webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 10:35:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

suricata: add suricata ebpf xdp capture mode

Browse Source 
Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
This commit is contained in:
Vincent Li
2024-10-17 02:11:19 +00:00
parent f689a70b7e
commit 1eceb143ed
3 changed files with 1066 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/rootfiles/common/suricata
View File

@@ -1,8 +1,10 @@
etc/suricata
etc/suricata/suricata.yaml
etc/suricata/suricata-xdp.yaml
usr/bin/suricata
#usr/include/suricata-plugin.h
usr/sbin/convert-ids-backend-files
usr/lib/bpf/xdp_filter.bpf
#usr/share/doc/suricata
#usr/share/doc/suricata/AUTHORS
#usr/share/doc/suricata/Basic_Setup.txt

1055
config/suricata/suricata-xdp.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

12
lfs/suricata
View File

@@ -24,7 +24,7 @@
include Config
VER = 6.0.16
VER = 6.0.9
THISAPP = suricata-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
$(DL_FILE)_BLAKE2 = 831d18072b52bfdd8379ac43a99b1660e575b04a805034371c1341f7fb4875f1b110d2f35bbf7eb7834f2b6b44cafdb939b32dbc50b43c4657277fa24c4dd3f4
$(DL_FILE)_BLAKE2 = 52e2d64a9afe1e231fdc4b0aed8f920a5b80d5f8a0a78b41641069356947b3003902f9117f113b526f499379e1b1f1885461396713a748d4b3fb50571eec2fa3
install : $(TARGET)
@@ -72,10 +72,12 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
cd $(DIR_APP) && LDFLAGS="$(LDFLAGS)" ./configure \
cd $(DIR_APP) && CC=clang LDFLAGS="$(LDFLAGS)" ./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--enable-ebpf \
--enable-ebpf-build \
--enable-gccprotect \
--disable-gccmarch-native \
--enable-non-bundled-htp \
@@ -91,11 +93,15 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make install
cd $(DIR_APP) && make install-conf
#Copy suricata bpf program to /usr/lib/bpf
cd $(DIR_APP) && cp -f ebpf/xdp_filter.bpf /usr/lib/bpf/
# Remove default suricata config file.
rm -rvf /etc/suricata/suricata.yaml
# Install IPFire related config file.
install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
install -m 0644 $(DIR_SRC)/config/suricata/suricata-xdp.yaml /etc/suricata
# Create emtpy rules directory.
-mkdir -p /var/lib/suricata