diff --git a/configure.ac b/configure.ac index c6b38efc25..b458718ffb 100644 --- a/configure.ac +++ b/configure.ac @@ -1880,23 +1880,8 @@ # liblua AC_ARG_ENABLE(lua, AS_HELP_STRING([--enable-lua],[Enable Lua support]), - [ enable_lua="$enableval"], - [ enable_lua="no"]) - AC_ARG_ENABLE(luajit, - AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), - [ enable_luajit="$enableval"], - [ enable_luajit="no"]) - if test "$enable_lua" = "yes"; then - if test "$enable_luajit" = "yes"; then - echo "ERROR: can't enable liblua and luajit at the same time." - echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)" - echo "support, use just --enable-lua." - echo "Both options will enable the Lua scripting capabilities" - echo "in Suricata". - echo - exit 1 - fi - fi + [ enable_lua="$enableval"], + [ enable_lua="no"]) AC_ARG_WITH(liblua_includes, [ --with-liblua-includes=DIR liblua include directory], @@ -1982,67 +1967,6 @@ fi fi - # libluajit - AC_ARG_WITH(libluajit_includes, - [ --with-libluajit-includes=DIR libluajit include directory], - [with_libluajit_includes="$withval"],[with_libluajit_includes="no"]) - AC_ARG_WITH(libluajit_libraries, - [ --with-libluajit-libraries=DIR libluajit library directory], - [with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"]) - - if test "$enable_luajit" = "yes"; then - if test "$with_libluajit_includes" != "no"; then - CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}" - else - PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no") - CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}" - fi - - AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no") - if test "$LUAJIT" = "yes"; then - if test "$with_libluajit_libraries" != "no"; then - LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}" - else - PKG_CHECK_MODULES([LUAJIT], [luajit]) - LIBS="${LIBS} ${LUAJIT_LIBS}" - fi - - AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no") - - if test "$LUAJIT" = "no"; then - echo - echo " ERROR! libluajit library not found, go get it" - echo " from http://luajit.org/index.html or your distribution:" - echo - echo " Ubuntu: apt-get install libluajit-5.1-dev" - echo - echo " If you installed software in a non-standard prefix" - echo " consider adjusting the PKG_CONFIG_PATH environment variable" - echo " or use --with-libluajit-libraries configure option." - echo - exit 1 - fi - - AC_DEFINE([HAVE_LUA],[1],[lua support available]) - AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available]) - enable_lua="yes, through luajit" - enable_luajit="yes" - else - echo - echo " ERROR! libluajit headers not found, go get them" - echo " from http://luajit.org/index.html or your distribution:" - echo - echo " Ubuntu: apt-get install libluajit-5.1-dev" - echo - echo " If you installed software in a non-standard prefix" - echo " consider adjusting the PKG_CONFIG_PATH environment variable" - echo " or use --with-libluajit-includes and --with-libluajit-libraries" - echo " configure option." - echo - exit 1 - fi - fi - AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"]) # If Lua is enabled, test the integer size. @@ -2695,7 +2619,6 @@ SURICATA_BUILD_CONF="Suricata Configuration: hiredis async with libevent: ${enable_hiredis_async} PCRE jit: ${pcre2_jit_available} LUA support: ${enable_lua} - libluajit: ${enable_luajit} GeoIP2 support: ${enable_geoip} JA3 support: ${enable_ja3} JA4 support: ${enable_ja4} diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index 75fdcd041b..0d075ea3c9 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -2759,24 +2759,6 @@ to display the diagnostic message if a signal unexpectedly terminates Suricata - # message with the offending stacktrace if enabled. #stacktrace-on-signal: on -luajit -~~~~~~ - -states -^^^^^^ - -Luajit has a strange memory requirement, it's 'states' need to be in the -first 2G of the process' memory. For this reason when luajit is used the -states are allocated at the process startup. This option controls how many -states are preallocated. - -If the pool is depleted a warning is generated. Suricata will still try to -continue, but may fail if other parts of the engine take too much memory. -If the pool was depleted a hint will be printed at the engines exit. - -States are allocated as follows: for each detect script a state is used per -detect thread. For each output script, a single state is used. Keep in -mind that a rule reload temporary doubles the states requirement. .. _deprecation policy: https://suricata.io/about/deprecation-policy/ diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst index a32966c428..07adbafbab 100644 --- a/doc/userguide/rules/differences-from-snort.rst +++ b/doc/userguide/rules/differences-from-snort.rst @@ -525,7 +525,7 @@ File Extraction Lua Scripting ------------- -- Suricata has the ``lua`` (or ``luajit``) keyword which allows for a +- Suricata has the ``lua`` keyword which allows for a rule to reference a Lua script that can access the packet, payload, HTTP buffers, etc. - Provides powerful flexibility and capabilities that Snort does diff --git a/src/Makefile.am b/src/Makefile.am index ee4c320906..65ebc02166 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -562,7 +562,6 @@ noinst_HEADERS = \ util-lua-hassh.h \ util-lua-http.h \ util-lua-ja3.h \ - util-luajit.h \ util-lua-smtp.h \ util-lua-ssh.h \ util-lua-tls.h \ @@ -1156,7 +1155,6 @@ libsuricata_c_a_SOURCES = \ util-lua-hassh.c \ util-lua-http.c \ util-lua-ja3.c \ - util-luajit.c \ util-lua-smtp.c \ util-lua-ssh.c \ util-lua-tls.c \ diff --git a/src/detect-lua.c b/src/detect-lua.c index 889d57f489..a6d334537d 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -2423,4 +2423,4 @@ void DetectLuaRegisterTests(void) UtRegisterTest("LuaMatchTest06a", LuaMatchTest06a); } #endif -#endif /* HAVE_LUAJIT */ +#endif /* HAVE_LUA */ diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 30d2021bfc..ec33efe975 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -102,7 +102,6 @@ #include "util-streaming-buffer.h" #include "util-lua.h" -#include "util-luajit.h" #include "tm-modules.h" #include "tmqh-packetpool.h" #include "decode-chdlc.h" @@ -235,12 +234,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) GlobalsInitPreConfig(); EngineModeSetIDS(); -#ifdef HAVE_LUAJIT - if (LuajitSetupStatesPool() != 0) { - exit(EXIT_FAILURE); - } -#endif - default_packet_size = DEFAULT_PACKET_SIZE; /* load the pattern matchers */ MpmTableSetup(); @@ -292,10 +285,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) } } -#ifdef HAVE_LUAJIT - LuajitFreeStatesPool(); -#endif - exit(EXIT_SUCCESS); #else FatalError("Unittests are not build-in"); diff --git a/src/suricata.c b/src/suricata.c index 6d316771f9..e29a3a0177 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -126,7 +126,6 @@ #include "util-hugepages.h" #include "util-ioctl.h" #include "util-landlock.h" -#include "util-luajit.h" #include "util-macset.h" #include "util-misc.h" #include "util-mpm-hs.h" @@ -415,9 +414,7 @@ void GlobalsDestroy(void) #endif ConfDeInit(); -#ifdef HAVE_LUAJIT - LuajitFreeStatesPool(); -#endif + DetectParseFreeRegexes(); SCPidfileRemove(suri->pid_filename); @@ -751,9 +748,6 @@ static void PrintBuildInfo(void) #endif #ifdef HAVE_JA4 strlcat(features, "HAVE_JA4 ", sizeof(features)); -#endif -#ifdef HAVE_LUAJIT - strlcat(features, "HAVE_LUAJIT ", sizeof(features)); #endif strlcat(features, "HAVE_LIBJANSSON ", sizeof(features)); #ifdef PROFILING @@ -2637,13 +2631,6 @@ static void SetupUserMode(SCInstance *suri) */ int PostConfLoadedSetup(SCInstance *suri) { - /* do this as early as possible #1577 #1955 */ -#ifdef HAVE_LUAJIT - if (LuajitSetupStatesPool() != 0) { - SCReturnInt(TM_ECODE_FAILED); - } -#endif - /* load the pattern matchers */ MpmTableSetup(); SpmTableSetup(); diff --git a/src/util-lua.c b/src/util-lua.c index 9e65c3017f..d903f44e39 100644 --- a/src/util-lua.c +++ b/src/util-lua.c @@ -34,7 +34,6 @@ #include "util-print.h" #include "util-unittest.h" -#include "util-luajit.h" #include "util-debug.h" @@ -59,11 +58,7 @@ lua_State *LuaGetState(void) { lua_State *s = NULL; -#ifdef HAVE_LUAJIT - s = LuajitGetState(); -#else s = luaL_newstate(); -#endif return s; } @@ -74,11 +69,7 @@ void LuaReturnState(lua_State *s) while (lua_gettop(s) > 0) { lua_pop(s, 1); } -#ifdef HAVE_LUAJIT - LuajitReturnState(s); -#else lua_close(s); -#endif } } diff --git a/src/util-luajit.c b/src/util-luajit.c deleted file mode 100644 index a089e139cf..0000000000 --- a/src/util-luajit.c +++ /dev/null @@ -1,157 +0,0 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - */ - -#include "suricata-common.h" - -#ifdef HAVE_LUAJIT -#include "conf.h" -#include "util-pool.h" -#include "util-lua.h" -#include "util-luajit.h" - -/** \brief lua_State pool - * - * Lua requires states to be alloc'd in memory <2GB. For this reason we - * prealloc the states early during engine startup so we have a better chance - * of getting the states. We protect the pool with a lock as the detect - * threads access it during their init and cleanup. - * - * Pool size is automagically determined based on number of keyword occurrences, - * cpus/cores and rule reloads being enabled or not. - * - * Alternatively, the "detect-engine.luajit-states" var can be set. - */ -static Pool *luajit_states = NULL; -static pthread_mutex_t luajit_states_lock = SCMUTEX_INITIALIZER; -static int luajit_states_cnt = 0; -static int luajit_states_cnt_max = 0; -static int luajit_states_size = 0; -#define LUAJIT_DEFAULT_STATES 128 - -static void *LuaStatePoolAlloc(void) -{ - return luaL_newstate(); -} - -static void LuaStatePoolFree(void *d) -{ - lua_State *s = (lua_State *)d; - if (s != NULL) - lua_close(s); -} - -/** \brief Populate lua states pool - * - * \param num keyword instances - * \param reloads bool indicating we have rule reloads enabled - */ -int LuajitSetupStatesPool(void) -{ - int retval = 0; - pthread_mutex_lock(&luajit_states_lock); - - if (luajit_states == NULL) { - intmax_t cnt = 0; - if (ConfGetInt("luajit.states", &cnt) != 1) { - ConfNode *denode = NULL; - ConfNode *decnf = ConfGetNode("detect-engine"); - if (decnf != NULL) { - TAILQ_FOREACH(denode, &decnf->head, next) { - if (denode->val && strcmp(denode->val, "luajit-states") == 0) { - ConfGetChildValueInt(denode, "luajit-states", &cnt); - } - } - } - } - if (cnt == 0) { - cnt = LUAJIT_DEFAULT_STATES; - } - luajit_states_size = cnt; - - luajit_states = PoolInit(0, cnt, 0, LuaStatePoolAlloc, NULL, NULL, NULL, LuaStatePoolFree); - if (luajit_states == NULL) { - SCLogError("luastate pool init failed, lua/luajit keywords won't work"); - retval = -1; - } - - if (retval == 0) { - SCLogConfig("luajit states preallocated: %d", luajit_states_size); - } - } - - pthread_mutex_unlock(&luajit_states_lock); - return retval; -} - -void LuajitFreeStatesPool(void) -{ - pthread_mutex_lock(&luajit_states_lock); - if (luajit_states_cnt_max > luajit_states_size) { - SCLogNotice("luajit states used %d is bigger than pool size %d. Set " - "luajit.states to %d to avoid memory issues. " - "See tickets #1577 and #1955.", - luajit_states_cnt_max, luajit_states_size, luajit_states_cnt_max); - } - PoolFree(luajit_states); - luajit_states = NULL; - luajit_states_size = 0; - luajit_states_cnt = 0; - pthread_mutex_unlock(&luajit_states_lock); -} - -lua_State *LuajitGetState(void) -{ - lua_State *s = NULL; - pthread_mutex_lock(&luajit_states_lock); - if (luajit_states != NULL) { - s = (lua_State *)PoolGet(luajit_states); - if (s != NULL) { - if (luajit_states_cnt == luajit_states_size) { - SCLogWarning("luajit states pool size %d " - "reached. Increase luajit.states config option. " - "See tickets #1577 and #1955", - luajit_states_size); - } - - luajit_states_cnt++; - if (luajit_states_cnt > luajit_states_cnt_max) - luajit_states_cnt_max = luajit_states_cnt; - } - } - pthread_mutex_unlock(&luajit_states_lock); - return s; -} - -void LuajitReturnState(lua_State *s) -{ - if (s != NULL) { - pthread_mutex_lock(&luajit_states_lock); - PoolReturn(luajit_states, (void *)s); - BUG_ON(luajit_states_cnt <= 0); - luajit_states_cnt--; - pthread_mutex_unlock(&luajit_states_lock); - } -} - -#endif /* HAVE_LUAJIT */ diff --git a/src/util-luajit.h b/src/util-luajit.h deleted file mode 100644 index 83964f6fab..0000000000 --- a/src/util-luajit.h +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef SURICATA_UTIL_LUAJIT_H -#define SURICATA_UTIL_LUAJIT_H - -#ifdef HAVE_LUAJIT - -#include "util-lua.h" - -int LuajitSetupStatesPool(void); -void LuajitFreeStatesPool(void); -lua_State *LuajitGetState(void); -void LuajitReturnState(lua_State *s); - -#endif /* HAVE_LUAJIT */ - -#endif /* SURICATA_UTIL_LUAJIT_H */ diff --git a/suricata.yaml.in b/suricata.yaml.in index fe031b1152..79d936c0cc 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1792,15 +1792,6 @@ threading: # Generally, the per-thread stack-size should not exceed 8MB. #stack-size: 8mb -# Luajit has a strange memory requirement, its 'states' need to be in the -# first 2G of the process' memory. -# -# 'luajit.states' is used to control how many states are preallocated. -# State use: per detect script: 1 per detect thread. Per output script: 1 per -# script. -luajit: - states: 128 - # Profiling settings. Only effective if Suricata has been built with # the --enable-profiling configure flag. #