Commit Graph

133 Commits (7005443b8bbe521399a98dbafb7ea07e7db952bb)

Author SHA1 Message Date
Victor Julien 048e538828 wirefuzz: add -N option to count complete passes 10 years ago
Victor Julien 7299388d05 wirefuzz: improve logfile cleanup 10 years ago
Victor Julien 3d0542405d wirefuzz: enforce -n option per run 10 years ago
Victor Julien 0d77c4d560 wirefuzz: add -S option for exclusive rule load 10 years ago
Victor Julien adbf8bec74 drmemory: suppress magic leak 10 years ago
Andreas Herz b6de1b6567 coccinelle: fix typo for strchrnul 10 years ago
Eric Leblond b85901a6b4 prscript: add rm command
This command removes the container and the image allowing to
free the disk space allocated during the creation.
10 years ago
Eric Leblond 35c1b681ee prscript: docker do not need sudo
Usage is not to run docker command as root but to have the user
in the docker group to be able to run docker commands.
10 years ago
Eric Leblond bcfb3fd5d5 docker: add ASAN to pcaps build 10 years ago
Victor Julien bc2b53f10b parsing: s/strtok/strtok_r/g
Remove all strtok uses and replace them by strtok_r.

Do the same for Windows builds. Cygwin builds fine with strtok_r.

Add strtok to banned function list.
11 years ago
Eric Leblond da98b0b84f coccinelle: update struct flags test 11 years ago
Eric Leblond f7a25f2b24 prscript: rework option logic
Handle cleanly the case where user start docker handling command
without having the dependency installed. The help message does
now say:

```
  -d, --docker          use docker based testing
  -C, --create          create docker container (disabled)
  -s, --start           start docker container (disabled)
  -S, --stop            stop docker container (disabled)

You need to install Python docker module to enable docker container handling
options.
```

And running a disabled options says:

```
$ qa/prscript.py -s
You need to install python docker to use docker handling features.
```
11 years ago
Eric Leblond 0b64b992c9 prscript: fix error message in non local test
Indicate to user that non local test needs a github user.
11 years ago
Eric Leblond 8a0ebc4ade prscript: improve command line
You can now directly access to docker related command:

 qa/prscript.py -C # create container
 qa/prscript.py -s # start container
 qa/prscript.py -S # stop container

The build option does not change:

 qa/prscript.pu -l -d MY_BRANCH # build test of branch MY_BRANCH
11 years ago
Eric Leblond fe45f2a342 prscript: add notification system
If Python pynotify is installed, prscript can now send notification
via the -n flag.
11 years ago
Eric Leblond ef627816cc prscript: improve wordings 11 years ago
Eric Leblond a3c921f0a6 prscript: suppress useless message
No build run faster than 2 seconds.
11 years ago
Eric Leblond fbe5db500c prscript: iterate on builds when checking status
This patch is changing the logic when using docker mode. We are
iterating over each builds so we know when one build is over in
the 5 seconds following the event instead of getting the result
when the builds that are checked before are others.

On OISF's build system, the two builds comes out in order so there
is no problem.
11 years ago
Eric Leblond f12e6fdcda prscript: read buildbot config from source
This patch change the logic of the Docker buildbot system. The
buildbot configuration is now the one available in qa/docker
directory.

This way, developers can test features in docker buildbot that
could require some specific flags to be set. They just need to
edit the buildbot.cfg for instance to enable a new feature.

In the same way, the tested pcap files are the one which are in
the qa/docker/pcaps/ directory. So to test some private ones it is
enough to put them in that directory.

To take into consideration a buildbot.cfg modification or a new
pcap, it is enough to stop and restart the container:

 sudo qa/prscript.py -l -d -S master
 sudo qa/prscript.py -l -d -s master

This patch also fixes the container update issue. A local modification
to the buildbot will be kept. It is also fixing the issue when working
on old code that could possibly not support the same build flag as
the one of buildbot. Here the configuration will remains in sync.
11 years ago
Eric Leblond be473fa712 prscript: add a comment on the SELinux issue 11 years ago
Eric Leblond 1180fc1ac7 prscript: add docker handling support
You can now create the docker image necessary to run a
suricata builbot in docker. To do that you need to have
docker and python-docker installed on the system.

Then you can go to the qa directory.

You need to run once the creattion procedure:
 sudo ./prscript.py  -C -d master  -l
This will create a container named 'suri-buildbot'.

You can start it with:
 sudo ./prscript.py  -s -d master  -l

And stop it with:
 sudo ./prscript.py  -S -d master  -l

To start a test, you can do:
 ./prscript.py -d my_branch -l
11 years ago
Eric Leblond dd6f9a6298 prscript: refactor for docker
With the current work in progress on docker we need to update the
script to handle this case.

This patch adds two options:
 - -d to run in docker mode. In that case the build is started in
 the local dockerized buildbot instance
 - -l to not test the tested branch synchronization with github.

The -l option allows user to run a complete test without publishing
the code on github and without Internet access.
11 years ago
Jason Ish 754ea3d849 prscript - fallback to json is simplejson not available. 11 years ago
Victor Julien 4c73631f95 Suppress ARM valgrind warning
Not Suricata related, so suppress.
11 years ago
Eric Leblond 4b9eecc7f6 prscript: update URL
Buildbot server has been moved to another box.
11 years ago
Eric Leblond d7982fae8c coccinelle: fix problem with coccinelle 1.0rc21
coccinelle 1.0rc21 has a problem with regular expression handling.
This result in a Fatal Error when test system detects an coding
error.

This patch fixes the problem by using a simple blob inside
semantic patch instead of using a regular expression to define
the function.

It also fixes add an optimization on matching suppressing a
useless <.. ..> construction.

Fixes have been suggested by Julia Lawall.
11 years ago
Victor Julien 7ee2aa9c90 Add initial travis-ci integration. 11 years ago
Victor Julien a9282ed7f7 valgrind/magic: add suppression for known issue
Add suppression for Ubuntu 14.04 64bit.
11 years ago
Victor Julien c8d2a1e417 drmemory: remove bug 978 suppression
Bug is fixed, so suppression is no longer needed.

Bug #978.
12 years ago
Victor Julien 385c04164b Updated banned function cocci check
Added: strndup and strchrnul

Both are not supported on OS X 10.6. It's rather old, but it's the
only Mac QA box I have, so for now it'll have to do.
12 years ago
Victor Julien 80456f3e7d Bug 1083 and 1084: add valgrind suppressions
Add suppressions as these are minor issues and likely not bugs in
Suricata.
12 years ago
Victor Julien 84f14438c3 Bug 980: fix HTTP memory cleanup at shutdown
Buffers in per thread HTTP header, client body and server body storage
would be freed based on the usage indicator instead of the size
indicator.

As the usage indicator (e.g. hsbd_buffers_list_len) could be reset
while leaving the memory untouched for later reuse, the free function
would not iterate over all memory blocks.

Removed DrMemory suppressions as well.

Bug #980.
12 years ago
Eric Leblond 55108167e5 prscript: add --norebase option
If --norebase option is provided, the prscript will start a build
that can be used to check if an out-of-sync branch pass the test.
12 years ago
Eric Leblond 7cc87bc02a coccinelle: protecting regexp operator is not needed
It seems there was an evolution of coccinelle and the protection
of regexp is not necessary anymore. And doing it causing the
expression not to match.
12 years ago
Eric Leblond 1fbaebad63 coccinelle: add test on realloc
If we use SCRealloc like:
 x = SCRealloc(x, ...)
then in case of failure we are loosing the original pointer value
and the memory is lost and can not be free.

This test just check for this construction and output an error if
it finds it.
12 years ago
Victor Julien 01c440bf28 Add DrMemory suppression for Bug #980. Suppress useless (likely) buggy leak message too 12 years ago
Victor Julien 1509c9a2e6 Remove DrMemory suppressions for Bug #979, it is fixed. 12 years ago
Eric Leblond 5a7ad5b382 qa: prscript now output pastable line for PR. 12 years ago
Eric Leblond a597237aed coccinelle: fix malloc test
We can have more than an identifier to be assigned the result of
a malloc function.
12 years ago
Eric Leblond 6378db89f6 coccinelle: add option to continue on errors
When a script has been updated or introduced, it is interesting to
detect all errors at once. With this patch it is now possible to
do so by using:
   NOT_TERMINAL=1 CONCURRENCY_LEVEL=12  qa/coccinelle/run_check.sh
12 years ago
Eric Leblond a8fde0112e prscript: add support for pcap build
Now also start a pcap test build.
12 years ago
Victor Julien 614133b4ca valgrind: add suppression file 12 years ago
Eric Leblond 0a1ca02b3b coccinelle: implement parallel check
This patch is an implementation of parallel check of files. It uses
GNU parallel to run multiple spatch at once.
The concurrency level is set via the CONCURRENCY_LEVEL environment
variable.
12 years ago
Victor Julien 1180f633e2 Add DrMemory suppress file
The suppress file currently suppresses:
- bug #978
- bug #979

Plus a seemingly harmeless warning that happens during libmagic init.

DrMemory is a valgrind like memory checker: http://www.drmemory.org/
12 years ago
Eric Leblond 013e7a0573 prscript: update code following buildbot upgrade
The authentication scheme did change on the buildbot due to a
software upgrade. This patch update prscript.py to fix the build
submission.
12 years ago
Eric Leblond fa861b09ac prscript: support bigger PR
The script now looks for originan HEAD in 100 commits instead of 30.
It should be enough becasue a sane PR should not have 100 commits.
12 years ago
Eric Leblond ad1546d59a prscript: display url where user can watch build 12 years ago
Eric Leblond 8a96296b4a prscript: add verbose option 12 years ago
Eric Leblond f23556dcdb prscript: exit when no build exists 12 years ago
Eric Leblond c151b218f1 prscript: check if branch is synced with master
The script now check if the tested branch is in sync with current
inliniac's master.
12 years ago
Eric Leblond c390006aee script: add script to start personal builder
This script HAS to be used by developer having an account on Suricata
buildbot. It MUST be run before doing a PR. It will trigger a build on
the branch and this will check the validity of the proposed branch.
The cinematic is simple:
 - Push branch XXX to github
 - Run 'prscript.py -u USER -p PASSWORD XXX'
 - Wait for the result
 - If successful, PR can be done
12 years ago
Eric Leblond 867a44f378 autotools: all target are conditional 12 years ago
Eric Leblond 9212ff7e59 coccinelle: dynamic testing through make check
This patch modify build system to have make to create the
struct-flags.cocci file by running struct-flags.py.

This way 'make check' is running the test defined from source
code.
12 years ago
Eric Leblond e05fd7f1d0 coccinelle: add script to generate flags test
This patch adds a script which can be used to generate a test
on coherence of flag usage.

By adding comment in the code, it is possible to declare that we
link a flag in a structure to a specific family of constant:

For example:
	/* coccinelle: Packet:flowflags:FLOW_PKT_ */
will trigger the generation on a test which verifies that the
flowflags field in Packet structure is only used with constant
starting by FLOW_PKT_.
12 years ago
Eric Leblond ce95fbdda0 action handling: add test to avoid direct access
Direct access to the action field of Packet structure is not
allowed.
13 years ago
Eric Leblond 41ebfa77af coccinelle: update pkt not set test
This patch updates the test to add the support of initialization
of a Packet via the INITIALIZE macro.
13 years ago
Eric Leblond c9d90e6596 coccinelle: add tcp flag check
The different TCP related structures have all a flags field and its
value must match the type of structure. This patch adds a check
alerting on invalid value usage.
13 years ago
Eric Leblond aa9f795800 cocci test: add sizeof test
This patch adds a new semantic patch taken from
http://coccinellery.org/. This patch tests if a sizeof take size
of pointer and not of pointed value.
13 years ago
Eric Leblond 7293040ed8 coccinelle: fix distcheck
distcheck is running run_check.sh from another directory and
run_check.sh was not ready for this.
13 years ago
Eric Leblond 8199832d71 coccinelle: improve run_check
This patch adds two features to run_check.sh, it is now posssible
to specify a list of files to check:
 ./run_check.sh ../../src/suricata.c ../../src/detect.c
It is also possible to ask a review of the files modified by a commit.
To so simply put the SHA1 as argument
 ./run_check.sh HEAD
 ./run_check 6af7d5f
It is also possible to check all the files for an arbitrary range:
 ./run_check.sh origin/master..buildbot-fixes

Last improvement of this patch is to get a real error message in case
of problem as 2 is not redirected anymore to /dev/null.
13 years ago
Eric Leblond 6e5caf6838 coccinelle: add new correct case to error treatment 13 years ago
Eric Leblond 28ca36acf7 coccinelle: add test on malloc error check.
This patch adds a coccinelle code check on SCMalloc, SCCalloc and
SCStrdup and other memory handling functions. It verifies that the
error checking is made.
13 years ago
Eric Leblond 3d2998a9cf coccinelle: don't test UNITTEST code 13 years ago
Eric Leblond c36aa041f3 Update coccinelle script to match syntax evolution. 14 years ago
William 7d07b5375e Add simple socket to gzip file PoC. 14 years ago
Eric Leblond 238cad77e2 coccinelle: test for invalid size_t printing. 14 years ago
Victor Julien 3693a7a9ee Profiling: add accounting for several detection phases. 14 years ago
Victor Julien 5c8feb3851 profiling / qa: make plot-csv-large-all.sh much more flexible. 14 years ago
Victor Julien a7182353e7 Remove vim .swp file from repo. 14 years ago
Victor Julien d45e01e129 Add a few more example gnuplot scripts. 14 years ago
Victor Julien 820b0ded82 Add per packet profiling.
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
14 years ago
Victor Julien c3c03b5d77 Add qa/wirefuzz.pl to release tarball. 15 years ago
Eric Leblond 7227f93032 Add coccinelle files
This patch adds coccinelle related files to EXTRA_DIST. This fixes
make distcheck.
15 years ago
William Metcalf 663d03c0e9 Add -z option for excluding pcaps from fuzzing.. What you don't want to fuzz a 750G pcap? 15 years ago
Victor Julien 076d77cd80 Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat. 15 years ago
Eric Leblond 7f1a0d1ed1 coccinelle: add test for banned function
The added semantic patch will trigger an error if banned functions
are used.
15 years ago
Eric Leblond 91213d5ec8 Add option to run_check script
If given an argument run_check.sh will test this file against
the cocci patches.
15 years ago
Eric Leblond 12369b4393 Coccinelle: test invalid Packet usage
This coccinelle patches is checking that there is no direct
use of p->pkt or p->pktlen in the code. This variable must be
acceded via GET_PKT_* macros.
15 years ago
Eric Leblond 7c841e1d7c Add coccinelle check to 'make check'
This patch adds coccinelle checking to the autotools
'make check'.
15 years ago
Eric Leblond d151314b4d Import coccinelle test
This is a import of two coccinelle patches that detect problem
on Packet handling. They are run on all commited C files in src
by the script run_check.sh.
15 years ago
William Metcalf 6e8f572724 small operator fixes to qa script 16 years ago
William Metcalf c6bf08eec8 Updates to the fuzzer script. Some clean up but you can now also: 1. Keep log files. 2. Exclude files based on user supplied regex. 16 years ago
William Metcalf 6817d41555 Import of fuzzer script qa/wirefuzz.pl 16 years ago