OISF · victorjulien · Jun 19, 2024 · Jun 14, 2024 · May 1, 2024 · May 1, 2024
@@ -4,6 +4,7 @@ on:
   schedule:
     # Run on Monday mornings, 11AM UTC.
     - cron: '0 11 * * 1'
+  pull_request:
   # Enable push for testing when working on this file.
   #push:
   workflow_dispatch:
@@ -14,9 +15,6 @@ concurrency:
 
 permissions: read-all
 
-env:
-  RUST_VERSION_MIN: "1.63.0"
-
 jobs:
 
   # This job runs `cargo audit` and will exit with a failure code if
@@ -160,11 +158,11 @@ jobs:
                 sudo \
                 which \
                 zlib-devel
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Install Minimum Supported Rust Version
         run: |
-          curl https://sh.rustup.rs -sSf | sh -s -- --default-toolchain ${RUST_VERSION_MIN} -y
+          curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $(awk -F '"' '/rust-version/ { print $2 }' rust/Cargo.toml.in)
           echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
       - name: Configure Suricata
         run: |
           ./scripts/bundle.sh libhtp

@@ -316,9 +316,8 @@ PrefilterPacketAppProtoCompare(PrefilterPacketHeaderValue v, void *smctx)
 static int PrefilterSetupAppProto(DetectEngineCtx *de_ctx, SigGroupHead *sgh)
 {
     return PrefilterSetupPacketHeader(de_ctx, sgh, DETECT_AL_APP_LAYER_PROTOCOL,
-        PrefilterPacketAppProtoSet,
-        PrefilterPacketAppProtoCompare,
-        PrefilterPacketAppProtoMatch);
+            SIG_MASK_REQUIRE_FLOW, PrefilterPacketAppProtoSet, PrefilterPacketAppProtoCompare,
+            PrefilterPacketAppProtoMatch);
 }
 
 static bool PrefilterAppProtoIsPrefilterable(const Signature *s)

@@ -1,4 +1,4 @@
-/* Copyright (C) 2007-2022 Open Information Security Foundation
+/* Copyright (C) 2007-2024 Open Information Security Foundation
  *
  * You can copy, redistribute or modify this Program under the terms of
  * the GNU General Public License version 2 as published by the Free
@@ -196,13 +196,13 @@ static int DetectCsumParseArg(const char *key, DetectCsumData *cd)
     if (key[0] == '\"' && key[strlen(key) - 1] == '\"') {
         str = SCStrdup(key + 1);
         if (unlikely(str == NULL)) {
-            goto error;
+            return 0;
         }
         str[strlen(key) - 2] = '\0';
     } else {
         str = SCStrdup(key);
         if (unlikely(str == NULL)) {
-            goto error;
+            return 0;
         }
     }
 
@@ -213,9 +213,7 @@ static int DetectCsumParseArg(const char *key, DetectCsumData *cd)
         return 1;
     }
 
-error:
-    if (str != NULL)
-        SCFree(str);
+    SCFree(str);
     return 0;
 }
 
@@ -239,7 +237,7 @@ static int DetectIPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv4(p) || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p))
         return 0;
 
     if (p->flags & PKT_IGNORE_CHECKSUM) {
@@ -274,12 +272,9 @@ static int DetectIPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectIPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -292,18 +287,13 @@ static int DetectIPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectIPV4CsumFree(de_ctx, cd);
-
+    DetectIPV4CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectIPV4CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /**
@@ -326,7 +316,7 @@ static int DetectTCPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv4(p) || !PacketIsTCP(p) || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p) || !PacketIsTCP(p) || p->proto != IPPROTO_TCP)
         return 0;
 
     if (p->flags & PKT_IGNORE_CHECKSUM) {
@@ -362,12 +352,9 @@ static int DetectTCPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectTCPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -380,18 +367,13 @@ static int DetectTCPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectTCPV4CsumFree(de_ctx, cd);
-
+    DetectTCPV4CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectTCPV4CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /**
@@ -414,7 +396,7 @@ static int DetectTCPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv6(p) || !PacketIsTCP(p) || p->proto != IPPROTO_TCP || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv6(p) || !PacketIsTCP(p) || p->proto != IPPROTO_TCP)
         return 0;
 
     if (p->flags & PKT_IGNORE_CHECKSUM) {
@@ -451,12 +433,9 @@ static int DetectTCPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectTCPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -469,18 +448,13 @@ static int DetectTCPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectTCPV6CsumFree(de_ctx, cd);
-
+    DetectTCPV6CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectTCPV6CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /**
@@ -503,7 +477,7 @@ static int DetectUDPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv4(p) || !PacketIsUDP(p) || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p) || !PacketIsUDP(p) || p->proto != IPPROTO_UDP)
         return 0;
 
     const UDPHdr *udph = PacketGetUDP(p);
@@ -542,12 +516,9 @@ static int DetectUDPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectUDPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -560,18 +531,13 @@ static int DetectUDPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectUDPV4CsumFree(de_ctx, cd);
-
+    DetectUDPV4CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectUDPV4CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /**
@@ -594,7 +560,7 @@ static int DetectUDPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv6(p) || !PacketIsUDP(p) || p->proto != IPPROTO_UDP || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv6(p) || !PacketIsUDP(p) || p->proto != IPPROTO_UDP)
         return 0;
 
     if (p->flags & PKT_IGNORE_CHECKSUM) {
@@ -630,12 +596,9 @@ static int DetectUDPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectUDPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -648,9 +611,7 @@ static int DetectUDPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const cha
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectUDPV6CsumFree(de_ctx, cd);
-
+    DetectUDPV6CsumFree(de_ctx, cd);
     return -1;
 }
 
@@ -682,7 +643,7 @@ static int DetectICMPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv4(p) || !PacketIsICMPv4(p) || p->proto != IPPROTO_ICMP || PKT_IS_PSEUDOPKT(p))
+    if (!PacketIsIPv4(p) || !PacketIsICMPv4(p) || p->proto != IPPROTO_ICMP)
         return 0;
 
     if (p->flags & PKT_IGNORE_CHECKSUM) {
@@ -718,12 +679,9 @@ static int DetectICMPV4CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectICMPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    //printf("DetectCsumSetup: \'%s\'\n", csum_str);
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -736,18 +694,13 @@ static int DetectICMPV4CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectICMPV4CsumFree(de_ctx, cd);
-
+    DetectICMPV4CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectICMPV4CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /**
@@ -770,8 +723,7 @@ static int DetectICMPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
 {
     const DetectCsumData *cd = (const DetectCsumData *)ctx;
 
-    if (!PacketIsIPv6(p) || !PacketIsICMPv6(p) || p->proto != IPPROTO_ICMPV6 ||
-            PKT_IS_PSEUDOPKT(p)) {
+    if (!PacketIsIPv6(p) || !PacketIsICMPv6(p) || p->proto != IPPROTO_ICMPV6) {
         return 0;
     }
     const ICMPV6Hdr *icmpv6h = PacketGetICMPv6(p);
@@ -813,10 +765,9 @@ static int DetectICMPV6CsumMatch(DetectEngineThreadCtx *det_ctx,
  */
 static int DetectICMPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const char *csum_str)
 {
-    DetectCsumData *cd = NULL;
-
-    if ((cd = SCCalloc(1, sizeof(DetectCsumData))) == NULL)
-        goto error;
+    DetectCsumData *cd = SCCalloc(1, sizeof(DetectCsumData));
+    if (cd == NULL)
+        return -1;
 
     if (DetectCsumParseArg(csum_str, cd) == 0)
         goto error;
@@ -829,18 +780,13 @@ static int DetectICMPV6CsumSetup(DetectEngineCtx *de_ctx, Signature *s, const ch
     return 0;
 
 error:
-    if (cd != NULL)
-        DetectICMPV6CsumFree(de_ctx, cd);
-
+    DetectICMPV6CsumFree(de_ctx, cd);
     return -1;
 }
 
 static void DetectICMPV6CsumFree(DetectEngineCtx *de_ctx, void *ptr)
 {
-    DetectCsumData *cd = (DetectCsumData *)ptr;
-
-    if (cd != NULL)
-        SCFree(cd);
+    SCFree(ptr);
 }
 
 /* ---------------------------------- Unit Tests --------------------------- */