name: builds on: push: paths-ignore: # Don't run this workflow if only files under doc/ have been # modified. - "doc/**" pull_request: workflow_dispatch: inputs: LIBHTP_REPO: LIBHTP_BRANCH: SU_REPO: SU_BRANCH: SV_REPO: SV_BRANCH: concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: read-all env: DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" # Apt sometimes likes to ask for user input, this will prevent that. DEBIAN_FRONTEND: "noninteractive" # A recent version of stable Rust that is known to pass build, test and other # verification steps in this workflow. This was added because using "stable" # could cause some steps to fail. RUST_VERSION_KNOWN: "1.80.0" jobs: prepare-deps: name: Prepare dependencies uses: ./.github/workflows/prepare-deps.yml prepare-cbindgen: name: Prepare cbindgen runs-on: ubuntu-latest steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo key: ${{ github.job }}-cargo - name: Installing Rust run: | curl https://sh.rustup.rs -sSf | sh -s -- -y echo "$HOME/.cargo/bin" >> $GITHUB_PATH rustup target add x86_64-unknown-linux-musl - name: Building static cbindgen for Linux run: | cargo install --target x86_64-unknown-linux-musl --debug cbindgen cp $HOME/.cargo/bin/cbindgen . - name: Uploading prep archive uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 with: name: cbindgen path: . almalinux-9: name: AlmaLinux 9 runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cargo-vendor \ cbindgen \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel # These packages required to build the PDF. dnf -y install \ texlive-latex \ texlive-cmap \ texlive-collection-latexrecommended \ texlive-fncychap \ texlive-titlesec \ texlive-tabulary \ texlive-framed \ texlive-wrapfig \ texlive-upquote \ texlive-capt-of \ texlive-needspace - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: ./.github/actions/install-cbindgen # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Configuring run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings - run: make -j ${{ env.CPUS }} distcheck env: DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" MAKEFLAGS: "-j ${{ env.CPUS }}" - run: test -e doc/userguide/suricata.1 - name: Checking includes run: | cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py - name: Building Rust documentation run: make doc working-directory: rust - run: make install install-conf - run: suricatasc -h - run: suricata-update -V - name: Check if Suricata-Update example configuration files are installed run: | test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml - name: Test capture plugin working-directory: examples/plugins/ci-capture run: | make ../../../src/suricata -S /dev/null --set plugins.0=./capture.so --capture-plugin=ci-capture --runmode=single -l . -c ../../../suricata.yaml cat eve.json | jq -c 'select(.dns)' test $(cat eve.json | jq -c 'select(.dns)' | wc -l) = "1" - name: Test library build in tree working-directory: examples/lib/simple run: make clean all - name: Test plugin build in tree working-directory: examples/plugins/c-json-filetype run: make clean all - name: Build example C custom logger plugin working-directory: examples/plugins/c-custom-loggers run: make clean all - name: Install Suricata and library run: make install install-headers install-library - name: Test library build out of tree working-directory: examples/lib/simple run: PATH=/usr/local/bin:$PATH make -f Makefile.example clean all - name: Cleaning source directory for standalone plugin test. run: make clean - name: Test plugin against installed headers working-directory: examples/plugins/c-json-filetype run: | # First use sed to pretend we are q user following our # directions for building a standalone plugin. sed -i 's/^#LIBSURICATA_CONFIG/LIBSURICATA_CONFIG/' Makefile sed -i 's/^#CPPFLAGS/CPPFLAGS/' Makefile sed -i 's/^CPPFLAGS.*HAVE_CONFIG_H//' Makefile # And build. PATH=/usr/local/bin:$PATH make clean all almalinux-9-templates: name: AlmaLinux 9 Test Templates runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf # TODO: Find some variable that matches the job name. key: almalinux-9-templates-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cbindgen \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ sudo \ which \ zlib-devel - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: rustup component add rustfmt - run: rustup component add clippy - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: ./.github/actions/install-cbindgen # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - name: Build run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure make -j ${{ env.CPUS }} - run: ./scripts/setup-app-layer.py --parser --logger --detect FooBar payload - run: make -j ${{ env.CPUS }} - run: ./src/suricata --list-app-layer-protos | grep foobar - name: Verify rustfmt run: rustfmt -v --check src/applayerfoobar/*.rs working-directory: rust - name: Verify clippy run: cargo clippy --all-features working-directory: rust almalinux-9-non-bundled-libhtp: name: AlmaLinux 9 Non-Bundled LibHTP runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps, ubuntu-22-04-dist] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cargo-vendor \ cbindgen \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel - name: Download suricata.tar.gz uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: dist - run: tar xf suricata-*.tar.gz --strip-components=1 - run: cd libhtp && ./configure --prefix=/usr/local - run: cd libhtp && make -j ${{ env.CPUS }} - run: cd libhtp && make install - run: PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include --with-libhtp-libraries=/usr/local/lib rpms: name: Build RPMs runs-on: ubuntu-latest container: ${{ matrix.container }} needs: [ubuntu-22-04-dist] strategy: fail-fast: false matrix: container: - almalinux:9 - fedora:40 steps: - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Install packages run: | if test -e /etc/almalinux-release; then dnf -y install \ epel-release \ git \ make \ rpm-build \ rpmdevtools \ dnf-plugins-core dnf config-manager --set-enabled crb elif test -e /etc/fedora-release; then dnf -y install \ git \ make \ rpm-build \ rpmdevtools else echo "ERROR: Unsupported distribution for RPM building" exit 1 fi - name: Download Suricata distribution archive uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: dist - run: git clone https://github.com/jasonish/suricata-rpms - run: make update-release update-sources working-directory: suricata-rpms/devel - run: dnf -y install $(rpmspec -q --buildrequires ./suricata.spec) working-directory: suricata-rpms/devel - run: mv suricata-*.tar.gz suricata-rpms/devel - run: make srpm working-directory: suricata-rpms/devel - run: make local working-directory: suricata-rpms/devel # We need a step for each RPM upload as we can't use the # container name directly in an artifact, as artifacts can't # have ':' in the name. - if: matrix.container == 'fedora:40' uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 name: Uploading RPMs with: name: rpms-fedora-40 path: suricata-rpms/devel/rpms - if: matrix.container == 'almalinux:9' uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 name: Uploading RPMs with: name: rpms-epel-9 path: suricata-rpms/devel/rpms almalinux-8: name: AlmaLinux 8 runs-on: ubuntu-latest container: almalinux:8 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | yum -y install dnf-plugins-core yum config-manager --set-enabled powertools yum -y install \ autoconf \ automake \ cargo-vendor \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: ./.github/actions/install-cbindgen # Prebuild check for duplicate SIDs - name: Check for duplicate SIDs run: | dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ') if [[ "${dups}" != "" ]]; then echo "::error::Duplicate SIDs found:${dups}" exit 1 fi # Download and extract dependency archives created during prep # job. - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - run: tar xvf prep/suricata-verify.tar.gz - uses: ./.github/actions/install-cbindgen - name: Configuring run: | ./autogen.sh CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j ${{ env.CPUS }} check - name: Checking includes run: | cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py - run: make install - run: suricatasc -h - run: suricata-update -V centos-stream9: name: CentOS Stream 9 runs-on: ubuntu-latest container: quay.io/centos/centos:stream9 needs: [prepare-deps, ubuntu-22-04-dist] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ cargo-vendor \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ jq \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel - name: Download suricata.tar.gz uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 - name: ./configure run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j ${{ env.CPUS }} - run: make install - run: make install-conf - run: suricatasc -h - run: suricata-update -V - name: Check if Suricata-Update example configuration files are installed run: | test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/suricata-verify.tar.gz - run: python3 ./suricata-verify/run.py -q --debug-failed - run: suricata-update -V - run: suricatasc -h # Test build after clean. - run: make clean - run: make -j ${{ env.CPUS }} fedora-41-sv-codecov: name: Fedora 41 (Suricata Verify codecov) runs-on: ubuntu-latest container: fedora:41 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cbindgen \ ccache \ clang \ curl \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ llvm-devel \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel # packaged Rust version has no profiler support built in, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.83 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: ./.github/actions/install-cbindgen - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-warnings --disable-shared env: CC: "clang" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: make -j ${{ env.CPUS }} env: CC: "clang" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed - run: llvm-profdata merge -o default.profdata $(find suricata-verify/tests/ -name '*.profraw') - run: llvm-cov show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 with: fail_ci_if_error: false flags: suricata-verify # Fedora 41 build using Clang. fedora-41-clang: name: Fedora 41 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:41 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libxdp-devel \ libbpf-devel \ libtool \ lz4-devel \ make \ parallel \ pcre2-devel \ pkgconfig \ python \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: ./.github/actions/install-cbindgen - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow" ./configure --disable-shared - run: make check - run: make distclean - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # Now install and make sure headers and libraries aren't # installed until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Check compilation against systemd - run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null # Fedora 39 build using GCC. fedora-41-gcc: name: Fedora 41 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:41 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: ./.github/actions/install-cbindgen - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # Now install and make sure headers and libraries aren't # installed until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Fedora 40 build using Clang. fedora-40-clang: name: Fedora 40 (clang, debug, asan, wshadow, rust-strict, systemd) runs-on: ubuntu-latest container: fedora:40 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libxdp-devel \ libbpf-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: ./.github/actions/install-cbindgen - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # Check compilation against systemd - run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null # Fedora 40 build using GCC. fedora-40-gcc: name: Fedora 40 (gcc, debug, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:40 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: ./.github/actions/install-cbindgen - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test ! -e /usr/local/lib/libsuricata.so - run: make install - run: suricata-update -V - run: suricatasc -h # This job builds and tests Suricata as a non-root user as some # issues only show up when not running as root, and by default all # jobs in GitHub actions are run as root inside the container. fedora-40-non-root: name: Fedora 40 (non-root, debug, clang, asan, wshadow, rust-strict) runs-on: ubuntu-latest container: fedora:40 needs: [prepare-deps, prepare-cbindgen] steps: - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ ccache \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ hiredis-devel \ jansson-devel \ jq \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - run: adduser suricata - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: ./.github/actions/install-cbindgen - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: mkdir /home/suricata/suricata - run: cp -a . /home/suricata/suricata - run: chown -R suricata:suricata /home/suricata - run: sudo -u suricata -s ./autogen.sh working-directory: /home/suricata/suricata - run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue working-directory: /home/suricata/suricata env: ac_cv_func_realloc_0_nonnull: "yes" ac_cv_func_malloc_0_nonnull: "yes" LDFLAGS: "-fsanitize=address" CC: "clang" CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" - run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" make -j ${{ env.CPUS }} working-directory: /home/suricata/suricata - run: sudo -u suricata -s make check working-directory: /home/suricata/suricata - run: sudo -u suricata -s python3 ./suricata-verify/run.py -q --debug-failed working-directory: /home/suricata/suricata # Test that ./configure fails out of libjansson is not available. almalinux-9-no-jansson: name: AlmaLinux 9 (no jansson) runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enable crb dnf -y install \ autoconf \ automake \ cargo \ cbindgen \ clang \ diffutils \ file-devel \ gcc \ gcc-c++ \ git \ libasan \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-yaml \ sudo \ which \ zlib-devel - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: | if ./configure; then echo "error: configure should have failed" exit 1 else exit 0 fi almalinux-9-minimal-recommended-dependecies: name: AlmaLinux 9 (Minimal/Recommended Build) runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install git dependencies run: | dnf -y install \ sudo \ git \ libtool \ which - name: Install Almalinux 9 extra repositories run : | dnf -y update dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - uses: ./.github/actions/install-cbindgen - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 - name: Install minimal dependencies run: ./scripts/docs-almalinux9-minimal-build.sh - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j ${{ env.CPUS }} - run: ./src/suricata --build-info # check if we can run Suricata ubuntu-24-04: name: Ubuntu 24.04 (cocci) runs-on: ubuntu-latest container: ubuntu:24.04 needs: [prepare-deps] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ autoconf \ automake \ build-essential \ cargo \ cbindgen \ clang-14 \ coccinelle \ dpdk-dev \ git \ jq \ libcap-ng-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libhiredis-dev \ libhyperscan-dev \ libjansson-dev \ libmagic-dev \ libnet1-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libpcap-dev \ libpcre2-dev \ libpython3.12 \ libtool \ libyaml-dev \ llvm-14-dev \ make \ parallel \ python-is-python3 \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: ./autogen.sh - run: ./configure --enable-unittests --enable-coccinelle - run: make -j ${{ env.CPUS }} - run: CONCURRENCY_LEVEL=${{ env.CPUS }} make check - run: python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: make install-headers - run: make install-library ubuntu-22-04-cov-ut: name: Ubuntu 22.04 (unittests coverage) runs-on: ubuntu-latest container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ clang-14 \ curl \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libhyperscan-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ llvm-14-dev \ make \ parallel \ python3-yaml \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags \ curl \ dpdk-dev # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: ./configure --enable-warnings --disable-shared --enable-unittests env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: make -j ${{ env.CPUS }} env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" - run: ./src/suricata -u -l /tmp/ env: LLVM_PROFILE_FILE: "/tmp/ut.profraw" - run: llvm-profdata-14 merge -o ut.profdata /tmp/ut.profraw - run: ./src/suricata --list-runmodes -l /tmp env: LLVM_PROFILE_FILE: "/tmp/listrunmodes.profraw" - run: llvm-profdata-14 merge -o listrunmodes.profdata /tmp/listrunmodes.profraw - run: ./src/suricata --list-keywords -l /tmp env: LLVM_PROFILE_FILE: "/tmp/lk.profraw" - run: llvm-profdata-14 merge -o lk.profdata /tmp/lk.profraw - run: ./src/suricata --list-app-layer-protos -l /tmp env: LLVM_PROFILE_FILE: "/tmp/la.profraw" - run: llvm-profdata-14 merge -o la.profdata /tmp/la.profraw - run: ./src/suricata --dump-features -c suricata.yaml -l /tmp env: LLVM_PROFILE_FILE: "/tmp/dumpfeatures.profraw" - run: llvm-profdata-14 merge -o dumpfeatures.profdata /tmp/dumpfeatures.profraw - run: ./src/suricata --dump-config -c suricata.yaml -l /tmp env: LLVM_PROFILE_FILE: "/tmp/dumpconfig.profraw" - run: llvm-profdata-14 merge -o dumpconfig.profdata /tmp/dumpconfig.profraw - run: llvm-cov-14 show ./src/suricata -instr-profile=ut.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - run: | cd rust cargo test --no-run cd .. env: RUSTFLAGS: "-C instrument-coverage" CARGO_INCREMENTAL: 0 - run: | $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') env: LLVM_PROFILE_FILE: "/tmp/ct.profraw" CARGO_INCREMENTAL: 0 - run: llvm-profdata-14 merge -o ct.profdata /tmp/ct.profraw - run: llvm-cov-14 show $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt - run: | cd libhtp make test cd .. env: LLVM_PROFILE_FILE: "/tmp/htp-test.profraw" - run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw - run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 with: fail_ci_if_error: false flags: unittests ubuntu-22-04-cov-pcapunix: name: Ubuntu 22.04 (unix socket mode coverage) runs-on: ubuntu-latest container: image: ubuntu:22.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-14-dev \ clang-14 \ git \ jq \ inetutils-ping \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget # specific version to match up to the llvm version in ubuntu below - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-verify.tar.gz - uses: ./.github/actions/install-cbindgen - name: Fix kernel mmap rnd bits # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with # high-entropy ASLR in much newer kernels that GitHub runners are # using leading to random crashes: https://github.com/actions/runner-images/issues/9491 run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --with-gnu-ld --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" - run: | ./qa/unix.sh "suricata-verify/" env: LLVM_PROFILE_FILE: "/tmp/unix.profraw" - run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') - run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 with: fail_ci_if_error: false flags: pcap ubuntu-22-04-cov-afpdpdk: name: Ubuntu 22.04 (afpacket and dpdk coverage) runs-on: ubuntu-latest container: image: ubuntu:22.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-14-dev \ clang-14 \ git \ jq \ inetutils-ping \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget \ dpdk-dev # specific version to match up to the llvm version in ubuntu below - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - name: Fix kernel mmap rnd bits # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with # high-entropy ASLR in much newer kernels that GitHub runners are # using leading to random crashes: https://github.com/actions/runner-images/issues/9491 run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --with-gnu-ld --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" # IDS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" env: LLVM_PROFILE_FILE: "/tmp/dpdk-ids.profraw" # IPS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" env: LLVM_PROFILE_FILE: "/tmp/dpdk-ips.profraw" # AF_PACKET tests - run: | ./.github/workflows/live/afp-ids.sh "2" "autofp" env: LLVM_PROFILE_FILE: "/tmp/afp2-ids-autofp.profraw" - run: | ./.github/workflows/live/afp-ids.sh "2" "workers" env: LLVM_PROFILE_FILE: "/tmp/afp2-ids-workers.profraw" - run: | ./.github/workflows/live/afp-ids.sh "3" "autofp" env: LLVM_PROFILE_FILE: "/tmp/afp3-ids-autofp.profraw" - run: | ./.github/workflows/live/afp-ids.sh "3" "workers" env: LLVM_PROFILE_FILE: "/tmp/afp3-ids-workers.profraw" # PCAP - run: | ./.github/workflows/live/pcap.sh "autofp" env: LLVM_PROFILE_FILE: "/tmp/pcap-autofp.profraw" - run: | ./.github/workflows/live/pcap.sh "single" env: LLVM_PROFILE_FILE: "/tmp/pcap-single.profraw" - run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') - run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 with: fail_ci_if_error: false flags: livemode ubuntu-24-04-pcap-unix: name: Ubuntu 24.04 (pcap unix socket ASAN) runs-on: ubuntu-latest container: image: ubuntu:24.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-18-dev \ cargo \ cbindgen \ clang-18 \ git \ jq \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget \ dpdk-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Fix kernel mmap rnd bits run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: CC: "clang-18" CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: CC: "clang-18" - run: | ./qa/unix.sh "suricata-verify/" ubuntu-24-04-asan-afpdpdk: name: Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) runs-on: ubuntu-latest container: image: ubuntu:24.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-18-dev \ cargo \ cbindgen \ clang-18 \ git \ jq \ inetutils-ping \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget \ dpdk-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: Fix kernel mmap rnd bits run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc env: CC: "clang-18" CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: CC: "clang-18" # IDS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" # IPS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" # AF_PACKET tests - run: | ./.github/workflows/live/afp-ids.sh "2" "autofp" - run: | ./.github/workflows/live/afp-ids.sh "2" "workers" - run: | ./.github/workflows/live/afp-ids.sh "3" "autofp" - run: | ./.github/workflows/live/afp-ids.sh "3" "workers" - run: | ./.github/workflows/live/pcap.sh "autofp" - run: | ./.github/workflows/live/pcap.sh "single" ubuntu-22-04-cov-fuzz: name: Ubuntu 22.04 (fuzz corpus coverage) runs-on: ubuntu-latest container: image: ubuntu:22.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ llvm-14-dev \ clang-14 \ git \ jq \ libc++-dev \ libc++abi-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags \ unzip \ curl \ time \ wget \ dpdk-dev # packaged Rust version is too old for coverage, so get from rustup - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - name: Fix kernel mmap rnd bits # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with # high-entropy ASLR in much newer kernels that GitHub runners are # using leading to random crashes: https://github.com/actions/runner-images/issues/9491 run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --enable-warnings --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect env: LIB_FUZZING_ENGINE: "fail_to_onefile_driver" CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror" CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} env: CC: "clang-14" CXX: "clang++-14" RUSTFLAGS: "-C instrument-coverage" - run: ./qa/run-ossfuzz-corpus.sh - run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') - run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt - name: Upload coverage to Codecov uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 with: fail_ci_if_error: false flags: fuzzcorpus ubuntu-20-04-ndebug: name: Ubuntu 20.04 (-DNDEBUG) runs-on: ubuntu-latest container: ubuntu:20.04 needs: [prepare-deps, prepare-cbindgen] steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ libpcre2-dev \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags \ dpdk-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-warnings --enable-unittests - run: make -j ${{ env.CPUS }} - run: make check - run: make dist - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # Now install and make sure headers and libraries aren't install # until requested. - run: make install - run: test ! -e /usr/local/lib/libsuricata_c.a - run: test ! -e /usr/local/include/suricata - run: make install-headers - run: test -e /usr/local/include/suricata/suricata.h - run: make install-library - run: test -e /usr/local/lib/libsuricata_c.a - run: test -e /usr/local/lib/libsuricata_rust.a - run: test -e /usr/local/bin/libsuricata-config - run: test -e /usr/local/lib/libsuricata.so - run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so) - run: suricata-update -V - run: suricatasc -h ubuntu-20-04-too-old-rust: name: Ubuntu 20.04 (unsupported rust) runs-on: ubuntu-latest container: ubuntu:20.04 needs: ubuntu-22-04-dist steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ build-essential \ curl \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ libpcre2-dev \ make \ python3-yaml \ software-properties-common \ zlib1g \ zlib1g-dev \ dpdk-dev - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: dist - run: tar zxvf suricata-*.tar.gz --strip-components=1 - run: | if ./configure; then echo "error: configure should have failed" exit 1 else exit 0 fi ubuntu-22-04-debug-validation: name: Ubuntu 22.04 (Debug Validation) runs-on: ubuntu-22.04 container: image: ubuntu:22.04 options: --privileged needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ sudo \ zlib1g \ zlib1g-dev \ exuberant-ctags - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - name: Fix kernel mmap rnd bits # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with # high-entropy ASLR in much newer kernels that GitHub runners are # using leading to random crashes: https://github.com/actions/runner-images/issues/9491 run: sudo sysctl vm.mmap_rnd_bits=28 - run: ./autogen.sh - run: ./configure --enable-warnings --enable-debug-validation env: CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" LDFLAGS: "-fsanitize=address" ac_cv_func_malloc_0_nonnull: "yes" ac_cv_func_realloc_0_nonnull: "yes" - run: make -j ${{ env.CPUS }} - run: make check - name: Extracting suricata-verify run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed # test build with afl and fuzztargets ubuntu-22-04-fuzz: name: Ubuntu 22.04 (Fuzz) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ afl \ afl-clang \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libpython2.7 \ make \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-warnings --enable-fuzztargets --disable-shared - run: AFL_HARDEN=1 make -j ${{ env.CPUS }} ubuntu-22-04-netmap-build: name: Ubuntu 22.04 (Netmap build) needs: [prepare-deps, prepare-cbindgen] runs-on: ubuntu-22.04 steps: - name: Restore Cache Netmap uses: actions/cache/restore@v4 id: netmap-cache with: path: netmap/ key: netmap-git # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | sudo apt update sudo apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install Netmap dependencies run: | sudo apt -y install \ build-essential \ git \ linux-headers-$(uname -r) - name: Checkout Netmap repository if: steps.netmap-cache.outputs.cache-hit != 'true' uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 with: repository: luigirizzo/netmap # gets cloned to $GITHUB_WORKSPACE/netmap/ path: netmap/ - name: Save Netmap Cache if: steps.netmap-cache.outputs.cache-hit != 'true' uses: actions/cache/save@v4 with: path: netmap/ key: netmap-git - name: Compile and install Netmap run: | cd $GITHUB_WORKSPACE/netmap/LINUX ./configure --no-drivers make -j ${{ env.CPUS }} sudo make install - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-netmap - run: make -j ${{ env.CPUS }} - run: ./src/suricata --build-info | grep -E "Netmap support:\s+yes" ubuntu-22-04-minimal-recommended-build: name: Ubuntu 22.04 (Minimal/Recommended Build) needs: [prepare-deps, prepare-cbindgen] runs-on: ubuntu-22.04 steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install git dependencies run: | sudo apt update sudo apt -y install \ git \ libtool - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: ./autogen.sh - name: Install minimal dependencies run: ./scripts/docs-ubuntu-debian-minimal-build.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j ${{ env.CPUS }} - run: ./src/suricata --build-info # check if we can run Suricata ubuntu-22-04-dpdk-build: name: Ubuntu 22.04 (DPDK Build) runs-on: ubuntu-22.04 container: ubuntu:22.04 needs: [ prepare-deps, prepare-cbindgen ] strategy: matrix: dpdk_version: [ 22.11.4, 21.11.6, 20.11.10, 19.11.14 ] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install dependencies run: | apt update apt -y install \ libpcre2-dev \ build-essential \ autoconf \ automake \ cargo \ git \ jq \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ libnfnetlink-dev \ libnfnetlink0 \ libhiredis-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ libpython2.7 \ make \ parallel \ python3-yaml \ rustc \ software-properties-common \ zlib1g \ zlib1g-dev \ exuberant-ctags - name: Install DPDK dependencies run: | apt update apt install -y \ curl \ build-essential \ libnuma-dev \ ninja-build \ meson \ python3-pip \ python3-pyelftools \ python3-setuptools \ python3-wheel - name: Compile and install DPDK run: | cd $HOME rm -rf dpdk_${{ matrix.dpdk_version }} find /usr/ -name 'librte_*.a' -delete mkdir -p dpdk_${{ matrix.dpdk_version }} && cd dpdk_${{ matrix.dpdk_version }} curl -fsLS https://fast.dpdk.org/rel/dpdk-${{ matrix.dpdk_version }}.tar.xz | tar -xJ --strip-components=1 rm -rf build/ meson setup -Dtests=false --prefix=/usr/ build ninja -C build ninja -C build install ldconfig cd $HOME - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-dpdk - run: make -j ${{ env.CPUS }} - run: make check # IDS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" # IPS config - run: | ./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" debian-12: name: Debian 12 runs-on: ubuntu-latest container: debian:12 needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: apt update - run: | apt -y install \ autoconf \ automake \ build-essential \ cmake \ curl \ dpdk-dev \ git \ jq \ make \ libpcre3 \ libpcre3-dbg \ libpcre3-dev \ libpcre2-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libmaxminddb-dev \ libjansson-dev \ libjansson4 \ libnuma-dev \ liblz4-dev \ libssl-dev \ liblzma-dev \ pkg-config \ python3 \ python3-yaml \ sphinx-doc \ sphinx-common \ texlive-latex-base \ texlive-fonts-recommended \ texlive-fonts-extra \ texlive-latex-extra \ zlib1g \ zlib1g-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: ./.github/actions/install-cbindgen - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests - run: make -j ${{ env.CPUS }} - run: make check # -j2 caused random failures during cargo vendor - run: make distcheck env: DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" - run: test -e doc/userguide/suricata.1 - run: test -e doc/userguide/userguide.pdf - name: Building Rust documentation run: make doc working-directory: rust - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V - run: suricatasc -h ubuntu-22-04-dist: name: Ubuntu 22.04 Dist Builder runs-on: ubuntu-latest container: ubuntu:22.04 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry # Setup apt package caching. - name: Setup apt package caching run: | echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >> /etc/apt/apt.conf.d/99cache echo 'APT::Keep-Downloaded-Packages "false";' >> /etc/apt/apt.conf.d/99cache rm -f /etc/apt/apt.conf.d/docker-clean - name: Cache apt downloads uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/apt/archives key: ${{ github.job }}-apt - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: apt update - run: | apt -y install \ autoconf \ automake \ build-essential \ cargo \ cmake \ curl \ git \ jq \ make \ libpcre3 \ libpcre3-dbg \ libpcre3-dev \ libpcre2-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libjansson4 \ liblz4-dev \ libssl-dev \ liblzma-dev \ pkg-config \ python3 \ python3-yaml \ rustc \ sphinx-doc \ sphinx-common \ texlive-latex-base \ texlive-fonts-recommended \ texlive-fonts-extra \ texlive-latex-extra \ zlib1g \ zlib1g-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make dist - run: test -e doc/userguide/suricata.1 - run: test -e doc/userguide/userguide.pdf - name: Preparing distribution run: | mkdir dist mv suricata-*.tar.gz dist - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 name: Uploading distribution with: name: dist path: dist debian-12-msrv: name: Debian 12 MSRV runs-on: ubuntu-latest container: debian:12 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: apt update - run: | apt -y install \ autoconf \ automake \ build-essential \ cmake \ curl \ dpdk-dev \ git \ jq \ make \ libpcre3 \ libpcre3-dbg \ libpcre3-dev \ libpcre2-dev \ libtool \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libmaxminddb-dev \ libjansson-dev \ libjansson4 \ libnuma-dev \ liblz4-dev \ libssl-dev \ liblzma-dev \ pkg-config \ python3 \ python3-yaml \ sphinx-doc \ sphinx-common \ texlive-latex-base \ texlive-fonts-recommended \ texlive-fonts-extra \ texlive-latex-extra \ zlib1g \ zlib1g-dev - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: ./.github/actions/install-cbindgen - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk - run: make -j ${{ env.CPUS }} - run: make check - name: Building Rust documentation run: make doc working-directory: rust - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V - run: suricatasc -h debian-11: name: Debian 11 (xdp) runs-on: ubuntu-latest container: debian:11 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git \ jq \ libpcre2-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libgeoip-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python3-yaml \ pkg-config \ sudo \ zlib1g \ zlib1g-dev \ clang \ libbpf-dev \ libelf-dev \ libxdp-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build - run: make -j ${{ env.CPUS }} - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V - run: suricatasc -h debian-10: name: Debian 10 runs-on: ubuntu-latest container: debian:10 needs: [prepare-deps, prepare-cbindgen] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - run: | apt update apt -y install \ automake \ autoconf \ build-essential \ ccache \ curl \ git \ jq \ libpcre2-dev \ libpcap-dev \ libnet1-dev \ libyaml-0-2 \ libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ libmagic-dev \ libjansson-dev \ libgeoip-dev \ libhiredis-dev \ libevent-dev \ libtool \ m4 \ make \ python3-yaml \ pkg-config \ sudo \ zlib1g \ zlib1g-dev \ clang \ libelf-dev - name: Install Rust run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - uses: ./.github/actions/install-cbindgen - run: ./autogen.sh - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets - run: make -j ${{ env.CPUS }} - run: make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V - run: suricatasc -h macos-latest: name: MacOS Latest runs-on: macos-latest needs: [prepare-deps] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - run: | brew install \ autoconf \ automake \ cbindgen \ curl \ hiredis \ jansson \ jq \ libmagic \ libnet \ libtool \ libyaml \ pcre2 \ pkg-config \ python \ rust \ xz - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - name: Downloading prep archive uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xvf prep/libhtp.tar.gz - run: tar xvf prep/suricata-update.tar.gz - name: Create Python virtual environment run: python3 -m venv ./testenv - name: Install PyYAML run: | . ./testenv/bin/activate pip install pyyaml - run: ./autogen.sh - run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --prefix="$HOME/.local/" - run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" make -j2 # somehow it gets included by some C++ stdlib header (case unsensitive) - run: rm libhtp/VERSION && make check - run: tar xf prep/suricata-verify.tar.gz - name: Running suricata-verify run: | . ./testenv/bin/activate python3 ./suricata-verify/run.py -q --debug-failed - run: make install - name: Check Suricata-Update run: | . ./testenv/bin/activate which suricata-update python3 $(which suricata-update) -V - run: suricatasc -h windows-msys2-mingw64-npcap: name: Windows MSYS2 MINGW64 (NPcap) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - name: Npcap DLL run: | curl -sL -O https://nmap.org/npcap/dist/npcap-1.00.exe 7z -y x -o/npcap-bin npcap-1.00.exe # hack: place dlls in cwd cp /npcap-bin/*.dll . - name: Npcap SDK run: | curl -sL -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip unzip npcap-sdk-1.06.zip -d /npcap cp /npcap/Lib/x64/* /usr/lib/ - run: tar xf prep/suricata-verify.tar.gz - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | ./src/suricata --build-info ./src/suricata -u -l /tmp/ # need cwd in path due to npcap dlls (see above) PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V windows-msys2-mingw64-libpcap: name: Windows MSYS2 MINGW64 (libpcap) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | ./src/suricata --build-info ./src/suricata -u -l /tmp/ python3 ./suricata-verify/run.py -q --debug-failed - run: make install - run: suricata-update -V windows-msys2-mingw64-windivert: name: Windows MSYS2 MINGW64 (WinDivert) runs-on: windows-latest needs: [prepare-deps] defaults: run: shell: msys2 {0} steps: - name: Cache ~/.cargo uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - uses: msys2/setup-msys2@v2 with: msystem: MINGW64 update: true install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap # hack: install our own cbindgen system wide as we can't get the # preinstalled one to be picked up by configure - name: cbindgen run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 - run: git config --global --add safe.directory /__w/suricata/suricata - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: prep path: prep - run: tar xf prep/libhtp.tar.gz - name: WinDivert run: | curl -sL -O https://github.com/basil00/Divert/releases/download/v1.4.3/WinDivert-1.4.3-A.zip unzip WinDivert-1.4.3-A.zip -d /windivert cp /windivert/WinDivert-1.4.3-A/x86_64/* /usr/lib/ # hack: place dlls in cwd cp /windivert/WinDivert-1.4.3-A/x86_64/*.dll . - name: Build run: | ./autogen.sh CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-gccprotect --disable-gccmarch-native --disable-shared --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64 make -j3 - name: Run run: | # need cwd in path due to dlls (see above) PATH="$PATH:$(pwd)" ./src/suricata --build-info - run: make install pf-ring: name: PF_RING runs-on: ubuntu-latest container: almalinux:9 needs: [prepare-deps, ubuntu-22-04-dist] steps: # Cache Rust stuff. - name: Cache cargo registry uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: ~/.cargo/registry key: cargo-registry - name: Cache RPMs uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 with: path: /var/cache/dnf key: ${{ github.job }}-dnf - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - name: Determine number of CPUs run: echo CPUS=$(nproc --all) >> $GITHUB_ENV - name: Install system packages run: | dnf -y install dnf-plugins-core epel-release dnf config-manager --set-enabled crb dnf -y install \ autoconf \ automake \ diffutils \ numactl-devel \ dpdk-devel \ file-devel \ gcc \ gcc-c++ \ git \ jansson-devel \ libtool \ libyaml-devel \ libnfnetlink-devel \ libnetfilter_queue-devel \ libnet-devel \ libcap-ng-devel \ libevent-devel \ libmaxminddb-devel \ libpcap-devel \ libtool \ lz4-devel \ make \ pcre2-devel \ pkgconfig \ python3-devel \ python3-sphinx \ python3-yaml \ rust-toolset \ sudo \ which \ zlib-devel - name: Install PF_RING run: | curl https://packages.ntop.org/centos-stable/ntop.repo > /etc/yum.repos.d/ntop.repo dnf install -y pfring - name: Download suricata.tar.gz uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 with: name: dist - run: tar xf suricata-*.tar.gz --strip-components=1 - run: ./configure --enable-pfring - run: make -j ${CPUS} - run: make install - run: test -e /usr/local/lib/suricata/pfring.so