Layer 2 IPS installation - issue compiling from source

Hi,

I’m trying to install Suricata in a layer 2 IPS configuration on Ubuntu 22.04 LTS but I’m running into a few different errors and have a few questions:

1. Is it possible to enable eBPF/XDP with the download at Download - Suricata ? When I try and run the following configuration, the command fails with error: “configure: error: unable to find any of needed to build ebpf files”

./configure --enable-nfqueue --prefix=/usr --sysconfdir=/etc --localstatedir=/var --enable-ebpf --enable-ebpf-build

2. I also tried cloning the git hub repo GitHub - OISF/suricata: Suricata git repository maintained by the OISF. When trying this method, the configuration command above works fine and eBPF and XDP support is both enabled:
   AF_PACKET support: yes
   DPDK support: no
   eBPF support: yes
   XDP support: yes
   PF_RING support: no
   NFQueue support: yes

However, make fails with the following error (it also fails just running “./configuration” with the same error):

make[2]: Entering directory '/root/suricata/src'
  CC       main.o
  CC       alert-debuglog.o
In file included from rust.h:27,
                 from output-file.h:29,
                 from output.h:40,
                 from alert-debuglog.c:47:
./../rust/gen/rust-bindings.h:4746:3: error: conflicting types for ‘AppLayerTxData’; have ‘struct <anonymous>’
 4746 | } AppLayerTxData;
      |   ^~~~~~~~~~~~~~
In file included from alert-debuglog.c:27:
detect.h:1300:31: note: previous declaration of ‘AppLayerTxData’ with type ‘AppLayerTxData’
 1300 | typedef struct AppLayerTxData AppLayerTxData;
      |                               ^~~~~~~~~~~~~~
make[2]: *** [Makefile:3465: alert-debuglog.o] Error 1
make[2]: Leaving directory '/root/suricata/src'
make[1]: *** [Makefile:2668: all] Error 2
make[1]: Leaving directory '/root/suricata/src'
make: *** [Makefile:491: all-recursive] Error 1

Rust info from the configuration command:
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.61.0
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.61.0

So far I’ve tried a few different source code versions on the /downloads page. They compile fine if I don’t use the “–enable-ebpf --enable-ebpf-build” options.

The github repo fails on the make command even if I exclude the ebpf options so I assume it’s probably something bad about my setup/ environment. I rolled back to “tags/suricata-6.0.6” and that gives the same “missing eBPF files” error as the /downloads page but I am able to compile that version with “./configuration” and make.

Any ideas would be much appreciated.

Thanks

What version of cbindgen do you have installed? I think we’ve seen similar build errors with older versions.

Thanks for the response, that seems to have worked.

I was using version 0.14.1 based on the docs here: 3. Installation — Suricata 7.0.0-dev documentation

cargo install --force --debug --version 0.14.1 cbindgen

I re-ran it with version 0.24.3 and now it’s working as expected.

Thanks for your help.

Recently, I met this exact problem, and also, the cbindgen version was too low(0.14.1), after I executed the upgrade command, cargo install --force --debug --version 0.24.3 cbindgen, problem solved.

I used Suricata Version 7.0.2 .