Skip to content

Next/20221122/v4 #8198

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
victorjulien merged 11 commits into from
Nov 22, 2022
Merged

Next/20221122/v4 #8198

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
7fd3aaa
ci: build with -Werror for -Wimplicit-int-conversion
catenacyber Nov 1, 2022
222f2ac
ci: remove unnecessary write permission to github workflow
catenacyber Jun 17, 2022
0c00f28
afpacket/netmap: warn about mixed ips, ids/tap deprecation
jasonish Oct 19, 2022
2edfff7
src: unify how warnings specify ticket id's
victorjulien Nov 22, 2022
c6349d3
http2: support padded data frames
catenacyber Nov 21, 2022
086b28d
http2: fix decompression buffering
catenacyber Nov 21, 2022
814a76a
github-ci: better .cargo caching
jasonish Nov 18, 2022
0dddfbc
github-ci: cache RPMs on dnf distros
jasonish Nov 18, 2022
6da066c
github-ci/macos: don't force cbindgen
jasonish Nov 18, 2022
1c13efb
github-ci/windows: cache cargo artifacts
jasonish Nov 18, 2022
bf1c185
github-ci/centos:7: cache yum RPMs
jasonish Nov 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
145 changes: 115 additions & 30 deletions .github/workflows/builds.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,6 @@ jobs:
name: Prepare dependencies
runs-on: ubuntu-latest
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: cargo
- run: sudo apt update && sudo apt -y install jq curl
- name: Parse repo and branch information
env:
Expand Down Expand Up @@ -126,7 +121,7 @@ jobs:
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: cbindgen
key: ${{ github.job }}-cargo
- name: Installing Rust
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y
Expand All @@ -152,8 +147,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- uses: actions/checkout@v3.1.0

Expand Down Expand Up @@ -260,8 +262,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- uses: actions/checkout@v3.1.0

Expand Down Expand Up @@ -380,6 +389,19 @@ jobs:
container: centos:7
needs: [prepare-deps, alma-8]
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/yum
key: ${{ github.job }}-yum
- run: echo "keepcache=1" >> /etc/yum.conf

- name: Install system dependencies
run: |
yum -y install epel-release
Expand Down Expand Up @@ -451,8 +473,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- run: |
dnf -y install \
Expand Down Expand Up @@ -541,8 +570,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- run: |
dnf -y install \
Expand Down Expand Up @@ -635,8 +671,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- run: |
dnf -y install \
Expand Down Expand Up @@ -726,8 +769,15 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Cache RPMs
uses: actions/cache@v3
with:
path: /var/cache/dnf
key: ${{ github.job }}-dnf
- run: echo "keepcache=1" >> /etc/dnf/dnf.conf

- run: |
dnf -y install \
Expand Down Expand Up @@ -789,6 +839,11 @@ jobs:
container: ubuntu:22.04
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Install dependencies
run: |
apt update
Expand Down Expand Up @@ -901,6 +956,11 @@ jobs:
container: ubuntu:22.04
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Install dependencies
run: |
apt update
Expand Down Expand Up @@ -969,7 +1029,7 @@ jobs:
CC: "clang-14"
CXX: "clang++-14"
RUSTFLAGS: "-C instrument-coverage"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion"
CFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -fPIC -Wno-unused-parameter -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -Wimplicit-int-float-conversion -Wimplicit-int-conversion -Werror"
CXXFLAGS: "-fprofile-instr-generate -fcoverage-mapping -O0 -g -fno-strict-aliasing -fsanitize=address -fno-omit-frame-pointer -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1 -stdlib=libc++ -Wimplicit-int-float-conversion -Wimplicit-int-conversion"
ac_cv_func_malloc_0_nonnull: "yes"
ac_cv_func_realloc_0_nonnull: "yes"
Expand All @@ -993,6 +1053,11 @@ jobs:
container: ubuntu:20.04
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Install dependencies
run: |
Expand Down Expand Up @@ -1077,6 +1142,11 @@ jobs:
container: ubuntu:20.04
needs: alma-8
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- name: Install dependencies
run: |
apt update
Expand Down Expand Up @@ -1135,8 +1205,8 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Install dependencies
run: |
Expand Down Expand Up @@ -1207,8 +1277,8 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Install dependencies
run: |
Expand Down Expand Up @@ -1302,8 +1372,8 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- name: Install dependencies
run: |
Expand Down Expand Up @@ -1365,8 +1435,8 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo

- run: |
apt update
Expand Down Expand Up @@ -1435,6 +1505,11 @@ jobs:
container: debian:9
needs: [prepare-deps, prepare-cbindgen]
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- run: |
apt update
apt -y install \
Expand Down Expand Up @@ -1503,8 +1578,8 @@ jobs:
- name: Cache cargo registry
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo/registry
key: cargo-registry
path: ~/.cargo
key: ${{ github.job }}-cargo
- run: |
brew install \
autoconf \
Expand All @@ -1523,7 +1598,7 @@ jobs:
rust \
xz
- name: Install cbindgen
run: cargo install --force --debug --version 0.24.3 cbindgen
run: cargo install --debug --version 0.24.3 cbindgen
- run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- run: pip3 install PyYAML
- uses: actions/checkout@v3.1.0
Expand Down Expand Up @@ -1554,6 +1629,11 @@ jobs:
run:
shell: msys2 {0}
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- uses: actions/checkout@v3.1.0
- uses: msys2/setup-msys2@fa138fa56e2558760b9f2205135313c7345c5f3f
with:
Expand Down Expand Up @@ -1605,6 +1685,11 @@ jobs:
run:
shell: msys2 {0}
steps:
- name: Cache ~/.cargo
uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7
with:
path: ~/.cargo
key: ${{ github.job }}-cargo
- uses: actions/checkout@v3.1.0
- uses: msys2/setup-msys2@v2
with:
Expand Down
1 change: 0 additions & 1 deletion .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ jobs:
permissions:
actions: read
contents: read
packages: write
security-events: write


Expand Down
8 changes: 6 additions & 2 deletions rust/src/http2/decompression.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,11 @@ impl HTTP2cursor {
pub fn set_position(&mut self, pos: u64) {
return self.cursor.set_position(pos);
}

pub fn clear(&mut self) {
self.cursor.get_mut().clear();
self.cursor.set_position(0);
}
}

// we need to implement this as flate2 and brotli crates
Expand Down Expand Up @@ -156,8 +161,7 @@ fn http2_decompress<'a>(
}
}
//brotli does not consume all input if it reaches some end

decoder.get_mut().set_position(0);
decoder.get_mut().clear();
return Ok(&output[..offset]);
}

Expand Down
8 changes: 6 additions & 2 deletions rust/src/http2/http2.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -933,6 +933,7 @@ impl HTTP2State {
let over = head.flags & parser::HTTP2_FLAG_HEADER_EOS != 0;
let ftype = head.ftype;
let sid = head.stream_id;
let padded = head.flags & parser::HTTP2_FLAG_HEADER_PADDED != 0;
if dir == Direction::ToServer {
tx.frames_ts.push(HTTP2Frame {
header: head,
Expand All @@ -956,9 +957,12 @@ impl HTTP2State {
} else {
tx_same.ft_ts.tx_id = tx_same.tx_id - 1;
};

let mut dinput = &rem[..hlsafe];
if padded && rem.len() > 0 && usize::from(rem[0]) < hlsafe{
dinput = &rem[1..hlsafe - usize::from(rem[0])];
}
match tx_same.decompress(
&rem[..hlsafe],
dinput,
dir,
sfcm,
over,
Expand Down
2 changes: 1 addition & 1 deletion rust/src/http2/parser.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -585,7 +585,7 @@ pub struct HTTP2FrameHeaders {
//end stream
pub const HTTP2_FLAG_HEADER_EOS: u8 = 0x1;
pub const HTTP2_FLAG_HEADER_END_HEADERS: u8 = 0x4;
const HTTP2_FLAG_HEADER_PADDED: u8 = 0x8;
pub const HTTP2_FLAG_HEADER_PADDED: u8 = 0x8;
const HTTP2_FLAG_HEADER_PRIORITY: u8 = 0x20;

fn http2_parse_headers_blocks<'a>(
Expand Down
2 changes: 1 addition & 1 deletion src/detect-engine-address.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -462,7 +462,7 @@ static int DetectAddressParseString(DetectAddress *dd, const char *str)
if (cidr < 0) {
SCLogError(SC_ERR_INVALID_SIGNATURE,
"netmask \"%s\" is not usable. Only netmasks that are compatible with "
"CIDR notation are supported. See #5168.",
"CIDR notation are supported. See ticket #5168.",
mask);
goto error;
}
Expand Down
5 changes: 3 additions & 2 deletions src/output-json-stats.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -401,8 +401,9 @@ static OutputInitResult OutputStatsLogInitSub(ConfNode *conf, OutputCtx *parent_

if (stats_decoder_events &&
strcmp(stats_decoder_events_prefix, "decoder") == 0) {
SCLogWarning(SC_WARN_EVE_MISSING_EVENTS, "eve.stats will not display "
"all decoder events correctly. See #2225. Set a prefix in "
SCLogWarning(SC_WARN_EVE_MISSING_EVENTS,
"eve.stats will not display "
"all decoder events correctly. See ticket #2225. Set a prefix in "
"stats.decoder-events-prefix.");
}

Expand Down
4 changes: 3 additions & 1 deletion src/runmode-af-packet.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -738,7 +738,9 @@ int AFPRunModeIsIPS()
}

if (has_ids && has_ips) {
SCLogInfo("AF_PACKET mode using IPS and IDS mode");
SCLogWarning(SC_ERR_INVALID_ARGUMENT,
"AF_PACKET using both IPS and TAP/IDS mode, this will not "
"be allowed in Suricata 8 due to undefined behavior. See ticket #5588.");
for (ldev = 0; ldev < nlive; ldev++) {
const char *live_dev = LiveGetDeviceName(ldev);
if (live_dev == NULL) {
Expand Down
Loading