From ec269d520012fe34b75b81fb638570044e2d7ebe Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Wed, 16 Sep 2020 10:50:05 -0600 Subject: [PATCH 1/5] doc/userguide: add info about --set and lists --- doc/userguide/partials/options.rst | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/doc/userguide/partials/options.rst b/doc/userguide/partials/options.rst index d61acad785ae..cb871e16d06c 100644 --- a/doc/userguide/partials/options.rst +++ b/doc/userguide/partials/options.rst @@ -192,11 +192,26 @@ .. option:: --set = Set a configuration value. Useful for overriding basic - configuration parameters in the configuration. For example, to - change the default log directory:: + configuration parameters. For example, to change the default log + directory:: --set default-log-dir=/var/tmp + This option cannot be used to add new entries to a list in the + configuration file, such as a new output. It can only be used to + modify a value in a list that already exists. + + For example, to disable the ``eve-log`` in the default + configuration file:: + + --set outputs.1.eve-log.enabled=no + + Also note that the index values may change as the ``suricata.yaml`` + is updated. + + See the output of ``--dump-config`` for existing values that could + be modified with their index. + .. option:: --engine-analysis Print reports on analysis of different sections in the engine and From eeb1287580614a5b24eaa351a89ce64becb670b8 Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Fri, 18 Sep 2020 07:53:10 -0400 Subject: [PATCH 2/5] log/anomaly: Move metadata out of anomaly section This commit moves the metadata from the anomaly object where it was incorrectly located. --- src/output-json-anomaly.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/output-json-anomaly.c b/src/output-json-anomaly.c index 112076edb5bf..ad55ecc36fc4 100644 --- a/src/output-json-anomaly.c +++ b/src/output-json-anomaly.c @@ -128,12 +128,12 @@ static int AnomalyDecodeEventJson(ThreadVars *tv, JsonAnomalyLogThread *aft, return TM_ECODE_OK; } - jb_open_object(js, ANOMALY_EVENT_TYPE); - if (is_ip_pkt) { EveAddCommonOptions(&aft->json_output_ctx->cfg, p, p->flow, js); } + jb_open_object(js, ANOMALY_EVENT_TYPE); + if (event_code < DECODE_EVENT_MAX) { const char *event = DEvents[event_code].event_name; if (EVENT_IS_DECODER_PACKET_ERROR(event_code)) { From 29cc4066ed83cc859eb295ccfdd4a1025b635049 Mon Sep 17 00:00:00 2001 From: Jason Ish Date: Tue, 15 Sep 2020 09:27:36 -0600 Subject: [PATCH 3/5] doc/userguide: include man page even when not including pdf Fix a mistake in Makefile.am where the man page was only being added to the distribution if the PDF was also created. It should be included even if the PDF cannot be included. --- doc/userguide/Makefile.am | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/doc/userguide/Makefile.am b/doc/userguide/Makefile.am index 159e6d454521..e17ba86e12fe 100644 --- a/doc/userguide/Makefile.am +++ b/doc/userguide/Makefile.am @@ -31,14 +31,14 @@ EXTRA_DIST = \ what-is-suricata.rst if HAVE_SURICATA_MAN -man1_MANS = suricata.1 +dist_man1_MANS = suricata.1 endif if HAVE_SPHINXBUILD -man1_MANS = suricata.1 +dist_man1_MANS = suricata.1 if HAVE_PDFLATEX -EXTRA_DIST += $(man1_MANS) userguide.pdf +EXTRA_DIST += userguide.pdf endif SPHINX_BUILD = sphinx-build -q From 1ec5327658955db4ec095ea6c36af81e6642e9aa Mon Sep 17 00:00:00 2001 From: Jeff Lucovsky Date: Wed, 16 Sep 2020 08:11:10 -0400 Subject: [PATCH 4/5] log/eve: Rename fileinfo alert object to files This commit changes the name of the "fileinfo" array in the alert object to "files" to better support legacy use of "fileinfo" in reporting and elsewhere. The "fileinfo" event type is not an array while the alert "fileinfo" member was. --- src/output-json-alert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/output-json-alert.c b/src/output-json-alert.c index 11454b80fec1..426a44114058 100644 --- a/src/output-json-alert.c +++ b/src/output-json-alert.c @@ -556,7 +556,7 @@ static void AlertAddFiles(const Packet *p, JsonBuilder *jb, const uint64_t tx_id if (tx_id == file->txid) { if (!isopen) { isopen = true; - jb_open_array(jb, "fileinfo"); + jb_open_array(jb, "files"); } jb_start_object(jb); EveFileInfo(jb, file, file->flags & FILE_STORED); From 9ef8bf41ffc622ce40f2862bcbe4c9ddf1fac3a6 Mon Sep 17 00:00:00 2001 From: Philippe Antoine Date: Thu, 17 Sep 2020 12:07:29 +0200 Subject: [PATCH 5/5] fuzz: better configure checks for MSAN building More compatible check for rust nightly Checks for CARGO_BUILD_TARGET Builds release or debug mode independently --- configure.ac | 86 +++++++++++++++++++++++++----------------------- rust/Makefile.am | 8 ++--- 2 files changed, 49 insertions(+), 45 deletions(-) diff --git a/configure.ac b/configure.ac index e9f4f91ad772..a495e14777de 100644 --- a/configure.ac +++ b/configure.ac @@ -472,47 +472,6 @@ # options - AC_ARG_ENABLE(fuzztargets, - AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no]) - AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"]) - AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo $rust_compiler_version | grep -q nightly]) - AC_PROG_CXX - AS_IF([test "x$enable_fuzztargets" = "xyes"], [ - AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled]) - AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions]) - CFLAGS_ORIG=$CFLAGS - CFLAGS="-Werror" - AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])], - [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])], - []) - CFLAGS=$CFLAGS_ORIG - AC_LANG_PUSH(C++) - tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS - AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [ - LIB_FUZZING_ENGINE=-fsanitize=fuzzer - AC_SUBST(LIB_FUZZING_ENGINE) - ]) - _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE" - AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE]) - AC_LINK_IFELSE([AC_LANG_SOURCE([[ -#include -extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size); -extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) { -(void)Data; -(void)Size; -return 0; -} - ]])], - [ AC_MSG_RESULT(yes) - has_sanitizefuzzer=yes], - [ AC_MSG_RESULT(no) ] - ) - _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags - AC_LANG_POP() - ]) - - AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"]) - # enable the running of unit tests AC_ARG_ENABLE(unittests, AS_HELP_STRING([--enable-unittests], [Enable compilation of the unit tests]),[enable_unittests=$enableval],[enable_unittests=no]) @@ -2662,6 +2621,51 @@ fi ]) AC_SUBST(RUST_FEATURES) + AC_ARG_ENABLE(fuzztargets, + AS_HELP_STRING([--enable-fuzztargets], [Enable fuzz targets]),[enable_fuzztargets=$enableval],[enable_fuzztargets=no]) + AM_CONDITIONAL([BUILD_FUZZTARGETS], [test "x$enable_fuzztargets" = "xyes"]) + AM_CONDITIONAL([RUST_BUILD_STD], [test "x$enable_fuzztargets" = "xyes" && echo "$rust_compiler_version" | grep -q nightly]) + AC_PROG_CXX + AS_IF([test "x$enable_fuzztargets" = "xyes"], [ + AS_IF([test "x$CARGO_BUILD_TARGET" = "x" && echo "$rust_compiler_version" | grep -q nightly], [ + CARGO_BUILD_TARGET=x86_64-unknown-linux-gnu + AC_SUBST(CARGO_BUILD_TARGET) + ]) + AC_DEFINE([FUZZ], [1], [Fuzz targets are enabled]) + AC_DEFINE([AFLFUZZ_NO_RANDOM], [1], [Disable all use of random functions]) + CFLAGS_ORIG=$CFLAGS + CFLAGS="-Werror" + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[]], [[while (__AFL_LOOP(1000))]])], + [AC_DEFINE([AFLFUZZ_PERSISTANT_MODE], [1], [Enable AFL PERSISTANT_MODE])], + []) + CFLAGS=$CFLAGS_ORIG + AC_LANG_PUSH(C++) + tmp_saved_flags=$[]_AC_LANG_PREFIX[]FLAGS + AS_IF([test "x$LIB_FUZZING_ENGINE" = "x"], [ + LIB_FUZZING_ENGINE=-fsanitize=fuzzer + AC_SUBST(LIB_FUZZING_ENGINE) + ]) + _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $LIB_FUZZING_ENGINE" + AC_MSG_CHECKING([whether $CXX accepts $LIB_FUZZING_ENGINE]) + AC_LINK_IFELSE([AC_LANG_SOURCE([[ +#include +extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size); +extern "C" int LLVMFuzzerTestOneInput(const unsigned char *Data, size_t Size) { +(void)Data; +(void)Size; +return 0; +} + ]])], + [ AC_MSG_RESULT(yes) + has_sanitizefuzzer=yes], + [ AC_MSG_RESULT(no) ] + ) + _AC_LANG_PREFIX[]FLAGS=$tmp_saved_flags + AC_LANG_POP() + ]) + + AM_CONDITIONAL([HAS_FUZZLDFLAGS], [test "x$has_sanitizefuzzer" = "xyes"]) + # get revision if test -f ./revision; then REVISION=`cat ./revision` diff --git a/rust/Makefile.am b/rust/Makefile.am index 446a8981318f..4f6ee0718b53 100644 --- a/rust/Makefile.am +++ b/rust/Makefile.am @@ -7,12 +7,12 @@ if HAVE_CARGO_VENDOR EXTRA_DIST += vendor endif -if RUST_BUILD_STD -RELEASE = -Z build-std -else if !DEBUG RELEASE = --release endif + +if RUST_BUILD_STD +NIGHTLY_ARGS = -Z build-std endif if HAVE_LUA @@ -42,7 +42,7 @@ else @rustup_home@ \ CARGO_HOME="$(CARGO_HOME)" \ CARGO_TARGET_DIR="$(abs_top_builddir)/rust/target" \ - $(CARGO) build $(RELEASE) \ + $(CARGO) build $(RELEASE) $(NIGHTLY_ARGS) \ --features "$(RUST_FEATURES)" $(RUST_TARGET) endif $(MAKE) gen/rust-bindings.h