tool: rewrite suricatasc and suricatactl in rust - v9

.github/workflows/builds.yml

@@ -3169,7 +3169,7 @@ jobs:
   windows-msys2-mingw64-libpcap:
     name: Windows MSYS2 MINGW64 (libpcap)
     runs-on: windows-latest
-    needs: [prepare-deps]
+    needs: [prepare-deps, ubuntu-22-04-dist]
     defaults:
       run:
         shell: msys2 {0}
@@ -3194,8 +3194,11 @@ jobs:
         with:
           name: prep
           path: prep
-      - run: tar xf prep/libhtp.tar.gz
-      - run: tar xf prep/suricata-update.tar.gz
+      - name: Download suricata.tar.gz
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
+        with:
+          name: dist
+      - run: tar xvf suricata-*.tar.gz --strip-components=1
       - run: tar xf prep/suricata-verify.tar.gz
       - name: Build
         run: |

.github/workflows/live/afp-ids.sh

@@ -28,9 +28,14 @@ if [ -f eve.json ]; then
     rm eve.json
 fi
 
+if [ -e ./rust/target/release/suricatasc ]; then
+    SURICATASC=./rust/target/release/suricatasc
+else
+    SURICATASC=./rust/target/debug/suricatasc
+fi
+
 RES=0
 
-export PYTHONPATH=python/
 # Get listen interface and "ping" target address
 IFACE=$(ip r|grep default|awk '{print $5}')
 echo $IFACE
@@ -75,7 +80,7 @@ if [ $CHECK -ne 1 ]; then
 	echo "ERROR alerts count off for sid 222 (datasets)"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
 echo $JSON
 
 sleep 5
@@ -91,49 +96,49 @@ echo "SURIPID $SURIPID PINGPID $PINGPID"
 cp .github/workflows/live/icmp2.rules suricata.rules
 
 # trigger the reload
-JSON=$(python3 python/bin/suricatasc -c "iface-list" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "iface-list" /var/run/suricata/suricata-command.socket)
 PIFACE=$(echo $JSON | jq -r .message.ifaces[0])
-JSON=$(python3 python/bin/suricatasc -c "iface-stat $PIFACE")
+JSON=$(${SURICATASC} -c "iface-stat $PIFACE")
 STATSCHECK=$(echo $JSON | jq '.message.pkts > 0')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket stats check failed"
     RES=1
 fi
-python3 python/bin/suricatasc -c "reload-rules" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "reload-rules" /var/run/suricata/suricata-command.socket
 
 
-JSON=$(python3 python/bin/suricatasc -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "capture-mode" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "capture-mode" /var/run/suricata/suricata-command.socket)
 if [ "$(echo $JSON | jq -r .message)" != "AF_PACKET_DEV" ]; then
     echo "ERROR unix socket capture mode check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "dump-counters" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "dump-counters" /var/run/suricata/suricata-command.socket)
 STATSCHECK=$(echo $JSON | jq '.message.uptime >= 15')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket dump-counters uptime check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "memcap-list" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "memcap-list" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "running-mode" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "running-mode" /var/run/suricata/suricata-command.socket)
 echo $JSON
 if [ "$(echo $JSON | jq -r .message)" != "$RUNMODE" ]; then
     echo "ERROR unix socket runmode check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "version" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "version" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "uptime" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "uptime" /var/run/suricata/suricata-command.socket)
 echo $JSON
 STATSCHECK=$(echo $JSON | jq '.message >= 15')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket uptime check failed"
     RES=1
 fi
 sleep 15
-JSON=$(python3 python/bin/suricatasc -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
 echo $JSON
 
 sleep 15
@@ -148,17 +153,17 @@ if [ $SID2CHECK = false ]; then
     echo "ERROR no alerts for sid 2"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
 CHECK=$(echo $JSON|jq -r .message.hostbits[0].name)
 if [ "$CHECK" != "test" ]; then
     echo "ERROR hostbit listing failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
 
 kill -INT $PINGPID
 wait $PINGPID
-python3 python/bin/suricatasc -c "shutdown" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "shutdown" /var/run/suricata/suricata-command.socket
 wait $SURIPID
 
 echo "done: $RES"

.github/workflows/live/dpdk.sh

@@ -21,6 +21,12 @@ if [ -f eve.json ]; then
     rm eve.json
 fi
 
+if [ -e ./rust/target/release/suricatasc ]; then
+    SURICATASC=./rust/target/release/suricatasc
+else
+    SURICATASC=./rust/target/debug/suricatasc
+fi
+
 RES=0
 
 # set first rule file
@@ -47,8 +53,7 @@ echo "SURIPID $SURIPID"
 cp .github/workflows/live/icmp2.rules suricata.rules
 
 # trigger the reload
-export PYTHONPATH=python/
-python3 python/bin/suricatasc -c "reload-rules" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "reload-rules" /var/run/suricata/suricata-command.socket
 
 sleep 15
 
@@ -59,7 +64,7 @@ if [ $STATSCHECK = false ]; then
     RES=1
 fi
 
-python3 python/bin/suricatasc -c "shutdown" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "shutdown" /var/run/suricata/suricata-command.socket
 wait $SURIPID
 
 echo "done: $RES"

.github/workflows/live/pcap.sh

@@ -26,6 +26,12 @@ if [ -f eve.json ]; then
     rm eve.json
 fi
 
+if [ -e ./rust/target/release/suricatasc ]; then
+    SURICATASC=./rust/target/release/suricatasc
+else
+    SURICATASC=./rust/target/debug/suricatasc
+fi
+
 RES=0
 
 export PYTHONPATH=python/
@@ -65,7 +71,7 @@ if [ $CHECK -ne 1 ]; then
 	echo "ERROR alerts count off for sid 222 (datasets)"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -v -c "dataset-clear ipv4-list ipv4" /var/run/suricata/suricata-command.socket)
 echo $JSON
 
 sleep 5
@@ -75,23 +81,23 @@ if [ $CHECK -ne 2 ]; then
     RES=1
 fi
 
-JSON=$(python3 python/bin/suricatasc -c "dataset-add ipv6-list ip 192.168.1.1" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "dataset-add ipv6-list ip 192.168.1.1" /var/run/suricata/suricata-command.socket)
 echo $JSON
 if [ "$(echo $JSON | jq -r .message)" != "data added" ]; then
     echo "ERROR unix socket dataset add failed"
     RES=1
 fi
 
 # look it up in IPv4 in IPv6 notation
-JSON=$(python3 python/bin/suricatasc -c "dataset-lookup ipv6-list ip ::ffff:c0a8:0101" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "dataset-lookup ipv6-list ip ::ffff:c0a8:0101" /var/run/suricata/suricata-command.socket)
 echo $JSON
 if [ "$(echo $JSON | jq -r .message)" != "item found in set" ]; then
     echo "ERROR unix socket dataset lookup failed"
     RES=1
 fi
 
 # fail to add junk
-JSON=$(python3 python/bin/suricatasc -c "dataset-add ipv6-list ip ::ffff:c0a8:0z0z" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "dataset-add ipv6-list ip ::ffff:c0a8:0z0z" /var/run/suricata/suricata-command.socket)
 echo $JSON
 if [ "$(echo $JSON | jq -r .message)" != "failed to add data" ]; then
     echo "ERROR unix socket dataset added junk"
@@ -104,49 +110,49 @@ echo "SURIPID $SURIPID PINGPID $PINGPID"
 cp .github/workflows/live/icmp2.rules suricata.rules
 
 # trigger the reload
-JSON=$(python3 python/bin/suricatasc -c "iface-list" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "iface-list" /var/run/suricata/suricata-command.socket)
 PIFACE=$(echo $JSON | jq -r .message.ifaces[0])
-JSON=$(python3 python/bin/suricatasc -c "iface-stat $PIFACE")
+JSON=$(${SURICATASC} -c "iface-stat $PIFACE")
 STATSCHECK=$(echo $JSON | jq '.message.pkts > 0')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket stats check failed"
     RES=1
 fi
-python3 python/bin/suricatasc -c "reload-rules" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "reload-rules" /var/run/suricata/suricata-command.socket
 
 
-JSON=$(python3 python/bin/suricatasc -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "iface-bypassed-stat" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "capture-mode" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "capture-mode" /var/run/suricata/suricata-command.socket)
 if [ "$(echo $JSON | jq -r .message)" != "PCAP_DEV" ]; then
     echo "ERROR unix socket capture mode check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "dump-counters" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "dump-counters" /var/run/suricata/suricata-command.socket)
 STATSCHECK=$(echo $JSON | jq '.message.uptime >= 15')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket dump-counters uptime check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "memcap-list" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "memcap-list" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "running-mode" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "running-mode" /var/run/suricata/suricata-command.socket)
 echo $JSON
 if [ "$(echo $JSON | jq -r .message)" != "$RUNMODE" ]; then
     echo "ERROR unix socket runmode check failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "version" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "version" /var/run/suricata/suricata-command.socket)
 echo $JSON
-JSON=$(python3 python/bin/suricatasc -c "uptime" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "uptime" /var/run/suricata/suricata-command.socket)
 echo $JSON
 STATSCHECK=$(echo $JSON | jq '.message >= 15')
 if [ $STATSCHECK = false ]; then
     echo "ERROR unix socket uptime check failed"
     RES=1
 fi
 sleep 15
-JSON=$(python3 python/bin/suricatasc -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "add-hostbit $GW test 60" /var/run/suricata/suricata-command.socket)
 echo $JSON
 
 sleep 15
@@ -161,17 +167,17 @@ if [ $SID2CHECK = false ]; then
     echo "ERROR no alerts for sid 2"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "list-hostbit $GW" /var/run/suricata/suricata-command.socket)
 CHECK=$(echo $JSON|jq -r .message.hostbits[0].name)
 if [ "$CHECK" != "test" ]; then
     echo "ERROR hostbit listing failed"
     RES=1
 fi
-JSON=$(python3 python/bin/suricatasc -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
+JSON=$(${SURICATASC} -c "remove-hostbit $GW test" /var/run/suricata/suricata-command.socket)
 
 kill -INT $PINGPID
 wait $PINGPID
-python3 python/bin/suricatasc -c "shutdown" /var/run/suricata/suricata-command.socket
+${SURICATASC} -c "shutdown" /var/run/suricata/suricata-command.socket
 wait $SURIPID
 
 echo "done: $RES"

configure.ac

@@ -2516,6 +2516,8 @@ AC_SUBST(enable_non_bundled_htp)
 AM_CONDITIONAL([BUILD_SHARED_LIBRARY], [test "x$enable_shared" = "xyes"] && [test "x$can_build_shared_library" = "xyes"])
 
 AC_CONFIG_FILES(Makefile src/Makefile rust/Makefile rust/Cargo.lock rust/Cargo.toml rust/derive/Cargo.toml rust/.cargo/config.toml)
+AC_CONFIG_FILES(rust/suricatactl/Makefile rust/suricatactl/Cargo.toml)
+AC_CONFIG_FILES(rust/suricatasc/Makefile rust/suricatasc/Cargo.toml)
 AC_CONFIG_FILES(qa/Makefile qa/coccinelle/Makefile)
 AC_CONFIG_FILES(rules/Makefile doc/Makefile doc/userguide/Makefile)
 AC_CONFIG_FILES(contrib/Makefile contrib/file_processor/Makefile contrib/file_processor/Action/Makefile contrib/file_processor/Processor/Makefile)

python/Makefile.am

@@ -1,44 +1,17 @@
 LIBS =	\
 		suricata/__init__.py \
-		suricata/config/__init__.py \
-		suricata/ctl/__init__.py \
-		suricata/ctl/filestore.py \
-		suricata/ctl/loghandler.py \
-		suricata/ctl/main.py \
-		suricata/ctl/test_filestore.py \
-		suricata/sc/__init__.py \
-		suricata/sc/specs.py \
-		suricata/sc/suricatasc.py \
-		suricatasc/__init__.py
+		suricata/config/__init__.py
 
-BINS =	\
-		suricatasc \
-		suricatactl
-
-EXTRA_DIST = $(LIBS) bin suricata/config/defaults.py
+EXTRA_DIST = $(LIBS) suricata/config/defaults.py
 
 if HAVE_PYTHON
 
 install-exec-local:
 	install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config"
-	install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/ctl"
-	install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricata/sc"
-	install -d -m 0755 "$(DESTDIR)$(prefix)/lib/suricata/python/suricatasc"
-	install -d -m 0755 "$(DESTDIR)$(prefix)/bin"
-	for src in $(LIBS); do \
-		install -m 0644 $(srcdir)/$$src "$(DESTDIR)$(prefix)/lib/suricata/python/$$src"; \
-	done
 	install suricata/config/defaults.py \
 		"$(DESTDIR)$(prefix)/lib/suricata/python/suricata/config/defaults.py"
-	for bin in $(BINS); do \
-		cat "$(srcdir)/bin/$$bin" | \
-		    sed -e "1 s,.*,#"'!'" ${HAVE_PYTHON}," > "${DESTDIR}$(bindir)/$$bin"; \
-		chmod 0755 "$(DESTDIR)$(bindir)/$$bin"; \
-	done
 
 uninstall-local:
-	rm -f $(DESTDIR)$(bindir)/suricatactl
-	rm -f $(DESTDIR)$(bindir)/suricatasc
 	rm -rf $(DESTDIR)$(prefix)/lib/suricata/python
 
 clean-local: