doc/userguide: document TCP urgent policy #13
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: builds | |
on: | |
push: | |
paths-ignore: | |
# Don't run this workflow if only files under doc/ have been | |
# modified. | |
- "doc/**" | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
LIBHTP_REPO: | |
LIBHTP_BRANCH: | |
SU_REPO: | |
SU_BRANCH: | |
SV_REPO: | |
SV_BRANCH: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: read-all | |
env: | |
DEFAULT_CFLAGS: "-Wall -Wextra -Werror -Wno-unused-parameter -Wno-unused-function" | |
# Apt sometimes likes to ask for user input, this will prevent that. | |
DEBIAN_FRONTEND: "noninteractive" | |
# A recent version of stable Rust that is known to pass build, test and other | |
# verification steps in this workflow. This was added because using "stable" | |
# could cause some steps to fail. | |
RUST_VERSION_KNOWN: "1.80.0" | |
jobs: | |
prepare-deps: | |
name: Prepare dependencies | |
uses: ./.github/workflows/prepare-deps.yml | |
prepare-cbindgen: | |
name: Prepare cbindgen | |
runs-on: ubuntu-latest | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo | |
key: ${{ github.job }}-cargo | |
- name: Installing Rust | |
run: | | |
curl https://sh.rustup.rs -sSf | sh -s -- -y | |
echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
rustup target add x86_64-unknown-linux-musl | |
- name: Building static cbindgen for Linux | |
run: | | |
cargo install --target x86_64-unknown-linux-musl --debug cbindgen | |
cp $HOME/.cargo/bin/cbindgen . | |
- name: Uploading prep archive | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
with: | |
name: cbindgen | |
path: . | |
almalinux-9: | |
name: AlmaLinux 9 | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo-vendor \ | |
cbindgen \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
jq \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-sphinx \ | |
python3-yaml \ | |
rust-toolset \ | |
sudo \ | |
which \ | |
zlib-devel | |
# These packages required to build the PDF. | |
dnf -y install \ | |
texlive-latex \ | |
texlive-cmap \ | |
texlive-collection-latexrecommended \ | |
texlive-fncychap \ | |
texlive-titlesec \ | |
texlive-tabulary \ | |
texlive-framed \ | |
texlive-wrapfig \ | |
texlive-upquote \ | |
texlive-capt-of \ | |
texlive-needspace | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: ./.github/actions/install-cbindgen | |
# Download and extract dependency archives created during prep | |
# job. | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xvf prep/libhtp.tar.gz | |
- run: tar xvf prep/suricata-update.tar.gz | |
- run: tar xvf prep/suricata-verify.tar.gz | |
- name: Configuring | |
run: | | |
./autogen.sh | |
CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings | |
- run: make -j ${{ env.CPUS }} distcheck | |
env: | |
DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" | |
MAKEFLAGS: "-j ${{ env.CPUS }}" | |
- run: test -e doc/userguide/suricata.1 | |
- name: Checking includes | |
run: | | |
cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py | |
- name: Building Rust documentation | |
run: make doc | |
working-directory: rust | |
- run: make install install-conf | |
- run: suricatasc -h | |
- run: suricata-update -V | |
- name: Check if Suricata-Update example configuration files are installed | |
run: | | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml | |
- name: Test capture plugin | |
working-directory: examples/plugins/ci-capture | |
run: | | |
make | |
../../../src/suricata -S /dev/null --set plugins.0=./capture.so --capture-plugin=ci-capture --runmode=single -l . -c ../../../suricata.yaml | |
cat eve.json | jq -c 'select(.dns)' | |
test $(cat eve.json | jq -c 'select(.dns)' | wc -l) = "1" | |
- name: Test library build in tree | |
working-directory: examples/lib/simple | |
run: make clean all | |
- name: Test plugin build in tree | |
working-directory: examples/plugins/c-json-filetype | |
run: make clean all | |
- name: Build example C custom logger plugin | |
working-directory: examples/plugins/c-custom-loggers | |
run: make clean all | |
- name: Install Suricata and library | |
run: make install install-headers install-library | |
- name: Test library build out of tree | |
working-directory: examples/lib/simple | |
run: PATH=/usr/local/bin:$PATH make -f Makefile.example clean all | |
- name: Cleaning source directory for standalone plugin test. | |
run: make clean | |
- name: Test plugin against installed headers | |
working-directory: examples/plugins/c-json-filetype | |
run: | | |
# First use sed to pretend we are q user following our | |
# directions for building a standalone plugin. | |
sed -i 's/^#LIBSURICATA_CONFIG/LIBSURICATA_CONFIG/' Makefile | |
sed -i 's/^#CPPFLAGS/CPPFLAGS/' Makefile | |
sed -i 's/^CPPFLAGS.*HAVE_CONFIG_H//' Makefile | |
# And build. | |
PATH=/usr/local/bin:$PATH make clean all | |
almalinux-9-templates: | |
name: AlmaLinux 9 Test Templates | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
# TODO: Find some variable that matches the job name. | |
key: almalinux-9-templates-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cbindgen \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
jq \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-sphinx \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain stable -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- run: rustup component add rustfmt | |
- run: rustup component add clippy | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: ./.github/actions/install-cbindgen | |
# Download and extract dependency archives created during prep | |
# job. | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xvf prep/libhtp.tar.gz | |
- run: tar xvf prep/suricata-update.tar.gz | |
- run: tar xvf prep/suricata-verify.tar.gz | |
- name: Build | |
run: | | |
./autogen.sh | |
CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
make -j ${{ env.CPUS }} | |
- run: ./scripts/setup-app-layer.py --parser --logger --detect FooBar payload | |
- run: make -j ${{ env.CPUS }} | |
- run: ./src/suricata --list-app-layer-protos | grep foobar | |
- name: Verify rustfmt | |
run: rustfmt -v --check src/applayerfoobar/*.rs | |
working-directory: rust | |
- name: Verify clippy | |
run: cargo clippy --all-features | |
working-directory: rust | |
almalinux-9-non-bundled-libhtp: | |
name: AlmaLinux 9 Non-Bundled LibHTP | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps, ubuntu-22-04-dist] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo-vendor \ | |
cbindgen \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
jq \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-sphinx \ | |
python3-yaml \ | |
rust-toolset \ | |
sudo \ | |
which \ | |
zlib-devel | |
- name: Download suricata.tar.gz | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: dist | |
- run: tar xf suricata-*.tar.gz --strip-components=1 | |
- run: cd libhtp && ./configure --prefix=/usr/local | |
- run: cd libhtp && make -j ${{ env.CPUS }} | |
- run: cd libhtp && make install | |
- run: PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --enable-non-bundled-htp --with-libhtp-includes=/usr/local/include --with-libhtp-libraries=/usr/local/lib | |
rpms: | |
name: Build RPMs | |
runs-on: ubuntu-latest | |
container: ${{ matrix.container }} | |
needs: [ubuntu-22-04-dist] | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- almalinux:9 | |
- fedora:40 | |
steps: | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Install packages | |
run: | | |
if test -e /etc/almalinux-release; then | |
dnf -y install \ | |
epel-release \ | |
git \ | |
make \ | |
rpm-build \ | |
rpmdevtools \ | |
dnf-plugins-core | |
dnf config-manager --set-enabled crb | |
elif test -e /etc/fedora-release; then | |
dnf -y install \ | |
git \ | |
make \ | |
rpm-build \ | |
rpmdevtools | |
else | |
echo "ERROR: Unsupported distribution for RPM building" | |
exit 1 | |
fi | |
- name: Download Suricata distribution archive | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: dist | |
- run: git clone https://github.com/jasonish/suricata-rpms | |
- run: make update-release update-sources | |
working-directory: suricata-rpms/devel | |
- run: dnf -y install $(rpmspec -q --buildrequires ./suricata.spec) | |
working-directory: suricata-rpms/devel | |
- run: mv suricata-*.tar.gz suricata-rpms/devel | |
- run: make srpm | |
working-directory: suricata-rpms/devel | |
- run: make local | |
working-directory: suricata-rpms/devel | |
# We need a step for each RPM upload as we can't use the | |
# container name directly in an artifact, as artifacts can't | |
# have ':' in the name. | |
- if: matrix.container == 'fedora:40' | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
name: Uploading RPMs | |
with: | |
name: rpms-fedora-40 | |
path: suricata-rpms/devel/rpms | |
- if: matrix.container == 'almalinux:9' | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
name: Uploading RPMs | |
with: | |
name: rpms-epel-9 | |
path: suricata-rpms/devel/rpms | |
almalinux-8: | |
name: AlmaLinux 8 | |
runs-on: ubuntu-latest | |
container: almalinux:8 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
yum -y install dnf-plugins-core | |
yum config-manager --set-enabled powertools | |
yum -y install \ | |
autoconf \ | |
automake \ | |
cargo-vendor \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
jq \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-yaml \ | |
rust-toolset \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: ./.github/actions/install-cbindgen | |
# Prebuild check for duplicate SIDs | |
- name: Check for duplicate SIDs | |
run: | | |
dups=$(sed -n 's/^alert.*sid:\([[:digit:]]*\);.*/\1/p' ./rules/*.rules|sort|uniq -d|tr '\n' ' ') | |
if [[ "${dups}" != "" ]]; then | |
echo "::error::Duplicate SIDs found:${dups}" | |
exit 1 | |
fi | |
# Download and extract dependency archives created during prep | |
# job. | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xvf prep/libhtp.tar.gz | |
- run: tar xvf prep/suricata-update.tar.gz | |
- run: tar xvf prep/suricata-verify.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- name: Configuring | |
run: | | |
./autogen.sh | |
CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
- run: make -j ${{ env.CPUS }} check | |
- name: Checking includes | |
run: | | |
cppclean src/*.h | grep "does not need to be #included" | python3 scripts/cppclean_check.py | |
- run: make install | |
- run: suricatasc -h | |
- run: suricata-update -V | |
centos-stream9: | |
name: CentOS Stream 9 | |
runs-on: ubuntu-latest | |
container: quay.io/centos/centos:stream9 | |
needs: [prepare-deps, ubuntu-22-04-dist] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo-vendor \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
jq \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-sphinx \ | |
python3-yaml \ | |
rust-toolset \ | |
sudo \ | |
which \ | |
zlib-devel | |
- name: Download suricata.tar.gz | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: dist | |
- run: tar zxvf suricata-*.tar.gz --strip-components=1 | |
- name: ./configure | |
run: CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
- run: make -j ${{ env.CPUS }} | |
- run: make install | |
- run: make install-conf | |
- run: suricatasc -h | |
- run: suricata-update -V | |
- name: Check if Suricata-Update example configuration files are installed | |
run: | | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/disable.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/drop.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/enable.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/modify.conf | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/threshold.in | |
test -e /usr/local/lib/suricata/python/suricata/update/configs/update.yaml | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: suricata-update -V | |
- run: suricatasc -h | |
# Test build after clean. | |
- run: make clean | |
- run: make -j ${{ env.CPUS }} | |
fedora-39-sv-codecov: | |
name: Fedora 39 (Suricata Verify codecov) | |
runs-on: ubuntu-latest | |
container: fedora:39 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cbindgen \ | |
ccache \ | |
clang \ | |
curl \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
llvm-devel \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
# packaged Rust version has no profiler support built in, so get from rustup | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: ./.github/actions/install-cbindgen | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: ./autogen.sh | |
- run: ./configure --enable-warnings --disable-shared | |
env: | |
CC: "clang" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: llvm-profdata merge -o default.profdata $(find suricata-verify/tests/ -name '*.profraw') | |
- run: llvm-cov show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
fail_ci_if_error: false | |
flags: suricata-verify | |
# Fedora 39 build using Clang. | |
fedora-39-clang: | |
name: Fedora 39 (clang, debug, asan, wshadow, rust-strict, systemd) | |
runs-on: ubuntu-latest | |
container: fedora:39 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
ccache \ | |
clang \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libxdp-devel \ | |
libbpf-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
parallel \ | |
pcre2-devel \ | |
pkgconfig \ | |
python \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: ./.github/actions/install-cbindgen | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: ./autogen.sh | |
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow" ./configure --disable-shared | |
- run: make check | |
- run: make distclean | |
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue | |
env: | |
LDFLAGS: "-fsanitize=address" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# Now install and make sure headers and libraries aren't | |
# installed until requested. | |
- run: make install | |
- run: test ! -e /usr/local/lib/libsuricata_c.a | |
- run: test ! -e /usr/local/include/suricata | |
- run: make install-headers | |
- run: test -e /usr/local/include/suricata/suricata.h | |
- run: make install-library | |
- run: test -e /usr/local/lib/libsuricata_c.a | |
- run: test -e /usr/local/lib/libsuricata_rust.a | |
- run: test -e /usr/local/bin/libsuricata-config | |
- run: test ! -e /usr/local/lib/libsuricata.so | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
# Check compilation against systemd | |
- run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null | |
# Fedora 39 build using GCC. | |
fedora-39-gcc: | |
name: Fedora 39 (gcc, debug, asan, wshadow, rust-strict) | |
runs-on: ubuntu-latest | |
container: fedora:39 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
ccache \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: ./.github/actions/install-cbindgen | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: ./autogen.sh | |
- run: ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue | |
env: | |
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" | |
LDFLAGS: "-fsanitize=address" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# Now install and make sure headers and libraries aren't | |
# installed until requested. | |
- run: make install | |
- run: test ! -e /usr/local/lib/libsuricata_c.a | |
- run: test ! -e /usr/local/include/suricata | |
- run: make install-headers | |
- run: test -e /usr/local/include/suricata/suricata.h | |
- run: make install-library | |
- run: test -e /usr/local/lib/libsuricata_c.a | |
- run: test -e /usr/local/lib/libsuricata_rust.a | |
- run: test -e /usr/local/bin/libsuricata-config | |
- run: test ! -e /usr/local/lib/libsuricata.so | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
# Fedora 40 build using Clang. | |
fedora-40-clang: | |
name: Fedora 40 (clang, debug, asan, wshadow, rust-strict, systemd) | |
runs-on: ubuntu-latest | |
container: fedora:40 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
ccache \ | |
clang \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libxdp-devel \ | |
libbpf-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: ./.github/actions/install-cbindgen | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: ./autogen.sh | |
- run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue | |
env: | |
LDFLAGS: "-fsanitize=address" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# Now install and make sure headers and libraries aren't install | |
# until requested. | |
- run: make install | |
- run: test ! -e /usr/local/lib/libsuricata_c.a | |
- run: test ! -e /usr/local/include/suricata | |
- run: make install-headers | |
- run: test -e /usr/local/include/suricata/suricata.h | |
- run: make install-library | |
- run: test -e /usr/local/lib/libsuricata_c.a | |
- run: test -e /usr/local/lib/libsuricata_rust.a | |
- run: test -e /usr/local/bin/libsuricata-config | |
- run: test ! -e /usr/local/lib/libsuricata.so | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
# Check compilation against systemd | |
- run: src/suricata --build-info | grep -E "Systemd support:\s+yes" &> /dev/null | |
# Fedora 40 build using GCC. | |
fedora-40-gcc: | |
name: Fedora 40 (gcc, debug, asan, wshadow, rust-strict) | |
runs-on: ubuntu-latest | |
container: fedora:40 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
ccache \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: ./.github/actions/install-cbindgen | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: ./autogen.sh | |
- run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue | |
env: | |
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" | |
LDFLAGS: "-fsanitize=address" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
- run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# Now install and make sure headers and libraries aren't install | |
# until requested. | |
- run: make install | |
- run: test ! -e /usr/local/lib/libsuricata_c.a | |
- run: test ! -e /usr/local/include/suricata | |
- run: make install-headers | |
- run: test -e /usr/local/include/suricata/suricata.h | |
- run: make install-library | |
- run: test -e /usr/local/lib/libsuricata_c.a | |
- run: test -e /usr/local/lib/libsuricata_rust.a | |
- run: test -e /usr/local/bin/libsuricata-config | |
- run: test ! -e /usr/local/lib/libsuricata.so | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
# This job builds and tests Suricata as a non-root user as some | |
# issues only show up when not running as root, and by default all | |
# jobs in GitHub actions are run as root inside the container. | |
fedora-40-non-root: | |
name: Fedora 40 (non-root, debug, clang, asan, wshadow, rust-strict) | |
runs-on: ubuntu-latest | |
container: fedora:40 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
ccache \ | |
clang \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
hiredis-devel \ | |
jansson-devel \ | |
jq \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- run: adduser suricata | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: ./.github/actions/install-cbindgen | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: mkdir /home/suricata/suricata | |
- run: cp -a . /home/suricata/suricata | |
- run: chown -R suricata:suricata /home/suricata | |
- run: sudo -u suricata -s ./autogen.sh | |
working-directory: /home/suricata/suricata | |
- run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" ./configure --enable-warnings --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue | |
working-directory: /home/suricata/suricata | |
env: | |
ac_cv_func_realloc_0_nonnull: "yes" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
LDFLAGS: "-fsanitize=address" | |
CC: "clang" | |
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" | |
- run: sudo -u suricata -s env PATH="/home/suricata/.cargo/bin:$PATH" make -j ${{ env.CPUS }} | |
working-directory: /home/suricata/suricata | |
- run: sudo -u suricata -s make check | |
working-directory: /home/suricata/suricata | |
- run: sudo -u suricata -s python3 ./suricata-verify/run.py -q --debug-failed | |
working-directory: /home/suricata/suricata | |
# Test that ./configure fails out of libjansson is not available. | |
almalinux-9-no-jansson: | |
name: AlmaLinux 9 (no jansson) | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enable crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
cargo \ | |
cbindgen \ | |
clang \ | |
diffutils \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
libasan \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-yaml \ | |
sudo \ | |
which \ | |
zlib-devel | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: ./autogen.sh | |
- run: | | |
if ./configure; then | |
echo "error: configure should have failed" | |
exit 1 | |
else | |
exit 0 | |
fi | |
almalinux-9-minimal-recommended-dependecies: | |
name: AlmaLinux 9 (Minimal/Recommended Build) | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install git dependencies | |
run: | | |
dnf -y install \ | |
sudo \ | |
git \ | |
libtool \ | |
which | |
- name: Install Almalinux 9 extra repositories | |
run : | | |
dnf -y update | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- uses: ./.github/actions/install-cbindgen | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
- name: Install minimal dependencies | |
run: ./scripts/docs-almalinux9-minimal-build.sh | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
- run: make -j ${{ env.CPUS }} | |
- run: ./src/suricata --build-info # check if we can run Suricata | |
ubuntu-24-04: | |
name: Ubuntu 24.04 (cocci) | |
runs-on: ubuntu-latest | |
container: ubuntu:24.04 | |
needs: [prepare-deps] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
autoconf \ | |
automake \ | |
build-essential \ | |
cargo \ | |
cbindgen \ | |
clang-14 \ | |
coccinelle \ | |
dpdk-dev \ | |
git \ | |
jq \ | |
libcap-ng-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libhiredis-dev \ | |
libhyperscan-dev \ | |
libjansson-dev \ | |
libmagic-dev \ | |
libnet1-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libpcap-dev \ | |
libpcre2-dev \ | |
libpython3.12 \ | |
libtool \ | |
libyaml-dev \ | |
llvm-14-dev \ | |
make \ | |
parallel \ | |
python-is-python3 \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: ./autogen.sh | |
- run: ./configure --enable-unittests --enable-coccinelle | |
- run: make -j ${{ env.CPUS }} | |
- run: CONCURRENCY_LEVEL=${{ env.CPUS }} make check | |
- run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: make install-headers | |
- run: make install-library | |
ubuntu-22-04-cov-ut: | |
name: Ubuntu 22.04 (unittests coverage) | |
runs-on: ubuntu-latest | |
container: ubuntu:22.04 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
clang-14 \ | |
curl \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libhyperscan-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
llvm-14-dev \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
curl \ | |
dpdk-dev | |
# packaged Rust version is too old for coverage, so get from rustup | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: ./configure --enable-warnings --disable-shared --enable-unittests | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0" | |
- run: ./src/suricata -u -l /tmp/ | |
env: | |
LLVM_PROFILE_FILE: "/tmp/ut.profraw" | |
- run: llvm-profdata-14 merge -o ut.profdata /tmp/ut.profraw | |
- run: ./src/suricata --list-runmodes -l /tmp | |
env: | |
LLVM_PROFILE_FILE: "/tmp/listrunmodes.profraw" | |
- run: llvm-profdata-14 merge -o listrunmodes.profdata /tmp/listrunmodes.profraw | |
- run: ./src/suricata --list-keywords -l /tmp | |
env: | |
LLVM_PROFILE_FILE: "/tmp/lk.profraw" | |
- run: llvm-profdata-14 merge -o lk.profdata /tmp/lk.profraw | |
- run: ./src/suricata --list-app-layer-protos -l /tmp | |
env: | |
LLVM_PROFILE_FILE: "/tmp/la.profraw" | |
- run: llvm-profdata-14 merge -o la.profdata /tmp/la.profraw | |
- run: ./src/suricata --dump-features -c suricata.yaml -l /tmp | |
env: | |
LLVM_PROFILE_FILE: "/tmp/dumpfeatures.profraw" | |
- run: llvm-profdata-14 merge -o dumpfeatures.profdata /tmp/dumpfeatures.profraw | |
- run: ./src/suricata --dump-config -c suricata.yaml -l /tmp | |
env: | |
LLVM_PROFILE_FILE: "/tmp/dumpconfig.profraw" | |
- run: llvm-profdata-14 merge -o dumpconfig.profdata /tmp/dumpconfig.profraw | |
- run: llvm-cov-14 show ./src/suricata -instr-profile=ut.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt | |
- run: | | |
cd rust | |
cargo test --no-run | |
cd .. | |
env: | |
RUSTFLAGS: "-C instrument-coverage" | |
CARGO_INCREMENTAL: 0 | |
- run: | | |
$(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') | |
env: | |
LLVM_PROFILE_FILE: "/tmp/ct.profraw" | |
CARGO_INCREMENTAL: 0 | |
- run: llvm-profdata-14 merge -o ct.profdata /tmp/ct.profraw | |
- run: llvm-cov-14 show $(find rust/target/debug/deps/ -type f -regex 'rust/target/debug/deps/suricata\-[a-z0-9]+$') -instr-profile=ct.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt | |
- run: | | |
cd libhtp | |
make test | |
cd .. | |
env: | |
LLVM_PROFILE_FILE: "/tmp/htp-test.profraw" | |
- run: llvm-profdata-14 merge -o htp-test.profdata /tmp/htp-test.profraw | |
- run: llvm-cov-14 show libhtp/test/test_all -instr-profile=htp-test.profdata --show-instantiations --ignore-filename-regex="^/root/.*" >> coverage.txt | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
fail_ci_if_error: false | |
flags: unittests | |
ubuntu-22-04-cov-pcapunix: | |
name: Ubuntu 22.04 (unix socket mode coverage) | |
runs-on: ubuntu-latest | |
container: | |
image: ubuntu:22.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
llvm-14-dev \ | |
clang-14 \ | |
git \ | |
jq \ | |
inetutils-ping \ | |
libc++-dev \ | |
libc++abi-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
unzip \ | |
curl \ | |
time \ | |
wget | |
# specific version to match up to the llvm version in ubuntu below | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- name: Fix kernel mmap rnd bits | |
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with | |
# high-entropy ASLR in much newer kernels that GitHub runners are | |
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --with-gnu-ld --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" | |
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
- run: | | |
./qa/unix.sh "suricata-verify/" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/unix.profraw" | |
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') | |
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
fail_ci_if_error: false | |
flags: pcap | |
ubuntu-22-04-cov-afpdpdk: | |
name: Ubuntu 22.04 (afpacket and dpdk coverage) | |
runs-on: ubuntu-latest | |
container: | |
image: ubuntu:22.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
llvm-14-dev \ | |
clang-14 \ | |
git \ | |
jq \ | |
inetutils-ping \ | |
libc++-dev \ | |
libc++abi-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
unzip \ | |
curl \ | |
time \ | |
wget \ | |
dpdk-dev | |
# specific version to match up to the llvm version in ubuntu below | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- name: Fix kernel mmap rnd bits | |
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with | |
# high-entropy ASLR in much newer kernels that GitHub runners are | |
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --with-gnu-ld --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" | |
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
# IDS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/dpdk-ids.profraw" | |
# IPS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/dpdk-ips.profraw" | |
# AF_PACKET tests | |
- run: | | |
./.github/workflows/live/afp-ids.sh "2" "autofp" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/afp2-ids-autofp.profraw" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "2" "workers" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/afp2-ids-workers.profraw" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "3" "autofp" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/afp3-ids-autofp.profraw" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "3" "workers" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/afp3-ids-workers.profraw" | |
# PCAP | |
- run: | | |
./.github/workflows/live/pcap.sh "autofp" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/pcap-autofp.profraw" | |
- run: | | |
./.github/workflows/live/pcap.sh "single" | |
env: | |
LLVM_PROFILE_FILE: "/tmp/pcap-single.profraw" | |
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') | |
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
fail_ci_if_error: false | |
flags: livemode | |
ubuntu-24-04-pcap-unix: | |
name: Ubuntu 24.04 (pcap unix socket ASAN) | |
runs-on: ubuntu-latest | |
container: | |
image: ubuntu:24.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
llvm-18-dev \ | |
cargo \ | |
cbindgen \ | |
clang-18 \ | |
git \ | |
jq \ | |
libc++-dev \ | |
libc++abi-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
unzip \ | |
curl \ | |
time \ | |
wget \ | |
dpdk-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Fix kernel mmap rnd bits | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc | |
env: | |
CC: "clang-18" | |
CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-18" | |
- run: | | |
./qa/unix.sh "suricata-verify/" | |
ubuntu-24-04-asan-afpdpdk: | |
name: Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) | |
runs-on: ubuntu-latest | |
container: | |
image: ubuntu:24.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
llvm-18-dev \ | |
cargo \ | |
cbindgen \ | |
clang-18 \ | |
git \ | |
jq \ | |
inetutils-ping \ | |
libc++-dev \ | |
libc++abi-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
unzip \ | |
curl \ | |
time \ | |
wget \ | |
dpdk-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- name: Fix kernel mmap rnd bits | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --enable-dpdk --disable-shared --enable-gccprotect --localstatedir=/var --prefix=/usr --sysconfdir=/etc | |
env: | |
CC: "clang-18" | |
CFLAGS: "-g -fsanitize=address -fno-omit-frame-pointer" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-18" | |
# IDS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" | |
# IPS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" | |
# AF_PACKET tests | |
- run: | | |
./.github/workflows/live/afp-ids.sh "2" "autofp" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "2" "workers" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "3" "autofp" | |
- run: | | |
./.github/workflows/live/afp-ids.sh "3" "workers" | |
- run: | | |
./.github/workflows/live/pcap.sh "autofp" | |
- run: | | |
./.github/workflows/live/pcap.sh "single" | |
ubuntu-22-04-cov-fuzz: | |
name: Ubuntu 22.04 (fuzz corpus coverage) | |
runs-on: ubuntu-latest | |
container: | |
image: ubuntu:22.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
llvm-14-dev \ | |
clang-14 \ | |
git \ | |
jq \ | |
libc++-dev \ | |
libc++abi-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
unzip \ | |
curl \ | |
time \ | |
wget \ | |
dpdk-dev | |
# packaged Rust version is too old for coverage, so get from rustup | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.67.1 -y | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- name: Fix kernel mmap rnd bits | |
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with | |
# high-entropy ASLR in much newer kernels that GitHub runners are | |
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --enable-warnings --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect | |
env: | |
LIB_FUZZING_ENGINE: "fail_to_onefile_driver" | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror" | |
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
env: | |
CC: "clang-14" | |
CXX: "clang++-14" | |
RUSTFLAGS: "-C instrument-coverage" | |
- run: ./qa/run-ossfuzz-corpus.sh | |
- run: llvm-profdata-14 merge -o default.profdata $(find /tmp/ -name '*.profraw') | |
- run: llvm-cov-14 show ./src/suricata -instr-profile=default.profdata --show-instantiations --ignore-filename-regex="^/root/.*" > coverage.txt | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a | |
with: | |
fail_ci_if_error: false | |
flags: fuzzcorpus | |
ubuntu-20-04-ndebug: | |
name: Ubuntu 20.04 (-DNDEBUG) | |
runs-on: ubuntu-latest | |
container: ubuntu:20.04 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
libpcre2-dev \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags \ | |
dpdk-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-warnings --enable-unittests | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
- run: make dist | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# Now install and make sure headers and libraries aren't install | |
# until requested. | |
- run: make install | |
- run: test ! -e /usr/local/lib/libsuricata_c.a | |
- run: test ! -e /usr/local/include/suricata | |
- run: make install-headers | |
- run: test -e /usr/local/include/suricata/suricata.h | |
- run: make install-library | |
- run: test -e /usr/local/lib/libsuricata_c.a | |
- run: test -e /usr/local/lib/libsuricata_rust.a | |
- run: test -e /usr/local/bin/libsuricata-config | |
- run: test -e /usr/local/lib/libsuricata.so | |
- run: test -e /usr/local/lib/$(readlink /usr/local/lib/libsuricata.so) | |
- run: suricata-update -V | |
- run: suricatasc -h | |
ubuntu-20-04-too-old-rust: | |
name: Ubuntu 20.04 (unsupported rust) | |
runs-on: ubuntu-latest | |
container: ubuntu:20.04 | |
needs: ubuntu-22-04-dist | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
build-essential \ | |
curl \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libnuma-dev \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
libpcre2-dev \ | |
make \ | |
python3-yaml \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev \ | |
dpdk-dev | |
- run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- name: Download suricata.tar.gz | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: dist | |
- run: tar zxvf suricata-*.tar.gz --strip-components=1 | |
- run: | | |
if ./configure; then | |
echo "error: configure should have failed" | |
exit 1 | |
else | |
exit 0 | |
fi | |
ubuntu-22-04-debug-validation: | |
name: Ubuntu 22.04 (Debug Validation) | |
runs-on: ubuntu-22.04 | |
container: | |
image: ubuntu:22.04 | |
options: --privileged | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- name: Fix kernel mmap rnd bits | |
# Asan in llvm 14 provided in ubuntu 22.04 is incompatible with | |
# high-entropy ASLR in much newer kernels that GitHub runners are | |
# using leading to random crashes: https://github.com/actions/runner-images/issues/9491 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- run: ./autogen.sh | |
- run: ./configure --enable-warnings --enable-debug-validation | |
env: | |
CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" | |
LDFLAGS: "-fsanitize=address" | |
ac_cv_func_malloc_0_nonnull: "yes" | |
ac_cv_func_realloc_0_nonnull: "yes" | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
- name: Extracting suricata-verify | |
run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
# test build with afl and fuzztargets | |
ubuntu-22-04-fuzz: | |
name: Ubuntu 22.04 (Fuzz) | |
runs-on: ubuntu-22.04 | |
container: ubuntu:22.04 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
afl \ | |
afl-clang \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
git \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libpython2.7 \ | |
make \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: AFL_HARDEN=1 ac_cv_func_realloc_0_nonnull=yes ac_cv_func_malloc_0_nonnull=yes CFLAGS="-fsanitize=address -fno-omit-frame-pointer" CXXFLAGS=$CFLAGS CC=afl-clang-fast CXX=afl-clang-fast++ LDFLAGS="-fsanitize=address" ./configure --enable-warnings --enable-fuzztargets --disable-shared | |
- run: AFL_HARDEN=1 make -j ${{ env.CPUS }} | |
ubuntu-22-04-netmap-build: | |
name: Ubuntu 22.04 (Netmap build) | |
needs: [prepare-deps, prepare-cbindgen] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Restore Cache Netmap | |
uses: actions/cache/restore@v4 | |
id: netmap-cache | |
with: | |
path: netmap/ | |
key: netmap-git | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags | |
- name: Install Netmap dependencies | |
run: | | |
sudo apt -y install \ | |
build-essential \ | |
git \ | |
linux-headers-$(uname -r) | |
- name: Checkout Netmap repository | |
if: steps.netmap-cache.outputs.cache-hit != 'true' | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
with: | |
repository: luigirizzo/netmap | |
# gets cloned to $GITHUB_WORKSPACE/netmap/ | |
path: netmap/ | |
- name: Save Netmap Cache | |
if: steps.netmap-cache.outputs.cache-hit != 'true' | |
uses: actions/cache/save@v4 | |
with: | |
path: netmap/ | |
key: netmap-git | |
- name: Compile and install Netmap | |
run: | | |
cd $GITHUB_WORKSPACE/netmap/LINUX | |
./configure --no-drivers | |
make -j ${{ env.CPUS }} | |
sudo make install | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-netmap | |
- run: make -j ${{ env.CPUS }} | |
- run: ./src/suricata --build-info | grep -E "Netmap support:\s+yes" | |
ubuntu-22-04-minimal-recommended-build: | |
name: Ubuntu 22.04 (Minimal/Recommended Build) | |
needs: [prepare-deps, prepare-cbindgen] | |
runs-on: ubuntu-22.04 | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install git dependencies | |
run: | | |
sudo apt update | |
sudo apt -y install \ | |
git \ | |
libtool | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: ./autogen.sh | |
- name: Install minimal dependencies | |
run: ./scripts/docs-ubuntu-debian-minimal-build.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
- run: make -j ${{ env.CPUS }} | |
- run: ./src/suricata --build-info # check if we can run Suricata | |
ubuntu-22-04-dpdk-build: | |
name: Ubuntu 22.04 (DPDK Build) | |
runs-on: ubuntu-22.04 | |
container: ubuntu:22.04 | |
needs: [ prepare-deps, prepare-cbindgen ] | |
strategy: | |
matrix: | |
dpdk_version: [ 22.11.4, 21.11.6, 20.11.10, 19.11.14 ] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install dependencies | |
run: | | |
apt update | |
apt -y install \ | |
libpcre2-dev \ | |
build-essential \ | |
autoconf \ | |
automake \ | |
cargo \ | |
git \ | |
jq \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libnetfilter-queue-dev \ | |
libnetfilter-queue1 \ | |
libnfnetlink-dev \ | |
libnfnetlink0 \ | |
libhiredis-dev \ | |
libjansson-dev \ | |
libevent-dev \ | |
libevent-pthreads-2.1-7 \ | |
libpython2.7 \ | |
make \ | |
parallel \ | |
python3-yaml \ | |
rustc \ | |
software-properties-common \ | |
zlib1g \ | |
zlib1g-dev \ | |
exuberant-ctags | |
- name: Install DPDK dependencies | |
run: | | |
apt update | |
apt install -y \ | |
curl \ | |
build-essential \ | |
libnuma-dev \ | |
ninja-build \ | |
meson \ | |
python3-pip \ | |
python3-pyelftools \ | |
python3-setuptools \ | |
python3-wheel | |
- name: Compile and install DPDK | |
run: | | |
cd $HOME | |
rm -rf dpdk_${{ matrix.dpdk_version }} | |
find /usr/ -name 'librte_*.a' -delete | |
mkdir -p dpdk_${{ matrix.dpdk_version }} && cd dpdk_${{ matrix.dpdk_version }} | |
curl -fsLS https://fast.dpdk.org/rel/dpdk-${{ matrix.dpdk_version }}.tar.xz | tar -xJ --strip-components=1 | |
rm -rf build/ | |
meson setup -Dtests=false --prefix=/usr/ build | |
ninja -C build | |
ninja -C build install | |
ldconfig | |
cd $HOME | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-dpdk | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
# IDS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ids.yaml" | |
# IPS config | |
- run: | | |
./.github/workflows/live/dpdk.sh ".github/workflows/dpdk/suricata-null-ips.yaml" | |
debian-12: | |
name: Debian 12 | |
runs-on: ubuntu-latest | |
container: debian:12 | |
needs: [prepare-deps] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: apt update | |
- run: | | |
apt -y install \ | |
autoconf \ | |
automake \ | |
build-essential \ | |
cmake \ | |
curl \ | |
dpdk-dev \ | |
git \ | |
jq \ | |
make \ | |
libpcre3 \ | |
libpcre3-dbg \ | |
libpcre3-dev \ | |
libpcre2-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libmaxminddb-dev \ | |
libjansson-dev \ | |
libjansson4 \ | |
libnuma-dev \ | |
liblz4-dev \ | |
libssl-dev \ | |
liblzma-dev \ | |
pkg-config \ | |
python3 \ | |
python3-yaml \ | |
sphinx-doc \ | |
sphinx-common \ | |
texlive-latex-base \ | |
texlive-fonts-recommended \ | |
texlive-fonts-extra \ | |
texlive-latex-extra \ | |
zlib1g \ | |
zlib1g-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: ./.github/actions/install-cbindgen | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
# -j2 caused random failures during cargo vendor | |
- run: make distcheck | |
env: | |
DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" | |
- run: test -e doc/userguide/suricata.1 | |
- run: test -e doc/userguide/userguide.pdf | |
- name: Building Rust documentation | |
run: make doc | |
working-directory: rust | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
ubuntu-22-04-dist: | |
name: Ubuntu 22.04 Dist Builder | |
runs-on: ubuntu-latest | |
container: ubuntu:22.04 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
# Setup apt package caching. | |
- name: Setup apt package caching | |
run: | | |
echo 'Binary::apt::APT::Keep-Downloaded-Packages "true";' >> /etc/apt/apt.conf.d/99cache | |
echo 'APT::Keep-Downloaded-Packages "false";' >> /etc/apt/apt.conf.d/99cache | |
rm -f /etc/apt/apt.conf.d/docker-clean | |
- name: Cache apt downloads | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/apt/archives | |
key: ${{ github.job }}-apt | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: apt update | |
- run: | | |
apt -y install \ | |
autoconf \ | |
automake \ | |
build-essential \ | |
cargo \ | |
cmake \ | |
curl \ | |
git \ | |
jq \ | |
make \ | |
libpcre3 \ | |
libpcre3-dbg \ | |
libpcre3-dev \ | |
libpcre2-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libjansson-dev \ | |
libjansson4 \ | |
liblz4-dev \ | |
libssl-dev \ | |
liblzma-dev \ | |
pkg-config \ | |
python3 \ | |
python3-yaml \ | |
rustc \ | |
sphinx-doc \ | |
sphinx-common \ | |
texlive-latex-base \ | |
texlive-fonts-recommended \ | |
texlive-fonts-extra \ | |
texlive-latex-extra \ | |
zlib1g \ | |
zlib1g-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure | |
- run: make dist | |
- run: test -e doc/userguide/suricata.1 | |
- run: test -e doc/userguide/userguide.pdf | |
- name: Preparing distribution | |
run: | | |
mkdir dist | |
mv suricata-*.tar.gz dist | |
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 | |
name: Uploading distribution | |
with: | |
name: dist | |
path: dist | |
debian-12-msrv: | |
name: Debian 12 MSRV | |
runs-on: ubuntu-latest | |
container: debian:12 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: apt update | |
- run: | | |
apt -y install \ | |
autoconf \ | |
automake \ | |
build-essential \ | |
cmake \ | |
curl \ | |
dpdk-dev \ | |
git \ | |
jq \ | |
make \ | |
libpcre3 \ | |
libpcre3-dbg \ | |
libpcre3-dev \ | |
libpcre2-dev \ | |
libtool \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libmaxminddb-dev \ | |
libjansson-dev \ | |
libjansson4 \ | |
libnuma-dev \ | |
liblz4-dev \ | |
libssl-dev \ | |
liblzma-dev \ | |
pkg-config \ | |
python3 \ | |
python3-yaml \ | |
sphinx-doc \ | |
sphinx-common \ | |
texlive-latex-base \ | |
texlive-fonts-recommended \ | |
texlive-fonts-extra \ | |
texlive-latex-extra \ | |
zlib1g \ | |
zlib1g-dev | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $(grep rust-version rust/Cargo.toml.in|sed 's/\"//g'|awk '{print $3}') -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: ./.github/actions/install-cbindgen | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
- name: Building Rust documentation | |
run: make doc | |
working-directory: rust | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
debian-11: | |
name: Debian 11 (xdp) | |
runs-on: ubuntu-latest | |
container: debian:11 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
echo "deb http://deb.debian.org/debian bullseye-backports main" >> /etc/apt/sources.list | |
apt update | |
apt -y install \ | |
automake \ | |
autoconf \ | |
build-essential \ | |
ccache \ | |
curl \ | |
git \ | |
jq \ | |
libpcre2-dev \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libjansson-dev \ | |
libgeoip-dev \ | |
libhiredis-dev \ | |
libevent-dev \ | |
libtool \ | |
m4 \ | |
make \ | |
python3-yaml \ | |
pkg-config \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
clang \ | |
libbpf-dev \ | |
libelf-dev \ | |
libxdp-dev | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets --enable-ebpf --enable-ebpf-build | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
- run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
debian-10: | |
name: Debian 10 | |
runs-on: ubuntu-latest | |
container: debian:10 | |
needs: [prepare-deps, prepare-cbindgen] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- run: | | |
apt update | |
apt -y install \ | |
automake \ | |
autoconf \ | |
build-essential \ | |
ccache \ | |
curl \ | |
git \ | |
jq \ | |
libpcre2-dev \ | |
libpcap-dev \ | |
libnet1-dev \ | |
libyaml-0-2 \ | |
libyaml-dev \ | |
libcap-ng-dev \ | |
libcap-ng0 \ | |
libmagic-dev \ | |
libjansson-dev \ | |
libgeoip-dev \ | |
libhiredis-dev \ | |
libevent-dev \ | |
libtool \ | |
m4 \ | |
make \ | |
python3-yaml \ | |
pkg-config \ | |
sudo \ | |
zlib1g \ | |
zlib1g-dev \ | |
clang \ | |
libelf-dev | |
- name: Install Rust | |
run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain $RUST_VERSION_KNOWN -y | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- uses: ./.github/actions/install-cbindgen | |
- run: ./autogen.sh | |
- run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --enable-fuzztargets | |
- run: make -j ${{ env.CPUS }} | |
- run: make check | |
- run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
- run: suricatasc -h | |
macos-latest: | |
name: MacOS Latest | |
runs-on: macos-latest | |
needs: [prepare-deps] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- run: | | |
brew install \ | |
autoconf \ | |
automake \ | |
cbindgen \ | |
curl \ | |
hiredis \ | |
jansson \ | |
jq \ | |
libmagic \ | |
libnet \ | |
libtool \ | |
libyaml \ | |
pcre2 \ | |
pkg-config \ | |
python \ | |
rust \ | |
xz | |
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- name: Downloading prep archive | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xvf prep/libhtp.tar.gz | |
- run: tar xvf prep/suricata-update.tar.gz | |
- name: Create Python virtual environment | |
run: python3 -m venv ./testenv | |
- name: Install PyYAML | |
run: | | |
. ./testenv/bin/activate | |
pip install pyyaml | |
- run: ./autogen.sh | |
- run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-warnings --enable-unittests --prefix="$HOME/.local/" | |
- run: CPATH="$HOMEBREW_PREFIX/include:$CPATH" LIBRARY_PATH="$HOMEBREW_PREFIX/lib:$LIBRARY_PATH" PATH="/opt/homebrew/opt/libtool/libexec/gnubin:$PATH" CFLAGS="${DEFAULT_CFLAGS}" make -j2 | |
# somehow it gets included by some C++ stdlib header (case unsensitive) | |
- run: rm libhtp/VERSION && make check | |
- run: tar xf prep/suricata-verify.tar.gz | |
- name: Running suricata-verify | |
run: | | |
. ./testenv/bin/activate | |
python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- name: Check Suricata-Update | |
run: | | |
. ./testenv/bin/activate | |
which suricata-update | |
python3 $(which suricata-update) -V | |
- run: suricatasc -h | |
windows-msys2-mingw64-npcap: | |
name: Windows MSYS2 MINGW64 (NPcap) | |
runs-on: windows-latest | |
needs: [prepare-deps] | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- uses: msys2/setup-msys2@v2 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 | |
# hack: install our own cbindgen system wide as we can't get the | |
# preinstalled one to be picked up by configure | |
- name: cbindgen | |
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- name: Npcap DLL | |
run: | | |
curl -sL -O https://nmap.org/npcap/dist/npcap-1.00.exe | |
7z -y x -o/npcap-bin npcap-1.00.exe | |
# hack: place dlls in cwd | |
cp /npcap-bin/*.dll . | |
- name: Npcap SDK | |
run: | | |
curl -sL -O https://nmap.org/npcap/dist/npcap-sdk-1.06.zip | |
unzip npcap-sdk-1.06.zip -d /npcap | |
cp /npcap/Lib/x64/* /usr/lib/ | |
- run: tar xf prep/suricata-verify.tar.gz | |
- name: Build | |
run: | | |
./autogen.sh | |
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 | |
make -j3 | |
- name: Run | |
run: | | |
./src/suricata --build-info | |
./src/suricata -u -l /tmp/ | |
# need cwd in path due to npcap dlls (see above) | |
PATH="$PATH:$(pwd)" python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
windows-msys2-mingw64-libpcap: | |
name: Windows MSYS2 MINGW64 (libpcap) | |
runs-on: windows-latest | |
needs: [prepare-deps] | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- uses: msys2/setup-msys2@v2 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap | |
# hack: install our own cbindgen system wide as we can't get the | |
# preinstalled one to be picked up by configure | |
- name: cbindgen | |
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- run: tar xf prep/suricata-update.tar.gz | |
- run: tar xf prep/suricata-verify.tar.gz | |
- name: Build | |
run: | | |
./autogen.sh | |
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 | |
make -j3 | |
- name: Run | |
run: | | |
./src/suricata --build-info | |
./src/suricata -u -l /tmp/ | |
python3 ./suricata-verify/run.py -q --debug-failed | |
- run: make install | |
- run: suricata-update -V | |
windows-msys2-mingw64-windivert: | |
name: Windows MSYS2 MINGW64 (WinDivert) | |
runs-on: windows-latest | |
needs: [prepare-deps] | |
defaults: | |
run: | |
shell: msys2 {0} | |
steps: | |
- name: Cache ~/.cargo | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- uses: msys2/setup-msys2@v2 | |
with: | |
msystem: MINGW64 | |
update: true | |
install: git mingw-w64-x86_64-toolchain automake1.16 automake-wrapper autoconf libtool libyaml-devel pcre2-devel jansson-devel make mingw-w64-x86_64-libyaml mingw-w64-x86_64-pcre2 mingw-w64-x86_64-rust mingw-w64-x86_64-jansson unzip p7zip python-setuptools mingw-w64-x86_64-python-yaml mingw-w64-x86_64-jq mingw-w64-x86_64-libxml2 libpcap-devel mingw-w64-x86_64-libpcap | |
# hack: install our own cbindgen system wide as we can't get the | |
# preinstalled one to be picked up by configure | |
- name: cbindgen | |
run: cargo install --root /usr --force --debug --version 0.24.3 cbindgen | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
- run: git config --global --add safe.directory /__w/suricata/suricata | |
- uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: prep | |
path: prep | |
- run: tar xf prep/libhtp.tar.gz | |
- name: WinDivert | |
run: | | |
curl -sL -O https://github.com/basil00/Divert/releases/download/v1.4.3/WinDivert-1.4.3-A.zip | |
unzip WinDivert-1.4.3-A.zip -d /windivert | |
cp /windivert/WinDivert-1.4.3-A/x86_64/* /usr/lib/ | |
# hack: place dlls in cwd | |
cp /windivert/WinDivert-1.4.3-A/x86_64/*.dll . | |
- name: Build | |
run: | | |
./autogen.sh | |
CFLAGS="-ggdb -Werror" ./configure --enable-warnings --enable-gccprotect --disable-gccmarch-native --disable-shared --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64 | |
make -j3 | |
- name: Run | |
run: | | |
# need cwd in path due to dlls (see above) | |
PATH="$PATH:$(pwd)" ./src/suricata --build-info | |
- run: make install | |
pf-ring: | |
name: PF_RING | |
runs-on: ubuntu-latest | |
container: almalinux:9 | |
needs: [prepare-deps, ubuntu-22-04-dist] | |
steps: | |
# Cache Rust stuff. | |
- name: Cache cargo registry | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: ~/.cargo/registry | |
key: cargo-registry | |
- name: Cache RPMs | |
uses: actions/cache@13aacd865c20de90d75de3b17ebe84f7a17d57d2 | |
with: | |
path: /var/cache/dnf | |
key: ${{ github.job }}-dnf | |
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf | |
- name: Determine number of CPUs | |
run: echo CPUS=$(nproc --all) >> $GITHUB_ENV | |
- name: Install system packages | |
run: | | |
dnf -y install dnf-plugins-core epel-release | |
dnf config-manager --set-enabled crb | |
dnf -y install \ | |
autoconf \ | |
automake \ | |
diffutils \ | |
numactl-devel \ | |
dpdk-devel \ | |
file-devel \ | |
gcc \ | |
gcc-c++ \ | |
git \ | |
jansson-devel \ | |
libtool \ | |
libyaml-devel \ | |
libnfnetlink-devel \ | |
libnetfilter_queue-devel \ | |
libnet-devel \ | |
libcap-ng-devel \ | |
libevent-devel \ | |
libmaxminddb-devel \ | |
libpcap-devel \ | |
libtool \ | |
lz4-devel \ | |
make \ | |
pcre2-devel \ | |
pkgconfig \ | |
python3-devel \ | |
python3-sphinx \ | |
python3-yaml \ | |
rust-toolset \ | |
sudo \ | |
which \ | |
zlib-devel | |
- name: Install PF_RING | |
run: | | |
curl https://packages.ntop.org/centos-stable/ntop.repo > /etc/yum.repos.d/ntop.repo | |
dnf install -y pfring | |
- name: Download suricata.tar.gz | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 | |
with: | |
name: dist | |
- run: tar xf suricata-*.tar.gz --strip-components=1 | |
- run: ./configure --enable-pfring | |
- run: make -j ${CPUS} | |
- run: make install | |
- run: test -e /usr/local/lib/suricata/pfring.so |