Commit Graph

495 Commits (e9611a4d7cb52f4134dd074ada0576224b7dd78e)

Author SHA1 Message Date
Victor Julien 571681bc29 github-ci: add namespace bond tests with multiple nets 5 months ago
Victor Julien a8cad83403 github-ci: add namespace af-packet bond test 5 months ago
Shivani Bhardwaj 11b2860f23 rust/cargo: ignore RUSTSEC-2026-0009 for time crate
cargo audit reports this security issue with the time crate but Suricata
remains unaffected as no influenced fn is used by Suricata.
Advisory: https://rustsec.org/advisories/RUSTSEC-2026-0009

The MSRV for newer time crate versions are higher than the MSRV for
Suricata right now: 1.75.0

Hence, the best course of action is to suppress this warning.

Ticket: 8269
5 months ago
Victor Julien c1d6958940 github-ci: relax block check 5 months ago
Victor Julien 0a86b0f79d github-ci: remove too verbose namespace test output 5 months ago
Victor Julien f3e3795f48 github-ci: relax namespace shutdown error checks
Caddy would sometimes return an error during shutdown. Add a warning if
this happens, but don't fail the job.
5 months ago
dependabot[bot] 3a9682fd48 github-actions: bump actions/checkout from 6.0.1 to 6.0.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot] c533ec0a1d github-actions: bump github/codeql-action from 4.31.6 to 4.32.0
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.6 to 4.32.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v4.31.6...v4.32.0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
Victor Julien 49783fa9f7 github-ci: add namespace based IPS tests
Implementing a bridge test with af-packet IPS and a routing test
with iptables + nfqueue.

Very helpful explanation and guidance on network namespaces can be
found here: https://www.redhat.com/en/blog/net-namespaces

Sets up 3 network namespaces:
1. client - for running client tools like ping, curl, wget
2. server - for running a server, currently only Caddy
3. dut - for running Suricata, this namespace connects the client and
   server namespaces

Validate IPS operations in 3 ways:
1. check return codes of the client tools
2. check Suricata's IPS stats
3. use tshark to validate expected drops

Run Suricata in AF_PACKET IPS mode for both autofp and workers mode. Do
the same for NFQUEUE.

Tshark's JSON output is used with JQ to validate that pings are dropped.

All tests are codecov enabled.
5 months ago
Philippe Antoine b944e3b1ed ci: update rust version to 1.93 6 months ago
dependabot[bot] a0c91aa9f0 github-actions: bump actions/upload-artifact from 5.0.0 to 6.0.0
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 2deb1d25c4 github-actions: bump actions/cache from 4 to 5
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 03ee55c99f github-actions: bump actions/checkout from 6.0.0 to 6.0.1
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] 1f28880ba1 github-actions: bump codecov/codecov-action from 5.5.1 to 5.5.2
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.1 to 5.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](5a1091511a...671740ac38)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
dependabot[bot] b4ed2da8ff github-actions: bump actions/download-artifact from 6.0.0 to 7.0.0
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](018cc2cf5b...37930b1c2a)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
6 months ago
Victor Julien 984fc260c5 github-ci: update Fedora to 43 7 months ago
Ambre Iooss 3bcad5f364 windivert: upgrade to 2.0.0
WinDivert 2 was released in 2019. This introduced some minimal
changes to some functions arguments.

Bug: #8138.
7 months ago
dependabot[bot] 973ab60a34 github-actions: bump github/codeql-action from 4.31.2 to 4.31.6
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.2 to 4.31.6.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v4.31.2...v4.31.6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
7 months ago
dependabot[bot] 9095eb9b22 github-actions: bump actions/checkout from 5.0.0 to 6.0.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
7 months ago
Philippe Antoine 1329786f84 detect: new command line option : list-rule-protos
To list the protocols we can use a in a rule header

Ticket: 635
7 months ago
Philippe Antoine 3cb873e3bc ci: check script eve-parity is working 8 months ago
Jason Ish 7417cf07f6 github-ci: add schema tests to docs workflow
This will run the schema tests when no code has been modified.
8 months ago
Jason Ish 745e972348 github-ci: update Rust 1.91 for clippy and "known" stable 8 months ago
Jason Ish 70a2524d95 ci: update ndpi to 4.14 8 months ago
dependabot[bot] 5f138891b2 github-actions: bump github/codeql-action from 3.30.5 to 4.31.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.5 to 4.31.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.30.5...v4.31.2)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.31.2
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
dependabot[bot] 2609860884 github-actions: bump actions/download-artifact from 5.0.0 to 6.0.0
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](634f93cb29...018cc2cf5b)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
dependabot[bot] a6505395c6
github-actions: bump actions/upload-artifact from 4 to 5
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
8 months ago
Victor Julien fcbccb0292 github-actions: check for leaks in unittests 9 months ago
Lukas Sismis 7ca95eeec0 github-ci: build-test DPDK v23.11.x and v24.11.x
Ticket: 6382
9 months ago
Lukas Sismis ee0b08692c github-ci: stop testing obsolete DPDK versions, bump up the rest 9 months ago
dependabot[bot] 3efab2bb7e github-actions: bump github/codeql-action from 3.30.3 to 3.30.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.3 to 3.30.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.30.3...v3.30.5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
dependabot[bot] a714ba8522 github-actions: bump ossf/scorecard-action from 2.4.2 to 2.4.3
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.2 to 2.4.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](05b42c6244...4eaacf0543)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
9 months ago
Jason Ish 5c921507af ci/codeql: rename codeql python test
To differentiate from other CodeQL workflows.
9 months ago
Jason Ish 14448ecb0f ci/codeql: enable for rust, enable unittests
Unit tests need to be enabled for the src/tests files to be scanned.

Also rename, to differentiate from the Python CodeQL workflow.
9 months ago
Jeff Lucovsky 846eb44a9d ci/mt: Include MT tests in CI workflows
Add the MT live tests to the CI workflow.
10 months ago
Jeff Lucovsky 51c9609c7c mt/ci: Add MT live test
Add MT live test capability:
- multi-tenant.sh: harness that sets up and steps through MT steps
- suricata-mt.yaml: Adds MT capability to Suricata
- tenant-1.yaml: Per-tenant configuration file
10 months ago
Victor Julien 746823f3df github-actions: update rust checks to 1.90 10 months ago
Victor Julien ec418248d6 rust: update highest known rustc version to 1.90 10 months ago
Philippe Antoine dae9264120 doc: really enforce more the completeness of json schema
Completes commit f1f32a39ee

End better describe exception_policy
10 months ago
dependabot[bot] cf4a86185d github-actions: bump codecov/codecov-action from 5.5.0 to 5.5.1
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.0 to 5.5.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](fdcc847654...5a1091511a)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot] 5aa30fccc8 github-actions: bump actions/github-script from 7.0.1 to 8.0.0
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](60a0d83039...ed597411d8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot] f18c8883cf github-actions: bump github/codeql-action from 3.30.0 to 3.30.3
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.30.0...v3.30.3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
Victor Julien 46203de0e9 doc: adjust for master to main rename 10 months ago
Victor Julien 63767252be github-action: adjust for master to main rename 10 months ago
Philippe Antoine 266809a0f2 ci: check json schema sets always additionalProperties
Even if it is set to true.
Avoids forgetting adding fields and thinking it is tested
10 months ago
Philippe Antoine 6d52bcbcb1 ci: do not run undefined for clusterfuzzlite
as it takes too long to build
10 months ago
Jason Ish 0662736167 github-ci: pass CARGO and RUSTC to S-V
S-V needs cargo to build the EVE validator.
10 months ago
Jason Ish 6d74656bef rust: respect RUSTC and CARGO env vars like CC
To support alternative cargo and rustc programs (such as cargo-1.82),
respect CARGO and RUSTC environment variables during ./configure much
like CC.

RUSTFMT is also respected as that is required for the tests, and Cargo
can't figure this out like it can for rustc (perhaps a bug in the
packaging).

For cbindgen, we have also have to make sure the cargo environment
variable is set for each invocation.

To build with Ubuntu's Rust 1.82 packaging:

  CARGO=cargo-1.82 RUSTC=rustc-1.82 RUSTDOC=rustdoc-1.82 \
      ./configure

Note that setting RUSTDOC is only required for commands like "make
check" to pass.

Ticket: #7877
10 months ago
dependabot[bot] 88009793cc github-actions: bump actions/download-artifact from 4.3.0 to 5.0.0
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 5.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](d3f86a106a...634f93cb29)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 5.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
10 months ago
dependabot[bot] 2c5c8c6dff github-actions: bump codecov/codecov-action from 5.4.3 to 5.5.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.4.3 to 5.5.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](18283e04ce...fdcc847654)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
10 months ago