suricata-xdp: resolve memlock and stack smashing

suricata XDP support requires xdp-tools with
libbpf 1.4 to resolve stack smash issue.

also workaround memlock operation not permitted
by running suricata as root since load/attach
XDP program requires root privilige anyway.

see: https://github.com/vincentmli/BPFire/issues/54

Usage scenario:

since suricata IPS XDP capture mode works as
layer 2 bridge, BPFire netfilter firewall, NAT
IP route  will be bypassed. no IP address should
be assigned to red0 and green0 interface.

172.16.1.0/24          inline              172.16.1.0/24
red network<-->red0(xdp)<-->green0(xdp)<-->green network

we can run setup command to assign IP/Mask 0.0.0.0/0.0.0.0
to red0 and green0, then reboot BPFire, BPFire DHCP
will stops working after reboot. green network client
can get DHCP IP from upstream dhcp server.

start suricata manually

suricata -c /etc/suricata/suricata-xdp.yaml --af-packet
xdp_filter.bpf program will be attached to red0 and gree0
interface

not sure if we should add GUI for suricata XDP capture mode
since this is not common use case.

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>

make.sh

@@ -1399,7 +1399,6 @@ buildipfire() {
   lfsmake2 colm
   lfsmake2 ragel
   lfsmake2 hyperscan
-  lfsmake2 suricata
   lfsmake2 ids-ruleset-sources
   lfsmake2 ipblocklist-sources
   lfsmake2 squid
@@ -1686,6 +1685,7 @@ buildipfire() {
   lfsmake2 bpftool
   lfsmake2 llvm-project
   lfsmake2 xdp-tools
+  lfsmake2 suricata
   lfsmake2 knot
   lfsmake2 spectre-meltdown-checker
   lfsmake2 zabbix_agentd