First thing to do is to declare the new elements in the list of modules. This is done by filling in the tmm_modules array which contains all arrays. We need to declare to suricata that it has a new capture mode.
This message is displayed at the end of configure run.
If some checks need to be done (library check, header check, version check), they can be added via an AS_IF construct:ĪS_IF(, [ĪC_DEFINE(,),Ī last thing to add in configure.ac is the indication that the capture module is build or not: This defined a HAVE_AF_PACKET define in config.h so the dedicated capture code must be surrounded by the following construct: To do so, configure.ac must be updated and should at least have a new AC_ARG_ENABLE line:ĪS_HELP_STRING(, ]), It must be possible to disable or enable the build from configure. Runmode-af-packet.c runmode-af-packet.h \ The alphabetically sorted variable suricata_SOURCES must be updated To add the files to the build system, src/Makefile.am need to be edited. The running mode is also a single file (with its header):
The capture code is usually made in a single file and its associated header: We will use AF_PACKET as example for the rest of the document. To add a new capture mode, you need to add two things to suricata:
