upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-02-19 02:28:46 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 10
suricata/configure.ac
Jason Ish 2c51744ccc rust/ffi: stub out a rust ffi crate 
This crate is for Rust wrappers around the -sys crate which includes
only raw bindings. This is the place to add nice wrappers around those
bindings, however it should remain clear of dependencies on the main
Suricata core crates.

Ticket: #7666
2026-02-13 13:34:26 +00:00

2683 lines
104 KiB
Text
Raw Permalink Blame History

AC_INIT([suricata],[9.0.0-dev])
m4_ifndef([AM_SILENT_RULES], [m4_define([AM_SILENT_RULES],[])])AM_SILENT_RULES([yes])
AC_CONFIG_HEADERS([src/autoconf.h])
AC_CONFIG_SRCDIR([src/suricata.c])
AC_CONFIG_MACRO_DIR(m4)
AM_INIT_AUTOMAKE([tar-ustar subdir-objects])
AC_LANG([C])
LT_INIT
PKG_PROG_PKG_CONFIG
dnl Taken from https://llvm.org/svn/llvm-project/llvm/trunk/autoconf/configure.ac
dnl check if we compile using clang or gcc. On some systems the gcc binary is
dnl is actually clang, so do a compile test.
AC_MSG_CHECKING([whether GCC or Clang is our compiler])
AC_LANG_PUSH([C])
compiler=unknown
AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __clang__
#error
#endif
]])],
compiler=clang,
[AC_COMPILE_IFELSE([AC_LANG_SOURCE([[#if ! __GNUC__
#error
#endif
]])],
compiler=gcc, [])])
AC_LANG_POP([C])
AC_MSG_RESULT([${compiler}])
AC_ARG_WITH([clang],
[ --with-clang=PROGRAM path to Clang for compiling eBPF code. Use if the main C compiler is not Clang.],
[CLANG="$withval"],
[AS_IF([test "$compiler" = clang],
[CLANG="$CC"],
[AC_PATH_PROG([CLANG],[clang])])])
AC_SUBST([CLANG])
case "$compiler" in
clang)
CLANG_CFLAGS="-Wextra -Werror-implicit-function-declaration -Wno-error=unused-command-line-argument"
AC_SUBST(CLANG_CFLAGS)
;;
gcc)
dnl get gcc version
AC_MSG_CHECKING([gcc version])
gccver=$($CC -dumpversion)
gccvermajor=$(echo $gccver | cut -d . -f1)
gccverminor=$(echo $gccver | cut -d . -f2)
gccvernum=$(expr $gccvermajor "*" 100 + $gccverminor)
AC_MSG_RESULT($gccver)
if test "$gccvernum" -ge "400"; then
dnl gcc 4.0 or later
GCC_CFLAGS="-Wextra -Werror-implicit-function-declaration"
else
GCC_CFLAGS="-W"
fi
AC_SUBST(GCC_CFLAGS)
;;
*)
AC_MSG_WARN([unsupported/untested compiler, this may or may not work])
;;
esac
AM_CONDITIONAL([HAVE_CLANG], [test "x$compiler" == "xclang"])
# Checks for programs.
AC_PROG_AWK
AC_PROG_CC
AC_PROG_CPP
AC_PROG_RANLIB
AC_PROG_INSTALL
AC_PROG_LN_S
AC_PROG_MAKE_SET
AC_PROG_GREP
AC_PATH_PROG(HAVE_CYGPATH, cygpath, "no")
AM_CONDITIONAL([HAVE_CYGPATH], [test "x$HAVE_CYGPATH" != "xno"])
AC_PATH_PROG(HAVE_PKG_CONFIG, pkg-config, "no")
if test "$HAVE_PKG_CONFIG" = "no"; then
echo
echo " ERROR! pkg-config not found, go get it "
echo " http://pkg-config.freedesktop.org/wiki/ "
echo " or install from your distribution "
echo
exit 1
fi
python_path="not set"
AC_ARG_ENABLE(python,
AS_HELP_STRING([--enable-python], [Enable python]),
[enable_python=$enableval],[enable_python=yes])
if test "x$enable_python" != "xyes"; then
enable_python="no"
else
AC_PATH_PROGS(HAVE_PYTHON, python3 python2.7 python2 python, "no")
if test "$HAVE_PYTHON" = "no"; then
echo
echo " Warning! Python not found."
echo
echo " Python is required for additional tools like"
echo " suricatasc, suricatactl and suricata-update."
echo " It is also required when building from git."
echo
enable_python="no"
else
python_path="$HAVE_PYTHON"
fi
fi
AM_CONDITIONAL([HAVE_PYTHON], [test "x$enable_python" = "xyes"])
# Get the Python major version. This is only for information
# messages displayed during configure.
if test "x$HAVE_PYTHON" != "xno"; then
pymv="$($HAVE_PYTHON -c 'import sys; print(sys.version_info[[0]]);')"
fi
AC_PATH_PROG(HAVE_WGET, wget, "no")
if test "$HAVE_WGET" = "no"; then
AC_PATH_PROG(HAVE_CURL, curl, "no")
if test "$HAVE_CURL" = "no"; then
echo
echo " Warning curl or wget not found, you won't be able to"
echo " download latest ruleset with 'make install-rules'"
fi
fi
AM_CONDITIONAL([HAVE_FETCH_COMMAND], [test "x$HAVE_WGET" != "xno" || test "x$HAVE_CURL" != "xno"])
AM_CONDITIONAL([HAVE_WGET_COMMAND], [test "x$HAVE_WGET" != "xno"])
# Checks for libraries.
# Checks for header files.
AC_CHECK_HEADERS([stddef.h])
AC_CHECK_HEADERS([arpa/inet.h assert.h ctype.h errno.h fcntl.h inttypes.h])
AC_CHECK_HEADERS([getopt.h])
AC_CHECK_HEADERS([limits.h netdb.h netinet/in.h poll.h sched.h signal.h])
AC_CHECK_HEADERS([stdarg.h stdint.h stdio.h stdlib.h stdbool.h string.h strings.h sys/ioctl.h])
AC_CHECK_HEADERS([math.h])
AC_CHECK_HEADERS([syslog.h sys/prctl.h sys/socket.h sys/stat.h sys/syscall.h])
AC_CHECK_HEADERS([sys/time.h time.h unistd.h sys/param.h])
AC_CHECK_HEADERS([sys/ioctl.h linux/if_ether.h linux/if_packet.h linux/filter.h])
AC_CHECK_HEADERS([linux/ethtool.h linux/sockios.h])
AC_CHECK_HEADERS([glob.h locale.h grp.h pwd.h])
AC_CHECK_HEADERS([dirent.h fnmatch.h])
AC_CHECK_HEADERS([sys/resource.h sys/types.h sys/un.h])
AC_CHECK_HEADERS([sys/random.h])
AC_CHECK_HEADERS([utime.h])
AC_CHECK_HEADERS([libgen.h])
AC_CHECK_HEADERS([mach/mach.h])
AC_CHECK_HEADERS([stdatomic.h])
AC_CHECK_HEADERS([sys/queue.h])
AC_CHECK_HEADERS([mm_malloc.h])
AC_CHECK_HEADERS([sys/socket.h net/if.h sys/mman.h linux/if_arp.h], [], [],
[[#ifdef HAVE_SYS_SOCKET_H
#include <sys/types.h>
#include <sys/socket.h>
#endif
]])
AC_CHECK_HEADERS([windows.h winsock2.h ws2tcpip.h w32api/wtypes.h], [], [],
[[
#ifndef _X86_
#define _X86_
#endif
]])
AC_CHECK_HEADERS([w32api/winbase.h wincrypt.h], [], [],
[[
#ifndef _X86_
#define _X86_
#endif
#include <windows.h>
]])
# Checks for typedefs, structures, and compiler characteristics.
AC_C_INLINE
AC_C_RESTRICT
AC_TYPE_PID_T
AC_TYPE_MODE_T
AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
AC_TYPE_INT8_T
AC_TYPE_INT16_T
AC_TYPE_INT32_T
AC_TYPE_INT64_T
AC_TYPE_UINT8_T
AC_TYPE_UINT16_T
AC_TYPE_UINT32_T
AC_TYPE_UINT64_T
AC_TYPE_UINT
AC_TYPE_USHORT
AC_TYPE_ULONG
AC_TYPE_UCHAR
AC_STRUCT_TIMEZONE
AC_CHECK_TYPES([ptrdiff_t])
AC_HEADER_STDBOOL
# Checks for library functions.
AC_FUNC_MALLOC
AC_FUNC_REALLOC
AC_FUNC_FORK
AC_FUNC_MKTIME
AC_FUNC_MMAP
AC_FUNC_STRTOD
AC_CHECK_FUNCS([memmem memset memchr memrchr memmove])
AC_CHECK_FUNCS([strcasecmp strchr strrchr strdup strndup strncasecmp strtol strstr strpbrk strtoull strtoumax])
AC_CHECK_FUNCS([strerror])
AC_CHECK_FUNCS([gethostname inet_ntoa uname])
AC_CHECK_FUNCS([gettimeofday clock_gettime utime strptime tzset localtime_r])
AC_CHECK_FUNCS([socket setenv select putenv dup2 endgrent endpwent atexit munmap])
AC_CHECK_FUNCS([setrlimit setvbuf])
AC_CHECK_FUNCS([fwrite_unlocked])
AC_CHECK_DECL([getrandom],
AC_DEFINE([HAVE_GETRANDOM], [1], [Use getrandom]),
[], [
#include <sys/random.h>
])
AC_CHECK_DECL([_popcnt64],
AC_DEFINE([HAVE_POPCNT64], [1], [Use _popcnt64]),
[], [
#include <x86intrin.h>
])
AC_CHECK_HEADERS([malloc.h])
AC_CHECK_DECL([malloc_trim],
AC_DEFINE([HAVE_MALLOC_TRIM], [1], [Use malloc_trim]),
[], [
#include <malloc.h>
])
OCFLAGS=$CFLAGS
CFLAGS=""
AC_CHECK_FUNCS([strlcpy strlcat])
CFLAGS=$OCFLAGS
# Add large file support
AC_SYS_LARGEFILE
#check for os
AC_MSG_CHECKING([host os])
# If no host os was detected, try with uname
if test -z "$host" ; then
host="`uname`"
fi
echo -n "installation for $host OS... "
RUST_SURICATA_LIBNAME="libsuricata_rust.a"
enable_systemd="no"
e_magic_file=""
e_magic_file_comment="#"
case "$host" in
*-*-*freebsd*)
CFLAGS="${CFLAGS} -DOS_FREEBSD"
CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet11"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/usr/local/lib/libnet11"
RUST_LDADD="-lrt -lm"
;;
*-*-openbsd*)
CFLAGS="${CFLAGS} -D__OpenBSD__"
CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet-1.1"
LDFLAGS="${LDFLAGS} -L/usr/local/lib -I/usr/local/lib/libnet-1.1"
RUST_LDADD="-lm -lc++ -lc++abi"
;;
*darwin*|*Darwin*)
CFLAGS="${CFLAGS} -DOS_DARWIN"
CPPFLAGS="${CPPFLAGS} -I/opt/local/include"
LDFLAGS="${LDFLAGS} -L/opt/local/lib -framework Security"
;;
*-*-linux*)
# Always compile with -fPIC on Linux for shared library support.
CFLAGS="${CFLAGS} -fPIC -DOS_LINUX"
RUST_LDADD="-ldl -lrt -lm"
can_build_shared_library="yes"
AC_DEFINE([SYSTEMD_NOTIFY], [1], [make Suricata notify systemd on startup])
enable_systemd="yes"
;;
*-*-mingw32*|*-*-msys)
CFLAGS="${CFLAGS} -DOS_WIN32"
WINDOWS_PATH="yes"
AC_DEFINE([HAVE_NON_POSIX_MKDIR], [1], [mkdir is not POSIX compliant: single arg])
RUST_LDADD=" -lws2_32 -liphlpapi -lwbemuuid -lOle32 -lOleAut32 -lUuid -luserenv -lshell32 -ladvapi32 -lgcc_eh -lbcrypt -lntdll"
TRY_WPCAP="yes"
;;
*-*-cygwin)
WINDOWS_PATH="yes"
TRY_WPCAP="yes"
;;
*-*-solaris*)
AC_MSG_WARN([support for Solaris/Illumos/SunOS is experimental])
LDFLAGS="${LDFLAGS} -lsocket -lnsl"
;;
*)
AC_MSG_WARN([unsupported OS this may or may not work])
;;
esac
AC_MSG_RESULT(ok)
# check if our target supports c11
AC_MSG_CHECKING(for c11 support)
OCFLAGS=$CFLAGS
CFLAGS="-std=c11"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
[[ static _Thread_local int i; i = 1; i++; ]])],
AC_MSG_RESULT([yes])
[AC_DEFINE([TLS_C11], [1], [C11 Thread local storage])
CFLAGS="$OCFLAGS -std=c11"],
[AC_MSG_RESULT([no])
CFLAGS="$OCFLAGS"
have_c11=no
have_c11_tls=no])
if [ test "x$have_c11" = "xno" ]; then
CFLAGS="$CFLAGS -std=gnu99"
fi
# check if our target supports -Wl,--start-group
AC_MSG_CHECKING(for -Wl,--start-group support)
OLDFLAGS=$LDFLAGS
LDFLAGS="-Wl,--start-group,--end-group"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[
have_linker_group_support=yes
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
LDFLAGS=$OLDFLAGS
AM_CONDITIONAL([LINKER_SUPPORTS_GROUP], [test "x$have_linker_group_support" = "xyes"])
# check if our target supports thread local storage
AC_MSG_CHECKING(for thread local storage gnu __thread support)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <stdlib.h>]],
[[ static __thread int i; i = 1; i++; ]])],
[AC_DEFINE([TLS_GNU], [1], [Thread local storage])
AC_MSG_RESULT([yes])],
[AC_MSG_RESULT([no])
have_gnu_tls=no])
if [ test "x$have_c11_tls" = "xno" ] && [ test "x$have_gnu_tls" = "xno" ]; then
AC_MSG_ERROR("no thread local support available.")
exit 1
fi
#Enable support for gcc compile time security options. There is no great way to do detection of valid cflags that I have found
#AX_CFLAGS_GCC_OPTION don't seem to do a better job than the code below and are a pain because of extra m4 files etc.
#These flags seem to be supported on CentOS 5+, Ubuntu 8.04+, and FedoraCore 11+
#Options are taken from https://wiki.ubuntu.com/CompilerFlags
AC_ARG_ENABLE(gccprotect,
AS_HELP_STRING([--enable-gccprotect], [Detect and use gcc hardening options]),[enable_gccprotect=$enableval],[enable_gccprotect=no])
AS_IF([test "x$enable_gccprotect" = "xyes"], [
#buffer overflow protection
AC_MSG_CHECKING(for -fstack-protector)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -fstack-protector"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="-fstack-protector"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#compile-time best-practices errors for certain libc functions, provides checks of buffer lengths and memory regions
AC_MSG_CHECKING(for -D_FORTIFY_SOURCE=2)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -D_FORTIFY_SOURCE=2"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -D_FORTIFY_SOURCE=2"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#compile-time warnings about misuse of format strings
AC_MSG_CHECKING(for -Wformat -Wformat-security)
TMPCFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -Wformat -Wformat-security"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECCFLAGS="${SECCFLAGS} -Wformat -Wformat-security"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
CFLAGS="${TMPCFLAGS}"
#provides a read-only relocation table area in the final ELF
AC_MSG_CHECKING(for -z relro)
TMPLDFLAGS="${LDFLAGS}"
LDFLAGS="${LDFLAGS} -z relro"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z relro"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
LDFLAGS="${TMPLDFLAGS}"
#forces all relocations to be resolved at run-time
AC_MSG_CHECKING(for -z now)
TMPLDFLAGS="${LDFLAGS}"
LDFLAGS="${LDFLAGS} -z now"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[]])],[SECLDFLAGS="${SECLDFLAGS} -z now"
AC_MSG_RESULT(yes)],
[AC_MSG_RESULT(no)])
LDFLAGS="${TMPLDFLAGS}"
AC_SUBST(SECCFLAGS)
AC_SUBST(SECLDFLAGS)
])
#check for Landlock support
AC_CHECK_HEADERS([linux/landlock.h])
enable_landlock="no"
if test "$ac_cv_header_linux_landlock_h" = "yes"; then
enable_landlock="yes"
fi
#check for plugin support
AC_CHECK_HEADERS([dlfcn.h])
AC_MSG_CHECKING([for plugin support])
TMPLDFLAGS="${LDFLAGS}"
LDFLAGS="${LDFLAGS} -rdynamic"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <dlfcn.h>]], [[]])],
[
AC_MSG_RESULT(yes)
has_rdynamic=yes
],
[
AC_MSG_RESULT(no)
has_rdynamic=no
])
if test "x$has_rdynamic" = "xyes"; then
plugin_support=yes
AC_DEFINE([HAVE_PLUGINS], [1], [Plugin support])
else
plugin_support=no
LDFLAGS="${TMPLDFLAGS}"
fi
#enable profile generation
AC_ARG_ENABLE(gccprofile,
AS_HELP_STRING([--enable-gccprofile], [Enable gcc profile info i.e -pg flag is set]),[enable_gccprofile=$enableval],[enable_gccprofile=no])
AS_IF([test "x$enable_gccprofile" = "xyes"], [
CFLAGS="${CFLAGS} -pg"
])
#enable gcc march=native gcc 4.2 or later
AC_ARG_ENABLE(gccmarch_native,
AS_HELP_STRING([--enable-gccmarch-native], [Enable gcc march=native gcc 4.2 and later only]),[enable_gccmarch_native=$enableval],[enable_gccmarch_native=yes])
AS_IF([test "x$enable_gccmarch_native" = "xyes"], [
case "$host" in
*powerpc*)
;;
*)
OFLAGS="$CFLAGS"
CFLAGS="$CFLAGS -march=native"
AC_MSG_CHECKING([checking if $CC supports -march=native])
AC_COMPILE_IFELSE( [AC_LANG_PROGRAM([[#include <stdlib.h>]])],
[
AC_MSG_RESULT([yes])
OPTIMIZATION_CFLAGS="-march=native"
AC_SUBST(OPTIMIZATION_CFLAGS)
],
[
AC_MSG_RESULT([no])
CFLAGS="$OFLAGS"
enable_gccmarch_native=no
]
)
;;
esac
])
# options
# enable the running of unit tests
AC_ARG_ENABLE(unittests,
AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no])
AS_IF([test "x$enable_unittests" = "xyes"], [
AC_DEFINE([UNITTESTS],[1],[Enable built-in unittests])
])
AM_CONDITIONAL([BUILD_UNITTESTS], [test "x$enable_unittests" = "xyes"])
# enable the building of ebpf files
AC_ARG_ENABLE(ebpf-build,
AS_HELP_STRING([--enable-ebpf-build], [Enable compilation of ebpf files]),[enable_ebpf_build=$enableval],[enable_ebpf_build=no])
AM_CONDITIONAL([BUILD_EBPF], [test "x$enable_ebpf_build" = "xyes"])
AS_IF([test "x$enable_ebpf_build" = "xyes"],
[
AS_IF([test "$CLANG" != no],
[
llc_candidates=$($CLANG --version | sed -e 's/.*clang version/clang version/' | \
awk '/^clang version/ {
split($3, v, ".");
printf("llc-%s.%s llc-%s llc", v[[1]], v[[2]], v[[1]])
}')
AC_CHECK_PROGS([LLC], [$llc_candidates], "no")
if test "$LLC" = "no"; then
AC_MSG_ERROR([unable to find any of $llc_candidates needed to build ebpf files])
fi
AC_SUBST(LLC)
],
[AC_MSG_ERROR([clang needed to build ebpf files])])
AC_MSG_CHECKING([libbpf has bpf/bpf_helpers.h])
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <stddef.h>
#include <linux/bpf.h>
#include <bpf/bpf_helpers.h>
],
[
])],
[HAVE_BPF="yes"],
[HAVE_BPF="no"])
if test "$HAVE_BPF" = "no"; then
AC_MSG_ERROR([libbpf include bpf/bpf_helpers.h not found])
else
AC_MSG_RESULT([ok])
fi
])
# enable debug output
AC_ARG_ENABLE(debug,
AS_HELP_STRING([--enable-debug], [Enable debug output]),[enable_debug=$enableval],[enable_debug=no])
AS_IF([test "x$enable_debug" = "xyes"], [
AC_DEFINE([DEBUG],[1],[Enable debug output])
])
AM_CONDITIONAL([DEBUG], [test "x$enable_debug" = "xyes"])
# enable debug validation functions & macro's output
AC_ARG_ENABLE(debug-validation,
AS_HELP_STRING([--enable-debug-validation], [Enable (debug) validation code output]),[enable_debug_validation=$enableval],[enable_debug_validation=no])
AS_IF([test "x$enable_debug_validation" = "xyes"], [
if test "$enable_unittests" = "yes"; then
AC_MSG_ERROR([debug_validation can't be enabled with enabled unittests!])
else
AC_DEFINE([DEBUG_VALIDATION],[1],[Enable (debug) validation code output])
fi
])
AM_CONDITIONAL([DEBUG_VALIDATION], [test "x$enable_debug_validation" = "xyes"])
# profiling support
AC_ARG_ENABLE(profiling,
AS_HELP_STRING([--enable-profiling], [Enable performance profiling]),[enable_profiling=$enableval],[enable_profiling=no])
AS_IF([test "x$enable_profiling" = "xyes"], [
case "$host" in
*-*-openbsd*)
AC_MSG_ERROR([profiling is not supported on OpenBSD])
;;
*)
AC_DEFINE([PROFILING],[1],[Enable performance profiling])
AC_DEFINE([PROFILE_RULES],[1],[Enable performance profiling for rules])
;;
esac
])
# profiling support, locking
AC_ARG_ENABLE(profiling-locks,
AS_HELP_STRING([--enable-profiling-locks], [Enable performance profiling for locks]),[enable_profiling_locks=$enableval],[enable_profiling_locks=no])
AS_IF([test "x$enable_profiling_locks" = "xyes"], [
AC_DEFINE([PROFILING],[1],[Enable performance profiling])
AC_DEFINE([PROFILE_LOCKING],[1],[Enable performance profiling for locks])
])
# profiling support, rules
AC_ARG_ENABLE(profiling-rules,
AS_HELP_STRING([--enable-profiling-rules], [Enable performance profiling for rules (enabled by global profiling too)]),[enable_profiling_rules=$enableval],[enable_profiling_rules=no])
AS_IF([test "x$enable_profiling_rules" = "xyes"], [
AC_DEFINE([PROFILE_RULES],[1],[Enable performance profiling for rules])
])
# enable support for IPFW
AC_ARG_ENABLE(ipfw,
AS_HELP_STRING([--enable-ipfw], [Enable FreeBSD IPFW support for inline IDP]),[enable_ipfw=$enableval],[enable_ipfw=no])
AS_IF([test "x$enable_ipfw" = "xyes"], [
AC_DEFINE([IPFW],[1],[Enable FreeBSD IPFW support for inline IDP])
])
AC_ARG_ENABLE(coccinelle,
AS_HELP_STRING([--disable-coccinelle], [Disable coccinelle QA steps during make check]),[enable_coccinelle="$enableval"],[enable_coccinelle=yes])
AS_IF([test "x$enable_coccinelle" = "xyes"], [
AC_PATH_PROG(HAVE_COCCINELLE_CONFIG, spatch, "no")
if test "$HAVE_COCCINELLE_CONFIG" = "no"; then
enable_coccinelle=no
fi
])
AM_CONDITIONAL([HAVE_COCCINELLE], [test "x$enable_coccinelle" != "xno"])
# disable detection
AC_ARG_ENABLE(detection,
AS_HELP_STRING([--disable-detection], [Disable Detection Modules]), [enable_detection="$enableval"],[enable_detection=yes])
AS_IF([test "x$enable_detection" = "xno"], [
AC_DEFINE([HAVE_DETECT_DISABLED], [1], [Detection is disabled])
])
# libraries
# zlib
AC_ARG_WITH(zlib_includes,
[ --with-zlib-includes=DIR zlib include directory],
[with_zlib_includes="$withval"],[with_zlib_includes=no])
AC_ARG_WITH(zlib_libraries,
[ --with-zlib-libraries=DIR zlib library directory],
[with_zlib_libraries="$withval"],[with_zlib_libraries="no"])
if test "$with_zlib_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_zlib_includes}"
fi
AC_CHECK_HEADER(zlib.h, ZLIB="yes",ZLIB="no")
if test "$ZLIB" = "yes"; then
if test "$with_zlib_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_zlib_libraries}"
fi
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
ZLIB=""
TMPLIBS="${LIBS}"
AC_CHECK_LIB(z,inflate,,ZLIB="no")
if test "$ZLIB" = "no"; then
echo
echo " ERROR! zlib library not found, go get it"
echo " Debian/Ubuntu: apt install zlib1g-dev"
echo " Fedora: dnf install zlib-devel"
echo " CentOS/RHEL: yum install zlib-devel"
echo
exit 1
fi
LIBS="${TMPLIBS} -lz"
fi
AC_ARG_WITH(libpcre2_includes,
[ --with-libpcre2-includes=DIR libpcre2 include directory],
[with_libpcre2_includes="$withval"],[with_libpcre2_includes="no"])
AC_ARG_WITH(libpcre2_libraries,
[ --with-libpcre2-libraries=DIR libpcre2 library directory],
[with_libpcre2_libraries="$withval"],[with_libpcre2_libraries="no"])
if test "$with_libpcre2_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpcre2_includes}"
fi
if test "$with_libpcre2_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcre2_libraries}"
fi
PCRE2=""
AC_CHECK_LIB(pcre2-8, pcre2_compile_8,,PCRE2="no")
if test "$PCRE2" = "no"; then
echo
echo " ERROR! pcre2 library not found, go get it"
echo " from www.pcre.org. Or from packages:"
echo " Debian/Ubuntu: apt install libpcre2-dev"
echo " Fedora: dnf install pcre2-devel"
echo " CentOS/RHEL: yum install pcre2-devel"
echo
exit 1
fi
AC_DEFINE([PCRE2_CODE_UNIT_WIDTH], [8], [Pcre code unit width is 8 bits])
AC_MSG_CHECKING(for PCRE2 JIT support)
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #include <pcre2.h> ]],
[[
int jit = 0;
pcre2_config(PCRE2_CONFIG_JIT, &jit);
]])],[ pcre2_jit_available=yes ],[ pcre2_jit_available=no ]
)
if test "x$pcre2_jit_available" = "xyes"; then
AC_MSG_RESULT(yes)
AC_DEFINE([PCRE2_HAVE_JIT], [1], [Pcre2 with JIT compiler support enabled])
else
AC_MSG_RESULT(no)
fi
# libhs
enable_hyperscan="no"
# Try pkg-config first:
PKG_CHECK_MODULES([libhs], libhs,, [with_pkgconfig_libhs=no])
if test "$with_pkgconfig_libhs" != "no"; then
CPPFLAGS="${CPPFLAGS} ${libhs_CFLAGS}"
LIBS="${LIBS} ${libhs_LIBS}"
fi
AC_ARG_WITH(libhs_includes,
[ --with-libhs-includes=DIR libhs include directory],
[with_libhs_includes="$withval"],[with_libhs_includes=no])
AC_ARG_WITH(libhs_libraries,
[ --with-libhs-libraries=DIR libhs library directory],
[with_libhs_libraries="$withval"],[with_libhs_libraries="no"])
if test "$with_libhs_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libhs_includes}"
fi
AS_UNSET(ac_cv_header_hs_h)
AC_CHECK_HEADER(hs.h,HYPERSCAN="yes",HYPERSCAN="no")
if test "$HYPERSCAN" = "yes"; then
if test "$with_libhs_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libhs_libraries}"
fi
AC_CHECK_LIB(hs,hs_compile,,HYPERSCAN="no")
AC_CHECK_FUNCS(hs_valid_platform)
enable_hyperscan="yes"
if test "$HYPERSCAN" = "no"; then
echo
echo " Hyperscan headers are present, but link test failed."
echo " Check that you have a shared library and C++ linkage available."
echo
enable_hyperscan="no"
fi
fi
AS_IF([test "x$enable_hyperscan" = "xyes"], [AC_DEFINE([BUILD_HYPERSCAN], [1], [Intel Hyperscan support enabled])])
# libyaml
AC_ARG_WITH(libyaml_includes,
[ --with-libyaml-includes=DIR libyaml include directory],
[with_libyaml_includes="$withval"],[with_libyaml_includes=no])
AC_ARG_WITH(libyaml_libraries,
[ --with-libyaml-libraries=DIR libyaml library directory],
[with_libyaml_libraries="$withval"],[with_libyaml_libraries="no"])
if test "$with_libyaml_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libyaml_includes}"
fi
AC_CHECK_HEADER(yaml.h,,LIBYAML="no")
if test "$with_libyaml_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libyaml_libraries}"
fi
LIBYAML=""
AC_CHECK_LIB(yaml,yaml_parser_initialize,,LIBYAML="no")
if test "$LIBYAML" = "no"; then
echo
echo " ERROR! libyaml library not found, go get it"
echo " from http://pyyaml.org/wiki/LibYAML "
echo " or your distribution:"
echo
echo " Ubuntu: apt-get install libyaml-dev"
echo " Fedora: dnf install libyaml-devel"
echo " CentOS/RHEL: yum install libyaml-devel"
echo
exit 1
fi
LIBHWLOC=""
AC_ARG_ENABLE(hwloc,
AS_HELP_STRING([--enable-hwloc], [Enable hwloc support [default=no]]),
[enable_hwloc=$enableval],[enable_hwloc=no])
AS_IF([test "x$enable_hwloc" = "xyes"], [
PKG_CHECK_MODULES([HWLOC], [hwloc >= 2.0.0],
[AC_DEFINE([HAVE_HWLOC], [1], [Define if hwloc library is present and meets version requirements])],
LIBHWLOC="no")
if test "$LIBHWLOC" = "no"; then
echo
echo " ERROR! hwloc library version > 2.0.0 not found, go get it"
echo " from https://www.open-mpi.org/projects/hwloc/ "
echo " or your distribution:"
echo
echo " Ubuntu: apt-get install hwloc libhwloc-dev"
echo " Fedora: dnf install hwloc hwloc-devel"
echo " CentOS/RHEL: yum install hwloc hwloc-devel"
echo
exit 1
else
CFLAGS="${CFLAGS} ${HWLOC_CFLAGS}"
LDFLAGS="${LDFLAGS} ${HWLOC_LIBS}"
enable_hwloc="yes"
fi
])
# libpthread
AC_ARG_WITH(libpthread_includes,
[ --with-libpthread-includes=DIR libpthread include directory],
[with_libpthread_includes="$withval"],[with_libpthread_includes=no])
AC_ARG_WITH(libpthread_libraries,
[ --with-libpthread-libraries=DIR libpthread library directory],
[with_libpthread_libraries="$withval"],[with_libpthread_libraries="no"])
if test "$with_libpthread_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpthread_includes}"
fi
dnl AC_CHECK_HEADER(pthread.h,,[AC_MSG_ERROR(pthread.h not found ...)])
if test "$with_libpthread_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpthread_libraries}"
fi
PTHREAD=""
AC_CHECK_LIB(pthread, pthread_create,, PTHREAD="no")
if test "$PTHREAD" = "no"; then
echo
echo " ERROR! libpthread library not found, glibc problem?"
echo
exit 1
fi
AC_CHECK_FUNCS([pthread_spin_unlock])
AS_IF([test "x$enable_debug" = "xyes"], [
# Debug only function used for diagnostic display
AC_CHECK_FUNCS([pthread_getattr_np])
])
# libjansson
AC_ARG_WITH(libjansson_includes,
[ --with-libjansson-includes=DIR libjansson include directory],
[with_libjansson_includes="$withval"],[with_libjansson_includes=no])
AC_ARG_WITH(libjansson_libraries,
[ --with-libjansson-libraries=DIR libjansson library directory],
[with_libjansson_libraries="$withval"],[with_libjansson_libraries="no"])
if test "$with_libjansson_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libjansson_includes}"
fi
if test "$with_libjansson_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libjansson_libraries}"
fi
AC_CHECK_HEADER(jansson.h,JANSSON="yes",JANSSON="no")
AC_CHECK_LIB(jansson, json_dump_callback,, JANSSON="no")
if test "$JANSSON" = "no"; then
echo ""
echo " ERROR: Jansson is now required."
echo ""
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo ""
echo " Ubuntu/Debian: apt install libjansson-dev"
echo " CentOS: yum install jansson-devel"
echo " Fedora: dnf install jansson-devel"
echo ""
exit 1
fi
enable_jansson="yes"
enable_unixsocket="no"
AC_ARG_ENABLE(unix-socket,
AS_HELP_STRING([--enable-unix-socket], [Enable unix socket [default=test]]),[enable_unixsocket="$enableval"],[enable_unixsocket=test])
if test "$JANSSON" = "yes"; then
enable_jansson="yes"
if test "$JANSSON" = "no"; then
echo
echo " Jansson >= 2.2 is required for features like unix socket"
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo " Ubuntu: apt-get install libjansson-dev"
echo " Fedora: dnf install jansson-devel"
echo " CentOS/RHEL: yum install jansson-devel"
echo
if test "x$enable_unixsocket" = "xyes"; then
exit 1
fi
enable_unixsocket="no"
enable_jansson="no"
else
case $host in
*-*-mingw32*|*-*-msys*|*-*-cygwin)
enable_unixsocket="no"
;;
*)
if test "x$enable_unixsocket" = "xtest"; then
enable_unixsocket="yes"
fi
;;
esac
fi
else
if test "x$enable_unixsocket" = "xyes"; then
echo
echo " Jansson >= 2.2 is required for features like unix socket"
echo " Go get it from your distribution or from:"
echo " http://www.digip.org/jansson/"
echo " Ubuntu: apt-get install libjansson-dev"
echo " Fedora: dnf install jansson-devel"
echo " CentOS/RHEL: yum install jansson-devel"
echo
exit 1
fi
enable_unixsocket="no"
fi
AS_IF([test "x$enable_unixsocket" = "xyes"], [AC_DEFINE([BUILD_UNIX_SOCKET], [1], [Unix socket support enabled])])
AC_ARG_ENABLE(nflog,
AS_HELP_STRING([--enable-nflog],[Enable libnetfilter_log support]),
[ enable_nflog="$enableval"],
[ enable_nflog="no"])
AC_ARG_ENABLE(nfqueue,
AS_HELP_STRING([--enable-nfqueue], [Enable NFQUEUE support for inline IDP]),[enable_nfqueue=$enableval],[enable_nfqueue=no])
if test "$enable_nfqueue" != "no"; then
PKG_CHECK_MODULES([libnetfilter_queue], [libnetfilter_queue], [enable_nfqueue=yes], [enable_nfqueue=no])
CPPFLAGS="${CPPFLAGS} ${libnetfilter_queue_CFLAGS}"
fi
if test "x$enable_nflog" = "xyes" || test "x$enable_nfqueue" = "xyes"; then
# libnfnetlink
case $host in
*-*-mingw32*)
;;
*)
AC_ARG_WITH(libnfnetlink_includes,
[ --with-libnfnetlink-includes=DIR libnfnetlink include directory],
[with_libnfnetlink_includes="$withval"],[with_libnfnetlink_includes=no])
AC_ARG_WITH(libnfnetlink_libraries,
[ --with-libnfnetlink-libraries=DIR libnfnetlink library directory],
[with_libnfnetlink_libraries="$withval"],[with_libnfnetlink_libraries="no"])
if test "$with_libnfnetlink_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnfnetlink_includes}"
fi
if test "$with_libnfnetlink_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnfnetlink_libraries}"
fi
NFNL=""
AC_CHECK_LIB(nfnetlink, nfnl_fd,, NFNL="no")
if test "$NFNL" = "no"; then
echo
echo " nfnetlink library not found, go get it"
echo " from www.netfilter.org."
echo " we automatically append libnetfilter_queue/ when searching"
echo " for headers etc. when the --with-libnfnetlink-includes directive"
echo " is used"
echo " Ubuntu: apt-get install libnetfilter-queue-dev"
echo " Fedora: dnf install libnetfilter_queue-devel"
echo " CentOS/RHEL: yum install libnetfilter_queue-devel"
echo
fi
;;
esac
fi
# enable support for NFQUEUE
if test "x$enable_nfqueue" = "xyes"; then
AC_DEFINE_UNQUOTED([NFQ],[1],[Enable Linux Netfilter NFQUEUE support for inline IDP])
#libnetfilter_queue
AC_ARG_WITH(libnetfilter_queue_includes,
[ --with-libnetfilter_queue-includes=DIR libnetfilter_queue include directory],
[with_libnetfilter_queue_includes="$withval"],[with_libnetfilter_queue_includes=no])
AC_ARG_WITH(libnetfilter_queue_libraries,
[ --with-libnetfilter_queue-libraries=DIR libnetfilter_queue library directory],
[with_libnetfilter_queue_libraries="$withval"],[with_libnetfilter_queue_libraries="no"])
if test "$with_libnetfilter_queue_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_queue_includes}"
fi
AC_CHECK_HEADER(libnetfilter_queue/libnetfilter_queue.h,,
[AC_MSG_ERROR(libnetfilter_queue/libnetfilter_queue.h not found ...)],
[
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdint.h>
])
if test "$with_libnetfilter_queue_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_queue_libraries}"
fi
NFQ=""
AC_CHECK_LIB(netfilter_queue, nfq_open,, NFQ="no",)
AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_maxlen],AC_DEFINE_UNQUOTED([HAVE_NFQ_MAXLEN],[1],[Found queue max length support in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict2],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT2],[1],[Found nfq_set_verdict2 function in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_queue_flags],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_QUEUE_FLAGS],[1],[Found nfq_set_queue_flags function in netfilter_queue]) ,,[-lnfnetlink])
AC_CHECK_LIB([netfilter_queue], [nfq_set_verdict_batch],AC_DEFINE_UNQUOTED([HAVE_NFQ_SET_VERDICT_BATCH],[1],[Found nfq_set_verdict_batch function in netfilter_queue]) ,,[-lnfnetlink])
# check if the argument to nfq_get_payload is signed or unsigned
AC_MSG_CHECKING([for signed nfq_get_payload payload argument])
STORECFLAGS="${CFLAGS}"
if test `basename $CC` = "clang"; then
CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
else
CFLAGS="${CFLAGS} -Werror"
fi
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#define _GNU_SOURCE
#include <sys/types.h>
#include <stdint.h>
#include <stdio.h>
#include <libnetfilter_queue/libnetfilter_queue.h>
],
[
char *pktdata;
nfq_get_payload(NULL, &pktdata);
])],
[libnetfilter_queue_nfq_get_payload_signed="yes"],
[libnetfilter_queue_nfq_get_payload_signed="no"])
AC_MSG_RESULT($libnetfilter_queue_nfq_get_payload_signed)
if test "x$libnetfilter_queue_nfq_get_payload_signed" = "xyes"; then
AC_DEFINE([NFQ_GET_PAYLOAD_SIGNED], [1], [For signed version of nfq_get_payload])
fi
CFLAGS="${STORECFLAGS}"
if test "$NFQ" = "no"; then
echo
echo " ERROR! libnetfilter_queue library not found, go get it"
echo " from www.netfilter.org."
echo " we automatically append libnetfilter_queue/ when searching"
echo " for headers etc. when the --with-libnfq-includes directive"
echo " is used"
echo " Ubuntu: apt-get install libnetfilter-queue-dev"
echo " Fedora: dnf install libnetfilter_queue-devel"
echo " CentOS/RHEL: yum install libnetfilter_queue-devel"
echo
exit 1
fi
fi
# libnetfilter_log
AC_ARG_WITH(libnetfilter_log_includes,
[ --with-libnetfilter_log-includes=DIR libnetfilter_log include directory],
[with_libnetfilter_log_includes="$withval"],[with_libnetfilter_log_includes="no"])
AC_ARG_WITH(libnetfilter_log_libraries,
[ --with-libnetfilter_log-libraries=DIR libnetfilter_log library directory],
[with_libnetfilter_log_libraries="$withval"],[with_libnetfilter_log_libraries="no"])
if test "$enable_nflog" = "yes"; then
if test "$with_libnetfilter_log_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnetfilter_log_includes}"
fi
AC_CHECK_HEADER(libnetfilter_log/libnetfilter_log.h,,[AC_MSG_ERROR(libnetfilter_log.h not found ...)])
if test "$with_libnetfilter_log_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libnetfilter_log_libraries}"
fi
NFLOG=""
AC_CHECK_LIB(netfilter_log, nflog_open,, NFLOG="no")
if test "$NFLOG" = "no"; then
echo
echo " ERROR! libnetfilter_log library not found, go get it"
echo " from http://www.netfilter.org."
echo
exit 1
else
AC_DEFINE([HAVE_NFLOG],[1],[nflog available])
enable_nflog="yes"
fi
fi
# WinDivert support
AC_ARG_ENABLE(windivert,
AS_HELP_STRING([--enable-windivert],[Enable WinDivert support [default=no]]),[enable_windivert=$enableval],
[enable_windivert="no"])
# WinDivert can only be enabled on Windows builds
AC_CHECK_DECL([OS_WIN32],,[enable_windivert="no"])
if test "x$enable_windivert" = "xyes"; then
# WinDivert requires Vista at a minimum. If the user has selected their own NTDDI_VERSION
# then don't override it.
AC_CHECK_DECL([NTDDI_VERSION],,
[CFLAGS="${CFLAGS} -DNTDDI_VERSION=NTDDI_VISTA -D_WIN32_WINNT=_WIN32_WINNT_VISTA"])
AC_DEFINE_UNQUOTED([WINDIVERT],[1],[Enable Windows WinDivert support for inline IDP])
AC_ARG_WITH(windivert_include,
[ --with-windivert-include=DIR WinDivert include path],
[with_windivert_include="$withval"],[with_windivert_include="no"])
AC_ARG_WITH(windivert_libraries,
[ --with-windivert-libraries=DIR WinDivert library path],
[with_windivert_libraries="$withval"],[with_windivert_libraries="no"])
if test "$with_windivert_include" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_windivert_include}"
fi
if test "$with_windivert_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_windivert_libraries}"
fi
AC_CHECK_HEADER(windivert.h,,WINDIVERT_INC="no")
AC_CHECK_LIB(WinDivert, WinDivertOpen,, WINDIVERT_LIB="no")
if test "$WINDIVERT_LIB" = "no" || test "$WINDIVERT_INC" = "no"; then
echo
echo " ERROR! WinDivert not found, go get it from"
echo " https://www.reqrypt.org/windivert.html"
echo
exit 1
fi
fi
# /WinDivert
# libnet
AC_ARG_WITH(libnet_includes,
[ --with-libnet-includes=DIR libnet include directory],
[with_libnet_includes="$withval"],[with_libnet_includes="no"])
AC_ARG_WITH(libnet_libraries,
[ --with-libnet-libraries=DIR libnet library directory],
[with_libnet_libraries="$withval"],[with_libnet_libraries="no"])
if test "x$with_libnet_includes" != "xno"; then
CPPFLAGS="${CPPFLAGS} -I${with_libnet_includes}"
libnet_dir="${with_libnet_includes}"
else
libnet_dir="/usr/include /usr/local/include /usr/local/include/libnet11 /opt/local/include /usr/local/include/libnet-1.1"
fi
if test "x$with_libnet_libraries" != "xno"; then
LDFLAGS="${LDFLAGS} -L${with_libnet_libraries}"
fi
LIBNET_DETECT_FAIL="no"
LIBNET_INC_DIR=""
for i in $libnet_dir; do
if test -r "$i/libnet.h"; then
LIBNET_INC_DIR="$i"
fi
done
enable_libnet="no"
AC_MSG_CHECKING(for libnet.h version 1.1.x)
if test "$LIBNET_INC_DIR" != ""; then
LIBNET_VER=`grep LIBNET_VERSION $LIBNET_INC_DIR/libnet.h | grep '1.[[12]]' | sed 's/[[^"]]*"\([[^"]]*\).*/\1/'`
if test -z "$LIBNET_VER" ; then
AC_MSG_RESULT(no)
else
AC_MSG_RESULT(yes)
fi
#CentOS, Fedora, Ubuntu-LTS, Ubuntu all set defines to the same values. libnet-config seems
#to have been depreciated but all distro's seem to include it as part of the package.
if test "$LIBNET_DETECT_FAIL" = "no"; then
LLIBNET=""
AC_CHECK_LIB(net, libnet_write,, LLIBNET="no")
if test "$LLIBNET" != "no"; then
AC_DEFINE([HAVE_LIBNET11],[1],(libnet 1.1 available))
AC_DEFINE([_DEFAULT_SOURCE],[1],(default source))
AC_DEFINE([_BSD_SOURCE],[1],(bsd source))
AC_DEFINE([__BSD_SOURCE],[1],(bsd source))
AC_DEFINE([__FAVOR_BSD],[1],(favor bsd))
AC_DEFINE([HAVE_NET_ETHERNET_H],[1],(ethernet.h))
enable_libnet="yes"
fi
# see if we have the patched libnet 1.1
# https://www.inliniac.net/blog/2007/10/16/libnet-11-ipv6-fixes-and-additions.html
#
# To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
# see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
if test "$enable_libnet" = "yes"; then
LLIBNET=""
TMPLIBS="${LIBS}"
AC_CHECK_LIB(net, libnet_build_icmpv6_unreach,, LLIBNET="no")
if test "$LLIBNET" != "no"; then
AC_DEFINE([HAVE_LIBNET_ICMPV6_UNREACH],[1],(libnet_build_icmpv6_unreach available))
fi
LIBS="${TMPLIBS}"
fi
# See if we have libnet 1.1.6 or newer - these versions handle capabilities correctly
# Some patched 1.1.4 versions are also good, but it's not guaranteed for all distros.
#
# Details: https://bugzilla.redhat.com/show_bug.cgi?id=589770
AS_VERSION_COMPARE([LIBNET_VER], [1.1.6],
[],
[AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))],
[AC_DEFINE([HAVE_LIBNET_CAPABILITIES],[1], (libnet_have_capabilities_patch))])
# check if the argument to libnet_init is char* or const char*
AC_MSG_CHECKING([libnet_init dev type])
STORECFLAGS="${CFLAGS}"
if test `basename $CC` = "clang"; then
CFLAGS="${CFLAGS} -Werror=incompatible-pointer-types"
else
CFLAGS="${CFLAGS} -Werror"
fi
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <stdio.h>
#include <libnet.h>
],
[[
const char dev[32] = "";
char ebuf[LIBNET_ERRBUF_SIZE];
(void)libnet_init(LIBNET_LINK, dev, ebuf);
]])],
[libnet_init_const="yes"],
[libnet_init_const="no"])
AC_MSG_RESULT($libnet_init_const)
if test "x$libnet_init_const" = "xyes"; then
AC_DEFINE([HAVE_LIBNET_INIT_CONST], [1], [libnet_init takes const argument])
fi
CFLAGS="${STORECFLAGS}"
fi
else
AC_MSG_RESULT(no)
fi
# libpcap
AC_ARG_WITH(libpcap_includes,
[ --with-libpcap-includes=DIR libpcap include directory],
[with_libpcap_includes="$withval"],[with_libpcap_includes=no])
AC_ARG_WITH(libpcap_libraries,
[ --with-libpcap-libraries=DIR libpcap library directory],
[with_libpcap_libraries="$withval"],[with_libpcap_libraries="no"])
if test "$with_libpcap_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpcap_includes}"
fi
AC_CHECK_HEADERS([pcap.h],[],[AC_MSG_ERROR(pcap.h not found ...)],
[[
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#define _DEFAULT_SOURCE 1
]])
if test "$with_libpcap_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpcap_libraries}"
fi
AC_CHECK_HEADERS([pcap.h pcap/pcap.h pcap/bpf.h],[],[],
[[
#ifdef HAVE_WINSOCK2_H
#include <winsock2.h>
#endif
#define _DEFAULT_SOURCE 1
]])
have_wpcap=""
if test "$TRY_WPCAP" = "yes"; then
AC_CHECK_LIB(wpcap, pcap_activate, [], have_wpcap="no")
if test "$have_wpcap" = "no"; then
echo ""
echo " Warning: NPCap was not found. Live capture will not be available."
echo ""
else
PCAP_LIB_NAME="wpcap"
have_wpcap="yes"
fi
fi
if test "$have_wpcap" != "yes"; then
AC_CHECK_LIB(pcap, pcap_open_dead, [], [
echo
echo " ERROR! libpcap library not found, go get it"
echo " from http://www.tcpdump.org or your distribution:"
echo
echo " Ubuntu: apt-get install libpcap-dev"
echo " Fedora: dnf install libpcap-devel"
echo " CentOS/RHEL: yum install libpcap-devel"
echo
exit 1
])
PCAP_LIB_NAME="pcap"
fi
PKG_CHECK_MODULES([PCAP],libpcap,[CPPFLAGS="${CPPFLAGS} ${PCAP_CFLAGS}" LIBS="${LIBS} ${PCAP_LIBS}" with_pkgconfig_pcap=yes],[with_pkgconfig_pcap=no])
if test "$with_pkgconfig_pcap" != "yes"; then
AC_PATH_PROG(HAVE_PCAP_CONFIG, pcap-config, "no")
if test "$HAVE_PCAP_CONFIG" = "no" -o "x$cross_compiling" = "xyes"; then
AC_MSG_RESULT(no pcap-config is use)
else
PCAP_CFLAGS="$(pcap-config --defines) $(pcap-config --cflags)"
AC_SUBST(PCAP_CFLAGS)
fi
fi
#Appears as if pcap_set_buffer_size is linux only?
LIBPCAPSBUFF=""
#To prevent duping the lib link we reset LIBS after this check. Setting action-if-found to NULL doesn't seem to work
#see: http://blog.flameeyes.eu/2008/04/29/i-consider-ac_check_lib-harmful
TMPLIBS="${LIBS}"
AC_CHECK_LIB(${PCAP_LIB_NAME}, pcap_set_buffer_size,, LPCAPSBUFF="no")
if test "$LPCAPSBUFF" != "no"; then
AC_DEFINE([HAVE_PCAP_SET_BUFF],[1],(libpcap has pcap_set_buffer_size function))
fi
LIBS="${TMPLIBS}"
# libpfring
# libpfring (currently only supported for libpcap enabled pfring)
# Error on the side of caution. If libpfring enabled pcap is being used and we don't link against -lpfring compilation will fail.
AC_ARG_ENABLE(pfring,
AS_HELP_STRING([--enable-pfring], [Enable Native PF_RING support]),[enable_pfring=$enableval],[enable_pfring=no])
AS_IF([test "x$enable_pfring" = "xyes"], [
if test "x$enable_shared" = "xno"; then
echo
echo " ERROR! pfring cannot be enabled with --disable-shared"
echo
exit 1
fi
AC_DEFINE([HAVE_PFRING],[1],(PF_RING support enabled))
#We have to set CFLAGS for AC_COMPILE_IFELSE as it doesn't pay attention to CPPFLAGS
AC_ARG_WITH(libpfring_includes,
[ --with-libpfring-includes=DIR libpfring include directory],
[with_libpfring_includes="$withval"],[with_libpfring_includes=no])
AC_ARG_WITH(libpfring_libraries,
[ --with-libpfring-libraries=DIR libpfring library directory],
[with_libpfring_libraries="$withval"],[with_libpfring_libraries="no"])
if test "$with_libpfring_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libpfring_includes}"
fi
if test "$with_libpfring_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libpfring_libraries}"
fi
LIBPFRING=""
AC_CHECK_LIB(pfring, pfring_open,, LIBPFRING="no", [-lpcap])
if test "$LIBPFRING" != "no"; then
STORECFLAGS="${CFLAGS}"
CFLAGS="${CFLAGS} -Werror"
AC_COMPILE_IFELSE(
[AC_LANG_PROGRAM(
[
#include <pfring.h>
],
[
pfring_recv_chunk(NULL, NULL, 0, 0);
])],
[pfring_recv_chunk="yes"],
[pfring_recv_chunk="no"])
CFLAGS="${STORECFLAGS}"
if test "x$pfring_recv_chunk" != "xyes"; then
if test "x$enable_pfring" = "xyes"; then
echo
echo " ERROR! --enable-pfring was passed but the library version is < 6, go get it"
echo " from http://www.ntop.org/products/pf_ring/"
echo
exit 1
fi
fi
AC_COMPILE_IFELSE(
[AC_LANG_SOURCE([[
#include <pfring.h>
#ifndef PF_RING_FLOW_OFFLOAD
# error PF_RING_FLOW_OFFLOAD not defined
#endif
]])],
[
AC_DEFINE([HAVE_PF_RING_FLOW_OFFLOAD], [1], [PF_RING bypass support enabled])
],
[
echo
echo " Warning! Pfring hw bypass not supported by this library version < 7,"
echo " please upgrade to a newer version to use this feature."
echo
echo " Continuing for now with hw bypass support disabled..."
echo
])
else
if test "x$enable_pfring" = "xyes"; then
echo
echo " ERROR! --enable-pfring was passed but the library was not found, go get it"
echo " from http://www.ntop.org/products/pf_ring/"
echo
exit 1
fi
fi
])
if test "x$enable_pfring" = "xyes"; then
AM_CONDITIONAL([BUILD_PFRING], [true])
pfring_comment=""
else
AM_CONDITIONAL([BUILD_PFRING], [false])
pfring_comment="#"
fi
AC_SUBST([pfring_comment])
# AF_PACKET support
AC_ARG_ENABLE(af-packet,
AS_HELP_STRING([--enable-af-packet], [Enable AF_PACKET support [default=yes]]),
[enable_af_packet=$enableval],[enable_af_packet=yes])
AS_IF([test "x$enable_af_packet" = "xyes"], [
AC_CHECK_DECLS([TPACKET_V2, TPACKET_V3],
AC_DEFINE([HAVE_AF_PACKET],[1],[AF_PACKET support is available]),
[enable_af_packet="no"],
[[#include <sys/socket.h>
#include <linux/if_packet.h>]])
AC_CHECK_DECL([PACKET_FANOUT_QM],
AC_DEFINE([HAVE_PACKET_FANOUT],[1],[Recent packet fanout support is available]),
[],
[[#include <linux/if_packet.h>]])
AC_CHECK_DECL([SOF_TIMESTAMPING_RAW_HARDWARE],
AC_DEFINE([HAVE_HW_TIMESTAMPING],[1],[Hardware timestamping support is available]),
[],
[[#include <linux/net_tstamp.h>]])
])
# AF_XDP support
AC_ARG_ENABLE(af-xdp,
AS_HELP_STRING([--disable-af-xdp], [Disable AF_XDP support [default=enabled]]),
[enable_af_xdp=$enableval],[enable_af_xdp=yes])
AS_IF([test "x$enable_af_xdp" = "xyes"], [
# Check for the availability of elf
AC_CHECK_LIB(elf,elf_begin,,[enable_af_xdp=no])
# Conditionally check headers, only when found will it 'continue'
AS_IF([test "x$enable_af_xdp" = "xyes"],
# Check for the availability of libxdp
AC_CHECK_HEADERS([xdp/xsk.h],,[enable_af_xdp=no])
AC_CHECK_LIB([xdp],[xsk_umem__create],,[enable_af_xdp=no]))
AS_IF([test "x$enable_af_xdp" = "xyes"],
# Check for the availability of libbpf
AC_CHECK_HEADERS([bpf/libbpf.h],,[enable_af_xdp=no])
AC_CHECK_LIB([bpf],[bpf_object__open],,[enable_af_xdp=no]))
# Are all required libs installed, yes=HAVE_AF_XDP
AS_IF([test "x$enable_af_xdp" = "xyes"],
AC_DEFINE([HAVE_AF_XDP],[1],[AF_XDP support is available]))
# bpf_get_link_xpd_id has been removed in the most recent
# versions of libbpf.
AC_CHECK_FUNCS([bpf_xdp_query_id])
])
# DPDK support
enable_dpdk_bond_pmd="no"
AC_ARG_ENABLE(dpdk,
AS_HELP_STRING([--enable-dpdk], [Enable DPDK support [default=no]]),
[enable_dpdk=$enableval],[enable_dpdk=no])
AS_IF([test "x$enable_dpdk" = "xyes"], [
AC_CHECK_LIB(numa, numa_available,, [numa_found="no"])
if test "$numa_found" = "no"; then
echo
echo " ERROR! libnuma not found by pkg-config, go get it"
echo " from http://github.com/numactl/numactl or your distribution:"
echo " Ubuntu: apt-get install libnuma-dev"
echo " Fedora: dnf install numactl-devel"
echo " CentOS/RHEL: yum install numactl-devel"
echo
exit 1
fi
AC_DEFINE([HAVE_DPDK],[1],(DPDK support enabled))
PKG_CHECK_EXISTS(libdpdk >= 19.11, , [with_pkgconfig_libdpdk=no])
if test "$with_pkgconfig_libdpdk" = "no"; then
echo
echo " ERROR! libdpdk >= 19.11 not found by pkg-config, go get it"
echo " from https://www.dpdk.org/ or your distribution:"
echo
echo " Ubuntu: apt-get install dpdk-dev"
echo " Fedora: dnf install dpdk-devel"
echo " CentOS/RHEL: yum install dpdk-devel"
echo
exit 1
fi
CFLAGS="${CFLAGS} `pkg-config --cflags libdpdk`"
LIBS="${LIBS} -lnuma `pkg-config --libs libdpdk`"
if test ! -z "$(ldconfig -p | grep librte_net_bond)"; then
AC_DEFINE([HAVE_DPDK_BOND],[1],(DPDK Bond PMD support enabled))
enable_dpdk_bond_pmd="yes"
LIBS="${LIBS} -lrte_net_bond" # 20.11+
elif test ! -z "$(ldconfig -p | grep librte_pmd_bond)"; then
AC_DEFINE([HAVE_DPDK_BOND],[1],(DPDK Bond PMD support enabled))
enable_dpdk_bond_pmd="yes"
LIBS="${LIBS} -lrte_pmd_bond"
else
echo
echo " WARNING: DPDK Bond PMD was not found on your system, "
echo " you will be unable to use DPDK Bond PMD."
echo " You can try to \"sudo ldconfig\" and reconfigure again"
echo " or compile and install DPDK with Bond support enabled."
echo
fi
])
# Netmap support
AC_ARG_ENABLE(netmap,
AS_HELP_STRING([--enable-netmap], [Enable Netmap support]),[enable_netmap=$enableval],[enable_netmap=no])
AC_ARG_WITH(netmap_includes,
[ --with-netmap-includes=DIR netmap include directory],
[with_netmap_includes="$withval"],[with_netmap_includes=no])
AC_ARG_WITH(netmap_libraries,
[ --with-netmap-libraries=DIR netmap library directory],
[with_netmap_libraries="$withval"],[with_netmap_libraries=no])
AS_IF([test "x$enable_netmap" = "xyes"], [
AC_DEFINE([HAVE_NETMAP],[1],(NETMAP support enabled))
if test "$with_netmap_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_netmap_includes}"
fi
if test "$with_netmap_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_netmap_libraries}"
fi
AC_CHECK_HEADER(net/netmap_user.h,,[AC_MSG_ERROR(net/netmap_user.h not found ...)],)
have_recent_netmap="no"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([
#include <net/netmap_user.h>
],[
#ifndef NETMAP_API
#error "Outdated netmap, need one with NETMAP_API"
#endif
#if NETMAP_API < 14
#error "Outdated netmap, need at least API version 14"
#endif
])], [have_recent_netmap="yes"])
if test "x$have_recent_netmap" != "xyes"; then
echo "ERROR: outdated netmap; need at least v14"
exit 1
fi
have_netmap_version="v14+"
AC_CHECK_HEADER(libnetmap.h,,[AC_MSG_ERROR(libnetmap.h not found ...)],)
LIBNETMAP=""
AC_SEARCH_LIBS([nmport_open],[netmap],,[LIBNETMAP="no"])
if test "$LIBNETMAP" = "no"; then
echo
echo " ERROR! libnetmap library not found!"
echo " Go get it from https://github.com/luigirizzo/netmap"
echo " or your distribution."
echo
exit 1
fi
AC_DEFINE([HAVE_NETMAP_V14],[1],(NETMAP API v14 support enabled))
])
# Suricata-Update.
AC_ARG_ENABLE([suricata-update], AS_HELP_STRING([--disable-suricata-update],
[Disable suricata-update]), [enable_suricata_update=$enableval],
[enable_suricata_update="yes"])
# Assume suricata-update will not be installed.
have_suricata_update="no"
if test "$enable_suricata_update" = "yes"; then
if test -f "$srcdir/suricata-update/setup.py"; then
have_suricata_update="yes"
fi
fi
if test "$have_suricata_update" = "yes"; then
if test "$enable_python" != "yes"; then
echo ""
echo " Warning: suricata-update will not be installed as"
echo " Python is not installed."
echo ""
echo
else
SURICATA_UPDATE_DIR="suricata-update"
AC_SUBST(SURICATA_UPDATE_DIR)
AC_CONFIG_FILES(suricata-update/Makefile)
AC_OUTPUT
fi
fi
# Test to see if suricatactl (and suricatasc) can be installed.
if test "x$enable_python" != "xyes"; then
install_suricatactl="requires python"
else
install_suricatactl="yes"
fi
# Test to see if suricata-update can be installed.
if test "x$have_suricata_update" != "xyes"; then
install_suricata_update="no, "
install_suricata_update_reason="not bundled"
elif test "x$enable_python" != "xyes"; then
install_suricata_update="no, "
install_suricata_update_reason="requires python"
else
install_suricata_update="yes"
fi
AM_CONDITIONAL([INSTALL_SURICATA_UPDATE],
[test "x$install_suricata_update" = "xyes"])
AC_SUBST([install_suricata_update_reason])
# Check for libcap-ng
case $host in
*-*-linux*)
AC_ARG_WITH(libcap_ng_includes,
[ --with-libcap_ng-includes=DIR libcap_ng include directory],
[with_libcap_ng_includes="$withval"],[with_libcap_ng_includes=no])
AC_ARG_WITH(libcap_ng_libraries,
[ --with-libcap_ng-libraries=DIR libcap_ng library directory],
[with_libcap_ng_libraries="$withval"],[with_libcap_ng_libraries="no"])
if test "$with_libcap_ng_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libcap_ng_includes}"
fi
if test "$with_libcap_ng_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libcap_ng_libraries}"
fi
AC_CHECK_HEADER(cap-ng.h,,LIBCAP_NG="no")
if test "$LIBCAP_NG" != "no"; then
LIBCAP_NG=""
AC_CHECK_LIB(cap-ng,capng_clear,,LIBCAP_NG="no")
fi
if test "$LIBCAP_NG" != "no"; then
AC_DEFINE([HAVE_LIBCAP_NG],[1],[Libpcap-ng support])
fi
if test "$LIBCAP_NG" = "no"; then
echo
echo " WARNING! libcap-ng library not found, go get it"
echo " from http://people.redhat.com/sgrubb/libcap-ng/"
echo " or your distribution:"
echo
echo " Ubuntu: apt-get install libcap-ng-dev"
echo " Fedora: dnf install libcap-ng-devel"
echo " CentOS/RHEL: yum install libcap-ng-devel"
echo
echo " Suricata will be built without support for dropping privs."
echo
fi
;;
esac
AC_CHECK_LIB(unwind,unw_backtrace,,LIBUNW="no")
if test "$LIBUNW" = "no"; then
echo
echo " libunwind library and development headers not found"
echo " stacktrace on unexpected termination due to signal not possible"
echo
fi;
AC_ARG_ENABLE(ebpf,
AS_HELP_STRING([--enable-ebpf],[Enable eBPF support]),
[ enable_ebpf="$enableval"],
[ enable_ebpf="no"])
have_xdp="no"
if test "$enable_ebpf" = "yes"; then
AC_CHECK_LIB(elf,elf_begin,,LIBELF="no")
if test "$LIBELF" = "no"; then
echo
echo " libelf library and development headers not found but"
echo " but needed to use eBPF code"
echo
exit 1
fi;
AC_CHECK_LIB(bpf,bpf_object__open,,LIBBPF="no")
if test "$LIBBPF" = "no"; then
echo
echo " libbpf library and development headers not found but"
echo " needed to use eBPF code. It can be found at"
echo " https://github.com/libbpf/libbpf"
echo
exit 1
fi;
AC_CHECK_DECL([PACKET_FANOUT_EBPF],
AC_DEFINE([HAVE_PACKET_EBPF],[1],[Recent ebpf fanout support is available]),
[],
[[#include <linux/if_packet.h>]])
# Check for XDP specific function.
AC_CHECK_LIB(bpf,bpf_xdp_attach,have_xdp="yes")
if test "$have_xdp" = "yes"; then
AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
else
# Check for legacy XDP function.
AC_CHECK_LIB(bpf,bpf_set_link_xdp_fd,have_xdp="yes")
if test "$have_xdp" = "yes"; then
AC_DEFINE([HAVE_PACKET_XDP],[1],[XDP support is available])
fi
fi
AC_CHECK_FUNCS([bpf_program__section_name bpf_xdp_attach bpf_program__set_type])
fi;
# Check for DAG support.
AC_ARG_ENABLE(dag,
AS_HELP_STRING([--enable-dag],[Enable DAG capture]),
[ enable_dag=$enableval ],
[ enable_dag=no])
AC_ARG_WITH(dag_includes,
[ --with-dag-includes=DIR dagapi include directory],
[with_dag_includes="$withval"],[with_dag_includes="no"])
AC_ARG_WITH(dag_libraries,
[ --with-dag-libraries=DIR dagapi library directory],
[with_dag_libraries="$withval"],[with_dag_libraries="no"])
if test "$enable_dag" = "yes"; then
if test "$with_dag_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_dag_includes}"
fi
if test "$with_dag_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_dag_libraries}"
fi
AC_CHECK_HEADER(dagapi.h,DAG="yes",DAG="no")
if test "$DAG" != "no"; then
DAG=""
AC_CHECK_LIB(dag,dag_open,,DAG="no",)
fi
if test "$DAG" = "no"; then
echo
echo " ERROR! libdag library not found"
echo
exit 1
fi
AC_DEFINE([HAVE_DAG],[1],(Endace DAG card support enabled))
fi
# libmagic
enable_magic="no"
AC_ARG_ENABLE(libmagic,
AS_HELP_STRING([--enable-libmagic], [Enable libmagic support [default=yes]]),
[enable_magic=$enableval],[enable_magic=yes])
if test "$enable_magic" = "yes"; then
AC_ARG_WITH(libmagic_includes,
[ --with-libmagic-includes=DIR libmagic include directory],
[with_libmagic_includes="$withval"],[with_libmagic_includes=no])
AC_ARG_WITH(libmagic_libraries,
[ --with-libmagic-libraries=DIR libmagic library directory],
[with_libmagic_libraries="$withval"],[with_libmagic_libraries="no"])
if test "$with_libmagic_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libmagic_includes}"
fi
AC_CHECK_HEADER(magic.h,,MAGIC="no")
if test "$MAGIC" != "no"; then
MAGIC=""
AC_CHECK_LIB(magic, magic_open,, MAGIC="no")
fi
if test "x$MAGIC" != "xno"; then
if test "$with_libmagic_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libmagic_libraries}"
fi
AC_DEFINE([HAVE_MAGIC],[1],(Libmagic for file handling))
else
echo
echo " WARNING! magic library not found, go get it"
echo " from http://www.darwinsys.com/file/ or your distribution:"
echo
echo " Ubuntu: apt-get install libmagic-dev"
echo " Fedora: dnf install file-devel"
echo " CentOS/RHEL: yum install file-devel"
echo
enable_magic="no"
fi
fi
# Napatech - Using the 3GD API
AC_ARG_ENABLE(napatech,
AS_HELP_STRING([--enable-napatech],[Enable Napatech Devices]),
[ enable_napatech=$enableval ],
[ enable_napatech=no])
AS_IF([test "x$enable_napatech" = "xyes"], [
if test "x$enable_shared" = "xno"; then
echo
echo " ERROR! napatech cannot be enabled with --disable-shared"
echo
exit 1
fi
AC_ARG_ENABLE(napatech_bypass,
AS_HELP_STRING([--disable-napatech-bypass],[Disable Bypass feature on Napatech cards]),
[ napatech_bypass=$enableval ],
[ napatech_bypass=yes])
AC_ARG_WITH(napatech_includes,
[ --with-napatech-includes=DIR napatech include directory],
[with_napatech_includes="$withval"],[with_napatech_includes="/opt/napatech3/include"])
AC_ARG_WITH(napatech_libraries,
[ --with-napatech-libraries=DIR napatech library directory],
[with_napatech_libraries="$withval"],[with_napatech_libraries="/opt/napatech3/lib"])
if test "$enable_napatech" = "yes"; then
CPPFLAGS="${CPPFLAGS} -I${with_napatech_includes}"
LDFLAGS="${LDFLAGS} -L${with_napatech_libraries}"
LIBS="${LIBS} -lntapi"
AC_CHECK_HEADER(nt.h,NAPATECH="yes",NAPATECH="no")
if test "$NAPATECH" != "no"; then
NAPATECH=""
AC_CHECK_LIB(ntapi, NT_Init,NAPATECH="yes",NAPATECH="no")
fi
if test "$NAPATECH" = "no"; then
echo
echo " ERROR! libntapi library not found"
echo
exit 1
else
AC_CHECK_LIB(numa, numa_available,, LIBNUMA="no")
if test "$LIBNUMA" = "no"; then
echo
echo " WARNING: libnuma is required to use Napatech auto-config"
echo " libnuma is not found. Go get it"
echo " from http://github.com/numactl/numactl or your distribution:"
echo " Ubuntu: apt-get install libnuma-dev"
echo " Fedora: dnf install numactl-devel"
echo " CentOS/RHEL: yum install numactl-devel"
echo
exit 1
fi
fi
AC_DEFINE([HAVE_NAPATECH],[1],(Napatech capture card support))
if test "$napatech_bypass" = "yes"; then
AC_CHECK_LIB(ntapi, NT_FlowOpenAttrInit,NTFLOW="yes",NTFLOW="no")
if test "$NTFLOW" = "yes"; then
echo " Napatech Flow Processing is Enabled (--disable-napatech-bypass if not needed)"
AC_DEFINE([NAPATECH_ENABLE_BYPASS],[1],(Napatech flowdirector support))
else
echo "Napatech Flow Processing is not available"
fi
else
echo "Napatech Flow Processing is Disabled."
fi
fi
])
if test "x$enable_napatech" = "xyes"; then
AM_CONDITIONAL([BUILD_NAPATECH], [true])
napatech_comment=""
else
AM_CONDITIONAL([BUILD_NAPATECH], [false])
napatech_comment="#"
fi
AC_SUBST([napatech_comment])
# libmaxminddb
AC_ARG_ENABLE(geoip,
AS_HELP_STRING([--enable-geoip],[Enable GeoIP2 support]),
[ enable_geoip="$enableval"],
[ enable_geoip="no"])
AC_ARG_WITH(libmaxminddb_includes,
[ --with-libmaxminddb-includes=DIR libmaxminddb include directory],
[with_libmaxminddb_includes="$withval"],[with_libmaxminddb_includes="no"])
AC_ARG_WITH(libmaxminddb_libraries,
[ --with-libmaxminddb-libraries=DIR libmaxminddb library directory],
[with_libmaxminddb_libraries="$withval"],[with_libmaxminddb_libraries="no"])
if test "$enable_geoip" = "yes"; then
if test "$with_libmaxminddb_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libmaxminddb_includes}"
fi
AC_CHECK_HEADER(maxminddb.h,GEOIP="yes",GEOIP="no")
if test "$GEOIP" = "yes"; then
if test "$with_libmaxminddb_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libmaxminddb_libraries}"
fi
AC_CHECK_LIB(maxminddb, MMDB_open,, GEOIP="no")
fi
if test "$GEOIP" = "no"; then
echo
echo " ERROR! libmaxminddb GeoIP2 library not found, go get it"
echo " from https://github.com/maxmind/libmaxminddb or your distribution:"
echo
echo " Ubuntu: apt-get install libmaxminddb-dev"
echo " Fedora: dnf install libmaxminddb-devel"
echo " CentOS/RHEL: yum install libmaxminddb-devel"
echo
exit 1
fi
AC_DEFINE([HAVE_GEOIP],[1],[libmaxminddb available])
enable_geoip="yes"
fi
# Position Independent Executable
AC_ARG_ENABLE(pie,
AS_HELP_STRING([--enable-pie],[Enable compiling as a position independent executable]),
[ enable_pie="$enableval"],
[ enable_pie="no"])
if test "$enable_pie" = "yes"; then
CPPFLAGS="${CPPFLAGS} -fPIC"
LDFLAGS="${LDFLAGS} -pie"
fi
#libevent includes and libraries
AC_ARG_WITH(libevent_includes,
[ --with-libevent-includes=DIR libevent include directory],
[with_libevent_includes="$withval"],[with_libevent_includes="no"])
AC_ARG_WITH(libevent_libraries,
[ --with-libevent-libraries=DIR libevent library directory],
[with_libevent_libraries="$withval"],[with_libevent_libraries="no"])
# libhiredis
AC_ARG_ENABLE(hiredis,
AS_HELP_STRING([--enable-hiredis],[Enable Redis support]),
[ enable_hiredis="$enableval"],
[ enable_hiredis="no"])
AC_ARG_WITH(libhiredis_includes,
[ --with-libhiredis-includes=DIR libhiredis include directory],
[with_libhiredis_includes="$withval"],[with_libhiredis_includes="no"])
AC_ARG_WITH(libhiredis_libraries,
[ --with-libhiredis-libraries=DIR libhiredis library directory],
[with_libhiredis_libraries="$withval"],[with_libhiredis_libraries="no"])
enable_hiredis_async="no"
if test "$enable_hiredis" = "yes"; then
if test "$with_libhiredis_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libhiredis_includes}"
fi
AC_CHECK_HEADER("hiredis/hiredis.h",HIREDIS="yes",HIREDIS="no")
if test "$HIREDIS" = "yes"; then
if test "$with_libhiredis_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libhiredis_libraries}"
fi
AC_CHECK_LIB(hiredis, redisConnect,, HIREDIS="no")
fi
if test "$HIREDIS" = "no"; then
echo
echo " ERROR! libhiredis library not found, go get it"
echo " from https://github.com/redis/hiredis or your distribution:"
echo
echo " Ubuntu: apt-get install libhiredis-dev"
echo " Fedora: dnf install hiredis-devel"
echo " CentOS/RHEL: yum install hiredis-devel"
echo
exit 1
fi
if test "$HIREDIS" = "yes"; then
AC_DEFINE([HAVE_LIBHIREDIS],[1],[libhiredis available])
enable_hiredis="yes"
#
# Check if async adapters and libevent is installed
#
AC_CHECK_HEADER("hiredis/adapters/libevent.h",HIREDIS_LIBEVENT_ADAPTER="yes",HIREDIS_LIBEVENT_ADAPTER="no")
if test "$HIREDIS_LIBEVENT_ADAPTER" = "yes"; then
#Look for libevent headers
if test "$with_libevent_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libevent_includes}"
fi
AC_CHECK_HEADER("event.h",LIBEVENT="yes",LIBEVENT="no")
if test "$LIBEVENT" = "yes"; then
if test "$with_libevent_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libevent_libraries}"
fi
AC_CHECK_LIB(event, event_base_free,, HAVE_LIBEVENT="no")
AC_CHECK_LIB(event_pthreads, evthread_use_pthreads,, HAVE_LIBEVENT_PTHREADS="no")
fi
if [ test "$HAVE_LIBEVENT" = "no" ] && [ -o test "$HAVE_LIBEVENT_PTHREADS" = "no"]; then
if test "$HAVE_LIBEVENT" = "no"; then
echo
echo " Async mode for redis output will not be available."
echo " To enable it install libevent"
echo
echo " Ubuntu: apt-get install libevent-dev"
echo " Fedora: dnf install libevent-devel"
echo " CentOS/RHEL: yum install libevent-devel"
echo
fi
if test "$HAVE_LIBEVENT_PTHREADS" = "no"; then
echo
echo " Async mode for redis output will not be available."
echo " To enable it install libevent with pthreads support"
echo
echo " Ubuntu: apt-get install libevent-pthreads-2.0-5"
echo
fi
else
AC_DEFINE([HAVE_LIBEVENT],[1],[libevent available])
enable_hiredis_async="yes"
fi
fi
fi
fi
AC_ARG_ENABLE(ja3,
AS_HELP_STRING([--disable-ja3], [Disable JA3 support]),
[enable_ja3="$enableval"],
[enable_ja3=yes])
if test "$enable_ja3" = "yes"; then
AC_DEFINE([HAVE_JA3],[1],[JA3 enabled])
enable_ja3="yes"
fi
AM_CONDITIONAL([HAVE_JA3], [test "x$enable_ja3" != "xno"])
AC_ARG_ENABLE(ja4,
AS_HELP_STRING([--disable-ja4], [Disable JA4 support]),
[enable_ja4="$enableval"],
[enable_ja4=yes])
if test "$enable_ja4" = "yes"; then
AC_DEFINE([HAVE_JA4],[1],[JA4 enabled])
enable_ja4="yes"
fi
AM_CONDITIONAL([HAVE_JA4], [test "x$enable_ja4" != "xno"])
# Check for lz4
enable_liblz4="yes"
AC_CHECK_LIB(lz4, LZ4F_createCompressionContext, , enable_liblz4="no")
if test "$enable_liblz4" = "no"; then
echo
echo " Compressed pcap logging is not available without liblz4."
echo " If you want to enable compression, you need to install it."
echo
echo " Ubuntu: apt-get install liblz4-dev"
echo " Fedora: dnf install lz4-devel"
echo " CentOS/RHEL: yum install epel-release"
echo " yum install lz4-devel"
echo
fi
# get cache line size
AC_PATH_PROG(HAVE_GETCONF_CMD, getconf, "no")
if test "$HAVE_GETCONF_CMD" != "no"; then
CLS=$(getconf LEVEL1_DCACHE_LINESIZE)
if [test "$CLS" != "undefined" && test "$CLS" != "" && test "$CLS" != "0"]; then
AC_DEFINE_UNQUOTED([CLS],[${CLS}],[L1 cache line size])
else
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
else
AC_DEFINE([CLS],[64],[L1 cache line size])
fi
# sphinx-build for documentation, and also check for a new enough version
AC_PATH_PROG([SPHINX_BUILD], [sphinx-build], [no])
if test "$SPHINX_BUILD" != "no"; then
MIN_SPHINX_BUILD_VERSION="3.4.3"
sphinx_build_version=$($SPHINX_BUILD --version 2>&1 | cut -d' ' -f2-)
AC_MSG_CHECKING([for sphinx-build >= $MIN_SPHINX_BUILD_VERSION])
AS_VERSION_COMPARE([$sphinx_build_version], [$MIN_SPHINX_BUILD_VERSION],
[
AC_MSG_RESULT([no, documentation will not be built])
SPHINX_BUILD="no"
],
[], [])
if test "$SPHINX_BUILD" != "no"; then
AC_MSG_RESULT([yes])
fi
fi
if test "$SPHINX_BUILD" = "no"; then
enable_sphinxbuild=no
if test -e "$srcdir/doc/userguide/suricata.1"; then
have_suricata_man=yes
fi
fi
AM_CONDITIONAL([SPHINX_BUILD], [test "x$enable_sphinxbuild" != "xno"])
AM_CONDITIONAL([HAVE_SURICATA_MAN], [test "x$have_suricata_man" = "xyes"])
# pdflatex for the pdf version of the user manual
AC_PATH_PROG(HAVE_PDFLATEX, pdflatex, "no")
if test "$HAVE_PDFLATEX" = "no"; then
enable_pdflatex=no
fi
AM_CONDITIONAL([HAVE_PDFLATEX], [test "x$enable_pdflatex" != "xno"])
# Cargo/Rust
AM_CONDITIONAL([RUST_CROSS_COMPILE], [test "x$cross_compiling" = "xyes"])
# Check for rustc, respecting RUSTC environment variable
AC_ARG_VAR([RUSTC], [Rustc command])
if test -z "$RUSTC"; then
RUSTC="rustc"
fi
AC_PATH_PROG(RUSTC, $RUSTC, "no")
if test "$RUSTC" = "no"; then
echo ""
echo " ERROR: Rust compiler not found."
echo ""
echo " Ubuntu/Debian: apt install rustc cargo"
echo " Fedora: dnf install rustc cargo"
echo " CentOS: yum install rustc cargo (requires EPEL)"
echo ""
echo " Rustup works as well: https://rustup.rs/"
echo ""
exit 1
fi
# Check for cargo, respecting CARGO environment variable
AC_ARG_VAR([CARGO], [Cargo command])
if test -z "$CARGO"; then
CARGO="cargo"
fi
AC_PATH_PROG(CARGO, $CARGO, "no")
if test "$CARGO" = "no"; then
AC_MSG_ERROR([cargo required])
fi
# Check for rustdoc, respecting RUSTDOC environment variable
AC_ARG_VAR([RUSTDOC], [Rustdoc command])
if test -z "$RUSTDOC"; then
RUSTDOC="rustdoc"
fi
AC_PATH_PROG(RUSTDOC, $RUSTDOC, "no")
if test "$RUSTDOC" = "no"; then
AC_MSG_ERROR([rustdoc required])
fi
AC_DEFINE([HAVE_RUST],[1],[Enable Rust language])
AM_CONDITIONAL([HAVE_RUST],true)
AC_SUBST([CARGO], [$CARGO])
rust_compiler_version=$($RUSTC --version)
rustc_version=$(echo "$rust_compiler_version" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/')
cargo_version_output=$($CARGO --version)
cargo_version=$(echo "$cargo_version_output" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/')
MIN_RUSTC_VERSION="1.75.0" # MSRV
AC_MSG_CHECKING(for Rust version $MIN_RUSTC_VERSION or newer)
AS_VERSION_COMPARE([$rustc_version], [$MIN_RUSTC_VERSION],
[
echo ""
echo "ERROR: Rust $MIN_RUSTC_VERSION or newer required."
echo ""
echo "Rust version ${rustc_version} was found."
echo ""
exit 1
],
[],
[])
AC_MSG_RESULT(yes)
RUST_FEATURES=""
rust_vendor_comment="# "
have_rust_vendor="no"
if test "x$cross_compiling" = "xyes"; then
RUST_SURICATA_LIB_XC_DIR="${host_alias}/"
else
if test "x$CARGO_BUILD_TARGET" = "x"; then
RUST_SURICATA_LIB_XC_DIR=
else
RUST_SURICATA_LIB_XC_DIR="${CARGO_BUILD_TARGET}/"
fi
fi
if test "x$enable_debug" = "xyes"; then
RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}debug"
else
RUST_SURICATA_LIBDIR="../rust/target/${RUST_SURICATA_LIB_XC_DIR}release"
fi
RUST_SURICATA_LIB="${RUST_SURICATA_LIBDIR}/${RUST_SURICATA_LIBNAME}"
# make sure that we use our headers for lua
CPPFLAGS="-I\${srcdir}/../rust/gen -I\${srcdir}/../rust/dist -I../rust/gen ${CPPFLAGS}"
AC_SUBST(RUST_SURICATA_LIB)
AC_SUBST(RUST_LDADD)
if test "x$CARGO_HOME" = "x"; then
if test "x$HAVE_CYGPATH" != "xno"; then
CYGPATH_CARGO_HOME=$(cygpath -a -t mixed ~/.cargo)
AC_SUBST([CARGO_HOME], [$CYGPATH_CARGO_HOME])
else
AC_SUBST([CARGO_HOME], [~/.cargo])
fi
else
AC_SUBST([CARGO_HOME], [$CARGO_HOME])
fi
# Check for rustup. RUSTUP_HOME needs to be set if rustup is in
# use, and a user uses sudo (depending on configuration), or su to
# perform the install
rustup_home_path="no"
if test "x$RUSTUP_HOME" != "x"; then
rustup_home_path="$RUSTUP_HOME"
else
AC_PATH_PROG(have_rustup, rustup, "no")
if test "x$have_rustup" != "xno"; then
rustup_home_path=$($have_rustup show home 2>/dev/null || echo "no")
fi
fi
rustup_home=""
if test "x$rustup_home_path" != "xno"; then
rustup_home="RUSTUP_HOME=\$(RUSTUP_HOME_PATH)"
fi
AC_SUBST([RUSTUP_HOME_PATH], [$rustup_home_path])
AC_SUBST([rustup_home])
if test -e "$srcdir/rust/vendor"; then
have_rust_vendor="yes"
fi
if test "x$have_rust_vendor" = "xyes"; then
rust_vendor_comment=""
fi
AC_SUBST(rust_vendor_comment)
AM_CONDITIONAL([HAVE_RUST_VENDOR], [test "x$have_rust_vendor" = "xyes"])
# Bindgen requires rustfmt.
AC_PATH_PROG([RUSTFMT], [rustfmt], [no])
# Check for bindgen
AC_PATH_PROG([BINDGEN], [bindgen], [no])
if test "x$BINDGEN" != "xno"; then
bindgen_version=$($BINDGEN --version 2>&1 | cut -d' ' -f2-)
min_bindgen_version="0.66.0"
AS_VERSION_COMPARE([$bindgen_version], [$min_bindgen_version],
[bindgen_ok="no"],
[bindgen_ok="yes"],
[bindgen_ok="yes"])
if test "x$bindgen_ok" != "xyes"; then
echo " Warning: bindgen must be at least version $min_bindgen_version,"
echo " found $bindgen_version."
echo " To update: cargo install --force bindgen-cli"
BINDGEN="no"
fi
fi
AM_CONDITIONAL([HAVE_BINDGEN], [test "x$BINDGEN" != "xno" -a "x$RUSTFMT" != "xno"])
have_rust_headers="no"
AC_MSG_CHECKING(for $srcdir/rust/dist/rust-bindings.h)
if test -f "$srcdir/rust/dist/rust-bindings.h"; then
AC_MSG_RESULT(yes)
have_rust_headers="yes"
else
AC_MSG_RESULT(no)
AC_MSG_CHECKING(for $srcdir/rust/gen/rust-bindings.h)
if test -f "$srcdir/rust/gen/rust-bindings.h"; then
AC_MSG_RESULT(yes)
have_rust_headers="yes"
else
AC_MSG_RESULT(no)
fi
fi
AC_PATH_PROG(CBINDGEN, cbindgen, "no")
if test "x$CBINDGEN" != "xno"; then
cbindgen_version=$(cbindgen --version 2>&1 | cut -d' ' -f2-)
min_cbindgen_version="0.20.0"
AS_VERSION_COMPARE([$cbindgen_version], [$min_cbindgen_version],
[cbindgen_ok="no"],
[cbindgen_ok="yes"],
[cbindgen_ok="yes"])
if test "x$cbindgen_ok" != "xyes"; then
echo " Warning: cbindgen must be at least version $min_cbindgen_version,"
echo " found $cbindgen_version."
echo " To update: cargo install --force cbindgen"
CBINDGEN="no"
else
have_rust_headers="no"
fi
fi
AC_SUBST([CBINDGEN], [$CBINDGEN])
# Require cbindgen if generated headers are not bundled.
if test "x$have_rust_headers" != "xyes"; then
if test "x$CBINDGEN" = "xno"; then
echo " Warning: cbindgen too old or not found, it is required to "
echo " generate header files."
echo " To install: cargo install --force cbindgen"
AC_MSG_ERROR([cbindgen required])
fi
fi
AM_CONDITIONAL([HAVE_RUST_HEADERS], [test "x$have_rust_headers" = "xyes"])
AM_CONDITIONAL([HAVE_CBINDGEN], [test "x$CBINDGEN" != "xno"])
AC_ARG_ENABLE(rust_strict,
AS_HELP_STRING([--enable-rust-strict], [Rust warnings as errors]),[enable_rust_strict=$enableval],[enable_rust_strict=no])
AS_IF([test "x$enable_rust_strict" = "xyes"], [
RUST_FEATURES="strict"
])
AC_SUBST(RUST_FEATURES)
# nDPI support (no library checks for this stub)
NDPI_HOME=
AC_ARG_ENABLE(ndpi,
AS_HELP_STRING([--enable-ndpi], [Enable nDPI support]),
[enable_ndpi=$enableval],[enable_ndpi=no])
AC_ARG_WITH([ndpi],
[ --with-ndpi=<path> path to nDPI source tree.],
[NDPI_HOME="$withval"])
# Require --with-ndpi to be provided with an argument.
AS_IF([test "x$NDPI_HOME" = "xyes"], [
AC_MSG_ERROR([--with-ndpi requires a path])
exit 1
])
AS_IF([test "x$enable_dpi" = "xyes"], [
if test "x$enable_shared" = "xno"; then
echo
echo " ERROR! ndpi cannot be enabled with --disable-shared"
echo
exit 1
fi
])
if test "x$enable_ndpi" = "xyes"; then
AC_MSG_CHECKING(for nDPI source)
if test "x$NDPI_HOME" != "x"; then
AC_MSG_RESULT(found in $NDPI_HOME)
NDPI_LIB=$NDPI_HOME/src/lib/libndpi.a
AC_MSG_CHECKING(for $NDPI_LIB)
if test -r $NDPI_LIB ; then :
AC_MSG_RESULT(found $NDPI_LIB)
fi
CPPFLAGS="${CPPFLAGS} -I$NDPI_HOME/src/include"
NDPI_LIB="$NDPI_HOME/src/lib/libndpi.a"
AC_SUBST([NDPI_LIB])
else
AC_MSG_RESULT(not found)
enable_ndpi="no"
fi
fi
if test "x$enable_ndpi" = "xyes"; then
AM_CONDITIONAL([BUILD_NDPI], [true])
ndpi_comment=""
else
AM_CONDITIONAL([BUILD_NDPI], [false])
ndpi_comment="#"
fi
AC_SUBST([ndpi_comment])
AC_ARG_ENABLE(warnings,
AS_HELP_STRING([--enable-warnings], [Enable supported C compiler warnings]),[enable_warnings=$enableval],[enable_warnings=no])
AS_IF([test "x$enable_warnings" = "xyes"], [
# check if our compiler supports -Wunused-macros
AC_MSG_CHECKING(for -Wunused-macros support)
OCFLAGS=$CFLAGS
CFLAGS="$CFLAGS -Wunused-macros"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
[[]])],
AC_MSG_RESULT([yes]),
[AC_MSG_RESULT([no])
CFLAGS="$OCFLAGS"])
# check if our compiler supports -Wimplicit-int-float-conversion
AC_MSG_CHECKING(for -Wimplicit-int-float-conversion)
OCFLAGS=$CFLAGS
CFLAGS="$CFLAGS -Wimplicit-int-float-conversion"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
[[]])],
AC_MSG_RESULT([yes]),
[AC_MSG_RESULT([no])
CFLAGS="$OCFLAGS"])
# Following warnings are not respected by unit tests
if test "$enable_unittests" != "yes"; then
# check if our compiler supports -Wimplicit-int-conversion
AC_MSG_CHECKING(for -Wimplicit-int-conversion support)
OCFLAGS=$CFLAGS
CFLAGS="$CFLAGS -Wimplicit-int-conversion"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
[[]])],
AC_MSG_RESULT([yes]),
[AC_MSG_RESULT([no])
CFLAGS="$OCFLAGS"])
# check if our compiler supports -Wshorten-64-to-32
AC_MSG_CHECKING(for -Wshorten-64-to-32 support)
OCFLAGS=$CFLAGS
CFLAGS="$CFLAGS -Wshorten-64-to-32"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]],
[[]])],
AC_MSG_RESULT([yes]),
[AC_MSG_RESULT([no])
CFLAGS="$OCFLAGS"])
fi
])
AC_CHECK_LIB(fuzzpcap, FPC_IsFuzzPacketCapture, HAS_FUZZPCAP="yes")
AM_CONDITIONAL([HAS_FUZZPCAP], [test "x$HAS_FUZZPCAP" = "xyes"])
AC_ARG_ENABLE(fuzztargets,
AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no])
AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"])
AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo "$rust_compiler_version" | grep -q nightly && echo "$RUSTFLAGS" | grep -v -q coverage])
AC_PROG_CXX
AS_IF([test "x$enable_fuzztargets" = "xyes"], [
AS_IF([test "x$CARGO_BUILD_TARGET" = "x" && echo "$rust_compiler_version" | grep -q nightly], [
CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu
AC_SUBST(CARGO_BUILD_TARGET)
])
AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled])
AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions])
CFLAGS_ORIG=$CFLAGS
CFLAGS="-Werror"
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])],
[AC_DEFINE([AFLFUZZ_PERSISTENT_MODE], [1], [Enable AFL PERSISTENT_MODE])],
[])
CFLAGS=$CFLAGS_ORIG
AC_LANG_PUSH(C++)
tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS
AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [
LIB_FUZZING_ENGINE=-fsanitize=fuzzer
AC_SUBST(LIB_FUZZING_ENGINE)
])
_AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE"
AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE])
AC_LINK_IFELSE([AC_LANG_SOURCE([[
#include <sys/types.h>
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size);
extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) {
(void)Data;
(void)Size;
return 0;
}
]])],
[ AC_MSG_RESULT(yes)
has_sanitizefuzzer=yes],
[ AC_MSG_RESULT(no) ]
)
_AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags
AC_LANG_POP()
])
AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"])
# get git revision and last commit date
AC_PATH_PROG(HAVE_GIT_CMD, git, "no")
if test "$HAVE_GIT_CMD" != "no"; then
if [ test -e .git ]; then
REVISION=`git rev-parse --short HEAD`
LAST_COMMIT_DATE=`git log -1 --date=short --pretty=format:%cd`
REVISION="$REVISION $LAST_COMMIT_DATE"
AC_DEFINE_UNQUOTED([REVISION],[${REVISION}],[Git revision])
fi
fi
# Get the release date. If LAST_COMMIT_DATE was set in the previous
# step, use it, otherwise parse it from the ChangeLog.
AC_MSG_CHECKING([for release date])
if test "x$LAST_COMMIT_DATE" != "x"; then
RELEASE_DATE=$LAST_COMMIT_DATE
else
RELEASE_DATE=`awk '/^[[0-9\.]].+ -- [[0-9]][[0-9]][[0-9]][[0-9]]-[[0-9]][[0-9]]-[[0-9]][[0-9]]/ { print $3; exit }' $srcdir/ChangeLog`
if test "x$RELEASE_DATE" = "x"; then
AC_MSG_ERROR([Failed to determine release date])
fi
fi
AC_MSG_RESULT([${RELEASE_DATE}])
AC_SUBST(RELEASE_DATE)
# get MAJOR_MINOR version for embedding in configuration file.
MAJOR_MINOR=`expr "${PACKAGE_VERSION}" : "\([[0-9]]\+\.[[0-9]]\+\).*"`
if test "${enable_ebpf}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD_MANAGER], [1],[Building flow bypass manager code])
fi
if test "${enable_ebpf}" = "yes" || test "${enable_nfqueue}" = "yes" || test "${enable_pfring}" = "yes" || test "${enable_napatech}" = "yes" || test "${enable_unittests}" = "yes"; then
AC_DEFINE([CAPTURE_OFFLOAD], [1],[Building flow capture bypass code])
fi
# Add diagnostic filename
CPPFLAGS="${CPPFLAGS} -D__SCFILENAME__=\\\"\$(*F)\\\""
AC_SUBST(CFLAGS)
AC_SUBST(LDFLAGS)
AC_SUBST(CPPFLAGS)
define([EXPAND_VARIABLE],
[$2=[$]$1
if test $prefix = 'NONE'; then
prefix="/usr/local"
fi
while true; do
case "[$]$2" in
*\[$]* ) eval "$2=[$]$2" ;;
*) break ;;
esac
done
eval "$2=[$]$2$3"
])dnl EXPAND_VARIABLE
# suricata log dir
if test "$WINDOWS_PATH" = "yes"; then
case $host in
x86_64-w64-mingw32)
e_winbase="C:\\\\Program Files\\\\Suricata"
;;
*)
systemtype="`systeminfo | grep \"based PC\"`"
case "$systemtype" in
*x64*)
e_winbase="C:\\\\Program Files (x86)\\\\Suricata"
;;
*)
e_winbase="C:\\\\Program Files\\\\Suricata"
;;
esac
esac
e_sysconfdir="${e_winbase}\\\\"
e_defaultruledir="$e_winbase\\\\rules\\\\"
e_sghcachedir="$e_winbase\\\\cache\\\\sgh\\\\"
e_magic_file="$e_winbase\\\\magic.mgc"
e_logdir="$e_winbase\\\\log"
e_logfilesdir="$e_logdir\\\\files"
e_logcertsdir="$e_logdir\\\\certs"
e_datarulesdir="$e_winbase\\\\rules\\\\"
if test "x$HAVE_CYGPATH" != "xno"; then
# turn srcdir into abs path and convert to the
# mixed output (/c/Users/dev into c:/Users/dev)
e_rustdir="$(cygpath -a -t mixed ${srcdir})/rust"
else
e_abs_srcdir=$(cd $srcdir && pwd)
e_rustdir="$e_abs_srcdir/rust"
fi
else
EXPAND_VARIABLE(localstatedir, e_logdir, "/log/suricata/")
EXPAND_VARIABLE(localstatedir, e_rundir, "/run/")
EXPAND_VARIABLE(localstatedir, e_logfilesdir, "/log/suricata/files")
EXPAND_VARIABLE(localstatedir, e_logcertsdir, "/log/suricata/certs")
EXPAND_VARIABLE(sysconfdir, e_sysconfdir, "/suricata/")
EXPAND_VARIABLE(localstatedir, e_localstatedir, "/run/suricata")
EXPAND_VARIABLE(datadir, e_datarulesdir, "/suricata/rules")
EXPAND_VARIABLE(localstatedir, e_sghcachedir, "/lib/suricata/cache/sgh")
EXPAND_VARIABLE(localstatedir, e_datadir, "/lib/suricata/data")
EXPAND_VARIABLE(localstatedir, e_defaultruledir, "/lib/suricata/rules")
e_abs_srcdir=$(cd $srcdir && pwd)
EXPAND_VARIABLE(e_abs_srcdir, e_rustdir, "/rust")
fi
AC_SUBST(e_logdir)
AC_SUBST(e_rundir)
AC_SUBST(e_logfilesdir)
AC_SUBST(e_logcertsdir)
AC_SUBST(e_sysconfdir)
AC_DEFINE_UNQUOTED([CONFIG_DIR],["$e_sysconfdir"],[Our CONFIG_DIR])
AC_SUBST(e_localstatedir)
AC_SUBST(e_sghcachedir)
AC_DEFINE_UNQUOTED([SGH_CACHE_DIR],["$e_sghcachedir"],[Directory path for signature group head cache])
AC_SUBST(e_datadir)
AC_DEFINE_UNQUOTED([DATA_DIR],["$e_datadir"],[Our DATA_DIR])
AC_SUBST(e_magic_file)
AC_SUBST(e_magic_file_comment)
AC_SUBST(e_datarulesdir)
AC_SUBST(e_defaultruledir)
AC_SUBST(e_rustdir)
EXPAND_VARIABLE(prefix, CONFIGURE_PREFIX)
EXPAND_VARIABLE(sysconfdir, CONFIGURE_SYSCONDIR)
EXPAND_VARIABLE(localstatedir, CONFIGURE_LOCALSTATEDIR)
EXPAND_VARIABLE(datadir, CONFIGURE_DATAROOTDIR)
AC_SUBST(CONFIGURE_PREFIX)
AC_SUBST(CONFIGURE_SYSCONDIR)
AC_SUBST(CONFIGURE_LOCALSTATEDIR)
AC_DEFINE_UNQUOTED([LOCAL_STATE_DIR],["$CONFIGURE_LOCALSTATEDIR"],[Our LOCAL_STATE_DIR])
AC_SUBST(CONFIGURE_DATAROOTDIR)
AC_SUBST(PACKAGE_VERSION)
AC_SUBST(MAJOR_MINOR)
AC_SUBST(RUST_FEATURES)
AC_SUBST(RUST_SURICATA_LIBDIR)
AC_SUBST(RUST_SURICATA_LIBNAME)
AM_CONDITIONAL([BUILD_SHARED_LIBRARY], [test "x$enable_shared" = "xyes"] && [test "x$can_build_shared_library" = "xyes"])
AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.lock rust/Cargo.toml rust/derive/Cargo.toml rust/.cargo/config.toml)
AC_CONFIG_FILES(rust/sys/Makefile rust/sys/Cargo.toml)
AC_CONFIG_FILES(rust/ffi/Makefile rust/ffi/Cargo.toml)
AC_CONFIG_FILES(rust/suricatactl/Makefile rust/suricatactl/Cargo.toml)
AC_CONFIG_FILES(rust/suricatasc/Makefile rust/suricatasc/Cargo.toml)
AC_CONFIG_FILES(rust/htp/Makefile rust/htp/Cargo.toml)
AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile)
AC_CONFIG_FILES(suricata.yaml etc/Makefile etc/suricata.logrotate etc/suricata.service)
AC_CONFIG_FILES(python/Makefile python/suricata/config/defaults.py)
AC_CONFIG_FILES(ebpf/Makefile)
AC_CONFIG_FILES(libsuricata-config)
AC_CONFIG_FILES(examples/plugins/c-json-filetype/Makefile)
AC_CONFIG_FILES(examples/plugins/c-custom-loggers/Makefile)
AC_CONFIG_FILES(examples/plugins/ci-capture/Makefile)
AC_CONFIG_FILES(examples/lib/simple/Makefile examples/lib/simple/Makefile.example)
AC_CONFIG_FILES(examples/lib/custom/Makefile examples/lib/custom/Makefile.example)
AC_CONFIG_FILES(examples/lib/cplusplus/Makefile.example)
AC_CONFIG_FILES(plugins/Makefile)
AC_CONFIG_FILES(plugins/pfring/Makefile)
AC_CONFIG_FILES(plugins/napatech/Makefile)
AC_CONFIG_FILES(plugins/ndpi/Makefile)
AC_OUTPUT
SURICATA_BUILD_CONF="Suricata Configuration:
AF_PACKET support: ${enable_af_packet}
AF_XDP support: ${enable_af_xdp}
DPDK support: ${enable_dpdk}
eBPF support: ${enable_ebpf}
XDP support: ${have_xdp}
PF_RING support: ${enable_pfring}
NFQueue support: ${enable_nfqueue}
NFLOG support: ${enable_nflog}
IPFW support: ${enable_ipfw}
Netmap support: ${enable_netmap} ${have_netmap_version}
DAG enabled: ${enable_dag}
Napatech enabled: ${enable_napatech}
WinDivert enabled: ${enable_windivert}
Npcap support: ${have_wpcap}
Unix socket enabled: ${enable_unixsocket}
Detection enabled: ${enable_detection}
Libmagic support: ${enable_magic}
libjansson support: ${enable_jansson}
hiredis support: ${enable_hiredis}
hiredis async with libevent: ${enable_hiredis_async}
PCRE jit: ${pcre2_jit_available}
GeoIP2 support: ${enable_geoip}
JA3 support: ${enable_ja3}
JA4 support: ${enable_ja4}
Hyperscan support: ${enable_hyperscan}
Hwloc support: ${enable_hwloc}
Libnet support: ${enable_libnet}
liblz4 support: ${enable_liblz4}
Landlock support: ${enable_landlock}
Systemd support: ${enable_systemd}
Rust strict mode: ${enable_rust_strict}
Rust compiler path: ${RUSTC}
Rust compiler version: ${rust_compiler_version}
Cargo path: ${CARGO}
Cargo version: ${cargo_version_output}
Python support: ${enable_python}
Python path: ${python_path}
Install suricatactl: ${install_suricatactl}
Install suricatasc: ${install_suricatactl}
Install suricata-update: ${install_suricata_update}${install_suricata_update_reason}
Profiling enabled: ${enable_profiling}
Profiling locks enabled: ${enable_profiling_locks}
Profiling rules enabled: ${enable_profiling_rules}
Plugin support (experimental): ${plugin_support}
DPDK Bond PMD: ${enable_dpdk_bond_pmd}
Plugins:
nDPI: ${enable_ndpi}
Development settings:
Coccinelle / spatch: ${enable_coccinelle}
Unit tests enabled: ${enable_unittests}
Debug output enabled: ${enable_debug}
Debug validation enabled: ${enable_debug_validation}
Fuzz targets enabled: ${enable_fuzztargets}
Generic build parameters:
Installation prefix: ${prefix}
Configuration directory: ${e_sysconfdir}
Log directory: ${e_logdir}
--prefix ${CONFIGURE_PREFIX}
--sysconfdir ${CONFIGURE_SYSCONDIR}
--localstatedir ${CONFIGURE_LOCALSTATEDIR}
--datarootdir ${CONFIGURE_DATAROOTDIR}
Host: ${host}
Compiler: ${CC} (exec name) / ${compiler} (real)
GCC Protect enabled: ${enable_gccprotect}
GCC march native enabled: ${enable_gccmarch_native}
GCC Profile enabled: ${enable_gccprofile}
Position Independent Executable enabled: ${enable_pie}
CFLAGS ${CFLAGS}
PCAP_CFLAGS ${PCAP_CFLAGS}
SECCFLAGS ${SECCFLAGS}"
echo
echo "$SURICATA_BUILD_CONF"
echo "printf(" >src/build-info.h
echo "$SURICATA_BUILD_CONF" | sed -e 's/^/"/' | sed -e 's/$/\\n"/' >>src/build-info.h
echo ");" >>src/build-info.h
echo "
To build and install run 'make' and 'make install'.
You can run 'make install-conf' if you want to install initial configuration
files to ${e_sysconfdir}. Running 'make install-full' will install configuration
and rules and provide you a ready-to-run suricata."
echo
echo "To install Suricata into /usr/bin/suricata, have the config in
/etc/suricata and use /var/log/suricata as log dir, use:
./configure --prefix=/usr/ --sysconfdir=/etc/ --localstatedir=/var/"
echo
Reference in a new issue View git blame Copy permalink