Commit Graph

494 Commits (0bc21eec486075e5e83a29e21e0d0c51a5f07de5)

Author SHA1 Message Date
Philippe Antoine e0e91c9302 configure: add -Wshorten-64-to-32 to the flags
when configure is run with --enable-warnings

Ticket: 6186

Also add -Wimplicit-int-conversion to the flags

Both are not compatible with unit tests
1 month ago
Lukas Sismis 8817a959e8 threading: support thread autopinning and interface-specific affinity
Using the new configuration format, it is now possible to set CPU affinity
settings per interface.

The threading.autopin option has been added to automatically use CPUs from the
same NUMA node as the interface. The autopin option requires
hwloc-devel / hwloc-dev to be installed and --enable-hwloc flag in configure
script.

Ticket: 7036
2 months ago
Jason Ish f0eaebe3a6 rust: set MSRV to 1.75.0
This is the Rust version found on Ubuntu LTS releases as of today, and
is the oldest we need to support.

Ticket: #6573
2 months ago
Eric Leblond 2a2f38ff88 build: add compile-commands target
It generates a `compile_commands.json` suitable for clangd.
This is almost mandatory to have a command like this one for NixOs
users as tool like bear are not able to intercept correctly the
clang calls due to the usage of a wrapper.

Ticket: #7669
2 months ago
Jason Ish 8540627b4e examples: add simple c++ example
For now just used to make sure a C++ variation of our custom example
can build.
3 months ago
Jeff Lucovsky d1f78c3e18 gen/typo: Correct configure output grammar
Fixup the grammar for the Napatech option -- was "Enabled Napatech".
3 months ago
Jason Ish 87ce5ea8b5 configure: pickup pre-release versions from changelog
Pickup release versions like 8.0.0-beta1 and 8.0.0-rc1 from the
ChangeLog. This version is used in the generated documentation.
3 months ago
Jason Ish 8b2fafcfa2 version: start development towards 8.0.0-rc1 4 months ago
Shivani Bhardwaj c965c5687d release: 8.0.0-beta1; update changelog 4 months ago
Todd Mortimer 9c324b796e http: Use libhtp-rs.
Ticket: #2696

There are a lot of changes here, which are described below.

In general these changes are renaming constants to conform to the
libhtp-rs versions (which are generated by cbindgen); making all htp
types opaque and changing struct->member references to
htp_struct_member() function calls; and a handful of changes to offload
functionality onto libhtp-rs from suricata, such as URI normalization
and transaction cleanup.

Functions introduced to handle opaque htp_tx_t:
- tx->parsed_uri => htp_tx_parsed_uri(tx)
- tx->parsed_uri->path => htp_uri_path(htp_tx_parsed_uri(tx)
- tx->parsed_uri->hostname => htp_uri_hostname(htp_tx_parsed_uri(tx))
- htp_tx_get_user_data() => htp_tx_user_data(tx)
- htp_tx_is_http_2_upgrade(tx) convenience function introduced to detect response status 101
  and “Upgrade: h2c" header.

Functions introduced to handle opaque htp_tx_data_t:
- d->len => htp_tx_data_len()
- d->data => htp_tx_data_data()
- htp_tx_data_tx(data) function to get the htp_tx_t from the htp_tx_data_t
- htp_tx_data_is_empty(data) convenience function introduced to test if the data is empty.

Other changes:

Build libhtp-rs as a crate inside rust. Update autoconf to no longer
use libhtp as an external dependency. Remove HAVE_HTP feature defines
since they are no longer needed.

Make function arguments and return values const where possible

htp_tx_destroy(tx) will now free an incomplete transaction

htp_time_t replaced with standard struct timeval

Callbacks from libhtp now provide the htp_connp_t and the htp_tx_data_t
as separate arguments. This means the connection parser is no longer
fetched from the transaction inside callbacks.

SCHTPGenerateNormalizedUri() functionality moved inside libhtp-rs, which
now provides normalized URI values.
The normalized URI is available with accessor function: htp_tx_normalized_uri()
Configuration settings added to control the behaviour of the URI normalization:
- htp_config_set_normalized_uri_include_all()
- htp_config_set_plusspace_decode()
- htp_config_set_convert_lowercase()
- htp_config_set_double_decode_normalized_query()
- htp_config_set_double_decode_normalized_path()
- htp_config_set_backslash_convert_slashes()
- htp_config_set_bestfit_replacement_byte()
- htp_config_set_convert_lowercase()
- htp_config_set_nul_encoded_terminates()
- htp_config_set_nul_raw_terminates()
- htp_config_set_path_separators_compress()
- htp_config_set_path_separators_decode()
- htp_config_set_u_encoding_decode()
- htp_config_set_url_encoding_invalid_handling()
- htp_config_set_utf8_convert_bestfit()
- htp_config_set_normalized_uri_include_all()
- htp_config_set_plusspace_decode()
Constants related to configuring uri normalization:
- HTP_URL_DECODE_PRESERVE_PERCENT => HTP_URL_ENCODING_HANDLING_PRESERVE_PERCENT
- HTP_URL_DECODE_REMOVE_PERCENT => HTP_URL_ENCODING_HANDLING_REMOVE_PERCENT
- HTP_URL_DECODE_PROCESS_INVALID => HTP_URL_ENCODING_HANDLING_PROCESS_INVALID

htp_config_set_field_limits(soft_limit, hard_limit) changed to
htp_config_set_field_limit(limit) because libhtp didn't implement soft
limits.

libhtp logging API updated to provide HTP_LOG_CODE constants along with
the message. This eliminates the need to perform string matching on
message text to map log messages to HTTP_DECODER_EVENT values, and the
HTP_LOG_CODE values can be used directly. In support of this,
HTP_DECODER_EVENT values are mapped to their corresponding HTP_LOG_CODE
values.

New log events to describe additional anomalies:
HTP_LOG_CODE_REQUEST_TOO_MANY_LZMA_LAYERS
HTP_LOG_CODE_RESPONSE_TOO_MANY_LZMA_LAYERS
HTP_LOG_CODE_PROTOCOL_CONTAINS_EXTRA_DATA
HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_START
HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_END
HTP_LOG_CODE_SWITCHING_PROTO_WITH_CONTENT_LENGTH
HTP_LOG_CODE_DEFORMED_EOL
HTP_LOG_CODE_PARSER_STATE_ERROR
HTP_LOG_CODE_MISSING_OUTBOUND_TRANSACTION_DATA
HTP_LOG_CODE_MISSING_INBOUND_TRANSACTION_DATA
HTP_LOG_CODE_ZERO_LENGTH_DATA_CHUNKS
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_NO_PROTOCOL
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_INVALID_PROTOCOL
HTP_LOG_CODE_REQUEST_LINE_NO_PROTOCOL
HTP_LOG_CODE_RESPONSE_LINE_INVALID_PROTOCOL
HTP_LOG_CODE_RESPONSE_LINE_INVALID_RESPONSE_STATUS
HTP_LOG_CODE_RESPONSE_BODY_INTERNAL_ERROR
HTP_LOG_CODE_REQUEST_BODY_DATA_CALLBACK_ERROR
HTP_LOG_CODE_RESPONSE_INVALID_EMPTY_NAME
HTP_LOG_CODE_REQUEST_INVALID_EMPTY_NAME
HTP_LOG_CODE_RESPONSE_INVALID_LWS_AFTER_NAME
HTP_LOG_CODE_RESPONSE_HEADER_NAME_NOT_TOKEN
HTP_LOG_CODE_REQUEST_INVALID_LWS_AFTER_NAME
HTP_LOG_CODE_LZMA_DECOMPRESSION_DISABLED
HTP_LOG_CODE_CONNECTION_ALREADY_OPEN
HTP_LOG_CODE_COMPRESSION_BOMB_DOUBLE_LZMA
HTP_LOG_CODE_INVALID_CONTENT_ENCODING
HTP_LOG_CODE_INVALID_GAP
HTP_LOG_CODE_ERROR

The new htp_log API supports consuming log messages more easily than
walking a list and tracking the current offset. Internally, libhtp-rs
now provides log messages as a queue of htp_log_t, which means the
application can simply call htp_conn_next_log() to fetch the next log
message until the queue is empty. Once the application is done with a
log message, they can call htp_log_free() to dispose of it.

Functions supporting htp_log_t:
htp_conn_next_log(conn) - Get the next log message
htp_log_message(log) - To get the text of the message
htp_log_code(log) - To get the HTP_LOG_CODE value
htp_log_free(log) - To free the htp_log_t
4 months ago
Jason Ish 4b715a84cf examples: rename lib capture example to custom
To keep the simple example simple, move the lib based capture method
example to its own example.

Ticket: #7240
4 months ago
Alfredo Cardigliano dfd9ef5784 ndpi: initial implementation of nDPI plugin
Ticket: #7231
4 months ago
Lukas Sismis 59c3b8912b util-mpm: prepare MPM codebase for ruleset caching 4 months ago
Jason Ish 51f7b5924d af-packet: remove build conditional for tpacket-v3
All kernels on supported distrubtions should now support tpacket-v3,
so only enable af-packet if v2 and v3 are available.
4 months ago
Victor Julien 559e4ce062 pcap: skip pcap-config if pkgconfig in use 4 months ago
Victor Julien 0f13908b72 contrib: remove suri-graphite
Built for py2.

Remove now empty contrib dir.

Ticket: #6888.
5 months ago
Victor Julien 1c386e64ce contrib: remove file_processor
Has been developed for a now obsolete file log format.

Ticket: #6888.
5 months ago
Jason Ish 8fa347410e suricatactl: rust version of suricatactl 5 months ago
Jason Ish 8115669602 suricatasc: a Rust implementation of suricatasc
This is a re-implementation of suricatasc program in Rust that
attempts to be a 100% drop-in replacement.
5 months ago
Jason Ish 6fc617c652 build: use expanded localstatedir for #define
Use the expanded form of localstatedir in autoconf.h instead of the
unexpanded one, the difference being:

    #define LOCAL_STATE_DIR "${prefix}/var"

and

    #define LOCAL_STATE_DIR "/usr/local/var"

assuming default ./configure arguments.

Fixes commit b6a610df26.
5 months ago
Jason Ish 8f22e55678 rust/sys: stub in suricata-sys crate for Rust bindings to C
Follow Rust convention of using a "sys" crate for bindings to C
functions. The bindings don't exist yet, but will be generated by
bindgen and put into this crate.

Ticket: #7341
5 months ago
Jason Ish 19debb7382 configure: check for existence of bindgen
Require a minimum version of 0.66.0.

Ticket: #7341
5 months ago
Jason Ish c861685e28 configure: require minimum version of cbindgen to be 0.20.0
0.10.0 doesn't work anymore. In some combinations 0.20.0 doesn't work
either, however it does work in our CI jobs.
5 months ago
Victor Julien f81e8f02c1 includes: explicitly check for and include mm_malloc.h
Helps code analyzers.
5 months ago
Victor Julien b6a610df26 build: pass LOCAL_STATE_DIR through autoconf.h
Helps tooling like cppcheck, clang-tidy.
5 months ago
Nancy Enos 2d13df6872 configure: Remove obsolete rust support line
Ticket: #6705
8 months ago
Jeff Lucovsky 88451b400d configure: fail on --enable-napatech and --disable-shared
Issue: 7165

Plugins can't be build using the standard autoconf/automake
methods. We can get around this by creating our own Makefiles, but
they're often less portable.

For now, fail during ./configure instead of during compile.
9 months ago
Jeff Lucovsky 792f5e1d57 napatech: load plugin by default
Issue: 7165
9 months ago
Jeff Lucovsky d5feb8accc napatech: add as plugin
Issue: 7165
9 months ago
Liam Wilson 592d860434 configure: clear cached header value
Unset ac_cv_header_hs_h before checking for header. This allows
hyperscan to be included in compilation when switching from a non-hs
build to a hs build.
10 months ago
Philippe Antoine bb714c9178 http: have a headers limit
Ticket: 7191

So as to avoid quadratic complexity in libhtp.
Make the limit configurable from suricata.yaml,
and have an event when network traffic goes over the limit.
10 months ago
Jason Ish cdcb395142 examples: add custom logging plugin
Add an example custom logger that hooks into the low level packet and
flow logging callbacks.

Ticket: #7227
11 months ago
Victor Julien cff82f16b3 pcap-file: limit setvbuf to linux
As it fails to work correctly on FreeBSD and OpenBSD.

On FreeBSD, these are the errors:

Info: pcap: Pcap-file will use 4096 buffer size [PcapFileGlobalInit:source-pcap-file.c:159]
Error: pcap: failed to get first packet timestamp. pcap_next_ex(): -2 [PeekFirstPacketTimestamp:source-pcap-file-helper.c:186]
Warning: pcap: Failed to init pcap file input.pcap, skipping [ReceivePcapFileThreadInit:source-pcap-file.c:299]
Error: pcap: pcap file reader thread failed to initialize [ReceivePcapFileLoop:source-pcap-file.c:185]
11 months ago
Victor Julien 7b730c2e68 pcap-file: improve setvbuf implementation
Make optional through `pcap-file.buffer-size` config option.

Make sure to check through configure.

Ticket: #7155.
11 months ago
Victor Julien 058ad87089 rust: set MSRV to 1.67.1
This is needed for updating the ``time`` crate.
12 months ago
Philippe Antoine eff7b52327 build: Wimplicit-int-float-conversion checked with --enable-warnings
When configure is used with --enable-warnings, we try to add most
warning flags that should pass.
This commits adds the warning Wimplicit-int-float-conversion
1 year ago
Jason Ish 4d0e09c6b2 configure: fail on --enable-pfring and --disable-shared
Plugins can't be build using the standard autoconf/automake
methods. We can get around this by creating our own Makefiles, but
they're often less portable.

For now, fail during ./configure instead of during compile.
1 year ago
Jason Ish 155501f250 pf-ring: load plugin by default
Ticket: #7162
1 year ago
Jason Ish 79df4b4c89 pf-ring: add as plugin
Ticket: #7162
1 year ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords
detect: make number of keywords dynamic

Ticket: 4683
1 year ago
Philippe Antoine 1c0514c16a dpdk: simplify and fix build 1 year ago
Philippe Antoine 358bc05fa1 ci: fix and test with Wunused-macros
Ticket: 6937

Completes ce9bfba76a
1 year ago
Jason Ish 2e440169d6 lua: remove lua as a compile time feature
Its always built-in. However, can be disabled at runtime.
1 year ago
Jason Ish 1fd2c1a379 rust/lua: remove lua_int8 feature
Now that we're fixed to Lua 5.4, the integer size is always 8.
1 year ago
Jason Ish bc011f2205 lua: use rust crate to vendor (bundle) lua
Remove lua-dev(el) from all CI tests.
1 year ago
Jo Johnson d5c6c3a21c lua: build lua by default
Ticket: #4776

[Edits by Jason Ish]
- Add Lua in CI where needed
- Disable Lua for builds that don't have Lua 5.4
1 year ago
Jo Johnson 712496bb3f lua: Remove luajit support
lua 5.4 support is not available in luajit

Ticket: #4776
1 year ago
Jo Johnson 586c92d9d5 lua: require lua 5.4
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4.

Ticket: #4776
1 year ago
Philippe Antoine ce9bfba76a ci: fix and test with Wunused-macros
Ticket: 6937
1 year ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
1 year ago