aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lua: Remove luajit support

Browse Source 
lua 5.4 support is not available in luajit

Ticket: #4776
pull/11165/head
Jo Johnson 1 year ago committed by Jason Ish
parent 586c92d9d5
commit 712496bb3f
11 changed files with 5 additions and 339 deletions
Show Stats Download Patch File Download Diff File

81
configure.ac
Unescape Escape View File

@ -1880,23 +1880,8 @@
# liblua
AC_ARG_ENABLE(lua,
AS_HELP_STRING([--enable-lua],[Enable Lua support]),
[ enable_lua="$enableval"],
[ enable_lua="no"])
AC_ARG_ENABLE(luajit,
AS_HELP_STRING([--enable-luajit],[Enable Luajit support]),
[ enable_luajit="$enableval"],
[ enable_luajit="no"])
if test "$enable_lua" = "yes"; then
if test "$enable_luajit" = "yes"; then
echo "ERROR: can't enable liblua and luajit at the same time."
echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)"
echo "support, use just --enable-lua."
echo "Both options will enable the Lua scripting capabilities"
echo "in Suricata".
echo
exit 1
fi
fi
[ enable_lua="$enableval"],
[ enable_lua="no"])
AC_ARG_WITH(liblua_includes,
[ --with-liblua-includes=DIR liblua include directory],
@ -1982,67 +1967,6 @@
fi
fi
# libluajit
AC_ARG_WITH(libluajit_includes,
[ --with-libluajit-includes=DIR libluajit include directory],
[with_libluajit_includes="$withval"],[with_libluajit_includes="no"])
AC_ARG_WITH(libluajit_libraries,
[ --with-libluajit-libraries=DIR libluajit library directory],
[with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"])
if test "$enable_luajit" = "yes"; then
if test "$with_libluajit_includes" != "no"; then
CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no")
CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}"
fi
AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no")
if test "$LUAJIT" = "yes"; then
if test "$with_libluajit_libraries" != "no"; then
LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}"
else
PKG_CHECK_MODULES([LUAJIT], [luajit])
LIBS="${LIBS} ${LUAJIT_LIBS}"
fi
AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no")
if test "$LUAJIT" = "no"; then
echo
echo " ERROR! libluajit library not found, go get it"
echo " from http://luajit.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install libluajit-5.1-dev"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-libluajit-libraries configure option."
echo
exit 1
fi
AC_DEFINE([HAVE_LUA],[1],[lua support available])
AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available])
enable_lua="yes, through luajit"
enable_luajit="yes"
else
echo
echo " ERROR! libluajit headers not found, go get them"
echo " from http://luajit.org/index.html or your distribution:"
echo
echo " Ubuntu: apt-get install libluajit-5.1-dev"
echo
echo " If you installed software in a non-standard prefix"
echo " consider adjusting the PKG_CONFIG_PATH environment variable"
echo " or use --with-libluajit-includes and --with-libluajit-libraries"
echo " configure option."
echo
exit 1
fi
fi
AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"])
# If Lua is enabled, test the integer size.
@ -2695,7 +2619,6 @@ SURICATA_BUILD_CONF="Suricata Configuration:
hiredis async with libevent: ${enable_hiredis_async}
PCRE jit: ${pcre2_jit_available}
LUA support: ${enable_lua}
libluajit: ${enable_luajit}
GeoIP2 support: ${enable_geoip}
JA3 support: ${enable_ja3}
JA4 support: ${enable_ja4}

18
doc/userguide/configuration/suricata-yaml.rst
Unescape Escape View File

@ -2759,24 +2759,6 @@ to display the diagnostic message if a signal unexpectedly terminates Suricata -
# message with the offending stacktrace if enabled.
#stacktrace-on-signal: on
luajit
~~~~~~
states
^^^^^^
Luajit has a strange memory requirement, it's 'states' need to be in the
first 2G of the process' memory. For this reason when luajit is used the
states are allocated at the process startup. This option controls how many
states are preallocated.
If the pool is depleted a warning is generated. Suricata will still try to
continue, but may fail if other parts of the engine take too much memory.
If the pool was depleted a hint will be printed at the engines exit.
States are allocated as follows: for each detect script a state is used per
detect thread. For each output script, a single state is used. Keep in
mind that a rule reload temporary doubles the states requirement.
.. _deprecation policy: https://suricata.io/about/deprecation-policy/

2
doc/userguide/rules/differences-from-snort.rst
Unescape Escape View File

@ -525,7 +525,7 @@ File Extraction
Lua Scripting
-------------
- Suricata has the ``lua`` (or ``luajit``) keyword which allows for a
- Suricata has the ``lua`` keyword which allows for a
rule to reference a Lua script that can access the packet, payload,
HTTP buffers, etc.
- Provides powerful flexibility and capabilities that Snort does

2
src/Makefile.am
Unescape Escape View File

@ -562,7 +562,6 @@ noinst_HEADERS = \
util-lua-hassh.h \
util-lua-http.h \
util-lua-ja3.h \
util-luajit.h \
util-lua-smtp.h \
util-lua-ssh.h \
util-lua-tls.h \
@ -1156,7 +1155,6 @@ libsuricata_c_a_SOURCES = \
util-lua-hassh.c \
util-lua-http.c \
util-lua-ja3.c \
util-luajit.c \
util-lua-smtp.c \
util-lua-ssh.c \
util-lua-tls.c \

2
src/detect-lua.c
Unescape Escape View File

@ -2423,4 +2423,4 @@ void DetectLuaRegisterTests(void)
UtRegisterTest("LuaMatchTest06a", LuaMatchTest06a);
}
#endif
#endif /* HAVE_LUAJIT */
#endif /* HAVE_LUA */

11
src/runmode-unittests.c
Unescape Escape View File

@ -102,7 +102,6 @@
#include "util-streaming-buffer.h"
#include "util-lua.h"
#include "util-luajit.h"
#include "tm-modules.h"
#include "tmqh-packetpool.h"
#include "decode-chdlc.h"
@ -235,12 +234,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
GlobalsInitPreConfig();
EngineModeSetIDS();
#ifdef HAVE_LUAJIT
if (LuajitSetupStatesPool() != 0) {
exit(EXIT_FAILURE);
}
#endif
default_packet_size = DEFAULT_PACKET_SIZE;
/* load the pattern matchers */
MpmTableSetup();
@ -292,10 +285,6 @@ void RunUnittests(int list_unittests, const char *regex_arg)
}
}
#ifdef HAVE_LUAJIT
LuajitFreeStatesPool();
#endif
exit(EXIT_SUCCESS);
#else
FatalError("Unittests are not build-in");

15
src/suricata.c
Unescape Escape View File

@ -126,7 +126,6 @@
#include "util-hugepages.h"
#include "util-ioctl.h"
#include "util-landlock.h"
#include "util-luajit.h"
#include "util-macset.h"
#include "util-misc.h"
#include "util-mpm-hs.h"
@ -415,9 +414,7 @@ void GlobalsDestroy(void)
#endif
ConfDeInit();
#ifdef HAVE_LUAJIT
LuajitFreeStatesPool();
#endif
DetectParseFreeRegexes();
SCPidfileRemove(suri->pid_filename);
@ -751,9 +748,6 @@ static void PrintBuildInfo(void)
#endif
#ifdef HAVE_JA4
strlcat(features, "HAVE_JA4 ", sizeof(features));
#endif
#ifdef HAVE_LUAJIT
strlcat(features, "HAVE_LUAJIT ", sizeof(features));
#endif
strlcat(features, "HAVE_LIBJANSSON ", sizeof(features));
#ifdef PROFILING
@ -2637,13 +2631,6 @@ static void SetupUserMode(SCInstance *suri)
*/
int PostConfLoadedSetup(SCInstance *suri)
{
/* do this as early as possible #1577 #1955 */
#ifdef HAVE_LUAJIT
if (LuajitSetupStatesPool() != 0) {
SCReturnInt(TM_ECODE_FAILED);
}
#endif
/* load the pattern matchers */
MpmTableSetup();
SpmTableSetup();

9
src/util-lua.c
Unescape Escape View File

@ -34,7 +34,6 @@
#include "util-print.h"
#include "util-unittest.h"
#include "util-luajit.h"
#include "util-debug.h"
@ -59,11 +58,7 @@
lua_State *LuaGetState(void)
{
lua_State *s = NULL;
#ifdef HAVE_LUAJIT
s = LuajitGetState();
#else
s = luaL_newstate();
#endif
return s;
}
@ -74,11 +69,7 @@ void LuaReturnState(lua_State *s)
while (lua_gettop(s) > 0) {
lua_pop(s, 1);
}
#ifdef HAVE_LUAJIT
LuajitReturnState(s);
#else
lua_close(s);
#endif
}
}

157
src/util-luajit.c
Unescape Escape View File

@ -1,157 +0,0 @@
/* Copyright (C) 2007-2016 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*
*/
#include "suricata-common.h"
#ifdef HAVE_LUAJIT
#include "conf.h"
#include "util-pool.h"
#include "util-lua.h"
#include "util-luajit.h"
/** \brief lua_State pool
*
* Lua requires states to be alloc'd in memory <2GB. For this reason we
* prealloc the states early during engine startup so we have a better chance
* of getting the states. We protect the pool with a lock as the detect
* threads access it during their init and cleanup.
*
* Pool size is automagically determined based on number of keyword occurrences,
* cpus/cores and rule reloads being enabled or not.
*
* Alternatively, the "detect-engine.luajit-states" var can be set.
*/
static Pool *luajit_states = NULL;
static pthread_mutex_t luajit_states_lock = SCMUTEX_INITIALIZER;
static int luajit_states_cnt = 0;
static int luajit_states_cnt_max = 0;
static int luajit_states_size = 0;
#define LUAJIT_DEFAULT_STATES 128
static void *LuaStatePoolAlloc(void)
{
return luaL_newstate();
}
static void LuaStatePoolFree(void *d)
{
lua_State *s = (lua_State *)d;
if (s != NULL)
lua_close(s);
}
/** \brief Populate lua states pool
*
* \param num keyword instances
* \param reloads bool indicating we have rule reloads enabled
*/
int LuajitSetupStatesPool(void)
{
int retval = 0;
pthread_mutex_lock(&luajit_states_lock);
if (luajit_states == NULL) {
intmax_t cnt = 0;
if (ConfGetInt("luajit.states", &cnt) != 1) {
ConfNode *denode = NULL;
ConfNode *decnf = ConfGetNode("detect-engine");
if (decnf != NULL) {
TAILQ_FOREACH(denode, &decnf->head, next) {
if (denode->val && strcmp(denode->val, "luajit-states") == 0) {
ConfGetChildValueInt(denode, "luajit-states", &cnt);
}
}
}
}
if (cnt == 0) {
cnt = LUAJIT_DEFAULT_STATES;
}
luajit_states_size = cnt;
luajit_states = PoolInit(0, cnt, 0, LuaStatePoolAlloc, NULL, NULL, NULL, LuaStatePoolFree);
if (luajit_states == NULL) {
SCLogError("luastate pool init failed, lua/luajit keywords won't work");
retval = -1;
}
if (retval == 0) {
SCLogConfig("luajit states preallocated: %d", luajit_states_size);
}
}
pthread_mutex_unlock(&luajit_states_lock);
return retval;
}
void LuajitFreeStatesPool(void)
{
pthread_mutex_lock(&luajit_states_lock);
if (luajit_states_cnt_max > luajit_states_size) {
SCLogNotice("luajit states used %d is bigger than pool size %d. Set "
"luajit.states to %d to avoid memory issues. "
"See tickets #1577 and #1955.",
luajit_states_cnt_max, luajit_states_size, luajit_states_cnt_max);
}
PoolFree(luajit_states);
luajit_states = NULL;
luajit_states_size = 0;
luajit_states_cnt = 0;
pthread_mutex_unlock(&luajit_states_lock);
}
lua_State *LuajitGetState(void)
{
lua_State *s = NULL;
pthread_mutex_lock(&luajit_states_lock);
if (luajit_states != NULL) {
s = (lua_State *)PoolGet(luajit_states);
if (s != NULL) {
if (luajit_states_cnt == luajit_states_size) {
SCLogWarning("luajit states pool size %d "
"reached. Increase luajit.states config option. "
"See tickets #1577 and #1955",
luajit_states_size);
}
luajit_states_cnt++;
if (luajit_states_cnt > luajit_states_cnt_max)
luajit_states_cnt_max = luajit_states_cnt;
}
}
pthread_mutex_unlock(&luajit_states_lock);
return s;
}
void LuajitReturnState(lua_State *s)
{
if (s != NULL) {
pthread_mutex_lock(&luajit_states_lock);
PoolReturn(luajit_states, (void *)s);
BUG_ON(luajit_states_cnt <= 0);
luajit_states_cnt--;
pthread_mutex_unlock(&luajit_states_lock);
}
}
#endif /* HAVE_LUAJIT */

38
src/util-luajit.h
Unescape Escape View File

@ -1,38 +0,0 @@
/* Copyright (C) 2007-2016 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
* Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* version 2 along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
* 02110-1301, USA.
*/
/**
* \file
*
* \author Victor Julien <victor@inliniac.net>
*/
#ifndef SURICATA_UTIL_LUAJIT_H
#define SURICATA_UTIL_LUAJIT_H
#ifdef HAVE_LUAJIT
#include "util-lua.h"
int LuajitSetupStatesPool(void);
void LuajitFreeStatesPool(void);
lua_State *LuajitGetState(void);
void LuajitReturnState(lua_State *s);
#endif /* HAVE_LUAJIT */
#endif /* SURICATA_UTIL_LUAJIT_H */

9
suricata.yaml.in
Unescape Escape View File

@ -1792,15 +1792,6 @@ threading:
# Generally, the per-thread stack-size should not exceed 8MB.
#stack-size: 8mb
# Luajit has a strange memory requirement, its 'states' need to be in the
# first 2G of the process' memory.
#
# 'luajit.states' is used to control how many states are preallocated.
# State use: per detect script: 1 per detect thread. Per output script: 1 per
# script.
luajit:
states: 128
# Profiling settings. Only effective if Suricata has been built with
# the --enable-profiling configure flag.
#

Write Preview
Loading…
Cancel
Save