echo 2210 exit 1 2211 fi 2212 2213 AC_DEFINE([HAVE_LUA],[1],[lua support available]) 2214 AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available]) 2215 enable_lua="yes, through luajit" 2216 enable_luajit="yes" 2217 else 2218 echo 2219 echo " ERROR! libluajit headers not found, go get them" 2220 echo " from http://luajit.org/index.html or your distribution:" 2221 echo 2222 echo " Ubuntu: apt-get install libluajit-5.1-dev" 2223 echo 2224 echo " If you installed software in a non-standard prefix" 2225 echo " consider adjusting the PKG_CONFIG_PATH environment variable" 2226 echo " or use --with-libluajit-includes and --with-libluajit-libraries" 2227 echo " configure option." 2228 echo 2229 exit 1 2230 fi 2231 fi 2232 2233 AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"]) 2234 2235 # If Lua is enabled, test the integer size. 2236 if test "x$enable_lua" = "xyes" -a "$cross_compiling" != "yes"; then 2237 TMPLIBS="$LIBS" 2238 LIBS="" 2239 2240 AC_MSG_CHECKING([size of lua integer]) 2241 AC_RUN_IFELSE([AC_LANG_PROGRAM([[#include <lua.h>]], 2242 [[ 2243 if (sizeof(lua_Integer) == 8) { 2244 return 1; 2245 } 2246 return 0; 2247 ]])], 2248 [ 2249 AC_MSG_RESULT([4]) 2250 ], 2251 [ 2252 AC_MSG_RESULT([8]) 2253 AC_SUBST([LUA_INT8], ["lua_int8"]) 2254 ]) 2255 LIBS="$TMPLIBS" 2256 fi 2257 2258 # libmaxminddb 2259 AC_ARG_ENABLE(geoip, 2260 AS_HELP_STRING([--enable-geoip],[Enable GeoIP2 support]), 2261 [ enable_geoip="$enableval"], 2262 [ enable_geoip="no"]) 2263 AC_ARG_WITH(libmaxminddb_includes, 2264 [ --with-libmaxminddb-includes=DIR libmaxminddb include directory], 2265 [with_libmaxminddb_includes="$withval"],[with_libmaxminddb_includes="no"]) 2266 AC_ARG_WITH(libmaxminddb_libraries, 2267 [ --with-libmaxminddb-libraries=DIR libmaxminddb library directory], 2268 [with_libmaxminddb_libraries="$withval"],[with_libmaxminddb_libraries="no"]) 2269 2270 if test "$enable_geoip" = "yes"; then 2271 if test "$with_libmaxminddb_includes" != "no"; then 2272 CPPFLAGS="${CPPFLAGS} -I${with_libmaxminddb_includes}" 2273 fi 2274 2275 AC_CHECK_HEADER(maxminddb.h,GEOIP="yes",GEOIP="no") 2276 if test "$GEOIP" = "yes"; then 2277 if test "$with_libmaxminddb_libraries" != "no"; then 2278 LDFLAGS="${LDFLAGS} -L${with_libmaxminddb_libraries}" 2279 fi 2280 AC_CHECK_LIB(maxminddb, MMDB_open,, GEOIP="no") 2281 fi 2282 if test "$GEOIP" = "no"; then 2283 echo 2284 echo " ERROR! libmaxminddb GeoIP2 library not found, go get it" 2285 echo " from https://github.com/maxmind/libmaxminddb or your distribution:" 2286 echo 2287 echo " Ubuntu: apt-get install libmaxminddb-dev" 2288 echo " Fedora: dnf install libmaxminddb-devel" 2289 echo " CentOS/RHEL: yum install libmaxminddb-devel" 2290 echo 2291 exit 1 2292 fi 2293 2294 AC_DEFINE([HAVE_GEOIP],[1],[libmaxminddb available]) 2295 enable_geoip="yes" 2296 fi 2297 2298 # Position Independent Executable 2299 AC_ARG_ENABLE(pie, 2300 AS_HELP_STRING([--enable-pie],[Enable compiling as a position independent executable]), 2301 [ enable_pie="$enableval"], 2302 [ enable_pie="no"]) 2303 if test "$enable_pie" = "yes"; then 2304 CPPFLAGS="${CPPFLAGS} -fPIC" 2305 LDFLAGS="${LDFLAGS} -pie" 2306 fi 2307 2308#libevent includes and libraries 2309 AC_ARG_WITH(libevent_includes, 2310 [ --with-libevent-includes=DIR libevent include directory], 2311 [with_libevent_includes="$withval"],[with_libevent_includes="no"]) 2312 AC_ARG_WITH(libevent_libraries, 2313 [ --with-libevent-libraries=DIR libevent library directory], 2314 [with_libevent_libraries="$withval"],[with_libevent_libraries="no"]) 2315 2316# libhiredis 2317 AC_ARG_ENABLE(hiredis, 2318 AS_HELP_STRING([--enable-hiredis],[Enable Redis support]), 2319 [ enable_hiredis="$enableval"], 2320 [ enable_hiredis="no"]) 2321 AC_ARG_WITH(libhiredis_includes, 2322 [ --with-libhiredis-includes=DIR libhiredis include directory], 2323 [with_libhiredis_includes="$withval"],[with_libhiredis_includes="no"]) 2324 AC_ARG_WITH(libhiredis_libraries, 2325 [ --with-libhiredis-libraries=DIR libhiredis library directory], 2326 [with_libhiredis_libraries="$withval"],[with_libhiredis_libraries="no"]) 2327 2328 enable_hiredis_async="no" 2329 if test "$enable_hiredis" = "yes"; then 2330 if test "$with_libhiredis_includes" != "no"; then 2331 CPPFLAGS="${CPPFLAGS} -I${with_libhiredis_includes}" 2332 fi 2333 2334 AC_CHECK_HEADER("hiredis/hiredis.h",HIREDIS="yes",HIREDIS="no") 2335 if test "$HIREDIS" = "yes"; then 2336 if test "$with_libhiredis_libraries" != "no"; then 2337 LDFLAGS="${LDFLAGS} -L${with_libhiredis_libraries}" 2338 fi 2339 AC_CHECK_LIB(hiredis, redisConnect,, HIREDIS="no") 2340 fi 2341 if test "$HIREDIS" = "no"; then 2342 echo 2343 echo " ERROR! libhiredis library not found, go get it" 2344 echo " from https://github.com/redis/hiredis or your distribution:" 2345 echo 2346 echo " Ubuntu: apt-get install libhiredis-dev" 2347 echo " Fedora: dnf install hiredis-devel" 2348 echo " CentOS/RHEL: yum install hiredis-devel" 2349 echo 2350 exit 1 2351 fi 2352 if test "$HIREDIS" = "yes"; then 2353 AC_DEFINE([HAVE_LIBHIREDIS],[1],[libhiredis available]) 2354 enable_hiredis="yes" 2355 # 2356 # Check if async adapters and libevent is installed 2357 # 2358 AC_CHECK_HEADER("hiredis/adapters/libevent.h",HIREDIS_LIBEVENT_ADAPTER="yes",HIREDIS_LIBEVENT_ADAPTER="no") 2359 if test "$HIREDIS_LIBEVENT_ADAPTER" = "yes"; then 2360 #Look for libevent headers 2361 if test "$with_libevent_includes" != "no"; then 2362 CPPFLAGS="${CPPFLAGS} -I${with_libevent_includes}" 2363 fi 2364 AC_CHECK_HEADER("event.h",LIBEVENT="yes",LIBEVENT="no") 2365 if test "$LIBEVENT" = "yes"; then 2366 if test "$with_libevent_libraries" != "no"; then 2367 LDFLAGS="${LDFLAGS} -L${with_libevent_libraries}" 2368 fi 2369 AC_CHECK_LIB(event, event_base_free,, HAVE_LIBEVENT="no") 2370 AC_CHECK_LIB(event_pthreads, evthread_use_pthreads,, HAVE_LIBEVENT_PTHREADS="no") 2371 fi 2372 if [ test "$HAVE_LIBEVENT" = "no" ] && [ -o test "$HAVE_LIBEVENT_PTHREADS" = "no"]; then 2373 if test "$HAVE_LIBEVENT" = "no"; then 2374 echo 2375 echo " Async mode for redis output will not be available." 2376 echo " To enable it install libevent" 2377 echo 2378 echo " Ubuntu: apt-get install libevent-dev" 2379 echo " Fedora: dnf install libevent-devel" 2380 echo " CentOS/RHEL: yum install libevent-devel" 2381 echo 2382 fi 2383 if test "$HAVE_LIBEVENT_PTHREADS" = "no"; then 2384 echo 2385 echo " Async mode for redis output will not be available." 2386 echo " To enable it install libevent with pthreads support" 2387 echo 2388 echo " Ubuntu: apt-get install libevent-pthreads-2.0-5" 2389 echo 2390 fi 2391 else 2392 AC_DEFINE([HAVE_LIBEVENT],[1],[libevent available]) 2393 enable_hiredis_async="yes" 2394 fi 2395 fi 2396 fi 2397 fi 2398 2399# Check for lz4 2400enable_liblz4="yes" 2401AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no") 2402 2403if test "$enable_liblz4" = "no"; then 2404 echo 2405 echo " Compressed pcap logging is not available without liblz4." 2406 echo " If you want to enable compression, you need to install it." 2407 echo 2408 echo " Ubuntu: apt-get install liblz4-dev" 2409 echo " Fedora: dnf install lz4-devel" 2410 echo " CentOS/RHEL: yum install epel-release" 2411 echo " yum install lz4-devel" 2412 echo 2413fi 2414 2415# get cache line size 2416 AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no") 2417 if test "$HAVE_GETCONF_CMD" != "no"; then 2418 CLS=$(getconf LEVEL1_DCACHE_LINESIZE) 2419 if [test "$CLS" != "" && test "$CLS" != "0"]; then 2420 AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size]) 2421 else 2422 AC_DEFINE([CLS],[64],[L1 cache line size]) 2423 fi 2424 else 2425 AC_DEFINE([CLS],[64],[L1 cache line size]) 2426 fi 2427 2428# sphinx for documentation 2429 AC_PATH_PROG(HAVE_SPHINXBUILD, sphinx-build, "no") 2430 if test "$HAVE_SPHINXBUILD" = "no"; then 2431 enable_sphinxbuild=no 2432 if test -e "$srcdir/doc/userguide/suricata.1"; then 2433 have_suricata_man=yes 2434 fi 2435 fi 2436 AM_CONDITIONAL([HAVE_SPHINXBUILD], [test "x$enable_sphinxbuild" != "xno"]) 2437 AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"]) 2438 2439# pdflatex for the pdf version of the user manual 2440 AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no") 2441 if test "$HAVE_PDFLATEX" = "no"; then 2442 enable_pdflatex=no 2443 fi 2444 AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"]) 2445 2446# Cargo/Rust 2447 AM_CONDITIONAL([RUST_CROSS_COMPILE], [test "x$cross_compiling" = "xyes"]) 2448 AC_PATH_PROG(RUSTC, rustc, "no") 2449 if test "$RUSTC" = "no"; then 2450 echo "" 2451 echo " ERROR: Suricata now requires Rust to build." 2452 echo "" 2453 echo " Ubuntu/Debian: apt install rustc cargo" 2454 echo " Fedora: dnf install rustc cargo" 2455 echo " CentOS: yum install rustc cargo (requires EPEL)" 2456 echo "" 2457 echo " Rustup works as well: https://rustup.rs/" 2458 echo "" 2459 exit 1 2460 fi 2461 2462 AC_PATH_PROG(CARGO, cargo, "no") 2463 if test "CARGO" = "no"; then 2464 AC_MSG_ERROR([cargo required]) 2465 fi 2466 2467 AC_DEFINE([HAVE_RUST],[1],[Enable Rust language]) 2468 AM_CONDITIONAL([HAVE_RUST],true) 2469 AC_SUBST([CARGO], [$CARGO]) 2470 2471 enable_rust="yes" 2472 rust_compiler_version=$($RUSTC --version) 2473 rustc_version=$(echo "$rust_compiler_version" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/') 2474 cargo_version_output=$($CARGO --version) 2475 cargo_version=$(echo "$cargo_version_output" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/') 2476 2477 MIN_RUSTC_VERSION="1.34.2" 2478 AC_MSG_CHECKING(for Rust version $MIN_RUSTC_VERSION or newer) 2479 AS_VERSION_COMPARE([$rustc_version], [$MIN_RUSTC_VERSION], 2480 [ 2481 echo "" 2482 echo "ERROR: Rust $MIN_RUSTC_VERSION or newer required." 2483 echo "" 2484 echo "Rust version ${rustc_version} was found." 2485 echo "" 2486 exit 1 2487 ], 2488 [], 2489 []) 2490 AC_MSG_RESULT(yes) 2491 2492 RUST_FEATURES="" 2493 AS_VERSION_COMPARE([$rustc_version], [1.38.0], 2494 [], 2495 [RUST_FEATURES="$RUST_FEATURES function-macro"], 2496 [RUST_FEATURES="$RUST_FEATURES function-macro"]) 2497 2498 rust_vendor_comment="# " 2499 have_rust_vendor="no" 2500 2501 if test "x$cross_compiling" = "xyes"; then 2502 RUST_SURICATA_LIB_XC_DIR="${host_alias}/" 2503 else 2504 if test "x$CARGO_BUILD_TARGET" = "x"; then 2505 RUST_SURICATA_LIB_XC_DIR= 2506 else 2507 RUST_SURICATA_LIB_XC_DIR="${CARGO_BUILD_TARGET}/" 2508 fi 2509 fi 2510 2511 if test "x$enable_debug" = "xyes"; then 2512 RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}debug" 2513 else 2514 RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}release" 2515 fi 2516 RUST_SURICATA_LIB="${RUST_SURICATA_LIBDIR}/${RUST_SURICATA_LIBNAME}" 2517 2518 RUST_LDADD="${RUST_SURICATA_LIB} ${RUST_LDADD}" 2519 CFLAGS="${CFLAGS} -I\${srcdir}/../rust/gen -I\${srcdir}/../rust/dist" 2520 AC_SUBST(RUST_SURICATA_LIB) 2521 AC_SUBST(RUST_LDADD) 2522 if test "x$CARGO_HOME" = "x"; then 2523 if test "x$HAVE_CYGPATH" != "xno"; then 2524 CYGPATH_CARGO_HOME=$(cygpath -a -t mixed ~/.cargo) 2525 AC_SUBST([CARGO_HOME], [$CYGPATH_CARGO_HOME]) 2526 else 2527 AC_SUBST([CARGO_HOME], [~/.cargo]) 2528 fi 2529 else 2530 AC_SUBST([CARGO_HOME], [$CARGO_HOME]) 2531 fi 2532 2533 # Check for rustup. RUSTUP_HOME needs to be set if rustup is in 2534 # use, and a user uses sudo (depending on configuration), or su to 2535 # perform the install 2536 rustup_home_path="no" 2537 if test "x$RUSTUP_HOME" != "x"; then 2538 rustup_home_path="$RUSTUP_HOME" 2539 else 2540 AC_PATH_PROG(have_rustup, rustup, "no") 2541 if test "x$have_rustup" != "xno"; then 2542 rustup_home_path=$($have_rustup show home 2>/dev/null || echo "no") 2543 fi 2544 fi 2545 rustup_home="" 2546 if test "x$rustup_home_path" != "xno"; then 2547 rustup_home="RUSTUP_HOME=\$(RUSTUP_HOME_PATH)" 2548 fi 2549 AC_SUBST([RUSTUP_HOME_PATH], [$rustup_home_path]) 2550 AC_SUBST([rustup_home]) 2551 2552 if test -e "$srcdir/rust/vendor"; then 2553 have_rust_vendor="yes" 2554 fi 2555 2556 if test "x$have_rust_vendor" = "xyes"; then 2557 rust_vendor_comment="" 2558 fi 2559 2560 AC_SUBST(rust_vendor_comment) 2561 AM_CONDITIONAL([HAVE_RUST_VENDOR], [test "x$have_rust_vendor" = "xyes"]) 2562 2563 # With Rust/Cargo 1.37 and greater, cargo-vendor is built-in. 2564 AC_MSG_CHECKING(for cargo vendor support) 2565 AS_VERSION_COMPARE([$cargo_version], [1.37.0], 2566 [have_cargo_vendor="no"], 2567 [have_cargo_vendor="yes"], 2568 [have_cargo_vendor="yes"]) 2569 AC_MSG_RESULT($have_cargo_vendor) 2570 2571 # If Rust is older than 1.37, check for cargo-vendor as an 2572 # external sub-command. 2573 if test "x$have_cargo_vendor" != "xyes"; then 2574 AC_CHECK_PROG(have_cargo_vendor_bin, cargo-vendor, yes, no) 2575 have_cargo_vendor=$have_cargo_vendor_bin 2576 fi 2577 2578 have_rust_headers="no" 2579 AC_MSG_CHECKING(for $srcdir/rust/dist/rust-bindings.h) 2580 if test -f "$srcdir/rust/dist/rust-bindings.h"; then 2581 AC_MSG_RESULT(yes) 2582 have_rust_headers="yes" 2583 else 2584 AC_MSG_RESULT(no) 2585 AC_MSG_CHECKING(for $srcdir/rust/gen/rust-bindings.h) 2586 if test -f "$srcdir/rust/gen/rust-bindings.h"; then 2587 AC_MSG_RESULT(yes) 2588 have_rust_headers="yes" 2589 else 2590 AC_MSG_RESULT(no) 2591 fi 2592 fi 2593 2594 AC_PATH_PROG(CBINDGEN, cbindgen, "no") 2595 if test "x$CBINDGEN" != "xno"; then 2596 cbindgen_version=$(cbindgen --version | cut -d' ' -f2-) 2597 min_cbindgen_version="0.10.0" 2598 AS_VERSION_COMPARE([$cbindgen_version], [$min_cbindgen_version], 2599 [cbindgen_ok="no"], 2600 [cbindgen_ok="yes"], 2601 [cbindgen_ok="yes"]) 2602 if test "x$cbindgen_ok" != "xyes"; then 2603 echo " Warning: cbindgen must be at least version $min_cbindgen_version," 2604 echo " found $cbindgen_version." 2605 echo " To update: cargo install --force cbindgen" 2606 CBINDGEN="no" 2607 else 2608 have_rust_headers="no" 2609 fi 2610 fi 2611 2612 AC_SUBST([CBINDGEN], [$CBINDGEN]) 2613 2614 # Require cbindgen if generated headers are not bundled. 2615 if test "x$have_rust_headers" != "xyes"; then 2616 if test "x$CBINDGEN" = "xno"; then 2617 echo " Warning: cbindgen too old or not found, it is required to " 2618 echo " generate header files." 2619 echo " To install: cargo install --force cbindgen" 2620 AC_MSG_ERROR([cbindgen required]) 2621 fi 2622 fi 2623 2624 AM_CONDITIONAL([HAVE_RUST_HEADERS], [test "x$have_rust_headers" = "xyes"]) 2625 AM_CONDITIONAL([HAVE_CBINDGEN], [test "x$CBINDGEN" != "xno"]) 2626 AM_CONDITIONAL([HAVE_CARGO_VENDOR], [test "x$have_cargo_vendor" != "xno"]) 2627 2628 AC_ARG_ENABLE(rust_strict, 2629 AS_HELP_STRING([--enable-rust-strict], [Rust warnings as errors]),[enable_rust_strict=$enableval],[enable_rust_strict=no]) 2630 AS_IF([test "x$enable_rust_strict" = "xyes"], [ 2631 RUST_FEATURES="strict" 2632 ]) 2633 AC_SUBST(RUST_FEATURES) 2634 2635 AC_ARG_ENABLE(fuzztargets, 2636 AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no]) 2637 AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"]) 2638 AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo "$rust_compiler_version" | grep -q nightly && echo "$RUSTFLAGS" | grep -v -q coverage]) 2639 AC_PROG_CXX 2640 AS_IF([test "x$enable_fuzztargets" = "xyes"], [ 2641 AS_IF([test "x$CARGO_BUILD_TARGET" = "x" && echo "$rust_compiler_version" | grep -q nightly], [ 2642 CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu 2643 AC_SUBST(CARGO_BUILD_TARGET) 2644 ]) 2645 AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled]) 2646 AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions]) 2647 CFLAGS_ORIG=$CFLAGS 2648 CFLAGS="-Werror" 2649 AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])], 2650 [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])], 2651 []) 2652 CFLAGS=$CFLAGS_ORIG 2653 AC_LANG_PUSH(C++) 2654 tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS 2655 AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [ 2656 LIB_FUZZING_ENGINE=-fsanitize=fuzzer 2657 AC_SUBST(LIB_FUZZING_ENGINE) 2658 ]) 2659 _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE" 2660 AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE]) 2661 AC_LINK_IFELSE([AC_LANG_SOURCE([[ 2662#include <sys/types.h> 2663extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size); 2664extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) { 2665(void)Data; 2666(void)Size; 2667return 0; 2668} 2669 ]])], 2670 [ AC_MSG_RESULT(yes) 2671 has_sanitizefuzzer=yes], 2672 [ AC_MSG_RESULT(no) ] 2673 ) 2674 _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags 2675 AC_LANG_POP() 2676 ]) 2677 2678 AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"]) 2679 2680# get revision 2681 if test -f ./revision; then 2682 REVISION=`cat ./revision` 2683 AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision]) 2684 else 2685 AC_PATH_PROG(HAVE_GIT_CMD, git, "no") 2686 if test "$HAVE_GIT_CMD" != "no"; then 2687 if [ test -d .git ]; then 2688 REVISION=`git rev-parse --short HEAD` 2689 DATE=`git log -1 --date=short --pretty=format:%cd` 2690 REVISION="$REVISION $DATE" 2691 AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision]) 2692 fi 2693 fi 2694 fi 2695 2696if test "${enable_ebpf}" = "yes" || test "${enable_unittests}" = "yes"; then 2697 AC_DEFINE([CAPTURE_OFFLOAD_MANAGER], [1],[Building flow bypass manager code]) 2698fi 2699if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_napatech}" = "yes" || test "${enable_unittests}" = "yes"; then 2700 AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code]) 2701fi 2702 2703AC_SUBST(CFLAGS) 2704AC_SUBST(LDFLAGS) 2705AC_SUBST(CPPFLAGS) 2706 2707define([EXPAND_VARIABLE], 2708[$2=[$]$1 2709if test $prefix = 'NONE'; then 2710 prefix="/usr/local" 2711fi 2712while true; do 2713 case "[$]$2" in 2714 *\[$]* ) eval "$2=[$]$2" ;; 2715 *) break ;; 2716 esac 2717done 2718eval "$2=[$]$2$3" 2719])dnl EXPAND_VARIABLE 2720 2721# suricata log dir 2722if test "$WINDOWS_PATH" = "yes"; then 2723 case $host in 2724 x86_64-w64-mingw32) 2725 e_winbase="C:\\\\Program Files\\\\Suricata" 2726 ;; 2727 *) 2728 systemtype="`systeminfo | grep \"based PC\"`" 2729 case "$systemtype" in 2730 *x64*) 2731 e_winbase="C:\\\\Program Files (x86)\\\\Suricata" 2732 ;; 2733 *) 2734 e_winbase="C:\\\\Program Files\\\\Suricata" 2735 ;; 2736 esac 2737 esac 2738 2739 e_sysconfdir="${e_winbase}\\\\" 2740 e_defaultruledir="$e_winbase\\\\rules\\\\" 2741 e_magic_file="$e_winbase\\\\magic.mgc" 2742 e_logdir="$e_winbase\\\\log" 2743 e_logfilesdir="$e_logdir\\\\files" 2744 e_logcertsdir="$e_logdir\\\\certs" 2745 e_datarulesdir="$e_winbase\\\\rules\\\\" 2746 if test "x$HAVE_CYGPATH" != "xno"; then 2747 # turn srcdir into abs path and convert to the 2748 # mixed output (/c/Users/dev into c:/Users/dev) 2749 e_rustdir="$(cygpath -a -t mixed ${srcdir})/rust" 2750 else 2751 e_abs_srcdir=$(cd $srcdir && pwd) 2752 e_rustdir="$e_abs_srcdir/rust" 2753 fi 2754else 2755 EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/") 2756 EXPAND_VARIABLE(localstatedir, e_rundir, "/run/") 2757 EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files") 2758 EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs") 2759 EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/") 2760 EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata") 2761 EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules") 2762 EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data") 2763 EXPAND_VARIABLE(ruledirprefix, e_defaultruledir, "/suricata/rules") 2764 2765 e_abs_srcdir=$(cd $srcdir && pwd) 2766 EXPAND_VARIABLE(e_abs_srcdir, e_rustdir, "/rust") 2767fi 2768AC_SUBST(e_logdir) 2769AC_SUBST(e_rundir) 2770AC_SUBST(e_logfilesdir) 2771AC_SUBST(e_logcertsdir) 2772AC_SUBST(e_sysconfdir) 2773AC_DEFINE_UNQUOTED([CONFIG_DIR],["$e_sysconfdir"],[Our CONFIG_DIR]) 2774AC_SUBST(e_localstatedir) 2775AC_DEFINE_UNQUOTED([DATA_DIR],["$e_datadir"],[Our DATA_DIR]) 2776AC_SUBST(e_magic_file) 2777AC_SUBST(e_magic_file_comment) 2778AC_SUBST(e_enable_evelog) 2779AC_SUBST(e_datarulesdir) 2780AC_SUBST(e_defaultruledir) 2781AC_SUBST(e_rustdir) 2782 2783EXPAND_VARIABLE(prefix, CONFIGURE_PREFIX) 2784EXPAND_VARIABLE(sysconfdir, CONFIGURE_SYSCONDIR) 2785EXPAND_VARIABLE(localstatedir, CONFIGURE_LOCALSTATEDIR) 2786EXPAND_VARIABLE(datadir, CONFIGURE_DATAROOTDIR) 2787AC_SUBST(CONFIGURE_PREFIX) 2788AC_SUBST(CONFIGURE_SYSCONDIR) 2789AC_SUBST(CONFIGURE_LOCALSTATEDIR) 2790AC_SUBST(CONFIGURE_DATAROOTDIR) 2791AC_SUBST(PACKAGE_VERSION) 2792AC_SUBST(RUST_FEATURES) 2793AC_SUBST(RUST_SURICATA_LIBDIR) 2794 2795AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.toml rust/.cargo/config) 2796AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile) 2797AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile doc/devguide/Makefile) 2798AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile) 2799AC_CONFIG_FILES(suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service) 2800AC_CONFIG_FILES(python/Makefile python/suricata/config/defaults.py) 2801AC_CONFIG_FILES(ebpf/Makefile) 2802AC_OUTPUT 2803 2804SURICATA_BUILD_CONF="Suricata Configuration: 2805 AF_PACKET support: ${enable_af_packet} 2806 eBPF support: ${enable_ebpf} 2807 XDP support: ${have_xdp} 2808 PF_RING support: ${enable_pfring} 2809 NFQueue support: ${enable_nfqueue} 2810 NFLOG support: ${enable_nflog} 2811 IPFW support: ${enable_ipfw} 2812 Netmap support: ${enable_netmap} ${have_netmap_version} 2813 DAG enabled: ${enable_dag} 2814 Napatech enabled: ${enable_napatech} 2815 WinDivert enabled: ${enable_windivert} 2816 2817 Unix socket enabled: ${enable_unixsocket} 2818 Detection enabled: ${enable_detection} 2819 2820 Libmagic support: ${enable_magic} 2821 libnss support: ${enable_nss} 2822 libnspr support: ${enable_nspr} 2823 libjansson support: ${enable_jansson} 2824 hiredis support: ${enable_hiredis} 2825 hiredis async with libevent: ${enable_hiredis_async} 2826 Prelude support: ${enable_prelude} 2827 PCRE jit: ${pcre_jit_available} 2828 LUA support: ${enable_lua} 2829 libluajit: ${enable_luajit} 2830 GeoIP2 support: ${enable_geoip} 2831 Non-bundled htp: ${enable_non_bundled_htp} 2832 Hyperscan support: ${enable_hyperscan} 2833 Libnet support: ${enable_libnet} 2834 liblz4 support: ${enable_liblz4} 2835 HTTP2 decompression: ${enable_http2_decompression} 2836 2837 Rust support: ${enable_rust} 2838 Rust strict mode: ${enable_rust_strict} 2839 Rust compiler path: ${RUSTC} 2840 Rust compiler version: ${rust_compiler_version} 2841 Cargo path: ${CARGO} 2842 Cargo version: ${cargo_version_output} 2843 Cargo vendor: ${have_cargo_vendor} 2844 2845 Python support: ${enable_python} 2846 Python path: ${python_path} 2847 Python distutils ${have_python_distutils} 2848 Python yaml ${have_python_yaml} 2849 Install suricatactl: ${install_suricatactl} 2850 Install suricatasc: ${install_suricatactl} 2851 Install suricata-update: ${install_suricata_update} 2852 2853 Profiling enabled: ${enable_profiling} 2854 Profiling locks enabled: ${enable_profiling_locks} 2855 2856 Plugin support (experimental): ${plugin_support} 2857 2858Development settings: 2859 Coccinelle / spatch: ${enable_coccinelle} 2860 Unit tests enabled: ${enable_unittests} 2861 Debug output enabled: ${enable_debug} 2862 Debug validation enabled: ${enable_debug_validation} 2863 2864Generic build parameters: 2865 Installation prefix: ${prefix} 2866 Configuration directory: ${e_sysconfdir} 2867 Log directory: ${e_logdir} 2868 2869 --prefix ${CONFIGURE_PREFIX} 2870 --sysconfdir ${CONFIGURE_SYSCONDIR} 2871 --localstatedir ${CONFIGURE_LOCALSTATEDIR} 2872 --datarootdir ${CONFIGURE_DATAROOTDIR} 2873 2874 Host: ${host} 2875 Compiler: ${CC} (exec name) / ${compiler} (real) 2876 GCC Protect enabled: ${enable_gccprotect} 2877 GCC march native enabled: ${enable_gccmarch_native} 2878 GCC Profile enabled: ${enable_gccprofile} 2879 Position Independent Executable enabled: ${enable_pie} 2880 CFLAGS ${CFLAGS} 2881 PCAP_CFLAGS ${PCAP_CFLAGS} 2882 SECCFLAGS ${SECCFLAGS}" 2883 2884echo 2885echo "$SURICATA_BUILD_CONF" 2886echo "printf(" >src/build-info.h 2887echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h 2888echo ");" >>src/build-info.h 2889 2890echo " 2891To build and install run 'make' and 'make install'. 2892 2893You can run 'make install-conf' if you want to install initial configuration 2894files to ${e_sysconfdir}. Running 'make install-full' will install configuration 2895and rules and provide you a ready-to-run suricata." 2896echo 2897echo "To install Suricata into /usr/bin/suricata, have the config in 2898/etc/suricata and use /var/log/suricata as log dir, use: 2899./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/" 2900echo 2901