Commit Graph

380 Commits (5e2a33d08069cea8b4c2c7c2ff55973c0a258907)

Author SHA1 Message Date
Philippe Antoine 5bbe99188b ci: update rust version to 1.95 2 months ago
Philippe Antoine 891b17277e ci: check dist rules
So that we catch if we add a typo like
app-layer-event:snmp.version_mismatchZZZ;
2 months ago
dependabot[bot] 00b5c2f579 github-actions: bump actions/upload-artifact from 7.0.0 to 7.0.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 7.0.0 to 7.0.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v7...v7.0.1)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2 months ago
Jason Ish cdb02a2779 rust/dns: rustfmt 2 months ago
Jason Ish f5bf76c0ee examples/plugins/rust: add a rust example plugin
Only demonstrates EVE callbacks for now, but I plan to turn this into a
show case of a variety of callbacks a Rust plugin can do as we add Rust
bindings to the ffi crate.
3 months ago
Jason Ish a11aaadd86 plugins: add --plugin command line option to load plugins
Add --plugin <PATH> to load an additional plugin from the command
line. This is more convenient than "--set plugins.X" especially when
you may already have a plugins loaded and you want to load an
additional one.

Ticket: 8463
3 months ago
Jason Ish ecffd6cd54 github-ci: deny warnings in clippy check
We currently have some clippy warnings in the ffi crate. They output to
to the terminal but clippy exits with a success code. Typically we want
to fix this, so deny warnings which will cause clippy to exit with an
error code, failing ci.
3 months ago
Jason Ish 70994426d3 github-ci: add --workspace to cargo clippy --fix
--fix doesn't appear to apply to all sub-crates unless --workspace is
provided.
3 months ago
dependabot[bot] bf6824cb49 github-actions: bump codecov/codecov-action from 5.5.2 to 6.0.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.2 to 6.0.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](671740ac38...57e3a136b7)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
3 months ago
dependabot[bot] 5ff0ed977c github-actions: bump actions/download-artifact from 8.0.0 to 8.0.1
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 8.0.0 to 8.0.1.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](70fc10c6e5...3e5f45b2cf)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
3 months ago
Victor Julien 49b1382a8b qa: add nfq based firewall test with live reload 3 months ago
Victor Julien 1c66eec656 qa: add script to test firewall bridge mode 3 months ago
Juliana Fajardini 6f0bb39aaa workflows: add qa-simulation mode
As build flag to (some of the) checks that run suricata-verify:
- AlmaLinux 10 (schema, plugins)
- CentOS Stream 9
- Fedora 43 (Suricata Verify codecov)
- Fedora 43 (clang, debug, asan, wshadow, rust-strict, systemd)
- Fedora 43 (gcc, debug, flto, asan, wshadow, rust-strict)
- Fedora (non-root, debug, clang, asan, wshadow, rust-strict, no-ja)
- Ubuntu 22.04 (Debug Validation)
- Debian 12 (xdp)
- Debian 13 (xdp)
- Debian 12 MSRV
- PF_RING

Related to
Ticket #7885
4 months ago
Juliana Fajardini 17cd814911 workflows: fix minor typo 4 months ago
Victor Julien bc4a055e73 github-ci: remove coveralls
Seems less reliable than codecov, so remove again.
4 months ago
Jason Ish 9cab99fbd3 rust: rust fmt derive crate 4 months ago
Jason Ish 468a13e052 log-cf-common: let mktime determine proper tz
In some timezones, LogCustomFormatTest01 was failing as we were
specifying the wrong setting for is_dst. Instead set it to -1 so mktime
can make the decision based on the environment. Appears to fix this test
for "Brazil/East" in the summer.

Add GitHub CI tests to test this specific test with a few different
timezones.
4 months ago
Jason Ish 551f6ded69 github-ci: update almalinux minimal build to use dist archive
Update the AlmaLinux recommended minimal build to use the pre built
distribution archive as this is the type of build the documentation is
targetting.
4 months ago
Jason Ish 87dba92bdd github-ci: update debian/ubuntu minimal build to use dist
Update the Ubuntu/Debian minimal recommended build to use the
pre-built dist archive instead of building from git, as that is the
type of build this documentation targets.

Also use the ubuntu:22.04 container. The GitHub provided Ubuntu 22.04
VM appears to contain some new additions like a newer Rust that is not
found on a typical Ubuntu 22.04 installation.
4 months ago
Jason Ish 46d666cdde github-ci: enable debug for ndpi, pfring and netmap builds 4 months ago
Victor Julien 2658a366ad qa: move live tests into qa/live dir
They are not github specific.
4 months ago
Jason Ish f711e57e8e examples/lib/live: a lib example with live capture
Simple libpcap example for live capture. Allows listening on multiple
interfaces to show how multiple threads (workers) can be used.

Ticket: #8096
4 months ago
Jason Ish 02e4399059 github-ci: add debug validation to almalinux 10 build
After the distcheck, this build doesn't need unittests, so add
debug-validation, as this can trigger assertions in our lib examples
that are tested in this job

This triggers a debug-validation error in the custom library example.

Ticket: #8259
4 months ago
Victor Julien 3068089762 github-ci: disable libmagic on macos
5.47 is currently breaking CI, so disable during investigation.

Related to ticket #8342.
4 months ago
Jason Ish 03f767a094 github-ci: re-enable rpm jobs 4 months ago
Victor Julien 33ddbc3244 github-ci: use --skip-branches in coverage consistently
Completes 02f6340972.
4 months ago
dependabot[bot] 8df4e10018 github-actions: bump actions/download-artifact from 7.0.0 to 8.0.0
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 7.0.0 to 8.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](37930b1c2a...70fc10c6e5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 months ago
dependabot[bot] cfde322f06 github-actions: bump actions/upload-artifact from 6.0.0 to 7.0.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v6...v7)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
4 months ago
Lukas Sismis d4434ef4e8 dpdk: add live run test suite
Add live tests to verify that mempool, mempool cache sizes, and
potentially other DPDK features are initialized correctly during the
startup.
Follows up on bugs found in mempool settings on real/bonded devices.

The tests are placed in the new folder qa/live/ after a comment
in https://github.com/OISF/suricata/pull/14896 which indicated other
live tests are going to be moved there as well.

Ticket: 8320
5 months ago
Victor Julien 02f6340972 github-ci: update cov builds
Use --skip-branches to avoid countless partial coverage in unittests.

Update from 22.04 to 24.04 and llvm 15 to 19 to support --skip-branches.
5 months ago
Jason Ish ccd1df99fd github-ci: add coveralls coverage uploads 5 months ago
Jason Ish accaf68615 github-ci: fix cov-ut profile file collision 5 months ago
Jason Ish 65e87949c8 github-ci: ignore /github from coverage output 5 months ago
Jason Ish 8c99759dfe github-ci: ignore /usr and /rustc in coverage 5 months ago
Jason Ish d3b6bae140 github-ci: upload lcov coverage artifacts 5 months ago
Victor Julien e991375b04 github-ci: for codecov netns check, account for cargo build dir
It's not in /root/ like with container based builds.
5 months ago
Jason Ish e6513b5117 codecov: upload lcov reports to codecov
Seems to fix our issues with codecov.io.
5 months ago
Jason Ish eab5931074 github-ci: merge rust.yml into existing builds.yml build
The Rust build in rust.yml was just an AlmaLinux 9 build with some extra
checks.  Instead, use an existing AlmaLinux 9 build in builds.yml, make
it use Rustup (there are other AlmaLinux 9 builds that use the RPM), and
add the checks.

Saves us one build in CI.
5 months ago
Victor Julien 571681bc29 github-ci: add namespace bond tests with multiple nets 5 months ago
Victor Julien a8cad83403 github-ci: add namespace af-packet bond test 5 months ago
dependabot[bot] 3a9682fd48 github-actions: bump actions/checkout from 6.0.1 to 6.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
Victor Julien 49783fa9f7 github-ci: add namespace based IPS tests
Implementing a bridge test with af-packet IPS and a routing test
with iptables + nfqueue.

Very helpful explanation and guidance on network namespaces can be
found here: https://www.redhat.com/en/blog/net-namespaces

Sets up 3 network namespaces:
1. client - for running client tools like ping, curl, wget
2. server - for running a server, currently only Caddy
3. dut - for running Suricata, this namespace connects the client and
   server namespaces

Validate IPS operations in 3 ways:
1. check return codes of the client tools
2. check Suricata's IPS stats
3. use tshark to validate expected drops

Run Suricata in AF_PACKET IPS mode for both autofp and workers mode. Do
the same for NFQUEUE.

Tshark's JSON output is used with JQ to validate that pings are dropped.

All tests are codecov enabled.
5 months ago
Philippe Antoine b944e3b1ed ci: update rust version to 1.93 6 months ago
dependabot[bot] a0c91aa9f0 github-actions: bump actions/upload-artifact from 5.0.0 to 6.0.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 2deb1d25c4 github-actions: bump actions/cache from 4 to 5
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 03ee55c99f github-actions: bump actions/checkout from 6.0.0 to 6.0.1
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 1f28880ba1 github-actions: bump codecov/codecov-action from 5.5.1 to 5.5.2
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.1 to 5.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](5a1091511a...671740ac38)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] b4ed2da8ff github-actions: bump actions/download-artifact from 6.0.0 to 7.0.0
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](018cc2cf5b...37930b1c2a)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
Victor Julien 984fc260c5 github-ci: update Fedora to 43 7 months ago
Ambre Iooss 3bcad5f364 windivert: upgrade to 2.0.0
WinDivert 2 was released in 2019. This introduced some minimal
changes to some functions arguments.

Bug: #8138.
7 months ago