Victor Julien
571681bc29
github-ci: add namespace bond tests with multiple nets
5 months ago
Victor Julien
a8cad83403
github-ci: add namespace af-packet bond test
5 months ago
Shivani Bhardwaj
11b2860f23
rust/cargo: ignore RUSTSEC-2026-0009 for time crate
...
cargo audit reports this security issue with the time crate but Suricata
remains unaffected as no influenced fn is used by Suricata.
Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009
The MSRV for newer time crate versions are higher than the MSRV for
Suricata right now: 1.75.0
Hence, the best course of action is to suppress this warning.
Ticket: 8269
5 months ago
Victor Julien
c1d6958940
github-ci: relax block check
5 months ago
Victor Julien
0a86b0f79d
github-ci: remove too verbose namespace test output
5 months ago
Victor Julien
f3e3795f48
github-ci: relax namespace shutdown error checks
...
Caddy would sometimes return an error during shutdown. Add a warning if
this happens, but don't fail the job.
5 months ago
dependabot[bot]
3a9682fd48
github-actions: bump actions/checkout from 6.0.1 to 6.0.2
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases )
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot]
c533ec0a1d
github-actions: bump github/codeql-action from 4.31.6 to 4.32.0
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.6 to 4.32.0.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v4.31.6...v4.32.0 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.32.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
Victor Julien
49783fa9f7
github-ci: add namespace based IPS tests
...
Implementing a bridge test with af-packet IPS and a routing test
with iptables + nfqueue.
Very helpful explanation and guidance on network namespaces can be
found here: https://www.redhat.com/en/blog/net-namespaces
Sets up 3 network namespaces:
1. client - for running client tools like ping, curl, wget
2. server - for running a server, currently only Caddy
3. dut - for running Suricata, this namespace connects the client and
server namespaces
Validate IPS operations in 3 ways:
1. check return codes of the client tools
2. check Suricata's IPS stats
3. use tshark to validate expected drops
Run Suricata in AF_PACKET IPS mode for both autofp and workers mode. Do
the same for NFQUEUE.
Tshark's JSON output is used with JQ to validate that pings are dropped.
All tests are codecov enabled.
5 months ago
Philippe Antoine
b944e3b1ed
ci: update rust version to 1.93
6 months ago
dependabot[bot]
a0c91aa9f0
github-actions: bump actions/upload-artifact from 5.0.0 to 6.0.0
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot]
2deb1d25c4
github-actions: bump actions/cache from 4 to 5
...
Bumps [actions/cache](https://github.com/actions/cache ) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases )
- [Commits](https://github.com/actions/cache/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot]
03ee55c99f
github-actions: bump actions/checkout from 6.0.0 to 6.0.1
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases )
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot]
1f28880ba1
github-actions: bump codecov/codecov-action from 5.5.1 to 5.5.2
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.5.1 to 5.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](5a1091511a...671740ac38 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 5.5.2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot]
b4ed2da8ff
github-actions: bump actions/download-artifact from 6.0.0 to 7.0.0
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](018cc2cf5b...37930b1c2a )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: 7.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
Victor Julien
984fc260c5
github-ci: update Fedora to 43
7 months ago
Ambre Iooss
3bcad5f364
windivert: upgrade to 2.0.0
...
WinDivert 2 was released in 2019. This introduced some minimal
changes to some functions arguments.
Bug: #8138 .
7 months ago
dependabot[bot]
973ab60a34
github-actions: bump github/codeql-action from 4.31.2 to 4.31.6
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 4.31.2 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v4.31.2...v4.31.6 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.6
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
7 months ago
dependabot[bot]
9095eb9b22
github-actions: bump actions/checkout from 5.0.0 to 6.0.0
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases )
- [Commits](https://github.com/actions/checkout/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
7 months ago
Philippe Antoine
1329786f84
detect: new command line option : list-rule-protos
...
To list the protocols we can use a in a rule header
Ticket: 635
7 months ago
Philippe Antoine
3cb873e3bc
ci: check script eve-parity is working
8 months ago
Jason Ish
7417cf07f6
github-ci: add schema tests to docs workflow
...
This will run the schema tests when no code has been modified.
8 months ago
Jason Ish
745e972348
github-ci: update Rust 1.91 for clippy and "known" stable
8 months ago
Jason Ish
70a2524d95
ci: update ndpi to 4.14
8 months ago
dependabot[bot]
5f138891b2
github-actions: bump github/codeql-action from 3.30.5 to 4.31.2
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.5 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.30.5...v4.31.2 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 4.31.2
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
dependabot[bot]
2609860884
github-actions: bump actions/download-artifact from 5.0.0 to 6.0.0
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](634f93cb29...018cc2cf5b )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: 6.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
dependabot[bot]
a6505395c6
github-actions: bump actions/upload-artifact from 4 to 5
...
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact ) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases )
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
Victor Julien
fcbccb0292
github-actions: check for leaks in unittests
9 months ago
Lukas Sismis
7ca95eeec0
github-ci: build-test DPDK v23.11.x and v24.11.x
...
Ticket: 6382
9 months ago
Lukas Sismis
ee0b08692c
github-ci: stop testing obsolete DPDK versions, bump up the rest
9 months ago
dependabot[bot]
3efab2bb7e
github-actions: bump github/codeql-action from 3.30.3 to 3.30.5
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.3 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.30.3...v3.30.5 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.30.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
dependabot[bot]
a714ba8522
github-actions: bump ossf/scorecard-action from 2.4.2 to 2.4.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](05b42c6244...4eaacf0543 )
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-version: 2.4.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
Jason Ish
5c921507af
ci/codeql: rename codeql python test
...
To differentiate from other CodeQL workflows.
9 months ago
Jason Ish
14448ecb0f
ci/codeql: enable for rust, enable unittests
...
Unit tests need to be enabled for the src/tests files to be scanned.
Also rename, to differentiate from the Python CodeQL workflow.
9 months ago
Jeff Lucovsky
846eb44a9d
ci/mt: Include MT tests in CI workflows
...
Add the MT live tests to the CI workflow.
10 months ago
Jeff Lucovsky
51c9609c7c
mt/ci: Add MT live test
...
Add MT live test capability:
- multi-tenant.sh: harness that sets up and steps through MT steps
- suricata-mt.yaml: Adds MT capability to Suricata
- tenant-1.yaml: Per-tenant configuration file
10 months ago
Victor Julien
746823f3df
github-actions: update rust checks to 1.90
10 months ago
Victor Julien
ec418248d6
rust: update highest known rustc version to 1.90
10 months ago
Philippe Antoine
dae9264120
doc: really enforce more the completeness of json schema
...
Completes commit f1f32a39ee
End better describe exception_policy
10 months ago
dependabot[bot]
cf4a86185d
github-actions: bump codecov/codecov-action from 5.5.0 to 5.5.1
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.5.0 to 5.5.1.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](fdcc847654...5a1091511a )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 5.5.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot]
5aa30fccc8
github-actions: bump actions/github-script from 7.0.1 to 8.0.0
...
Bumps [actions/github-script](https://github.com/actions/github-script ) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases )
- [Commits](60a0d83039...ed597411d8 )
---
updated-dependencies:
- dependency-name: actions/github-script
dependency-version: 8.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot]
f18c8883cf
github-actions: bump github/codeql-action from 3.30.0 to 3.30.3
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.30.0 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Commits](https://github.com/github/codeql-action/compare/v3.30.0...v3.30.3 )
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-version: 3.30.3
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
Victor Julien
46203de0e9
doc: adjust for master to main rename
10 months ago
Victor Julien
63767252be
github-action: adjust for master to main rename
10 months ago
Philippe Antoine
266809a0f2
ci: check json schema sets always additionalProperties
...
Even if it is set to true.
Avoids forgetting adding fields and thinking it is tested
10 months ago
Philippe Antoine
6d52bcbcb1
ci: do not run undefined for clusterfuzzlite
...
as it takes too long to build
10 months ago
Jason Ish
0662736167
github-ci: pass CARGO and RUSTC to S-V
...
S-V needs cargo to build the EVE validator.
10 months ago
Jason Ish
6d74656bef
rust: respect RUSTC and CARGO env vars like CC
...
To support alternative cargo and rustc programs (such as cargo-1.82),
respect CARGO and RUSTC environment variables during ./configure much
like CC.
RUSTFMT is also respected as that is required for the tests, and Cargo
can't figure this out like it can for rustc (perhaps a bug in the
packaging).
For cbindgen, we have also have to make sure the cargo environment
variable is set for each invocation.
To build with Ubuntu's Rust 1.82 packaging:
CARGO=cargo-1.82 RUSTC=rustc-1.82 RUSTDOC=rustdoc-1.82 \
./configure
Note that setting RUSTDOC is only required for commands like "make
check" to pass.
Ticket: #7877
10 months ago
dependabot[bot]
88009793cc
github-actions: bump actions/download-artifact from 4.3.0 to 5.0.0
...
Bumps [actions/download-artifact](https://github.com/actions/download-artifact ) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases )
- [Commits](d3f86a106a...634f93cb29 )
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-version: 5.0.0
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot]
2c5c8c6dff
github-actions: bump codecov/codecov-action from 5.4.3 to 5.5.0
...
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 5.4.3 to 5.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](18283e04ce...fdcc847654 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: 5.5.0
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
10 months ago