Skip to content

doc/userguide: document TCP urgent policy #13

doc/userguide: document TCP urgent policy

doc/userguide: document TCP urgent policy #13

Workflow file for this run

name: builds
on:
push:
paths-ignore:
# Don't run this workflow if only files under doc/ have been
# modified.
- "doc/**"
pull_request:
workflow_dispatch:
inputs:
LIBHTP_REPO:
LIBHTP_BRANCH:
SU_REPO:
SU_BRANCH:
SV_REPO:
SV_BRANCH:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions: read-all
env:
DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function"
# Apt sometimes likes to ask for user input, this will prevent that.
DEBIAN_FRONTEND: "noninteractive"
# A recent version of stable Rust that is known to pass build, test and other
# verification steps in this workflow. This was added because using "stable"
# could cause some steps to fail.
RUST_VERSION_KNOWN: "1.80.0"
jobs:
prepare-deps:
name: Prepare dependencies
uses: ./.github/workflows/prepare-deps.yml
prepare-cbindgen:
name: Prepare cbindgen
runs-on: ubuntu-latest
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Installing Rust
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
rustup target add x86_64-unknown-linux-musl
- name: Building static cbindgen for Linux
run: |
cargo install --target x86_64-unknown-linux-musl --debug cbindgen
cp $HOME/.cargo/bin/cbindgen .
- name: Uploading prep archive
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: cbindgen
path: .
almalinux-9:
name: AlmaLinux 9
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cargo-vendor \
cbindgen \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
# These packages required to build the PDF.
dnf -y install \
texlive-latex \
texlive-cmap \
texlive-collection-latexrecommended \
texlive-fncychap \
texlive-titlesec \
texlive-tabulary \
texlive-framed \
texlive-wrapfig \
texlive-upquote \
texlive-capt-of \
texlive-needspace
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: ./.github/actions/install-cbindgen
# Download and extract dependency archives created during prep
# job.
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: tar xvf prep/suricata-update.tar.gz
- run: tar xvf prep/suricata-verify.tar.gz
- name: Configuring
run: |
./autogen.sh
CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings
- run: make -j ${{ env.CPUS }} distcheck
env:
DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk"
MAKEFLAGS: "-j ${{ env.CPUS }}"
- run: test -e doc/userguide/suricata.1
- name: Checking includes
run: |
cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py
- name: Building Rust documentation
run: make doc
working-directory: rust
- run: make install install-conf
- run: suricatasc -h
- run: suricata-update -V
- name: Check if Suricata-Update example configuration files are installed
run: |
test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in
test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml
- name: Test capture plugin
working-directory: examples/plugins/ci-capture
run: |
make
../../../src/suricata -S /dev/null --set plugins.0=./capture.so --capture-plugin=ci-capture --runmode=single -l . -c ../../../suricata.yaml
cat eve.json | jq -c 'select(.dns)'
test $(cat eve.json | jq -c 'select(.dns)' | wc -l) = "1"
- name: Test library build in tree
working-directory: examples/lib/simple
run: make clean all
- name: Test plugin build in tree
working-directory: examples/plugins/c-json-filetype
run: make clean all
- name: Build example C custom logger plugin
working-directory: examples/plugins/c-custom-loggers
run: make clean all
- name: Install Suricata and library
run: make install install-headers install-library
- name: Test library build out of tree
working-directory: examples/lib/simple
run: PATH=/usr/local/bin:$PATH make -f Makefile.example clean all
- name: Cleaning source directory for standalone plugin test.
run: make clean
- name: Test plugin against installed headers
working-directory: examples/plugins/c-json-filetype
run: |
# First use sed to pretend we are q user following our
# directions for building a standalone plugin.
sed -i 's/^#LIBSURICATA_CONFIG/LIBSURICATA_CONFIG/' Makefile
sed -i 's/^#CPPFLAGS/CPPFLAGS/' Makefile
sed -i 's/^CPPFLAGS.*HAVE_CONFIG_H//' Makefile
# And build.
PATH=/usr/local/bin:$PATH make clean all
almalinux-9-templates:
name: AlmaLinux 9 Test Templates
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
# TODO: Find some variable that matches the job name.
key: almalinux-9-templates-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cbindgen \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
sudo \
which \
zlib-devel
- run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- run: rustup component add rustfmt
- run: rustup component add clippy
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: ./.github/actions/install-cbindgen
# Download and extract dependency archives created during prep
# job.
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: tar xvf prep/suricata-update.tar.gz
- run: tar xvf prep/suricata-verify.tar.gz
- name: Build
run: |
./autogen.sh
CFLAGS="${DEFAULT_CFLAGS}" ./configure
make -j ${{ env.CPUS }}
- run: ./scripts/setup-app-layer.py --parser --logger --detect FooBar payload
- run: make -j ${{ env.CPUS }}
- run: ./src/suricata --list-app-layer-protos | grep foobar
- name: Verify rustfmt
run: rustfmt -v --check src/applayerfoobar/*.rs
working-directory: rust
- name: Verify clippy
run: cargo clippy --all-features
working-directory: rust
almalinux-9-non-bundled-libhtp:
name: AlmaLinux 9 Non-Bundled LibHTP
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps, ubuntu-22-04-dist]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cargo-vendor \
cbindgen \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
- name: Download suricata.tar.gz
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist
- run: tar xf suricata-*.tar.gz --strip-components=1
- run: cd libhtp && ./configure --prefix=/usr/local
- run: cd libhtp && make -j ${{ env.CPUS }}
- run: cd libhtp && make install
- run: PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include --with-libhtp-libraries=/usr/local/lib
rpms:
name: Build RPMs
runs-on: ubuntu-latest
container: ${{ matrix.container }}
needs: [ubuntu-22-04-dist]
strategy:
fail-fast: false
matrix:
container:
- almalinux:9
- fedora:40
steps:
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Install packages
run: |
if test -e /etc/almalinux-release; then
dnf -y install \
epel-release \
git \
make \
rpm-build \
rpmdevtools \
dnf-plugins-core
dnf config-manager --set-enabled crb
elif test -e /etc/fedora-release; then
dnf -y install \
git \
make \
rpm-build \
rpmdevtools
else
echo "ERROR: Unsupported distribution for RPM building"
exit 1
fi
- name: Download Suricata distribution archive
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist
- run: git clone https://github.com/jasonish/suricata-rpms
- run: make update-release update-sources
working-directory: suricata-rpms/devel
- run: dnf -y install $(rpmspec -q --buildrequires ./suricata.spec)
working-directory: suricata-rpms/devel
- run: mv suricata-*.tar.gz suricata-rpms/devel
- run: make srpm
working-directory: suricata-rpms/devel
- run: make local
working-directory: suricata-rpms/devel
# We need a step for each RPM upload as we can't use the
# container name directly in an artifact, as artifacts can't
# have ':' in the name.
- if: matrix.container == 'fedora:40'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
name: Uploading RPMs
with:
name: rpms-fedora-40
path: suricata-rpms/devel/rpms
- if: matrix.container == 'almalinux:9'
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
name: Uploading RPMs
with:
name: rpms-epel-9
path: suricata-rpms/devel/rpms
almalinux-8:
name: AlmaLinux 8
runs-on: ubuntu-latest
container: almalinux:8
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
yum -y install dnf-plugins-core
yum config-manager --set-enabled powertools
yum -y install \
autoconf \
automake \
cargo-vendor \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: ./.github/actions/install-cbindgen
# Prebuild check for duplicate SIDs
- name: Check for duplicate SIDs
run: |
dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ')
if [[ "${dups}" != "" ]]; then
echo "::error::Duplicate SIDs found:${dups}"
exit 1
fi
# Download and extract dependency archives created during prep
# job.
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: tar xvf prep/suricata-update.tar.gz
- run: tar xvf prep/suricata-verify.tar.gz
- uses: ./.github/actions/install-cbindgen
- name: Configuring
run: |
./autogen.sh
CFLAGS="${DEFAULT_CFLAGS}" ./configure
- run: make -j ${{ env.CPUS }} check
- name: Checking includes
run: |
cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py
- run: make install
- run: suricatasc -h
- run: suricata-update -V
centos-stream9:
name: CentOS Stream 9
runs-on: ubuntu-latest
container: quay.io/centos/centos:stream9
needs: [prepare-deps, ubuntu-22-04-dist]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
cargo-vendor \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
jq \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
- name: Download suricata.tar.gz
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist
- run: tar zxvf suricata-*.tar.gz --strip-components=1
- name: ./configure
run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
- run: make -j ${{ env.CPUS }}
- run: make install
- run: make install-conf
- run: suricatasc -h
- run: suricata-update -V
- name: Check if Suricata-Update example configuration files are installed
run: |
test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf
test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in
test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/suricata-verify.tar.gz
- run: python3 ./suricata-verify/run.py -q --debug-failed
- run: suricata-update -V
- run: suricatasc -h
# Test build after clean.
- run: make clean
- run: make -j ${{ env.CPUS }}
fedora-39-sv-codecov:
name: Fedora 39 (Suricata Verify codecov)
runs-on: ubuntu-latest
container: fedora:39
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cbindgen \
ccache \
clang \
curl \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
llvm-devel \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
# packaged Rust version has no profiler support built in, so get from rustup
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/install-cbindgen
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-warnings --disable-shared
env:
CC: "clang"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
- run: llvm-profdata merge -o default.profdata $(find suricata-verify/tests/ -name '*.profraw')
- run: llvm-cov show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
- name: Upload coverage to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a
with:
fail_ci_if_error: false
flags: suricata-verify
# Fedora 39 build using Clang.
fedora-39-clang:
name: Fedora 39 (clang, debug, asan, wshadow, rust-strict, systemd)
runs-on: ubuntu-latest
container: fedora:39
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
ccache \
clang \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libxdp-devel \
libbpf-devel \
libtool \
lz4-devel \
make \
parallel \
pcre2-devel \
pkgconfig \
python \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/install-cbindgen
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow" ./configure --disable-shared
- run: make check
- run: make distclean
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
env:
LDFLAGS: "-fsanitize=address"
ac_cv_func_realloc_0_nonnull: "yes"
ac_cv_func_malloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# Now install and make sure headers and libraries aren't
# installed until requested.
- run: make install
- run: test ! -e /usr/local/lib/libsuricata_c.a
- run: test ! -e /usr/local/include/suricata
- run: make install-headers
- run: test -e /usr/local/include/suricata/suricata.h
- run: make install-library
- run: test -e /usr/local/lib/libsuricata_c.a
- run: test -e /usr/local/lib/libsuricata_rust.a
- run: test -e /usr/local/bin/libsuricata-config
- run: test ! -e /usr/local/lib/libsuricata.so
- run: make install
- run: suricata-update -V
- run: suricatasc -h
# Check compilation against systemd
- run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null
# Fedora 39 build using GCC.
fedora-39-gcc:
name: Fedora 39 (gcc, debug, asan, wshadow, rust-strict)
runs-on: ubuntu-latest
container: fedora:39
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
ccache \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: ./.github/actions/install-cbindgen
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
env:
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
LDFLAGS: "-fsanitize=address"
ac_cv_func_realloc_0_nonnull: "yes"
ac_cv_func_malloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# Now install and make sure headers and libraries aren't
# installed until requested.
- run: make install
- run: test ! -e /usr/local/lib/libsuricata_c.a
- run: test ! -e /usr/local/include/suricata
- run: make install-headers
- run: test -e /usr/local/include/suricata/suricata.h
- run: make install-library
- run: test -e /usr/local/lib/libsuricata_c.a
- run: test -e /usr/local/lib/libsuricata_rust.a
- run: test -e /usr/local/bin/libsuricata-config
- run: test ! -e /usr/local/lib/libsuricata.so
- run: make install
- run: suricata-update -V
- run: suricatasc -h
# Fedora 40 build using Clang.
fedora-40-clang:
name: Fedora 40 (clang, debug, asan, wshadow, rust-strict, systemd)
runs-on: ubuntu-latest
container: fedora:40
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
ccache \
clang \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libxdp-devel \
libbpf-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: ./.github/actions/install-cbindgen
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
env:
LDFLAGS: "-fsanitize=address"
ac_cv_func_realloc_0_nonnull: "yes"
ac_cv_func_malloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# Now install and make sure headers and libraries aren't install
# until requested.
- run: make install
- run: test ! -e /usr/local/lib/libsuricata_c.a
- run: test ! -e /usr/local/include/suricata
- run: make install-headers
- run: test -e /usr/local/include/suricata/suricata.h
- run: make install-library
- run: test -e /usr/local/lib/libsuricata_c.a
- run: test -e /usr/local/lib/libsuricata_rust.a
- run: test -e /usr/local/bin/libsuricata-config
- run: test ! -e /usr/local/lib/libsuricata.so
- run: make install
- run: suricata-update -V
- run: suricatasc -h
# Check compilation against systemd
- run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null
# Fedora 40 build using GCC.
fedora-40-gcc:
name: Fedora 40 (gcc, debug, asan, wshadow, rust-strict)
runs-on: ubuntu-latest
container: fedora:40
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
ccache \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/install-cbindgen
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
env:
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
LDFLAGS: "-fsanitize=address"
ac_cv_func_realloc_0_nonnull: "yes"
ac_cv_func_malloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l .
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# Now install and make sure headers and libraries aren't install
# until requested.
- run: make install
- run: test ! -e /usr/local/lib/libsuricata_c.a
- run: test ! -e /usr/local/include/suricata
- run: make install-headers
- run: test -e /usr/local/include/suricata/suricata.h
- run: make install-library
- run: test -e /usr/local/lib/libsuricata_c.a
- run: test -e /usr/local/lib/libsuricata_rust.a
- run: test -e /usr/local/bin/libsuricata-config
- run: test ! -e /usr/local/lib/libsuricata.so
- run: make install
- run: suricata-update -V
- run: suricatasc -h
# This job builds and tests Suricata as a non-root user as some
# issues only show up when not running as root, and by default all
# jobs in GitHub actions are run as root inside the container.
fedora-40-non-root:
name: Fedora 40 (non-root, debug, clang, asan, wshadow, rust-strict)
runs-on: ubuntu-latest
container: fedora:40
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
ccache \
clang \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
hiredis-devel \
jansson-devel \
jq \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- run: adduser suricata
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/install-cbindgen
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- run: mkdir /home/suricata/suricata
- run: cp -a . /home/suricata/suricata
- run: chown -R suricata:suricata /home/suricata
- run: sudo -u suricata -s ./autogen.sh
working-directory: /home/suricata/suricata
- run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue
working-directory: /home/suricata/suricata
env:
ac_cv_func_realloc_0_nonnull: "yes"
ac_cv_func_malloc_0_nonnull: "yes"
LDFLAGS: "-fsanitize=address"
CC: "clang"
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
- run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" make -j ${{ env.CPUS }}
working-directory: /home/suricata/suricata
- run: sudo -u suricata -s make check
working-directory: /home/suricata/suricata
- run: sudo -u suricata -s python3 ./suricata-verify/run.py -q --debug-failed
working-directory: /home/suricata/suricata
# Test that ./configure fails out of libjansson is not available.
almalinux-9-no-jansson:
name: AlmaLinux 9 (no jansson)
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enable crb
dnf -y install \
autoconf \
automake \
cargo \
cbindgen \
clang \
diffutils \
file-devel \
gcc \
gcc-c++ \
git \
libasan \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-yaml \
sudo \
which \
zlib-devel
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: |
if ./configure; then
echo "error: configure should have failed"
exit 1
else
exit 0
fi
almalinux-9-minimal-recommended-dependecies:
name: AlmaLinux 9 (Minimal/Recommended Build)
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install git dependencies
run: |
dnf -y install \
sudo \
git \
libtool \
which
- name: Install Almalinux 9 extra repositories
run : |
dnf -y update
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- uses: ./.github/actions/install-cbindgen
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
- name: Install minimal dependencies
run: ./scripts/docs-almalinux9-minimal-build.sh
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
- run: make -j ${{ env.CPUS }}
- run: ./src/suricata --build-info # check if we can run Suricata
ubuntu-24-04:
name: Ubuntu 24.04 (cocci)
runs-on: ubuntu-latest
container: ubuntu:24.04
needs: [prepare-deps]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
autoconf \
automake \
build-essential \
cargo \
cbindgen \
clang-14 \
coccinelle \
dpdk-dev \
git \
jq \
libcap-ng-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libhiredis-dev \
libhyperscan-dev \
libjansson-dev \
libmagic-dev \
libnet1-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libpcap-dev \
libpcre2-dev \
libpython3.12 \
libtool \
libyaml-dev \
llvm-14-dev \
make \
parallel \
python-is-python3 \
python3-yaml \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- run: ./autogen.sh
- run: ./configure --enable-unittests --enable-coccinelle
- run: make -j ${{ env.CPUS }}
- run: CONCURRENCY_LEVEL=${{ env.CPUS }} make check
- run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: make install-headers
- run: make install-library
ubuntu-22-04-cov-ut:
name: Ubuntu 22.04 (unittests coverage)
runs-on: ubuntu-latest
container: ubuntu:22.04
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
clang-14 \
curl \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libhyperscan-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
llvm-14-dev \
make \
parallel \
python3-yaml \
software-properties-common \
zlib1g \
zlib1g-dev \
exuberant-ctags \
curl \
dpdk-dev
# packaged Rust version is too old for coverage, so get from rustup
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: ./configure --enable-warnings --disable-shared --enable-unittests
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0"
- run: ./src/suricata -u -l /tmp/
env:
LLVM_PROFILE_FILE: "/tmp/ut.profraw"
- run: llvm-profdata-14 merge -o ut.profdata /tmp/ut.profraw
- run: ./src/suricata --list-runmodes -l /tmp
env:
LLVM_PROFILE_FILE: "/tmp/listrunmodes.profraw"
- run: llvm-profdata-14 merge -o listrunmodes.profdata /tmp/listrunmodes.profraw
- run: ./src/suricata --list-keywords -l /tmp
env:
LLVM_PROFILE_FILE: "/tmp/lk.profraw"
- run: llvm-profdata-14 merge -o lk.profdata /tmp/lk.profraw
- run: ./src/suricata --list-app-layer-protos -l /tmp
env:
LLVM_PROFILE_FILE: "/tmp/la.profraw"
- run: llvm-profdata-14 merge -o la.profdata /tmp/la.profraw
- run: ./src/suricata --dump-features -c suricata.yaml -l /tmp
env:
LLVM_PROFILE_FILE: "/tmp/dumpfeatures.profraw"
- run: llvm-profdata-14 merge -o dumpfeatures.profdata /tmp/dumpfeatures.profraw
- run: ./src/suricata --dump-config -c suricata.yaml -l /tmp
env:
LLVM_PROFILE_FILE: "/tmp/dumpconfig.profraw"
- run: llvm-profdata-14 merge -o dumpconfig.profdata /tmp/dumpconfig.profraw
- run: llvm-cov-14 show ./src/suricata -instr-profile=ut.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
- run: |
cd rust
cargo test --no-run
cd ..
env:
RUSTFLAGS: "-C instrument-coverage"
CARGO_INCREMENTAL: 0
- run: |
$(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$')
env:
LLVM_PROFILE_FILE: "/tmp/ct.profraw"
CARGO_INCREMENTAL: 0
- run: llvm-profdata-14 merge -o ct.profdata /tmp/ct.profraw
- run: llvm-cov-14 show $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt
- run: |
cd libhtp
make test
cd ..
env:
LLVM_PROFILE_FILE: "/tmp/htp-test.profraw"
- run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw
- run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt
- name: Upload coverage to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a
with:
fail_ci_if_error: false
flags: unittests
ubuntu-22-04-cov-pcapunix:
name: Ubuntu 22.04 (unix socket mode coverage)
runs-on: ubuntu-latest
container:
image: ubuntu:22.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
llvm-14-dev \
clang-14 \
git \
jq \
inetutils-ping \
libc++-dev \
libc++abi-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags \
unzip \
curl \
time \
wget
# specific version to match up to the llvm version in ubuntu below
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- uses: ./.github/actions/install-cbindgen
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --with-gnu-ld --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
- run: |
./qa/unix.sh "suricata-verify/"
env:
LLVM_PROFILE_FILE: "/tmp/unix.profraw"
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw')
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
- name: Upload coverage to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a
with:
fail_ci_if_error: false
flags: pcap
ubuntu-22-04-cov-afpdpdk:
name: Ubuntu 22.04 (afpacket and dpdk coverage)
runs-on: ubuntu-latest
container:
image: ubuntu:22.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
llvm-14-dev \
clang-14 \
git \
jq \
inetutils-ping \
libc++-dev \
libc++abi-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags \
unzip \
curl \
time \
wget \
dpdk-dev
# specific version to match up to the llvm version in ubuntu below
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --with-gnu-ld --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
# IDS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml"
env:
LLVM_PROFILE_FILE: "/tmp/dpdk-ids.profraw"
# IPS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml"
env:
LLVM_PROFILE_FILE: "/tmp/dpdk-ips.profraw"
# AF_PACKET tests
- run: |
./.github/workflows/live/afp-ids.sh "2" "autofp"
env:
LLVM_PROFILE_FILE: "/tmp/afp2-ids-autofp.profraw"
- run: |
./.github/workflows/live/afp-ids.sh "2" "workers"
env:
LLVM_PROFILE_FILE: "/tmp/afp2-ids-workers.profraw"
- run: |
./.github/workflows/live/afp-ids.sh "3" "autofp"
env:
LLVM_PROFILE_FILE: "/tmp/afp3-ids-autofp.profraw"
- run: |
./.github/workflows/live/afp-ids.sh "3" "workers"
env:
LLVM_PROFILE_FILE: "/tmp/afp3-ids-workers.profraw"
# PCAP
- run: |
./.github/workflows/live/pcap.sh "autofp"
env:
LLVM_PROFILE_FILE: "/tmp/pcap-autofp.profraw"
- run: |
./.github/workflows/live/pcap.sh "single"
env:
LLVM_PROFILE_FILE: "/tmp/pcap-single.profraw"
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw')
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
- name: Upload coverage to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a
with:
fail_ci_if_error: false
flags: livemode
ubuntu-24-04-pcap-unix:
name: Ubuntu 24.04 (pcap unix socket ASAN)
runs-on: ubuntu-latest
container:
image: ubuntu:24.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
llvm-18-dev \
cargo \
cbindgen \
clang-18 \
git \
jq \
libc++-dev \
libc++abi-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags \
unzip \
curl \
time \
wget \
dpdk-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Fix kernel mmap rnd bits
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc
env:
CC: "clang-18"
CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-18"
- run: |
./qa/unix.sh "suricata-verify/"
ubuntu-24-04-asan-afpdpdk:
name: Ubuntu 24.04 (afpacket and dpdk live tests with ASAN)
runs-on: ubuntu-latest
container:
image: ubuntu:24.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
llvm-18-dev \
cargo \
cbindgen \
clang-18 \
git \
jq \
inetutils-ping \
libc++-dev \
libc++abi-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags \
unzip \
curl \
time \
wget \
dpdk-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- name: Fix kernel mmap rnd bits
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc
env:
CC: "clang-18"
CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-18"
# IDS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml"
# IPS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml"
# AF_PACKET tests
- run: |
./.github/workflows/live/afp-ids.sh "2" "autofp"
- run: |
./.github/workflows/live/afp-ids.sh "2" "workers"
- run: |
./.github/workflows/live/afp-ids.sh "3" "autofp"
- run: |
./.github/workflows/live/afp-ids.sh "3" "workers"
- run: |
./.github/workflows/live/pcap.sh "autofp"
- run: |
./.github/workflows/live/pcap.sh "single"
ubuntu-22-04-cov-fuzz:
name: Ubuntu 22.04 (fuzz corpus coverage)
runs-on: ubuntu-latest
container:
image: ubuntu:22.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
llvm-14-dev \
clang-14 \
git \
jq \
libc++-dev \
libc++abi-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags \
unzip \
curl \
time \
wget \
dpdk-dev
# packaged Rust version is too old for coverage, so get from rustup
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --enable-warnings --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect
env:
LIB_FUZZING_ENGINE: "fail_to_onefile_driver"
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
env:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
- run: ./qa/run-ossfuzz-corpus.sh
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw')
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt
- name: Upload coverage to Codecov
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a
with:
fail_ci_if_error: false
flags: fuzzcorpus
ubuntu-20-04-ndebug:
name: Ubuntu 20.04 (-DNDEBUG)
runs-on: ubuntu-latest
container: ubuntu:20.04
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
build-essential \
autoconf \
automake \
cargo \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
libpcre2-dev \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev \
exuberant-ctags \
dpdk-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-warnings --enable-unittests
- run: make -j ${{ env.CPUS }}
- run: make check
- run: make dist
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# Now install and make sure headers and libraries aren't install
# until requested.
- run: make install
- run: test ! -e /usr/local/lib/libsuricata_c.a
- run: test ! -e /usr/local/include/suricata
- run: make install-headers
- run: test -e /usr/local/include/suricata/suricata.h
- run: make install-library
- run: test -e /usr/local/lib/libsuricata_c.a
- run: test -e /usr/local/lib/libsuricata_rust.a
- run: test -e /usr/local/bin/libsuricata-config
- run: test -e /usr/local/lib/libsuricata.so
- run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so)
- run: suricata-update -V
- run: suricatasc -h
ubuntu-20-04-too-old-rust:
name: Ubuntu 20.04 (unsupported rust)
runs-on: ubuntu-latest
container: ubuntu:20.04
needs: ubuntu-22-04-dist
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
build-essential \
curl \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libnuma-dev \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
libpcre2-dev \
make \
python3-yaml \
software-properties-common \
zlib1g \
zlib1g-dev \
dpdk-dev
- run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- name: Download suricata.tar.gz
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist
- run: tar zxvf suricata-*.tar.gz --strip-components=1
- run: |
if ./configure; then
echo "error: configure should have failed"
exit 1
else
exit 0
fi
ubuntu-22-04-debug-validation:
name: Ubuntu 22.04 (Debug Validation)
runs-on: ubuntu-22.04
container:
image: ubuntu:22.04
options: --privileged
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
cargo \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
sudo \
zlib1g \
zlib1g-dev \
exuberant-ctags
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- name: Fix kernel mmap rnd bits
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491
run: sudo sysctl vm.mmap_rnd_bits=28
- run: ./autogen.sh
- run: ./configure --enable-warnings --enable-debug-validation
env:
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer"
LDFLAGS: "-fsanitize=address"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
- run: make -j ${{ env.CPUS }}
- run: make check
- name: Extracting suricata-verify
run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
# test build with afl and fuzztargets
ubuntu-22-04-fuzz:
name: Ubuntu 22.04 (Fuzz)
runs-on: ubuntu-22.04
container: ubuntu:22.04
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
afl \
afl-clang \
libpcre2-dev \
build-essential \
autoconf \
automake \
cargo \
git \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libpython2.7 \
make \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-warnings --enable-fuzztargets --disable-shared
- run: AFL_HARDEN=1 make -j ${{ env.CPUS }}
ubuntu-22-04-netmap-build:
name: Ubuntu 22.04 (Netmap build)
needs: [prepare-deps, prepare-cbindgen]
runs-on: ubuntu-22.04
steps:
- name: Restore Cache Netmap
uses: actions/cache/restore@v4
id: netmap-cache
with:
path: netmap/
key: netmap-git
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
sudo apt update
sudo apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
cargo \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev \
exuberant-ctags
- name: Install Netmap dependencies
run: |
sudo apt -y install \
build-essential \
git \
linux-headers-$(uname -r)
- name: Checkout Netmap repository
if: steps.netmap-cache.outputs.cache-hit != 'true'
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
repository: luigirizzo/netmap
# gets cloned to $GITHUB_WORKSPACE/netmap/
path: netmap/
- name: Save Netmap Cache
if: steps.netmap-cache.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: netmap/
key: netmap-git
- name: Compile and install Netmap
run: |
cd $GITHUB_WORKSPACE/netmap/LINUX
./configure --no-drivers
make -j ${{ env.CPUS }}
sudo make install
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-netmap
- run: make -j ${{ env.CPUS }}
- run: ./src/suricata --build-info | grep -E "Netmap support:\s+yes"
ubuntu-22-04-minimal-recommended-build:
name: Ubuntu 22.04 (Minimal/Recommended Build)
needs: [prepare-deps, prepare-cbindgen]
runs-on: ubuntu-22.04
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install git dependencies
run: |
sudo apt update
sudo apt -y install \
git \
libtool
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- run: ./autogen.sh
- name: Install minimal dependencies
run: ./scripts/docs-ubuntu-debian-minimal-build.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
- run: make -j ${{ env.CPUS }}
- run: ./src/suricata --build-info # check if we can run Suricata
ubuntu-22-04-dpdk-build:
name: Ubuntu 22.04 (DPDK Build)
runs-on: ubuntu-22.04
container: ubuntu:22.04
needs: [ prepare-deps, prepare-cbindgen ]
strategy:
matrix:
dpdk_version: [ 22.11.4, 21.11.6, 20.11.10, 19.11.14 ]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install dependencies
run: |
apt update
apt -y install \
libpcre2-dev \
build-essential \
autoconf \
automake \
cargo \
git \
jq \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libnetfilter-queue-dev \
libnetfilter-queue1 \
libnfnetlink-dev \
libnfnetlink0 \
libhiredis-dev \
libjansson-dev \
libevent-dev \
libevent-pthreads-2.1-7 \
libpython2.7 \
make \
parallel \
python3-yaml \
rustc \
software-properties-common \
zlib1g \
zlib1g-dev \
exuberant-ctags
- name: Install DPDK dependencies
run: |
apt update
apt install -y \
curl \
build-essential \
libnuma-dev \
ninja-build \
meson \
python3-pip \
python3-pyelftools \
python3-setuptools \
python3-wheel
- name: Compile and install DPDK
run: |
cd $HOME
rm -rf dpdk_${{ matrix.dpdk_version }}
find /usr/ -name 'librte_*.a' -delete
mkdir -p dpdk_${{ matrix.dpdk_version }} && cd dpdk_${{ matrix.dpdk_version }}
curl -fsLS https://fast.dpdk.org/rel/dpdk-${{ matrix.dpdk_version }}.tar.xz | tar -xJ --strip-components=1
rm -rf build/
meson setup -Dtests=false --prefix=/usr/ build
ninja -C build
ninja -C build install
ldconfig
cd $HOME
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-dpdk
- run: make -j ${{ env.CPUS }}
- run: make check
# IDS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml"
# IPS config
- run: |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml"
debian-12:
name: Debian 12
runs-on: ubuntu-latest
container: debian:12
needs: [prepare-deps]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: apt update
- run: |
apt -y install \
autoconf \
automake \
build-essential \
cmake \
curl \
dpdk-dev \
git \
jq \
make \
libpcre3 \
libpcre3-dbg \
libpcre3-dev \
libpcre2-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libmaxminddb-dev \
libjansson-dev \
libjansson4 \
libnuma-dev \
liblz4-dev \
libssl-dev \
liblzma-dev \
pkg-config \
python3 \
python3-yaml \
sphinx-doc \
sphinx-common \
texlive-latex-base \
texlive-fonts-recommended \
texlive-fonts-extra \
texlive-latex-extra \
zlib1g \
zlib1g-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: ./.github/actions/install-cbindgen
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests
- run: make -j ${{ env.CPUS }}
- run: make check
# -j2 caused random failures during cargo vendor
- run: make distcheck
env:
DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk"
- run: test -e doc/userguide/suricata.1
- run: test -e doc/userguide/userguide.pdf
- name: Building Rust documentation
run: make doc
working-directory: rust
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
- run: suricatasc -h
ubuntu-22-04-dist:
name: Ubuntu 22.04 Dist Builder
runs-on: ubuntu-latest
container: ubuntu:22.04
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
# Setup apt package caching.
- name: Setup apt package caching
run: |
echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >> /etc/apt/apt.conf.d/99cache
echo 'APT::Keep-Downloaded-Packages "false";' >> /etc/apt/apt.conf.d/99cache
rm -f /etc/apt/apt.conf.d/docker-clean
- name: Cache apt downloads
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/apt/archives
key: ${{ github.job }}-apt
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: apt update
- run: |
apt -y install \
autoconf \
automake \
build-essential \
cargo \
cmake \
curl \
git \
jq \
make \
libpcre3 \
libpcre3-dbg \
libpcre3-dev \
libpcre2-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libjansson-dev \
libjansson4 \
liblz4-dev \
libssl-dev \
liblzma-dev \
pkg-config \
python3 \
python3-yaml \
rustc \
sphinx-doc \
sphinx-common \
texlive-latex-base \
texlive-fonts-recommended \
texlive-fonts-extra \
texlive-latex-extra \
zlib1g \
zlib1g-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure
- run: make dist
- run: test -e doc/userguide/suricata.1
- run: test -e doc/userguide/userguide.pdf
- name: Preparing distribution
run: |
mkdir dist
mv suricata-*.tar.gz dist
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
name: Uploading distribution
with:
name: dist
path: dist
debian-12-msrv:
name: Debian 12 MSRV
runs-on: ubuntu-latest
container: debian:12
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: apt update
- run: |
apt -y install \
autoconf \
automake \
build-essential \
cmake \
curl \
dpdk-dev \
git \
jq \
make \
libpcre3 \
libpcre3-dbg \
libpcre3-dev \
libpcre2-dev \
libtool \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libmaxminddb-dev \
libjansson-dev \
libjansson4 \
libnuma-dev \
liblz4-dev \
libssl-dev \
liblzma-dev \
pkg-config \
python3 \
python3-yaml \
sphinx-doc \
sphinx-common \
texlive-latex-base \
texlive-fonts-recommended \
texlive-fonts-extra \
texlive-latex-extra \
zlib1g \
zlib1g-dev
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: ./.github/actions/install-cbindgen
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk
- run: make -j ${{ env.CPUS }}
- run: make check
- name: Building Rust documentation
run: make doc
working-directory: rust
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
- run: suricatasc -h
debian-11:
name: Debian 11 (xdp)
runs-on: ubuntu-latest
container: debian:11
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list
apt update
apt -y install \
automake \
autoconf \
build-essential \
ccache \
curl \
git \
jq \
libpcre2-dev \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libjansson-dev \
libgeoip-dev \
libhiredis-dev \
libevent-dev \
libtool \
m4 \
make \
python3-yaml \
pkg-config \
sudo \
zlib1g \
zlib1g-dev \
clang \
libbpf-dev \
libelf-dev \
libxdp-dev
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build
- run: make -j ${{ env.CPUS }}
- run: make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
- run: suricatasc -h
debian-10:
name: Debian 10
runs-on: ubuntu-latest
container: debian:10
needs: [prepare-deps, prepare-cbindgen]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- run: |
apt update
apt -y install \
automake \
autoconf \
build-essential \
ccache \
curl \
git \
jq \
libpcre2-dev \
libpcap-dev \
libnet1-dev \
libyaml-0-2 \
libyaml-dev \
libcap-ng-dev \
libcap-ng0 \
libmagic-dev \
libjansson-dev \
libgeoip-dev \
libhiredis-dev \
libevent-dev \
libtool \
m4 \
make \
python3-yaml \
pkg-config \
sudo \
zlib1g \
zlib1g-dev \
clang \
libelf-dev
- name: Install Rust
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- uses: ./.github/actions/install-cbindgen
- run: ./autogen.sh
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets
- run: make -j ${{ env.CPUS }}
- run: make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
- run: suricatasc -h
macos-latest:
name: MacOS Latest
runs-on: macos-latest
needs: [prepare-deps]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- run: |
brew install \
autoconf \
automake \
cbindgen \
curl \
hiredis \
jansson \
jq \
libmagic \
libnet \
libtool \
libyaml \
pcre2 \
pkg-config \
python \
rust \
xz
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- name: Downloading prep archive
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xvf prep/libhtp.tar.gz
- run: tar xvf prep/suricata-update.tar.gz
- name: Create Python virtual environment
run: python3 -m venv ./testenv
- name: Install PyYAML
run: |
. ./testenv/bin/activate
pip install pyyaml
- run: ./autogen.sh
- run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --prefix="$HOME/.local/"
- run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" make -j2
# somehow it gets included by some C++ stdlib header (case unsensitive)
- run: rm libhtp/VERSION && make check
- run: tar xf prep/suricata-verify.tar.gz
- name: Running suricata-verify
run: |
. ./testenv/bin/activate
python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- name: Check Suricata-Update
run: |
. ./testenv/bin/activate
which suricata-update
python3 $(which suricata-update) -V
- run: suricatasc -h
windows-msys2-mingw64-npcap:
name: Windows MSYS2 MINGW64 (NPcap)
runs-on: windows-latest
needs: [prepare-deps]
defaults:
run:
shell: msys2 {0}
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: true
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2
# hack: install our own cbindgen system wide as we can't get the
# preinstalled one to be picked up by configure
- name: cbindgen
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- name: Npcap DLL
run: |
curl -sL -O https://nmap.org/npcap/dist/npcap-1.00.exe
7z -y x -o/npcap-bin npcap-1.00.exe
# hack: place dlls in cwd
cp /npcap-bin/*.dll .
- name: Npcap SDK
run: |
curl -sL -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip
unzip npcap-sdk-1.06.zip -d /npcap
cp /npcap/Lib/x64/* /usr/lib/
- run: tar xf prep/suricata-verify.tar.gz
- name: Build
run: |
./autogen.sh
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64
make -j3
- name: Run
run: |
./src/suricata --build-info
./src/suricata -u -l /tmp/
# need cwd in path due to npcap dlls (see above)
PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
windows-msys2-mingw64-libpcap:
name: Windows MSYS2 MINGW64 (libpcap)
runs-on: windows-latest
needs: [prepare-deps]
defaults:
run:
shell: msys2 {0}
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: true
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap
# hack: install our own cbindgen system wide as we can't get the
# preinstalled one to be picked up by configure
- name: cbindgen
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- run: tar xf prep/suricata-update.tar.gz
- run: tar xf prep/suricata-verify.tar.gz
- name: Build
run: |
./autogen.sh
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64
make -j3
- name: Run
run: |
./src/suricata --build-info
./src/suricata -u -l /tmp/
python3 ./suricata-verify/run.py -q --debug-failed
- run: make install
- run: suricata-update -V
windows-msys2-mingw64-windivert:
name: Windows MSYS2 MINGW64 (WinDivert)
runs-on: windows-latest
needs: [prepare-deps]
defaults:
run:
shell: msys2 {0}
steps:
- name: Cache ~/.cargo
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- uses: msys2/setup-msys2@v2
with:
msystem: MINGW64
update: true
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap
# hack: install our own cbindgen system wide as we can't get the
# preinstalled one to be picked up by configure
- name: cbindgen
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- run: git config --global --add safe.directory /__w/suricata/suricata
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: prep
path: prep
- run: tar xf prep/libhtp.tar.gz
- name: WinDivert
run: |
curl -sL -O https://github.com/basil00/Divert/releases/download/v1.4.3/WinDivert-1.4.3-A.zip
unzip WinDivert-1.4.3-A.zip -d /windivert
cp /windivert/WinDivert-1.4.3-A/x86_64/* /usr/lib/
# hack: place dlls in cwd
cp /windivert/WinDivert-1.4.3-A/x86_64/*.dll .
- name: Build
run: |
./autogen.sh
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-gccprotect --disable-gccmarch-native --disable-shared --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64
make -j3
- name: Run
run: |
# need cwd in path due to dlls (see above)
PATH="$PATH:$(pwd)" ./src/suricata --build-info
- run: make install
pf-ring:
name: PF_RING
runs-on: ubuntu-latest
container: almalinux:9
needs: [prepare-deps, ubuntu-22-04-dist]
steps:
# Cache Rust stuff.
- name: Cache cargo registry
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: ~/.cargo/registry
key: cargo-registry
- name: Cache RPMs
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf
- name: Determine number of CPUs
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV
- name: Install system packages
run: |
dnf -y install dnf-plugins-core epel-release
dnf config-manager --set-enabled crb
dnf -y install \
autoconf \
automake \
diffutils \
numactl-devel \
dpdk-devel \
file-devel \
gcc \
gcc-c++ \
git \
jansson-devel \
libtool \
libyaml-devel \
libnfnetlink-devel \
libnetfilter_queue-devel \
libnet-devel \
libcap-ng-devel \
libevent-devel \
libmaxminddb-devel \
libpcap-devel \
libtool \
lz4-devel \
make \
pcre2-devel \
pkgconfig \
python3-devel \
python3-sphinx \
python3-yaml \
rust-toolset \
sudo \
which \
zlib-devel
- name: Install PF_RING
run: |
curl https://packages.ntop.org/centos-stable/ntop.repo > /etc/yum.repos.d/ntop.repo
dnf install -y pfring
- name: Download suricata.tar.gz
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
name: dist
- run: tar xf suricata-*.tar.gz --strip-components=1
- run: ./configure --enable-pfring
- run: make -j ${CPUS}
- run: make install
- run: test -e /usr/local/lib/suricata/pfring.so