forked from opnsense/ports
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
security/suricata: partially sync with upstream
Taken from: FreeBSD
- Loading branch information
Showing
7 changed files
with
173 additions
and
24 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,7 +1,6 @@ | ||
| # Created by: Patrick Tracanelli <[email protected]> | ||
|
|
||
| PORTNAME= suricata | ||
| DISTVERSION= 5.0.7 | ||
| DISTVERSION= 6.0.3 | ||
| PORTREVISION= 2 | ||
| CATEGORIES= security | ||
| MASTER_SITES= https://www.openinfosecfoundation.org/download/ | ||
|
|
||
|
|
@@ -49,6 +48,8 @@ OPTIONS_RADIO_SCRIPTS= LUA LUAJIT | |
|
|
||
| OPTIONS_SUB= yes | ||
|
|
||
| PRELUDE_BROKEN= Compilation broken, see https://redmine.openinfosecfoundation.org/issues/4065 | ||
|
|
||
| GEOIP_DESC= GeoIP support | ||
| HYPERSCAN_DESC= Hyperscan support | ||
| IPFW_DESC= IPFW and IP Divert support for inline IDP | ||
|
|
@@ -70,7 +71,7 @@ HYPERSCAN_LIB_DEPENDS= libhs.so:devel/hyperscan | |
|
|
||
| IPFW_CONFIGURE_ON= --enable-ipfw | ||
|
|
||
| LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit | ||
| LUAJIT_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty | ||
| LUAJIT_CONFIGURE_ON= --enable-luajit | ||
|
|
||
| LUA_USES= lua:51 | ||
|
|
@@ -107,6 +108,11 @@ TESTS_CONFIGURE_ENABLE= unittests | |
| pre-patch: | ||
| @${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4 | ||
|
|
||
| post-patch: | ||
| # Disable vendor checksums | ||
| @${REINPLACE_CMD} 's,"files":{[^}]*},"files":{},' \ | ||
| ${WRKSRC}/rust/vendor/*/.cargo-checksum.json | ||
|
|
||
| post-patch-PYTHON-on: | ||
| @${REINPLACE_CMD} -e "/AC_PATH_PROGS.*HAVE_PYTHON/ s/python[^,]*,/${PYTHON_VERSION},/g" \ | ||
| ${WRKSRC}/configure.ac | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,3 +1,3 @@ | ||
| TIMESTAMP = 1625549510 | ||
| SHA256 (suricata-5.0.7.tar.gz) = 085362a36da39203f081148d1a0f5ccd33c837f5b90da1103bc1f51e43324976 | ||
| SIZE (suricata-5.0.7.tar.gz) = 29211384 | ||
| TIMESTAMP = 1628041281 | ||
| SHA256 (suricata-6.0.3.tar.gz) = daf134bb2d7c980035e9ae60f7aaf313323a809340009f26e48110ccde81f602 | ||
| SIZE (suricata-6.0.3.tar.gz) = 32421197 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,78 @@ | ||
| From 3c53a1601b6f861f8b7f0cd0984b18e78291fe85 Mon Sep 17 00:00:00 2001 | ||
| From: Victor Julien <[email protected]> | ||
| Date: Wed, 18 Aug 2021 20:14:48 +0200 | ||
| Subject: [PATCH] threading: don't pass locked flow between threads | ||
|
|
||
| Previously the flow manager would share evicted flows with the workers | ||
| while keeping the flows mutex locked. This reduced the number of unlock/ | ||
| lock cycles while there was guaranteed to be no contention. | ||
|
|
||
| This turns out to be undefined behavior. A lock is supposed to be locked | ||
| and unlocked from the same thread. It appears that FreeBSD is stricter on | ||
| this than Linux. | ||
|
|
||
| This patch addresses the issue by unlocking before handing a flow off | ||
| to another thread, and locking again from the new thread. | ||
|
|
||
| Issue was reported and largely analyzed by Bill Meeks. | ||
|
|
||
| Bug: #4478 | ||
| (cherry picked from commit 9551cd05357925e8bec8e0030d5f98fd07f17839) | ||
| --- | ||
| src/flow-hash.c | 1 + | ||
| src/flow-manager.c | 2 +- | ||
| src/flow-timeout.c | 1 + | ||
| src/flow-worker.c | 1 + | ||
| 4 files changed, 4 insertions(+), 1 deletion(-) | ||
|
|
||
| diff --git a/src/flow-hash.c b/src/flow-hash.c | ||
| index ebbd836e81a..760bc53e0a8 100644 | ||
| --- src/flow-hash.c | ||
| +++ src/flow-hash.c | ||
| @@ -669,6 +669,7 @@ static inline void MoveToWorkQueue(ThreadVars *tv, FlowLookupStruct *fls, | ||
| f->fb = NULL; | ||
| f->next = NULL; | ||
| FlowQueuePrivateAppendFlow(&fls->work_queue, f); | ||
| + FLOWLOCK_UNLOCK(f); | ||
| } else { | ||
| /* implied: TCP but our thread does not own it. So set it | ||
| * aside for the Flow Manager to pick it up. */ | ||
| diff --git a/src/flow-manager.c b/src/flow-manager.c | ||
| index d58a49637d6..9228c88490c 100644 | ||
| --- src/flow-manager.c | ||
| +++ src/flow-manager.c | ||
| @@ -333,9 +333,9 @@ static uint32_t ProcessAsideQueue(FlowManagerTimeoutThread *td, FlowTimeoutCount | ||
| FlowForceReassemblyNeedReassembly(f) == 1) | ||
| { | ||
| FlowForceReassemblyForFlow(f); | ||
| + FLOWLOCK_UNLOCK(f); | ||
| /* flow ownership is passed to the worker thread */ | ||
|
|
||
| - /* flow remains locked */ | ||
| counters->flows_aside_needs_work++; | ||
| continue; | ||
| } | ||
| diff --git a/src/flow-timeout.c b/src/flow-timeout.c | ||
| index 972b35076bd..d6cca490087 100644 | ||
| --- src/flow-timeout.c | ||
| +++ src/flow-timeout.c | ||
| @@ -401,6 +401,7 @@ static inline void FlowForceReassemblyForHash(void) | ||
| RemoveFromHash(f, prev_f); | ||
| f->flow_end_flags |= FLOW_END_FLAG_SHUTDOWN; | ||
| FlowForceReassemblyForFlow(f); | ||
| + FLOWLOCK_UNLOCK(f); | ||
| f = next_f; | ||
| continue; | ||
| } | ||
| diff --git a/src/flow-worker.c b/src/flow-worker.c | ||
| index 69dbb6ac575..dccf3581dd5 100644 | ||
| --- src/flow-worker.c | ||
| +++ src/flow-worker.c | ||
| @@ -168,6 +168,7 @@ static void CheckWorkQueue(ThreadVars *tv, FlowWorkerThreadData *fw, | ||
| { | ||
| Flow *f; | ||
| while ((f = FlowQueuePrivateGetFromTop(fq)) != NULL) { | ||
| + FLOWLOCK_WRLOCK(f); | ||
| f->flow_end_flags |= FLOW_END_FLAG_TIMEOUT; //TODO emerg | ||
|
|
||
| const FlowStateType state = f->flow_state; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,62 @@ | ||
| --- rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/mod.rs.orig 2020-03-17 20:35:43 UTC | ||
| +++ rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/mod.rs | ||
| @@ -1486,6 +1486,9 @@ cfg_if! { | ||
| } else if #[cfg(target_arch = "powerpc64")] { | ||
| mod powerpc64; | ||
| pub use self::powerpc64::*; | ||
| + } else if #[cfg(target_arch = "powerpc")] { | ||
| + mod powerpc; | ||
| + pub use self::powerpc::*; | ||
| } else { | ||
| // Unknown target_arch | ||
| } | ||
| --- rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/powerpc.rs.orig 2021-06-23 22:40:24 UTC | ||
| +++ rust/vendor/libc/src/unix/bsd/freebsdlike/freebsd/powerpc.rs | ||
| @@ -0,0 +1,47 @@ | ||
| +pub type c_char = u8; | ||
| +pub type c_long = i32; | ||
| +pub type c_ulong = u32; | ||
| +pub type wchar_t = i32; | ||
| +pub type time_t = i64; | ||
| +pub type suseconds_t = i32; | ||
| +pub type register_t = i32; | ||
| + | ||
| +s! { | ||
| + pub struct stat { | ||
| + pub st_dev: ::dev_t, | ||
| + pub st_ino: ::ino_t, | ||
| + pub st_mode: ::mode_t, | ||
| + pub st_nlink: ::nlink_t, | ||
| + pub st_uid: ::uid_t, | ||
| + pub st_gid: ::gid_t, | ||
| + pub st_rdev: ::dev_t, | ||
| + pub st_atime: ::time_t, | ||
| + pub st_atime_nsec: ::c_long, | ||
| + pub st_mtime: ::time_t, | ||
| + pub st_mtime_nsec: ::c_long, | ||
| + pub st_ctime: ::time_t, | ||
| + pub st_ctime_nsec: ::c_long, | ||
| + pub st_size: ::off_t, | ||
| + pub st_blocks: ::blkcnt_t, | ||
| + pub st_blksize: ::blksize_t, | ||
| + pub st_flags: ::fflags_t, | ||
| + pub st_gen: u32, | ||
| + pub st_lspare: i32, | ||
| + pub st_birthtime: ::time_t, | ||
| + pub st_birthtime_nsec: ::c_long, | ||
| + } | ||
| +} | ||
| + | ||
| +// should be pub(crate), but that requires Rust 1.18.0 | ||
| +cfg_if! { | ||
| + if #[cfg(libc_const_size_of)] { | ||
| + #[doc(hidden)] | ||
| + pub const _ALIGNBYTES: usize = ::mem::size_of::<::c_int>() - 1; | ||
| + } else { | ||
| + #[doc(hidden)] | ||
| + pub const _ALIGNBYTES: usize = 4 - 1; | ||
| + } | ||
| +} | ||
| + | ||
| +pub const MAP_32BIT: ::c_int = 0x00080000; | ||
| +pub const MINSIGSTKSZ: ::size_t = 2048; // 512 * 4 |
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters