Victor Julien [Sat, 23 Mar 2024 19:17:54 +0000 (20:17 +0100)]
defrag: fix wrong datalink being logged
Eve's packet_info.linktype should correctly indicated what the `packet`
field contains. Until now it was using DLT_RAW even if Ethernet or other
L2+ headers were present.
This commit records the datalink of the packet creating the first
fragment, which can include the L2+ header data.
eve/stats: allow hiding counters whose valued is 0
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.
Jason Ish [Fri, 12 Apr 2024 03:29:50 +0000 (21:29 -0600)]
automake/rust: remove path.lib
Remove the path.lib parameter that is substituted into the output
Cargo.toml by autoconf. Instead, as part of the build, "cd" into the
source directory. We already set the Rust target directory to the
external build directory.
This makes the Cargo.toml more generic, and in a format suitable for
publishing to crates.io. It also makes it easier to pull in external
crates without needing to patch up their Cargo.toml, for example, it
might make pulling libhtp-rs easier.
With the addition of exception policy stats counters, the human readable
version of the sats log was mis-aligned, when counters for per-app-proto
were enabled.
Width change made large enough to accomodate a counter as long as
"app_layer.error.bittorrent-dht.exception_policy.pass_packet" which
could be valid.
While our documentation indicated what were the possible configuration
settings for exception policies, our yaml only explicitly mentioned
exception policy for the master switch. Clearly indicate which config
settings are about exception policies.
Some exception policies can only be applied to entire flows or
individual packets, for some exception scenarios. Make this easier to
read, in the documentation.
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.
Lukas Sismis [Sat, 23 Mar 2024 22:11:16 +0000 (23:11 +0100)]
dpdk: fix thread slot assignment
Commit 5592ec07 introduced a bug where ptv->slot was
assigned with the current one instead of the next one
in the list. This caused a Suricata crash in the DPDK mode.
It's pretty comprehensive (i.e. uses it for reload notification too), but
still relatively short.
In the past, I have been telling anyone who wanted to listen that if all you
want is sd_notify() then don't bother linking to libsystemd, since the
protocol is stable and should be considered the API, not our C wrapper
around it. After all, the protocol is so trivial"
This commit takes the example code and uses it to reimplement the notify
logic.
The code is enabled if Linux is detected in configure. Since the code
won't do anything if the NOTIFY_SOCKET env var isn't set, this should
also work fine on systems w/o systemd.
Jason Ish [Fri, 5 Apr 2024 16:33:14 +0000 (10:33 -0600)]
configure: .git can be a file as well
In worktree scenarios, .git is a file. Assuming its a directory causes
the release date to check the ChangeLog instead of the last commit,
while not a big issue, can be confusing.
Victor Julien [Thu, 4 Apr 2024 15:51:48 +0000 (17:51 +0200)]
host-info: remove pcre2_substring_list_free use
Function prototype has changed in a recent release. Rather than dealing
with detecting that, fall back to our regular pattern of using
pcre2_substring_copy_bynumber().
Jason Ish [Tue, 2 Apr 2024 17:04:08 +0000 (11:04 -0600)]
github-ci: set checkout directory as safe before running git commands
While the checkout job appears to do this, it is done with a different
version of git which seems to be the cause for it not having an effect
when doing manual git operations from within a job.
Also removes duplicate checkout statements in Windows builds.
Jason Ish [Mon, 1 Apr 2024 16:37:49 +0000 (10:37 -0600)]
configure: export release date for documentation
Sphinx embeds a date in the generated man pages, and to provide
reproducible builds this date needs to be provided to Sphinx,
otherwise it will use the current date.
If building from Git, extract the date from the most recent commit. In
a release, this commit would be the commit that sets the version so is
accurate.
If .git does not exist, use the most recent data found in the
ChangeLog.
The ChangeLog is not used when building from git, as the main/master
branch may not have recent enough timestamps.
This should provide a consistent date when re-building the
distribution from the same non-git archive, or from the same git
commit.
Jason Ish [Mon, 1 Apr 2024 16:35:39 +0000 (10:35 -0600)]
docs/userguide: use a consistent date for reproducible builds
By default, when Sphinx generates the man pages, the current date will
be embedded in them. This can be set to a specific date with the
"today" variable. Typically the date embedded in manpages in the
release date.
To achieve this, attempt to use the environment variable, RELEASE_DATE
to set the "today" variable, reverting back to the empty string if not
set. It is up to our build system to properly set this date.
projects / thirdparty / suricata.git / log
