Actions
Bug #3681
closedRule reload causes segfault
Affected Versions:
Effort:
Difficulty:
Label:
Description
I noticed that when testing the 6.0.0 code on our sensors, rule reloads triggered via suricatasc fail with a segfault. Here's a gdb session:
GNU gdb (Debian 8.2.1-2+b3) 8.2.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./src/.libs/suricata...done.
(gdb) r --af-packet -c /etc/suricata/suricata-dcso.yaml --pidfile /run/suricata.pid
Starting program: /home/dcsoadm/suri-upstream/src/.libs/suricata --af-packet -c /etc/suricata/suricata-dcso.yaml --pidfile /run/suricata.pid
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file customer-vars.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-rules.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-logging.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-applayer.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-advanced.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-affinity.yaml.
[38495] 27/4/2020 -- 15:28:32 - (conf-yaml-loader.c:267) <Info> (ConfYamlParse) -- Including configuration file dcso-interfaces.yaml.
[38495] 27/4/2020 -- 15:28:32 - (suricata.c:1057) <Notice> (LogVersion) -- This is Suricata version 6.0.0-dev (eef776087 2020-04-27) running in SYSTEM mode
[38495] 27/4/2020 -- 15:28:32 - (util-logopenfile.c:81) <Warning> (SCLogOpenUnixSocketFp) -- [ERRCODE: SC_ERR_SOCKET(200)] - Error connecting to socket "/tmp/files.sock": No such file or directory (will keep trying)
[38495] 27/4/2020 -- 15:28:32 - (output-tx.c:77) <Notice> (OutputRegisterTxLogger) -- JsonRdpLog logger not enabled: protocol rdp is disabled
[38495] 27/4/2020 -- 15:30:02 - (runmode-af-packet.c:585) <Error> (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Block-size must be a multiple of pagesize.
[New Thread 0x7ffff240e700 (LWP 39053)]
[New Thread 0x7ffff1989700 (LWP 39054)]
[New Thread 0x7ffff1108700 (LWP 39055)]
[New Thread 0x7ffff0887700 (LWP 39056)]
[New Thread 0x7fffb3fff700 (LWP 39057)]
[New Thread 0x7fffb377e700 (LWP 39058)]
[New Thread 0x7fffb2efd700 (LWP 39059)]
[New Thread 0x7fffb267c700 (LWP 39060)]
[New Thread 0x7fffb1dfb700 (LWP 39061)]
[38495] 27/4/2020 -- 15:30:03 - (runmode-af-packet.c:585) <Error> (ParseAFPConfig) -- [ERRCODE: SC_ERR_INVALID_VALUE(130)] - Block-size must be a multiple of pagesize.
[New Thread 0x7fffb157a700 (LWP 39062)]
[New Thread 0x7fffb0cf9700 (LWP 39063)]
[New Thread 0x7fff3ffff700 (LWP 39064)]
[New Thread 0x7fff3f7fe700 (LWP 39065)]
[New Thread 0x7fff3effd700 (LWP 39066)]
[New Thread 0x7fff3e7fc700 (LWP 39067)]
[New Thread 0x7fff3dffb700 (LWP 39068)]
[New Thread 0x7fff3d7fa700 (LWP 39069)]
[New Thread 0x7fff3cff9700 (LWP 39070)]
[New Thread 0x7ffecbfff700 (LWP 39071)]
[New Thread 0x7ffecb7fe700 (LWP 39072)]
[New Thread 0x7ffecaffd700 (LWP 39073)]
[New Thread 0x7ffeca7fc700 (LWP 39074)]
[New Thread 0x7ffec9ffb700 (LWP 39075)]
[New Thread 0x7ffec97fa700 (LWP 39076)]
[New Thread 0x7ffec8ff9700 (LWP 39077)]
[38495] 27/4/2020 -- 15:30:06 - (tm-threads.c:1888) <Notice> (TmThreadWaitOnThreadInit) -- all 18 packet processing threads, 6 management threads initialized, engine started.
[39066] 27/4/2020 -- 15:30:08 - (util-log-redis.c:252) <Notice> (SCLogRedisWriteAsync) -- Trying to connect to Redis
[39066] 27/4/2020 -- 15:30:08 - (util-log-redis.c:134) <Notice> (SCRedisAsyncEchoCommandCallback) -- Connected to Redis.
[38495] 27/4/2020 -- 15:30:26 - (detect-engine.c:4008) <Notice> (DetectEngineReload) -- rule reload starting
Thread 17 "W#07-enp175s0f1" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff3dffb700 (LWP 39068)]
0x00007ffd25c1cbb2 in ?? ()
(gdb) bt
#0 0x00007ffd25c1cbb2 in ?? ()
#1 0x00007fff3dffa080 in ?? ()
#2 0x000055556dcc1600 in ?? ()
#3 0x00007ffd600be664 in ?? ()
#4 0x0000000000000000 in ?? ()
(gdb) info threads
Id Target Id Frame
1 Thread 0x7ffff4d59d00 (LWP 38495) "Suricata-Main" 0x00007ffff5798720 in nanosleep () from /lib/x86_64-linux-gnu/libc.so.6
2 Thread 0x7ffff240e700 (LWP 39053) "W#01-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
3 Thread 0x7ffff1989700 (LWP 39054) "W#02-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
4 Thread 0x7ffff1108700 (LWP 39055) "W#03-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
5 Thread 0x7ffff0887700 (LWP 39056) "W#04-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
6 Thread 0x7fffb3fff700 (LWP 39057) "W#05-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
7 Thread 0x7fffb377e700 (LWP 39058) "W#06-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
8 Thread 0x7fffb2efd700 (LWP 39059) "W#07-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
9 Thread 0x7fffb267c700 (LWP 39060) "W#08-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
10 Thread 0x7fffb1dfb700 (LWP 39061) "W#09-enp175s0f0" 0x00007ffff57c0819 in poll () from /lib/x86_64-linux-gnu/libc.so.6
11 Thread 0x7fffb157a700 (LWP 39062) "W#01-enp175s0f1" 0x00007ffff6185f33 in ?? () from /usr/lib/x86_64-linux-gnu/libhs.so.5
12 Thread 0x7fffb0cf9700 (LWP 39063) "W#02-enp175s0f1" lj_alloc_malloc (msp=0x44040010, nsize=<optimized out>) at lj_alloc.c:1348
13 Thread 0x7fff3ffff700 (LWP 39064) "W#03-enp175s0f1" lj_alloc_malloc (msp=0x44000010, nsize=<optimized out>) at lj_alloc.c:1348
14 Thread 0x7fff3f7fe700 (LWP 39065) "W#04-enp175s0f1" gc_onestep (L=L@entry=0x43fa0378) at lj_gc.c:616
15 Thread 0x7fff3effd700 (LWP 39066) "W#05-enp175s0f1" SigMatchSignaturesGetSgh (de_ctx=de_ctx@entry=0x55556cdfb4d0, p=p@entry=0x7fff11db3710) at detect.c:218
16 Thread 0x7fff3e7fc700 (LWP 39067) "W#06-enp175s0f1" 0x00007ffff6240704 in ?? () from /usr/lib/x86_64-linux-gnu/libhs.so.5
* 17 Thread 0x7fff3dffb700 (LWP 39068) "W#07-enp175s0f1" 0x00007ffd25c1cbb2 in ?? ()
18 Thread 0x7fff3d7fa700 (LWP 39069) "W#08-enp175s0f1" 0x00007ffff575638b in malloc () from /lib/x86_64-linux-gnu/libc.so.6
19 Thread 0x7fff3cff9700 (LWP 39070) "W#09-enp175s0f1" 0x00007ffff717a408 in lj_BC_TSETS () at buildvm_x86.dasc:571
20 Thread 0x7ffecbfff700 (LWP 39071) "FM#01" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
21 Thread 0x7ffecb7fe700 (LWP 39072) "FM#02" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
22 Thread 0x7ffecaffd700 (LWP 39073) "FR#01" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
23 Thread 0x7ffeca7fc700 (LWP 39074) "FR#02" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
24 Thread 0x7ffec9ffb700 (LWP 39075) "CW" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
25 Thread 0x7ffec97fa700 (LWP 39076) "CS" 0x00007ffff688035b in pthread_cond_timedwait@@GLIBC_2.3.2 () from /lib/x86_64-linux-gnu/libpthread.so.0
26 Thread 0x7ffec8ff9700 (LWP 39077) "US" 0x00007ffff5798720 in nanosleep () from /lib/x86_64-linux-gnu/libc.so.6
Looks like one thread ends up in weird memory that does not seem to map to actual code.
Compiled with:
./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=\${prefix}/include --mandir=\${prefix}/share/man --infodir=\${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --disable-silent-rules --libdir=\${prefix}/lib/x86_64-linux-gnu --runstatedir=/run --disable-maintainer-mode --disable-dependency-tracking --enable-af-packet --enable-nfqueue --enable-prelude --enable-nflog --enable-gccprotect --disable-gccmarch-native --with-libnss-includes=/usr/include/nss --with-libnss-libraries=/usr/lib/x86_64-linux-gnu --with-libnspr-includes=/usr/include/nspr --with-libnspr-libraries=/usr/lib/x86_64-linux-gnu --with-libevent-includes=/usr/include --with-libevent-libraries=/usr/lib/x86_64-linux-gnu --disable-coccinelle --enable-geoip --enable-hiredis --enable-luajit --enable-rust
Result configuration:
Suricata Configuration:
AF_PACKET support: yes
eBPF support: no
XDP support: no
PF_RING support: no
NFQueue support: yes
NFLOG support: yes
IPFW support: no
Netmap support: no
DAG enabled: no
Napatech enabled: no
WinDivert enabled: no
Unix socket enabled: yes
Detection enabled: yes
Libmagic support: yes
libnss support: yes
libnspr support: yes
libjansson support: yes
hiredis support: yes
hiredis async with libevent: yes
Prelude support: yes
PCRE jit: yes
LUA support: yes, through luajit
libluajit: yes
GeoIP2 support: yes
Non-bundled htp: no
Old barnyard2 support:
Hyperscan support: yes
Libnet support: yes
liblz4 support: yes
Rust support: yes
Rust strict mode: no
Rust compiler path: /usr/bin/rustc
Rust compiler version: rustc 1.34.2
Cargo path: /usr/bin/cargo
Cargo version: cargo 1.34.0
Cargo vendor: no
Python support: yes
Python path: /usr/bin/python3
Python distutils yes
Python yaml yes
Install suricatactl: yes
Install suricatasc: yes
Install suricata-update: not bundled
Profiling enabled: no
Profiling locks enabled: no
Development settings:
Coccinelle / spatch: no
Unit tests enabled: no
Debug output enabled: no
Debug validation enabled: no
Generic build parameters:
Installation prefix: /usr
Configuration directory: /etc/suricata/
Log directory: /var/log/suricata/
--prefix /usr
--sysconfdir /etc
--localstatedir /var
--datarootdir /usr/share
Host: x86_64-pc-linux-gnu
Compiler: gcc (exec name) / c++ (real)
GCC Protect enabled: yes
GCC march native enabled: no
GCC Profile enabled: no
Position Independent Executable enabled: no
CFLAGS -g -O2 -std=c11 -I${srcdir}/../rust/gen
PCAP_CFLAGS -I/usr/include
SECCFLAGS -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security
Suricata 5.0.2 does not show this issue. I have used git-bisect between the 5.0.1 tag and the current master (eef7760870d99beca75cf96262f4721563198a42) to narrow down the problem and it seeems to be one of the following commits:
aa67a0a236d6544301caac4ba8c74d2951926b92
abe0cdc4adc872f346a94c554883570783917034
d19429f7e54f3d8e1d1c0c11470c1cabeca3f47a
4b0085b03ce85f9b0f09d7e44a96774388d0b09b
I couldn't trace it any deeper because most of these didn't build for me with errors like:
detect-byte-extract.c: In function ‘DetectByteExtractRegister’:
detect-byte-extract.c:109:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-byte-extract.c:29:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-byte-extract.c:109:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-byte-extract.c:29:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-byte-extract.c: In function ‘DetectByteExtractParse’:
detect-byte-extract.c:214: warning: "MAX_SUBSTRINGS" redefined
#define MAX_SUBSTRINGS 100
In file included from detect-byte-extract.c:29:
detect-parse.h:110: note: this is the location of the previous definition
#define MAX_SUBSTRINGS 30
gcc -DHAVE_CONFIG_H -I. -I.. -I./../libhtp/ -I/usr/include/hs -I/usr/include/nspr -I/usr/include/nspr -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nss -I/usr/include/luajit-2.1 -I/usr/include -Wextra -Werror-implicit-function-declaration -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -I/usr/include -DLOCAL_STATE_DIR=\"/var\" -std=gnu99 -Wall -Wno-unused-parameter -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char -g -O2 -I./../rust/gen -c -o detect-detection-filter.o detect-detection-filter.c
detect-bytejump.c: In function ‘DetectBytejumpRegister’:
detect-bytejump.c:80:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-bytejump.c:30:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-bytejump.c:80:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-bytejump.c:30:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-base64-decode.c: In function ‘DetectBase64DecodeRegister’:
detect-base64-decode.c:53:45: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study);
^~~~~~~~~~~~
In file included from detect-base64-decode.c:20:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-base64-decode.c:53:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(decode_pattern, &decode_pcre, &decode_pcre_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-base64-decode.c:20:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
gcc -DHAVE_CONFIG_H -I. -I.. -I./../libhtp/ -I/usr/include/hs -I/usr/include/nspr -I/usr/include/nspr -I/usr/include/nss -I/usr/include/nspr -I/usr/include/nss -I/usr/include/luajit-2.1 -I/usr/include -Wextra -Werror-implicit-function-declaration -fstack-protector -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -I/usr/include -DLOCAL_STATE_DIR=\"/var\" -std=gnu99 -Wall -Wno-unused-parameter -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char -g -O2 -I./../rust/gen -c -o detect-distance.o detect-distance.c
detect-bytetest.c: In function ‘DetectBytetestRegister’:
detect-bytetest.c:81:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-bytetest.c:31:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-bytetest.c:81:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-bytetest.c:31:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
make[2]: *** [Makefile:2170: detect-base64-decode.o] Error 1
make[2]: *** Waiting for unfinished jobs....
make[2]: *** [Makefile:2170: detect-byte-extract.o] Error 1
make[2]: *** [Makefile:2170: detect-bytejump.o] Error 1
make[2]: *** [Makefile:2170: detect-bytetest.o] Error 1
detect-datarep.c: In function ‘DetectDatarepRegister’:
detect-datarep.c:59:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-datarep.c:33:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-datarep.c:59:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-datarep.c:33:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-dce-iface.c: In function ‘DetectDceIfaceRegister’:
detect-dce-iface.c:83:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-dce-iface.c:29:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-dce-iface.c:83:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-dce-iface.c:29:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
make[2]: *** [Makefile:2170: detect-datarep.o] Error 1
detect-dataset.c: In function ‘DetectDatasetRegister’:
detect-dataset.c:58:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-dataset.c:33:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-dataset.c:58:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-dataset.c:33:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-classtype.c: In function ‘DetectClasstypeRegister’:
detect-classtype.c:58:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
^~~~~~
In file included from detect-classtype.c:31:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-classtype.c:58:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, ®ex, ®ex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-classtype.c:31:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-dce-opnum.c: In function ‘DetectDceOpnumRegister’:
detect-dce-opnum.c:78:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-dce-opnum.c:29:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-dce-opnum.c:78:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-dce-opnum.c:29:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
detect-detection-filter.c: In function ‘DetectDetectionFilterRegister’:
detect-detection-filter.c:75:42: warning: passing argument 2 of ‘DetectSetupParseRegexes’ from incompatible pointer type [-Wincompatible-pointer-types]
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~
In file included from detect-detection-filter.c:36:
detect-parse.h:92:71: note: expected ‘DetectParseRegex *’ {aka ‘struct DetectParseRegex_ *’} but argument is of type ‘pcre **’ {aka ‘struct real_pcre **’}
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
~~~~~~~~~~~~~~~~~~^~~~~~~~~~~
detect-detection-filter.c:75:5: error: too many arguments to function ‘DetectSetupParseRegexes’
DetectSetupParseRegexes(PARSE_REGEX, &parse_regex, &parse_regex_study);
^~~~~~~~~~~~~~~~~~~~~~~
In file included from detect-detection-filter.c:36:
detect-parse.h:92:6: note: declared here
void DetectSetupParseRegexes(const char *parse_str, DetectParseRegex *parse_regex);
^~~~~~~~~~~~~~~~~~~~~~~
make[2]: *** [Makefile:2170: detect-dataset.o] Error 1
make[2]: *** [Makefile:2170: detect-detection-filter.o] Error 1
make[2]: *** [Makefile:2170: detect-dce-opnum.o] Error 1
make[2]: *** [Makefile:2170: detect-dce-iface.o] Error 1
make[2]: *** [Makefile:2170: detect-classtype.o] Error 1
Actions