###############################################################################
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
###############################################################################

###############################################################################
# Definitions
###############################################################################

include Config

VER        = 6.0.9

THISAPP    = suricata-$(VER)
DL_FILE    = $(THISAPP).tar.gz
DL_FROM    = $(URL_IPFIRE)
DIR_APP    = $(DIR_SRC)/$(THISAPP)
TARGET     = $(DIR_INFO)/$(THISAPP)

# Proxy Configuration
export http_proxy=http://172.16.0.251:9090
export https_proxy=http://172.16.0.251:9090
export ftp_proxy=http://172.16.0.251:9090
export HTTP_PROXY=http://172.16.0.251:9090
export HTTPS_PROXY=http://172.16.0.251:9090
export FTP_PROXY=http://172.16.0.251:9090

CARGO_HOME=/root/.cargo
CARGO_CONFIG=$(CARGO_HOME)/config.toml

###############################################################################
# Top-level Rules
###############################################################################

objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

$(DL_FILE)_BLAKE2 = eef2500a22d581b37dafe496a57e664e6cb3aed879f138df5708ffd350bc985b4af875907c7e6cd0cf746ad6495e60414beaecf6069ba9d68b963831359362fc

install : $(TARGET)

check : $(patsubst %,$(DIR_CHK)/%,$(objects))

download :$(patsubst %,$(DIR_DL)/%,$(objects))

b2 : $(subst %,%_BLAKE2,$(objects))

###############################################################################
# Downloading, checking, b2sum
###############################################################################

$(patsubst %,$(DIR_CHK)/%,$(objects)) :
	@$(CHECK)

$(patsubst %,$(DIR_DL)/%,$(objects)) :
	@$(LOAD)

$(subst %,%_BLAKE2,$(objects)) :
	@$(B2SUM)

###############################################################################
# Installation Details
###############################################################################

$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
	@$(PREBUILD)
	@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)

	# Install older version of cbindgen compatible with rustc 1.67.0
	cargo install --version 0.20.0 --locked cbindgen

	# Ensure Cargo proxy configuration
	mkdir -p $(CARGO_HOME)
	echo "[http]" > $(CARGO_CONFIG)
	echo "proxy = \"http://172.16.0.251:9090\"" >> $(CARGO_CONFIG)
	echo "" >> $(CARGO_CONFIG)
	echo "[net]" >> $(CARGO_CONFIG)
	echo "git-fetch-with-cli = true" >> $(CARGO_CONFIG)

	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-disable-sid-2210059.patch
	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/suricata/suricata-5.0.8-fix-level1-cache-line-size-detection.patch
	cd $(DIR_APP) && CC=clang LDFLAGS="$(LDFLAGS)" ./configure \
		--prefix=/usr \
		--sysconfdir=/etc \
		--localstatedir=/var \
		--enable-ebpf \
		--enable-ebpf-build \
		--enable-gccprotect \
		--disable-gccmarch-native \
		--enable-non-bundled-htp \
		--enable-nfqueue \
		--disable-static \
		--disable-python \
		--with-libjansson-libraries=/usr/lib \
		--with-libjansson-includes=/usr/include \
		--disable-suricata-update \
		--enable-rust

	cd $(DIR_APP) && PATH="$(CARGO_HOME)/bin:$(PATH)" make $(MAKETUNING)
	cd $(DIR_APP) && make install
	cd $(DIR_APP) && make install-conf

	# Copy suricata bpf program to /usr/lib/bpf
	cd $(DIR_APP) && cp -f ebpf/xdp_filter.bpf /usr/lib/bpf/

	# Remove default suricata config file
	rm -rvf /etc/suricata/suricata.yaml

	# Install IPFire related config file
	install -m 0644 $(DIR_SRC)/config/suricata/suricata.yaml /etc/suricata
	install -m 0644 $(DIR_SRC)/config/suricata/suricata-xdp.yaml /etc/suricata

	# Create empty rules directory
	-mkdir -p /var/lib/suricata

	# Create empty cache directory
	-mkdir -p /var/cache/suricata

	# Move config files for references, threshold, and classification
	rm -rfv /etc/suricata/*.config

	# Set correct ownership for the classification config file
	chown nobody:nobody /usr/share/suricata/classification.config

	# Create empty threshold config file
	touch /usr/share/suricata/threshold.config
	chown nobody:nobody /usr/share/suricata/threshold.config

	# Set correct ownership for /var/lib/suricata
	chown -R nobody:nobody /var/lib/suricata

	# Set correct ownership for cache directory
	chown nobody:nobody /var/cache/suricata

	# Create logging directory
	-mkdir -p /var/log/suricata
	chown suricata:suricata /var/log/suricata

	# Install converter script
	install -m 0755 $(DIR_SRC)/config/suricata/convert-ids-backend-files /usr/sbin/convert-ids-backend-files

	@rm -rf $(DIR_APP)
	@$(POSTBUILD)