diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml index eb02c0c21775..bc2d93e10d85 100644 --- a/.github/workflows/builds.yml +++ b/.github/workflows/builds.yml @@ -269,7 +269,7 @@ jobs: CFLAGS="${DEFAULT_CFLAGS}" ./configure - run: make -j2 distcheck env: - DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" + DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" - run: test -e doc/userguide/suricata.1 - name: Checking includes run: | @@ -914,7 +914,7 @@ jobs: # Set the concurrency level for cocci. run: CONCURRENCY_LEVEL=2 make check - run: make distclean - - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua + - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" @@ -1100,7 +1100,7 @@ jobs: - run: tar xf prep/libhtp.tar.gz - run: tar xf prep/suricata-update.tar.gz - run: ./autogen.sh - - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue --enable-lua + - run: CC="clang" CFLAGS="$DEFAULT_CFLAGS -Wshadow -fsanitize=address -fno-omit-frame-pointer" ./configure --enable-debug --enable-unittests --disable-shared --enable-rust-strict --enable-hiredis --enable-nfqueue env: LDFLAGS: "-fsanitize=address" ac_cv_func_realloc_0_nonnull: "yes" @@ -1407,7 +1407,7 @@ jobs: libnuma-dev \ libhiredis-dev \ libhyperscan-dev \ - liblua5.1-dev \ + liblua5.4-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ @@ -1518,6 +1518,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ @@ -1525,7 +1526,7 @@ jobs: libnfnetlink0 \ libnuma-dev \ libhiredis-dev \ - liblua5.1-dev \ + liblua5.4-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ @@ -1559,7 +1560,7 @@ jobs: chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect + - run: ./configure --with-gnu-ld --enable-fuzztargets --disable-shared --enable-gccprotect env: LIB_FUZZING_ENGINE: "fail_to_onefile_driver" CC: "clang-14" @@ -1648,7 +1649,7 @@ jobs: chmod 755 $HOME/.cargo/bin/cbindgen echo "$HOME/.cargo/bin" >> $GITHUB_PATH - run: ./autogen.sh - - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests + - run: CFLAGS="$DEFAULT_CFLAGS -DNDEBUG" ./configure --enable-unittests --disable-lua - run: make -j2 - run: make check - run: make dist @@ -1762,6 +1763,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ @@ -1841,6 +1843,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ @@ -1902,6 +1905,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ @@ -1995,6 +1999,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ @@ -2100,7 +2105,7 @@ jobs: libmaxminddb-dev \ libjansson-dev \ libjansson4 \ - liblua5.1-dev \ + liblua5.4-dev \ libnspr4-dev \ libnuma-dev \ liblz4-dev \ @@ -2133,7 +2138,7 @@ jobs: # -j2 caused random failures during cargo vendor - run: make distcheck env: - DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" + DISTCHECK_CONFIGURE_FLAGS: "--enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk" - run: test -e doc/userguide/suricata.1 - run: test -e doc/userguide/userguide.pdf - name: Building Rust documentation @@ -2182,6 +2187,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libjansson-dev \ libjansson4 \ @@ -2263,7 +2269,7 @@ jobs: libmaxminddb-dev \ libjansson-dev \ libjansson4 \ - liblua5.1-dev \ + liblua5.4-dev \ libnspr4-dev \ libnuma-dev \ liblz4-dev \ @@ -2297,7 +2303,7 @@ jobs: - run: tar xf prep/suricata-update.tar.gz - run: tar xf prep/suricata-verify.tar.gz - run: ./autogen.sh - - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-debug --enable-lua --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk + - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-debug --enable-geoip --enable-profiling --enable-profiling-locks --enable-dpdk - run: make -j2 - run: make check - name: Building Rust documentation @@ -2344,7 +2350,7 @@ jobs: libmagic-dev \ libjansson-dev \ libgeoip-dev \ - liblua5.1-dev \ + liblua5.4-dev \ libhiredis-dev \ libevent-dev \ libtool \ @@ -2419,7 +2425,6 @@ jobs: libmagic-dev \ libjansson-dev \ libgeoip-dev \ - liblua5.1-dev \ libhiredis-dev \ libevent-dev \ libtool \ @@ -2448,7 +2453,7 @@ jobs: cp prep/cbindgen $HOME/.cargo/bin chmod 755 $HOME/.cargo/bin/cbindgen - run: ./autogen.sh - - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets + - run: CFLAGS="${DEFAULT_CFLAGS}" ./configure --enable-unittests --enable-fuzztargets --disable-lua - run: make -j2 - run: make check - run: tar xf prep/suricata-verify.tar.gz @@ -2555,7 +2560,7 @@ jobs: - name: Build run: | ./autogen.sh - CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 + CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --disable-lua --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | @@ -2600,7 +2605,7 @@ jobs: - name: Build run: | ./autogen.sh - CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 + CFLAGS="-ggdb -Werror" ./configure --enable-unittests --enable-gccprotect --disable-gccmarch-native --disable-shared --disable-lua --with-libpcap-includes=/npcap/Include --with-libpcap-libraries=/npcap/Lib/x64 make -j3 - name: Run run: | @@ -2649,7 +2654,7 @@ jobs: - name: Build run: | ./autogen.sh - CFLAGS="-ggdb -Werror" ./configure --enable-gccprotect --disable-gccmarch-native --disable-shared --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64 + CFLAGS="-ggdb -Werror" ./configure --enable-gccprotect --disable-gccmarch-native --disable-shared --disable-lua --enable-windivert --with-windivert-include=/windivert/WinDivert-1.4.3-A/include --with-windivert-libraries=/windivert/WinDivert-1.4.3-A/x86_64 make -j3 - name: Run run: | diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3d13d276b02a..12ab7a560e0a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -45,6 +45,7 @@ jobs: sudo apt-get install libssl-dev sudo apt-get install libpcre2-dev sudo apt-get install libjansson-dev + sudo apt-get install liblua5.4-dev sudo apt-get install libpcap-dev sudo apt-get install libnuma-dev git clone --depth 1 https://github.com/OISF/libhtp.git diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml index 04bbb3fdf96b..05463437b9f8 100644 --- a/.github/workflows/commits.yml +++ b/.github/workflows/commits.yml @@ -85,7 +85,7 @@ jobs: git checkout $rev echo "Building rev ${rev}" | tee -a build_log.txt ./autogen.sh >> build_log.txt 2>&1 - CC="sccache gcc" ./configure --enable-unittests >> build_log.txt 2>&1 + CC="sccache gcc" ./configure --enable-unittests --disable-lua >> build_log.txt 2>&1 if ! make -j2 >> build_log.txt 2>&1; then echo "::error ::Failed to build rev ${rev}" tail -n 50 build_log.txt diff --git a/.github/workflows/formatting.yml b/.github/workflows/formatting.yml index 03a8e81169f5..4c03c5633eca 100644 --- a/.github/workflows/formatting.yml +++ b/.github/workflows/formatting.yml @@ -53,6 +53,7 @@ jobs: libyaml-dev \ libcap-ng-dev \ libcap-ng0 \ + liblua5.4-dev \ libmagic-dev \ libnetfilter-queue-dev \ libnetfilter-queue1 \ diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml index ef9c10bf1df9..0fc99dc4a7dd 100644 --- a/.github/workflows/scan-build.yml +++ b/.github/workflows/scan-build.yml @@ -50,7 +50,7 @@ jobs: libnuma-dev \ libhiredis-dev \ libhyperscan-dev \ - liblua5.1-dev \ + liblua5.4-dev \ libjansson-dev \ libevent-dev \ libevent-pthreads-2.1-7 \ diff --git a/configure.ac b/configure.ac index 3acab5b3acfd..0000220c7b9d 100644 --- a/configure.ac +++ b/configure.ac @@ -239,7 +239,7 @@ AC_MSG_CHECKING([host os]) # Default lua libname if not detected otherwise. - LUA_LIB_NAME="lua5.1" + LUA_LIB_NAME="lua5.4" # If no host os was detected, try with uname if test -z "$host" ; then @@ -253,7 +253,7 @@ e_magic_file_comment="#" case "$host" in *-*-*freebsd*) - LUA_LIB_NAME="lua-5.1" + LUA_LIB_NAME="lua-5.4" CFLAGS="${CFLAGS} -DOS_FREEBSD" CPPFLAGS="${CPPFLAGS} -I/usr/local/include -I/usr/local/include/libnet11" LDFLAGS="${LDFLAGS} -L/usr/local/lib -L/usr/local/lib/libnet11" @@ -266,7 +266,7 @@ RUST_LDADD="-lm -lc++ -lc++abi" ;; *darwin*|*Darwin*) - LUA_LIB_NAME="lua-5.1" + LUA_LIB_NAME="lua-5.4" CFLAGS="${CFLAGS} -DOS_DARWIN" CPPFLAGS="${CPPFLAGS} -I/opt/local/include" LDFLAGS="${LDFLAGS} -L/opt/local/lib -framework Security" @@ -1895,25 +1895,10 @@ # liblua AC_ARG_ENABLE(lua, - AS_HELP_STRING([--enable-lua],[Enable Lua support]), + AS_HELP_STRING([--disable-lua],[Disable Lua support]), [ enable_lua="$enableval"], - [ enable_lua="no"]) - AC_ARG_ENABLE(luajit, - AS_HELP_STRING([--enable-luajit],[Enable Luajit support]), - [ enable_luajit="$enableval"], - [ enable_luajit="no"]) - if test "$enable_lua" = "yes"; then - if test "$enable_luajit" = "yes"; then - echo "ERROR: can't enable liblua and luajit at the same time." - echo "For LuaJIT, just use --enable-luajit. For liblua (no jit)" - echo "support, use just --enable-lua." - echo "Both options will enable the Lua scripting capabilities" - echo "in Suricata". - echo - exit 1 - fi - fi - + [ enable_lua="yes"]) + AC_ARG_WITH(liblua_includes, [ --with-liblua-includes=DIR liblua include directory], [with_liblua_includes="$withval"],[with_liblua_includes="no"]) @@ -1925,11 +1910,11 @@ if test "$with_liblua_includes" != "no"; then CPPFLAGS="${CPPFLAGS} -I${with_liblua_includes}" else - # lua lua51 lua5.1 lua-5.1 + # lua lua54 lua5.4 lua-5.4 PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua5.4], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua-5.4], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua54], [LUA="yes"], [ LUA="no" ]) ]) @@ -1948,7 +1933,7 @@ echo " ERROR! liblua library not found, go get it" echo " from http://lua.org/index.html or your distribution:" echo - echo " Ubuntu: apt-get install liblua5.1-dev" + echo " Ubuntu: apt-get install liblua5.4-dev" echo " Fedora: dnf install lua-devel" echo " CentOS/RHEL: yum install lua-devel" echo @@ -1959,11 +1944,11 @@ exit 1 fi else - # lua lua51 lua5.1 lua-5.1 + # lua lua54 lua5.4 lua-5.4 PKG_CHECK_MODULES([LUA], [lua], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua5.1], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua-5.1], [LUA="yes"], [ - PKG_CHECK_MODULES([LUA], [lua51], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua5.4], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua-5.4], [LUA="yes"], [ + PKG_CHECK_MODULES([LUA], [lua54], [LUA="yes"], [ LUA="no" ]) ]) @@ -1985,7 +1970,7 @@ echo " ERROR! liblua headers not found, go get them" echo " from http://lua.org/index.html or your distribution:" echo - echo " Ubuntu: apt-get install liblua5.1-dev" + echo " Ubuntu: apt-get install liblua5.4-dev" echo " Fedora: dnf install lua-devel" echo " CentOS/RHEL: yum install lua-devel" echo @@ -1998,67 +1983,6 @@ fi fi - # libluajit - AC_ARG_WITH(libluajit_includes, - [ --with-libluajit-includes=DIR libluajit include directory], - [with_libluajit_includes="$withval"],[with_libluajit_includes="no"]) - AC_ARG_WITH(libluajit_libraries, - [ --with-libluajit-libraries=DIR libluajit library directory], - [with_libluajit_libraries="$withval"],[with_libluajit_libraries="no"]) - - if test "$enable_luajit" = "yes"; then - if test "$with_libluajit_includes" != "no"; then - CPPFLAGS="${CPPFLAGS} -I${with_libluajit_includes}" - else - PKG_CHECK_MODULES([LUAJIT], [luajit], , LUAJIT="no") - CPPFLAGS="${CPPFLAGS} ${LUAJIT_CFLAGS}" - fi - - AC_CHECK_HEADER(lualib.h,LUAJIT="yes",LUAJIT="no") - if test "$LUAJIT" = "yes"; then - if test "$with_libluajit_libraries" != "no"; then - LDFLAGS="${LDFLAGS} -L${with_libluajit_libraries}" - else - PKG_CHECK_MODULES([LUAJIT], [luajit]) - LIBS="${LIBS} ${LUAJIT_LIBS}" - fi - - AC_CHECK_LIB(luajit-5.1, luaL_openlibs,, LUAJIT="no") - - if test "$LUAJIT" = "no"; then - echo - echo " ERROR! libluajit library not found, go get it" - echo " from http://luajit.org/index.html or your distribution:" - echo - echo " Ubuntu: apt-get install libluajit-5.1-dev" - echo - echo " If you installed software in a non-standard prefix" - echo " consider adjusting the PKG_CONFIG_PATH environment variable" - echo " or use --with-libluajit-libraries configure option." - echo - exit 1 - fi - - AC_DEFINE([HAVE_LUA],[1],[lua support available]) - AC_DEFINE([HAVE_LUAJIT],[1],[libluajit available]) - enable_lua="yes, through luajit" - enable_luajit="yes" - else - echo - echo " ERROR! libluajit headers not found, go get them" - echo " from http://luajit.org/index.html or your distribution:" - echo - echo " Ubuntu: apt-get install libluajit-5.1-dev" - echo - echo " If you installed software in a non-standard prefix" - echo " consider adjusting the PKG_CONFIG_PATH environment variable" - echo " or use --with-libluajit-includes and --with-libluajit-libraries" - echo " configure option." - echo - exit 1 - fi - fi - AM_CONDITIONAL([HAVE_LUA], [test "x$enable_lua" != "xno"]) # If Lua is enabled, test the integer size. @@ -2665,7 +2589,6 @@ SURICATA_BUILD_CONF="Suricata Configuration: hiredis async with libevent: ${enable_hiredis_async} PCRE jit: ${pcre2_jit_available} LUA support: ${enable_lua} - libluajit: ${enable_luajit} GeoIP2 support: ${enable_geoip} Non-bundled htp: ${enable_non_bundled_htp} Hyperscan support: ${enable_hyperscan} diff --git a/doc/userguide/configuration/suricata-yaml.rst b/doc/userguide/configuration/suricata-yaml.rst index ba103a1f38de..a3b9036bac38 100644 --- a/doc/userguide/configuration/suricata-yaml.rst +++ b/doc/userguide/configuration/suricata-yaml.rst @@ -2724,24 +2724,6 @@ to display the diagnostic message if a signal unexpectedly terminates Suricata - # message with the offending stacktrace if enabled. #stacktrace-on-signal: on -luajit -~~~~~~ - -states -^^^^^^ - -Luajit has a strange memory requirement, it's 'states' need to be in the -first 2G of the process' memory. For this reason when luajit is used the -states are allocated at the process startup. This option controls how many -states are preallocated. - -If the pool is depleted a warning is generated. Suricata will still try to -continue, but may fail if other parts of the engine take too much memory. -If the pool was depleted a hint will be printed at the engines exit. - -States are allocated as follows: for each detect script a state is used per -detect thread. For each output script, a single state is used. Keep in -mind that a rule reload temporary doubles the states requirement. .. _deprecation policy: https://suricata.io/about/deprecation-policy/ diff --git a/doc/userguide/install.rst b/doc/userguide/install.rst index b3d39d216a0b..70e3a20728ee 100644 --- a/doc/userguide/install.rst +++ b/doc/userguide/install.rst @@ -106,7 +106,7 @@ Recommended:: sudo apt-get install autoconf automake build-essential ccache clang curl git \ gosu jq libbpf-dev libcap-ng0 libcap-ng-dev libelf-dev \ libevent-dev libgeoip-dev libhiredis-dev libjansson-dev \ - liblua5.1-dev libmagic-dev libnet1-dev libpcap-dev \ + liblua5.4-dev libmagic-dev libnet1-dev libpcap-dev \ libpcre2-dev libtool libyaml-0-2 libyaml-dev m4 make \ pkg-config python3 python3-dev python3-yaml sudo zlib1g \ zlib1g-dev diff --git a/doc/userguide/rules/differences-from-snort.rst b/doc/userguide/rules/differences-from-snort.rst index 9ca145c5e238..4566565f12fd 100644 --- a/doc/userguide/rules/differences-from-snort.rst +++ b/doc/userguide/rules/differences-from-snort.rst @@ -524,7 +524,7 @@ File Extraction Lua Scripting ------------- -- Suricata has the ``lua`` (or ``luajit``) keyword which allows for a +- Suricata has the ``lua`` keyword which allows for a rule to reference a Lua script that can access the packet, payload, HTTP buffers, etc. - Provides powerful flexibility and capabilities that Snort does diff --git a/src/Makefile.am b/src/Makefile.am index b8c28dcf6372..1eebca1c89af 100755 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -572,7 +572,6 @@ noinst_HEADERS = \ util-lua-hassh.h \ util-lua-http.h \ util-lua-ja3.h \ - util-luajit.h \ util-lua-smtp.h \ util-lua-ssh.h \ util-lua-tls.h \ @@ -1176,7 +1175,6 @@ libsuricata_c_a_SOURCES = \ util-lua-hassh.c \ util-lua-http.c \ util-lua-ja3.c \ - util-luajit.c \ util-lua-smtp.c \ util-lua-ssh.c \ util-lua-tls.c \ diff --git a/src/detect-lua-extensions.c b/src/detect-lua-extensions.c index 897b0874021a..9a0850b9e919 100644 --- a/src/detect-lua-extensions.c +++ b/src/detect-lua-extensions.c @@ -160,7 +160,7 @@ static int GetFlowVarByKey(lua_State *luastate, Flow *f, FlowVar **ret_fv) LUA_ERROR("key len out of range: max 256"); } - FlowVar *fv = FlowVarGetByKey(f, (const uint8_t *)keystr, keylen); + FlowVar *fv = FlowVarGetByKey(f, (const uint8_t *)keystr, (uint16_t)keylen); if (fv == NULL) { LUA_ERROR("no flow var"); } @@ -272,7 +272,7 @@ static int LuaSetFlowvarById(lua_State *luastate) memcpy(buffer, str, len); buffer[len] = '\0'; - FlowVarAddIdValue(f, idx, buffer, len); + FlowVarAddIdValue(f, idx, buffer, (uint16_t)len); return 0; } @@ -333,7 +333,7 @@ static int LuaSetFlowvarByKey(lua_State *luastate) } memcpy(keybuf, keystr, keylen); keybuf[keylen] = '\0'; - FlowVarAddKeyValue(f, keybuf, keylen, buffer, len); + FlowVarAddKeyValue(f, keybuf, (uint16_t)keylen, buffer, (uint16_t)len); return 0; } diff --git a/src/detect-lua.c b/src/detect-lua.c index 93f4a687f87d..95cde78f4dc5 100644 --- a/src/detect-lua.c +++ b/src/detect-lua.c @@ -2546,4 +2546,4 @@ void DetectLuaRegisterTests(void) UtRegisterTest("LuaMatchTest06a", LuaMatchTest06a); } #endif -#endif /* HAVE_LUAJIT */ +#endif /* HAVE_LUA */ diff --git a/src/runmode-unittests.c b/src/runmode-unittests.c index 1150bad89580..a3766b3824c3 100644 --- a/src/runmode-unittests.c +++ b/src/runmode-unittests.c @@ -104,7 +104,6 @@ #include "util-streaming-buffer.h" #include "util-lua.h" -#include "util-luajit.h" #include "tm-modules.h" #include "tmqh-packetpool.h" #include "decode-chdlc.h" @@ -234,12 +233,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) GlobalsInitPreConfig(); EngineModeSetIDS(); -#ifdef HAVE_LUAJIT - if (LuajitSetupStatesPool() != 0) { - exit(EXIT_FAILURE); - } -#endif - default_packet_size = DEFAULT_PACKET_SIZE; /* load the pattern matchers */ MpmTableSetup(); @@ -291,10 +284,6 @@ void RunUnittests(int list_unittests, const char *regex_arg) } } -#ifdef HAVE_LUAJIT - LuajitFreeStatesPool(); -#endif - exit(EXIT_SUCCESS); #else FatalError("Unittests are not build-in"); diff --git a/src/suricata.c b/src/suricata.c index 126d02f900f0..1fa03889c5bb 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -130,7 +130,6 @@ #include "util-hugepages.h" #include "util-ioctl.h" #include "util-landlock.h" -#include "util-luajit.h" #include "util-macset.h" #include "util-misc.h" #include "util-mpm-hs.h" @@ -407,9 +406,7 @@ static void GlobalsDestroy(SCInstance *suri) #endif ConfDeInit(); -#ifdef HAVE_LUAJIT - LuajitFreeStatesPool(); -#endif + DetectParseFreeRegexes(); SCPidfileRemove(suri->pid_filename); @@ -740,9 +737,6 @@ static void PrintBuildInfo(void) strlcat(features, "HTTP2_DECOMPRESSION ", sizeof(features)); #ifdef HAVE_LUA strlcat(features, "HAVE_LUA ", sizeof(features)); -#endif -#ifdef HAVE_LUAJIT - strlcat(features, "HAVE_LUAJIT ", sizeof(features)); #endif strlcat(features, "HAVE_LIBJANSSON ", sizeof(features)); #ifdef PROFILING @@ -2621,13 +2615,6 @@ static void SetupUserMode(SCInstance *suri) */ int PostConfLoadedSetup(SCInstance *suri) { - /* do this as early as possible #1577 #1955 */ -#ifdef HAVE_LUAJIT - if (LuajitSetupStatesPool() != 0) { - SCReturnInt(TM_ECODE_FAILED); - } -#endif - /* load the pattern matchers */ MpmTableSetup(); SpmTableSetup(); diff --git a/src/util-lua.c b/src/util-lua.c index 9e65c3017fcb..d903f44e39df 100644 --- a/src/util-lua.c +++ b/src/util-lua.c @@ -34,7 +34,6 @@ #include "util-print.h" #include "util-unittest.h" -#include "util-luajit.h" #include "util-debug.h" @@ -59,11 +58,7 @@ lua_State *LuaGetState(void) { lua_State *s = NULL; -#ifdef HAVE_LUAJIT - s = LuajitGetState(); -#else s = luaL_newstate(); -#endif return s; } @@ -74,11 +69,7 @@ void LuaReturnState(lua_State *s) while (lua_gettop(s) > 0) { lua_pop(s, 1); } -#ifdef HAVE_LUAJIT - LuajitReturnState(s); -#else lua_close(s); -#endif } } diff --git a/src/util-luajit.c b/src/util-luajit.c deleted file mode 100644 index a089e139cfcf..000000000000 --- a/src/util-luajit.c +++ /dev/null @@ -1,157 +0,0 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - * - */ - -#include "suricata-common.h" - -#ifdef HAVE_LUAJIT -#include "conf.h" -#include "util-pool.h" -#include "util-lua.h" -#include "util-luajit.h" - -/** \brief lua_State pool - * - * Lua requires states to be alloc'd in memory <2GB. For this reason we - * prealloc the states early during engine startup so we have a better chance - * of getting the states. We protect the pool with a lock as the detect - * threads access it during their init and cleanup. - * - * Pool size is automagically determined based on number of keyword occurrences, - * cpus/cores and rule reloads being enabled or not. - * - * Alternatively, the "detect-engine.luajit-states" var can be set. - */ -static Pool *luajit_states = NULL; -static pthread_mutex_t luajit_states_lock = SCMUTEX_INITIALIZER; -static int luajit_states_cnt = 0; -static int luajit_states_cnt_max = 0; -static int luajit_states_size = 0; -#define LUAJIT_DEFAULT_STATES 128 - -static void *LuaStatePoolAlloc(void) -{ - return luaL_newstate(); -} - -static void LuaStatePoolFree(void *d) -{ - lua_State *s = (lua_State *)d; - if (s != NULL) - lua_close(s); -} - -/** \brief Populate lua states pool - * - * \param num keyword instances - * \param reloads bool indicating we have rule reloads enabled - */ -int LuajitSetupStatesPool(void) -{ - int retval = 0; - pthread_mutex_lock(&luajit_states_lock); - - if (luajit_states == NULL) { - intmax_t cnt = 0; - if (ConfGetInt("luajit.states", &cnt) != 1) { - ConfNode *denode = NULL; - ConfNode *decnf = ConfGetNode("detect-engine"); - if (decnf != NULL) { - TAILQ_FOREACH(denode, &decnf->head, next) { - if (denode->val && strcmp(denode->val, "luajit-states") == 0) { - ConfGetChildValueInt(denode, "luajit-states", &cnt); - } - } - } - } - if (cnt == 0) { - cnt = LUAJIT_DEFAULT_STATES; - } - luajit_states_size = cnt; - - luajit_states = PoolInit(0, cnt, 0, LuaStatePoolAlloc, NULL, NULL, NULL, LuaStatePoolFree); - if (luajit_states == NULL) { - SCLogError("luastate pool init failed, lua/luajit keywords won't work"); - retval = -1; - } - - if (retval == 0) { - SCLogConfig("luajit states preallocated: %d", luajit_states_size); - } - } - - pthread_mutex_unlock(&luajit_states_lock); - return retval; -} - -void LuajitFreeStatesPool(void) -{ - pthread_mutex_lock(&luajit_states_lock); - if (luajit_states_cnt_max > luajit_states_size) { - SCLogNotice("luajit states used %d is bigger than pool size %d. Set " - "luajit.states to %d to avoid memory issues. " - "See tickets #1577 and #1955.", - luajit_states_cnt_max, luajit_states_size, luajit_states_cnt_max); - } - PoolFree(luajit_states); - luajit_states = NULL; - luajit_states_size = 0; - luajit_states_cnt = 0; - pthread_mutex_unlock(&luajit_states_lock); -} - -lua_State *LuajitGetState(void) -{ - lua_State *s = NULL; - pthread_mutex_lock(&luajit_states_lock); - if (luajit_states != NULL) { - s = (lua_State *)PoolGet(luajit_states); - if (s != NULL) { - if (luajit_states_cnt == luajit_states_size) { - SCLogWarning("luajit states pool size %d " - "reached. Increase luajit.states config option. " - "See tickets #1577 and #1955", - luajit_states_size); - } - - luajit_states_cnt++; - if (luajit_states_cnt > luajit_states_cnt_max) - luajit_states_cnt_max = luajit_states_cnt; - } - } - pthread_mutex_unlock(&luajit_states_lock); - return s; -} - -void LuajitReturnState(lua_State *s) -{ - if (s != NULL) { - pthread_mutex_lock(&luajit_states_lock); - PoolReturn(luajit_states, (void *)s); - BUG_ON(luajit_states_cnt <= 0); - luajit_states_cnt--; - pthread_mutex_unlock(&luajit_states_lock); - } -} - -#endif /* HAVE_LUAJIT */ diff --git a/src/util-luajit.h b/src/util-luajit.h deleted file mode 100644 index b90cef431b47..000000000000 --- a/src/util-luajit.h +++ /dev/null @@ -1,38 +0,0 @@ -/* Copyright (C) 2007-2016 Open Information Security Foundation - * - * You can copy, redistribute or modify this Program under the terms of - * the GNU General Public License version 2 as published by the Free - * Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * version 2 along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA. - */ - -/** - * \file - * - * \author Victor Julien - */ - -#ifndef __UTIL_LUAJIT_H__ -#define __UTIL_LUAJIT_H__ - -#ifdef HAVE_LUAJIT - -#include "util-lua.h" - -int LuajitSetupStatesPool(void); -void LuajitFreeStatesPool(void); -lua_State *LuajitGetState(void); -void LuajitReturnState(lua_State *s); - -#endif /* HAVE_LUAJIT */ - -#endif /* __UTIL_LUAJIT_H__ */ diff --git a/suricata.yaml.in b/suricata.yaml.in index 412ab1aea850..af0e9adab89e 100644 --- a/suricata.yaml.in +++ b/suricata.yaml.in @@ -1767,15 +1767,6 @@ threading: # Generally, the per-thread stack-size should not exceed 8MB. #stack-size: 8mb -# Luajit has a strange memory requirement, its 'states' need to be in the -# first 2G of the process' memory. -# -# 'luajit.states' is used to control how many states are preallocated. -# State use: per detect script: 1 per detect thread. Per output script: 1 per -# script. -luajit: - states: 128 - # Profiling settings. Only effective if Suricata has been built with # the --enable-profiling configure flag. #