diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index 4633faf965de..7f8f8b593041 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -26,10 +26,10 @@ env: # A recent version of stable Rust that is known to pass build, test and other # verification steps in this workflow. This was added because using "stable" # could cause some steps to fail. - RUST_VERSION_KNOWN: "1.62.0" + RUST_VERSION_KNOWN: "1.70.0" # The minimum version of Rust supported. - RUST_VERSION_MIN: "1.58.1" + RUST_VERSION_MIN: "1.63.0" jobs: @@ -1242,200 +1242,6 @@ jobs: - run: suricata-update -V - run: suricatasc -h - fedora-36-clang: - name: Fedora 36 (clang, debug, asan, wshadow, rust-strict, systemd) - runs-on: ubuntu-latest - container: fedora:36 - needs: [prepare-deps, prepare-cbindgen] - steps: - - # Cache Rust stuff. - - name: Cache cargo registry - uses: actions/cache@v3.3.1 - with: - path: ~/.cargo - key: ${{ github.job }}-cargo - - - name: Cache RPMs - uses: actions/cache@v3.3.1 - with: - path: /var/cache/dnf - key: ${{ github.job }}-dnf - - run: echo "keepcache=1" >> /etc/dnf/dnf.conf - - - run: | - dnf -y install \ - autoconf \ - automake \ - cargo \ - ccache \ - clang \ - diffutils \ - file-devel \ - gcc \ - gcc-c++ \ - git \ - hiredis-devel \ - jansson-devel \ - jq \ - lua-devel \ - libasan \ - libtool \ - libyaml-devel \ - libnfnetlink-devel \ - libnetfilter_queue-devel \ - libnet-devel \ - libcap-ng-devel \ - libevent-devel \ - libmaxminddb-devel \ - libpcap-devel \ - libxdp-devel \ - libbpf-devel \ - libtool \ - lz4-devel \ - make \ - nss-softokn-devel \ - pcre2-devel \ - pkgconfig \ - python3-yaml \ - sudo \ - systemd-devel \ - which \ - zlib-devel - - uses: actions/checkout@v3.5.3 - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: prep - path: prep - - run: tar xf prep/libhtp.tar.gz - - run: tar xf prep/suricata-update.tar.gz - - name: Setup cbindgen - run: | - mkdir -p $HOME/.cargo/bin - cp prep/cbindgen $HOME/.cargo/bin - chmod 755 $HOME/.cargo/bin/cbindgen - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - run: ./autogen.sh - - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua - env: - LDFLAGS: "-fsanitize=address" - ac_cv_func_realloc_0_nonnull: "yes" - ac_cv_func_malloc_0_nonnull: "yes" - - run: make -j2 - - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - - name: Extracting suricata-verify - run: tar xf prep/suricata-verify.tar.gz - - name: Running suricata-verify - run: python3 ./suricata-verify/run.py -q - # Now install and make sure headers and libraries aren't install - # until requested. - - run: make install - - run: test ! -e /usr/local/lib/libsuricata_c.a - - run: test ! -e /usr/local/include/suricata - - run: make install-headers - - run: test -e /usr/local/include/suricata/suricata.h - - run: make install-library - - run: test -e /usr/local/lib/libsuricata_c.a - - run: test -e /usr/local/lib/libsuricata_rust.a - - run: test -e /usr/local/bin/libsuricata-config - - run: test ! -e /usr/local/lib/libsuricata.so - - run: make install - - run: suricata-update -V - - run: suricatasc -h - # Check compilation against systemd - - run: ldd src/suricata | grep libsystemd &> /dev/null - - fedora-36-gcc: - name: Fedora 36 (gcc, debug, asan, wshadow, rust-strict) - runs-on: ubuntu-latest - container: fedora:36 - needs: [prepare-deps, prepare-cbindgen] - steps: - - # Cache Rust stuff. - - name: Cache cargo registry - uses: actions/cache@v3.3.1 - with: - path: ~/.cargo/registry - key: cargo-registry - - - run: | - dnf -y install \ - autoconf \ - automake \ - cargo \ - ccache \ - diffutils \ - file-devel \ - gcc \ - gcc-c++ \ - git \ - hiredis-devel \ - jansson-devel \ - jq \ - lua-devel \ - libasan \ - libtool \ - libyaml-devel \ - libnfnetlink-devel \ - libnetfilter_queue-devel \ - libnet-devel \ - libcap-ng-devel \ - libevent-devel \ - libmaxminddb-devel \ - libpcap-devel \ - libtool \ - lz4-devel \ - make \ - nss-softokn-devel \ - pcre2-devel \ - pkgconfig \ - python3-yaml \ - sudo \ - which \ - zlib-devel - - uses: actions/checkout@v3.5.3 - - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a - with: - name: prep - path: prep - - run: tar xf prep/libhtp.tar.gz - - run: tar xf prep/suricata-update.tar.gz - - name: Setup cbindgen - run: | - mkdir -p $HOME/.cargo/bin - cp prep/cbindgen $HOME/.cargo/bin - chmod 755 $HOME/.cargo/bin/cbindgen - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - run: ./autogen.sh - - run: ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue - env: - CFLAGS: "${{ env.DEFAULT_CFLAGS }} -Wshadow -fsanitize=address -fno-omit-frame-pointer" - LDFLAGS: "-fsanitize=address" - ac_cv_func_realloc_0_nonnull: "yes" - ac_cv_func_malloc_0_nonnull: "yes" - - run: make -j2 - - run: ASAN_OPTIONS="detect_leaks=0" ./src/suricata -u -l . - - name: Extracting suricata-verify - run: tar xf prep/suricata-verify.tar.gz - - name: Running suricata-verify - run: python3 ./suricata-verify/run.py -q - # Now install and make sure headers and libraries aren't install - # until requested. - - run: make install - - run: test ! -e /usr/local/lib/libsuricata_c.a - - run: test ! -e /usr/local/include/suricata - - run: make install-headers - - run: test -e /usr/local/include/suricata/suricata.h - - run: make install-library - - run: test -e /usr/local/lib/libsuricata_c.a - - run: test -e /usr/local/lib/libsuricata_rust.a - - run: test -e /usr/local/bin/libsuricata-config - - run: test ! -e /usr/local/lib/libsuricata.so - - run: make install - - run: suricata-update -V - - run: suricatasc -h - # This job builds and tests Suricata as a non-root user as some # issues only show up when not running as root, and by default all # jobs in GitHub actions are run as root inside the container. @@ -1896,7 +1702,7 @@ jobs: name: Ubuntu 20.04 (unsupported rust) runs-on: ubuntu-latest container: ubuntu:20.04 - needs: almalinux-8 + needs: debian-12-dist steps: - name: Cache ~/.cargo uses: actions/cache@v3.3.1 @@ -1935,7 +1741,7 @@ jobs: zlib1g \ zlib1g-dev \ dpdk-dev - - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.33.0 -y + - run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain 1.62.0 -y - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH - name: Download suricata.tar.gz uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a @@ -2538,6 +2344,93 @@ jobs: name: dist path: dist + debian-12-msrv: + name: Debian 12 MSRV + runs-on: ubuntu-latest + container: debian:12 + needs: [prepare-deps, prepare-cbindgen] + steps: + # Cache Rust stuff. + - name: Cache cargo registry + uses: actions/cache@v3.3.1 + with: + path: ~/.cargo + key: ${{ github.job }}-cargo + + - run: apt update + - run: | + apt -y install \ + autoconf \ + automake \ + build-essential \ + cmake \ + curl \ + dpdk-dev \ + git \ + jq \ + make \ + libpcre3 \ + libpcre3-dbg \ + libpcre3-dev \ + libpcre2-dev \ + libtool \ + libpcap-dev \ + libnet1-dev \ + libyaml-0-2 \ + libyaml-dev \ + libcap-ng-dev \ + libcap-ng0 \ + libmagic-dev \ + libmaxminddb-dev \ + libjansson-dev \ + libjansson4 \ + liblua5.1-dev \ + libnss3-dev \ + libnspr4-dev \ + libnuma-dev \ + liblz4-dev \ + libssl-dev \ + liblzma-dev \ + pkg-config \ + python3 \ + python3-yaml \ + sphinx-doc \ + sphinx-common \ + texlive-latex-base \ + texlive-fonts-recommended \ + texlive-fonts-extra \ + texlive-latex-extra \ + zlib1g \ + zlib1g-dev + - name: Install Rust + run: curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y + - run: echo "$HOME/.cargo/bin" >> $GITHUB_PATH + - uses: actions/checkout@v3.5.3 + - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a + with: + name: prep + path: prep + - name: Setup cbindgen + run: | + mkdir -p $HOME/.cargo/bin + cp prep/cbindgen $HOME/.cargo/bin + chmod 755 $HOME/.cargo/bin/cbindgen + - run: tar xf prep/libhtp.tar.gz + - run: tar xf prep/suricata-update.tar.gz + - run: tar xf prep/suricata-verify.tar.gz + - run: ./autogen.sh + - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk + - run: make -j2 + - run: make check + - name: Building Rust documentation + run: make doc + working-directory: rust + - name: Running suricata-verify + run: python3 ./suricata-verify/run.py -q + - run: make install + - run: suricata-update -V + - run: suricatasc -h + debian-11: name: Debian 11 (xdp) runs-on: ubuntu-latest diff --git a/configure.ac b/configure.ac index 85ef19221b6a..1ff2f39df796 100644 --- a/configure.ac +++ b/configure.ac @@ -2277,7 +2277,7 @@ fi cargo_version_output=$($CARGO --version) cargo_version=$(echo "$cargo_version_output" | sed 's/^.*[[^0-9]]\([[0-9]]*\.[[0-9]]*\.[[0-9]]*\).*$/\1/') - MIN_RUSTC_VERSION="1.58.1" # MSRV + MIN_RUSTC_VERSION="1.63.0" # MSRV AC_MSG_CHECKING(for Rust version $MIN_RUSTC_VERSION or newer) AS_VERSION_COMPARE([$rustc_version], [$MIN_RUSTC_VERSION], [ diff --git a/doc/userguide/rules/http-keywords.rst b/doc/userguide/rules/http-keywords.rst index fa8c5ff1e25e..a8e551c18983 100644 --- a/doc/userguide/rules/http-keywords.rst +++ b/doc/userguide/rules/http-keywords.rst @@ -152,7 +152,7 @@ with relative modifiers. http.method ----------- -With the ``http.method`` content modifier, it is possible to match +With the ``http.method`` sticky buffer, it is possible to match specifically and only on the HTTP method buffer. The keyword can be used in combination with all previously mentioned content modifiers such as: ``depth``, ``distance``, ``offset``, ``nocase`` and ``within``. @@ -177,7 +177,7 @@ Example of the purpose of method: http.uri and http.uri.raw ------------------------- -With the ``http.uri`` and the ``http.uri.raw`` content modifiers, it +With the ``http.uri`` and the ``http.uri.raw`` sticky buffers, it is possible to match specifically and only on the request URI buffer. The keyword can be used in combination with all previously mentioned content modifiers like ``depth``, ``distance``, ``offset``, @@ -209,7 +209,7 @@ uricontent ---------- The ``uricontent`` keyword has the exact same effect as the -``http.uri`` content modifier. ``uricontent`` is a deprecated +``http.uri`` sticky buffer. ``uricontent`` is a deprecated (although still supported) way to match specifically and only on the request URI buffer. @@ -289,11 +289,11 @@ Example:: http.header and http.header.raw ------------------------------- -With the ``http.header`` content modifier, it is possible to match +With the ``http.header`` sticky buffer, it is possible to match specifically and only on the HTTP header buffer. This contains all of the extracted headers in a single buffer, except for those indicated in the documentation that are not able to match by this buffer and -have their own content modifier (e.g. ``http.cookie``). The modifier +have their own sticky buffer (e.g. ``http.cookie``). The sticky buffer can be used in combination with all previously mentioned content modifiers, like ``depth``, ``distance``, ``offset``, ``nocase`` and ``within``. @@ -349,7 +349,7 @@ Example ``http.cookie`` keyword in a signature: http.user_agent --------------- -The ``http.user_agent`` content modifier is part of the HTTP request +The ``http.user_agent`` sticky buffer is part of the HTTP request header. It makes it possible to match specifically on the value of the User-Agent header. It is normalized in the sense that it does not include the _"User-Agent: "_ header name and separator, nor does it @@ -548,7 +548,7 @@ Example to make sure *User-Agent* is after *Host*, but not necessarily directly http.request_body ----------------- -With the ``http.request_body`` content modifier, it is possible to +With the ``http.request_body`` sticky buffer, it is possible to match specifically and only on the HTTP request body. The keyword can be used in combination with all previously mentioned content modifiers like ``distance``, ``offset``, ``nocase``, ``within``, etc. @@ -573,7 +573,7 @@ setting. http.stat_code -------------- -With the ``http.stat_code`` content modifier, it is possible to match +With the ``http.stat_code`` sticky buffer, it is possible to match specifically and only on the HTTP status code buffer. The keyword can be used in combination with all previously mentioned content modifiers like ``distance``, ``offset``, ``nocase``, ``within``, etc. @@ -589,7 +589,7 @@ Example of the purpose of ``http.stat_code``: http.stat_msg ------------- -With the ``http.stat_msg`` content modifier, it is possible to match +With the ``http.stat_msg`` sticky buffer, it is possible to match specifically and only on the HTTP status message buffer. The keyword can be used in combination with all previously mentioned content modifiers like ``depth``, ``distance``, ``offset``, ``nocase`` and @@ -615,7 +615,7 @@ Example:: http.response_body ------------------ -With the ``http.response_body`` content modifier, it is possible to +With the ``http.response_body`` sticky buffer, it is possible to match specifically and only on the HTTP response body. The keyword can be used in combination with all previously mentioned content modifiers like ``distance``, ``offset``, ``nocase``, ``within``, etc. @@ -674,7 +674,7 @@ Example:: http.host and http.host.raw --------------------------- -With the ``http.host`` content modifier, it is possible to +With the ``http.host`` sticky buffer, it is possible to match specifically and only the normalized hostname. The ``http.host.raw`` inspects the raw hostname. diff --git a/etc/schema.json b/etc/schema.json index 3fa763603ae3..32510a6198fa 100644 --- a/etc/schema.json +++ b/etc/schema.json @@ -1791,95 +1791,6 @@ }, "additionalProperties": false }, - "http2": { - "type": "object", - "properties": { - "http_method": { - "type": "string" - }, - "http_user_agent": { - "type": "string" - }, - "length": { - "type": "integer" - }, - "status": { - "type": "integer" - }, - "url": { - "type": "string" - }, - "version": { - "type": "string" - }, - "request_headers": { - "type": "array", - "minItems": 1, - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "table_size_update": { - "type": "integer" - }, - "value": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "response_headers": { - "type": "array", - "minItems": 1, - "items": { - "type": "object", - "properties": { - "name": { - "type": "string" - }, - "table_size_update": { - "type": "integer" - }, - "value": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "http2": { - "type": "object", - "properties": { - "stream_id": { - "type": "integer" - }, - "request": { - "type": "object", - "properties": { - "priority": { - "type": "integer" - } - }, - "additionalProperties": false - }, - "response": { - "type": "object", - "properties": { - "error_code": { - "type": "string" - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - } - }, - "additionalProperties": false - }, "ike": { "type": "object", "optional": true, diff --git a/src/output-json-file.c b/src/output-json-file.c index 540e1be001f7..a0ce76d71f01 100644 --- a/src/output-json-file.c +++ b/src/output-json-file.c @@ -174,7 +174,7 @@ JsonBuilder *JsonBuildFileInfoRecord(const Packet *p, const File *ff, void *tx, break; case ALPROTO_HTTP2: jb_get_mark(js, &mark); - jb_open_object(js, "http2"); + jb_open_object(js, "http"); if (EveHTTP2AddMetadata(p->flow, tx_id, js)) { jb_close(js); } else {