aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,790 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0e85dea3ff'
${ noResults }
Commit Graph

904 Commits (0e85dea3ffb6ce6cfeca95dde3fd25a5cb8d67e7)

Author SHA1 Message Date
Sam Muhammed 463fbdc36d nfs4_records: add missing field to res_sequence_ok() 
Missing _seqid in sequence op struct left a trailing four zeros
that are parsed by nfs4_res_compound_command() as a cmd
causing a Switch Error Code
 3 years ago
Sam Muhammed 4e2edd44aa nfs3-records: add unittests to nom7 parsers 
Task #4866
 3 years ago
Sam Muhammed 03906010a2 nfs3-records: add missing fields and update parsers 
Add missing fields to some record structures and
update their respective parsers
 3 years ago
Sam Muhammed 86c273dadc nfs2-records: add unittests for nom7 parsers 
Task #4866
 3 years ago
Victor Julien ddf14e51dc nfs2: improve READ parsing 
Take fill_bytes into account.
 3 years ago
Jason Ish 2011a5579c rust/app-layer: expose AppLayerEvent derive macro 
Export the AppLayerEvent derive macro so plugin (or library code) can
use it as expected, for example:

use suricata::applayer::AppLayerEvent;

enum MyEvent {
    EventOne,
    EventTwo,
}
 3 years ago
Jason Ish ba310440a6 rust/derive: make usable from a plugin or lib user 
The macro was generating code that references names use the "crate"
prefix which will fail if the macro is used by a library user or plugin.
Dynamically check where we are running an use the correct import paths
as needed.
 3 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust) 
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
 3 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro 
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
 3 years ago
Jason Ish 50fdcd098c rust/http2: use base64 crate for base64 decode 3 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation 
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
 3 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64 
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
 3 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 3 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 3 years ago
Jason Ish 0861b66e15 dns: add dns flag to dns request logging 
Ticket #4515
 3 years ago
Odin Jenseg dfb6f105e8 dns: Logging of Z-bit 
[Edit by Jason Ish: fix flag bit value]

Ticket #4515
 3 years ago
Jason Ish fcbdc30426 dns: create transaction even if z-bit was set 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket #4924
 3 years ago
Pierre Chifflier d67f8f9196 rust/smb: convert parser to nom7 functions (SMB1) 3 years ago
Pierre Chifflier 895a54cea4 rust/smb: convert parser to nom7 functions (DCERPC records) 3 years ago
Pierre Chifflier 8d77ce1ffc rust/smb: convert parser to nom7 functions (SMB2) 3 years ago
Pierre Chifflier 5cadb878ff rust/smb: convert parser to nom7 functions (SMB3) 3 years ago
Pierre Chifflier 4c97dfa851 rust/smb: convert parser to nom7 functions (NTLM/SSP records) 3 years ago
Pierre Chifflier 3da816eb23 rust/smb: convert parser to nom7 functions (NBSS records) 3 years ago
Pierre Chifflier 90f9450971 rust: add nom7 combinator take_until_and_consume 3 years ago
Philippe Antoine 87d9c44ec5 rust: export constants via cbindgen 
so that constants are not defined twice in Rust anc C
So that we are sure they have the same value
 3 years ago
Philippe Antoine 784558df2e mime: handles multiple sections for a parameter 
Ticket: 4386

as per RFC2231.
For instance filename can be split between filename*0,
filename*1, etc...
 3 years ago
Philippe Antoine 8feb9c35ae mime: move FindMimeHeaderTokenRestrict to rust 
Also fixes the case where the token name is present
in a value
 3 years ago
Philippe Antoine 1b10848d84 mqtt: fix transaction completion 
Ticket: 4862

A transaction to client is always considered
complete in the direction to server and vice versa.
Otherwise, transactions are never complete for
AppLayerParserTransactionsCleanup
 3 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 3 years ago
Philippe Antoine 0caaf6bd23 range: prevents memory leak of file from HTTP2 
Ticket: 4811
Completes commit c023116857

state.free should also close files with ranges
as state.free_tx did already

And file_range field should be reset so that there is no
use after free.
 3 years ago
Jeff Lucovsky 23faeaea5c ftp: Remove diagnostic print 
This commit removes a diagnostic message displayed during extraction of
the EPSV port.
 3 years ago
Philippe Antoine c023116857 range: prevents memory leak of file from HTTP2 
If a HTTP2 transaction gets freed before the end of the range
request, we need to have the files container which is in
the state, to transfer owernship of this file to the files
container.

Ticket: 4811
 3 years ago
Pierre Chifflier acb3ec6db1 rust/nfs: convert parser to nom7 functions (NFS v2 records) 3 years ago
Pierre Chifflier ea1d03f8e3 rust/nfs: add a maximum number of operations per compound 
The `count` combinator preallocates a number of bytes. Since the value
is untrusted, this can result in an Out Of Memory allocation.
Use a maximum value, large enough to cover all current implementations.
 3 years ago
Pierre Chifflier 0ffe123330 rust/nfs: convert parser to nom7 functions (NFS v3 and v4 records) 3 years ago
Jason Ish eb6cc62937 dhcp: fix url in comment 
rustdoc was complaining about the format of the URL in a comment
while trying to generate documentation. Convert the comment to a
non-rustdoc comment for now to satisfy rustdoc.
 3 years ago
Jason Ish b57280ff48 rdp: fix transaction id 
By our convention the transaction ID is incremented then applied
to the new transaction. And the generic transaction iterator
requires this behaviour.
 3 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 3 years ago
Jason Ish f4b4d531b0 rdp: add tx iterator 3 years ago
Jason Ish 238ec953b7 krb5: use tx iterator 3 years ago
Jason Ish ef0c351953 ntp: add tx iterator 3 years ago
Jason Ish 871fb035b4 sip: add tx iterator 3 years ago
Jason Ish d6b2d7e16a ike: add tx iterator 
For IKE the manual iterator functions were there, but never
registered. So this commit does add a tx iterator to ike.
 3 years ago
Jason Ish 3f2d2bc12b snmp: use generic tx iterator 3 years ago
Jason Ish ac4c5ada2f dhcp: use generic tx iterator 3 years ago
Jason Ish 54e62ddf71 http2: use generic tx iterator 3 years ago
Jason Ish 6cffecfe3e template: use generic tx iterator 3 years ago
Jason Ish a936755731 nfs: use generic tx iterator 3 years ago
Jason Ish 0188a01daf rfb: use generic tx iterator 3 years ago
Jason Ish b335409690 mqtt: use generic tx iterator 3 years ago
Jason Ish d71bcd82d9 modbus: use generic tx iterator 3 years ago
Jason Ish fcfc9876ce smb: use generic tx iterator 3 years ago
Jason Ish 049d43212e rust/app-layer: provide generic implementation of iterator 
Create traits for app-layer State and Transaction that allow
a generic implementation of a transaction iterator that parser
can use when the follow the common pattern for iterating
transactions.

Also convert DNS to use the generic for testing purposes.
 3 years ago
Shivani Bhardwaj 26c7d3cc35 http2: remove needless borrows 3 years ago
Shivani Bhardwaj f3a1e3b92e core: Remove unneeded consts 3 years ago
Shivani Bhardwaj b5a123adb1 ssh: use Direction enum 3 years ago
Shivani Bhardwaj baf30cfc05 snmp: use Direction enum 3 years ago
Shivani Bhardwaj 89cb337930 smb: use Direction enum 3 years ago
Shivani Bhardwaj 8f9f78c2d0 sip: use Direction enum 3 years ago
Shivani Bhardwaj 11c438a07d nfs: use Direction enum 3 years ago
Shivani Bhardwaj a7ac79bed7 mqtt: use Direction enum 3 years ago
Shivani Bhardwaj 209e2f17fa krb: use Direction enum 3 years ago
Shivani Bhardwaj 243960a511 ike: use Direction enum 3 years ago
Shivani Bhardwaj ee5b300ccf http2: use Direction enum 3 years ago
Shivani Bhardwaj 0c6e9ac931 files: use Direction enum 3 years ago
Shivani Bhardwaj a19d2b4e1e dns: use Direction enum 3 years ago
Shivani Bhardwaj a866499bca dcerpc: use Direction enum 3 years ago
Shivani Bhardwaj 9512bfd729 core: add Direction enum 
Ticket: 3832
 3 years ago
Philippe Antoine 3212fa7d2b ntp: fixes leak of de_state 
Bug: #4752.
 3 years ago
Philippe Antoine 28a3181a2d snmp: fixes leak of de_state 
Bug: #4752.
 3 years ago
Philippe Antoine f37240a3e2 smb: midstream probing checks for netbios message type 
If it is available

Bug: #4620.
 3 years ago
Philippe Antoine 8f8823b6f2 rust: right condition for both uint to be zero 
Theay can overflow leading to their addition to be zero

If a NFS read reply indicates a count of 0xFFFFFFFF

Bug: #4680.
 3 years ago
Pierre Chifflier ce652511bd rust/tftp: convert parser to nom7 functions 3 years ago
Pierre Chifflier c525a1337c rust/dns: convert parser to nom7 functions 3 years ago
Pierre Chifflier 74be8b94ec rust/ssh: convert parser to nom7 functions 3 years ago
Pierre Chifflier 8a584c211e rust/mqtt: convert parser to nom7 functions 3 years ago
Pierre Chifflier d27125d77a rust/sip: convert parser to nom7 functions 3 years ago
Pierre Chifflier 1046a7d1a3 rust/ftp: convert parser to nom7 functions 3 years ago
Pierre Chifflier ebd5883da8 rust/dhcp: convert parser to nom7 functions 3 years ago
Pierre Chifflier 17170c41aa rust: add nom7 dependency 3 years ago
Modupe Falodun a87c7e5c08 rust: remove unnecessary nested match 
Bug: #4605
 3 years ago
Modupe Falodun 74c39500c3 rust: fix inherent to string 
Bug: OISF#4618
 3 years ago
Sam Muhammed 922a453da5 rust(lint): use is_null() instead of ptr::null_mut() 
Bug: #4594
 3 years ago
Sam Muhammed 23768c7181 rust(lint): use is_null() instead of ptr::null() 
Bug: #4594
 3 years ago
Sam Muhammed da0a976e23 rust(lint): use let for binding single value 
`match` is better used with binding to multiple variables,
for binding to a single value, `let` statement is recommended.

Bug: #4616
 3 years ago
Philippe Antoine 5bd065cb3c range: checks that end is after start for HTTP2 
As was done only for HTTP1 in previous commit

The verification part stays separated from the parsing part,
as we want to keep on logging invalid ranges values.
 3 years ago
Philippe Antoine accdad7881 ike: do not keep server transforms in state 
Fixes #4534

Now, only the tx with the transforms will match
with ike.chosen_sa_attribute
 3 years ago
Philippe Antoine 83887510a8 modbus: tx iterator 
When there are a lot of open transactions, as is possible with
modbus, the default tx_iterator will loop for the whole
transacations vector to find each transaction, that means
quadratic complexity.

Reusing the tx_iterator from the template, and keeping as a state
the last index where to start looking avoids this quadratic
complexity.
 3 years ago
Philippe Antoine ea4a509a54 app-layer: disable by default if not in configuration 
DNP3, ENIP, HTTP2 and Modbus are supposed to be disabled
by default. That means the default configuration does it,
but that also means that, if they are not in suricata.yaml,
the protocol should stay disabled.
 3 years ago
Philippe Antoine 8e8899c90c http2: range: check return value when opening 
HttpRangeContainerOpenFile can return NULL
so, http2_range_open can set file_range to NULL
And we should check this before calling http2_range_close
 3 years ago
Philippe Antoine cb30772372 style: remove latest warnings 
about unused variables
 3 years ago
Philippe Antoine 98f84d5a9b http2: follow range requests 
Move the content-range parsing code to rust
 3 years ago
Philippe Antoine 56fae072b2 http2: better rust lifetimes 
so that borrow check gets happy
 3 years ago
Philippe Antoine a1f9e0c97a rust: rename to StreamingBufferConfig as in C 3 years ago
Shivani Bhardwaj 42da0fb5c5 smb: fix broken stream depth setting 
The stream depth setting was broken since it was moved to Rust because
of a missing parser for memory values in configuration.
Use get_memval fn from conf.rs to calculate and fetch the correct
values.
 3 years ago
Shivani Bhardwaj 0cfe512ef0 rust/conf: add getter for memval 
Add a parser for memory values like 50kb, 20mb, etc on the Rust side.
 3 years ago
Shivani Bhardwaj f3fcc39738 ssh: remove futile default port setting 4 years ago
Shivani Bhardwaj 1f48714e75 smb: remove futile default port setting 4 years ago
Shivani Bhardwaj 13741540ce rfb: remove futile default port setting 4 years ago
Shivani Bhardwaj 7c9d573800 nfs: remove futile default port setting 4 years ago