aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,980 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4d5d7b4bd3'
${ noResults }
Commit Graph

640 Commits (4d5d7b4bd362e080024ad66ba27a0e2155397762)

Author SHA1 Message Date
Philippe Antoine 0105d4f017 rust: bump bitflags dependency version 
So that lexical-core, needed by nom, and using bitflags
is used with version 0.7.5 instead of version 0.7.0
which fixed the fact that BITS is now a reserved keyword
in nightly version
 4 years ago
Philippe Antoine cb150e97d0 kerberos: fix probing parser tag condition 
according to the comment
 4 years ago
Sascha Steinbiss e2dbdd7fd5 ikev1: add ikev1 parser 4 years ago
frank honza ecdf9f6b0b ikev1: rename ikev2 to common ike 
Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.
 4 years ago
frank honza ab6171c429 detect: added support for protocol-aliases 4 years ago
frank honza e9494ddd8f util: add function converting u8-array into a hex-String 4 years ago
Philippe Antoine 8307010255 smb: relax probing parser to handle first NBSS message 
cf dcerpc-udp S-V test :
First message is Message Type: Session request (0x81)
Second message is SMB
 4 years ago
Philippe Antoine 1b6e81cd72 smb: probing parser for start and midstream 
The probing parser is more strict at the start of the stream
 4 years ago
Philippe Antoine 9dc5258a21 smb: split probing function for code style 
Introduces rs_smb_probe_tcp_midstream
 4 years ago
Shivani Bhardwaj 0ac5c5376a dcerpc: trigger raw assembly on record completion 4 years ago
Shivani Bhardwaj c77c8e7005 rust/context: add AppLayerParserTriggerRawStreamReassembly 4 years ago
Philippe Antoine 2d14606224 smb: andx support 
Add AndX support for SMB1. Finishes #3475.

[Updated by Victor Julien to split functions]
 4 years ago
Shivani Bhardwaj f967a49104 dcerpc/udp: improve detection 
Lately, Wireguard proto starting w pattern |04 00| is misdetected as
DCERPC/UDP which also starts with the same pattern, add more checks
to make sure that it is the best guess for packet to be dcerpc/udp.
 4 years ago
Shivani Bhardwaj 3641f1b522 dcerpc: add probe function 4 years ago
Shivani Bhardwaj d7a3523b12 rust/applayer: split EOF flag per direction 4 years ago
Shivani Bhardwaj 0ca8591994 dcerpc/udp: remove transmute 
The book defines transmute as "This is really, truly, the most horribly unsafe
thing you can do in Rust. The guardrails here are dental floss."
Transmute can result into mind boggling undefined behaviors. Get rid of
it wherever possible.
 4 years ago
Philippe Antoine c6aadf0dfa protodetect: rename direction to flags 
And use whole flags in AppLayerProtoDetectPPGetProto
 4 years ago
Philippe Antoine 5465e0b154 http2: http.stat_msg keyword now works for HTTP2 4 years ago
Philippe Antoine 47928babfc http2: http.user_agent keyword now works for HTTP2 4 years ago
Philippe Antoine a98d0fe6ed http2: http.uri keyword now works for HTTP2 
cf #4067
 4 years ago
Philippe Antoine 707f027231 protos: renaming ALPROTO_HTTP* constants 
Having now ALPROTO_HTTP1, ALPROTO_HTTP2 and ALPROTO_HTTP

Run with 3 sed commands
git grep ALPROTO_HTTP | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP/ALPROTO_HTTP1/g'
git grep ALPROTO_HTTP12 | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP12/ALPROTO_HTTP2/g'
git grep ALPROTO_HTTP1_ANY | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP1_ANY/ALPROTO_HTTP/g'

and then running clang-format
 4 years ago
Jason Ish dbae17dbc0 install: makefile target to install libraries 
As we don't install the libraries by default, provide a make target,
"install-library" to install the libsuricata library files.

If shared library support exists, both the static and shared
libraries will be installed, otherwise only the static libraries
will be installed.
 4 years ago
Jason Ish a178ec6bef rust: rename lib to libsuricata_rust 
Previously it was libsuricata.a, but eventually we want to get
to a place where libsuricata.a is a combination of the Rust
and C code.
 4 years ago
Jason Ish 9f20297cb3 rust/Makefile: add Cargo.toml as make dependency 
This will force Cargo.toml to be recreated if Cargo.toml.in
is modified.
 4 years ago
Jason Ish 3ada5e1480 rust/ffi: provide AppLayerRegisterParser in context 
AppLayerRegisterParser was creating a link error when attempting
to use a convenience library for the Suricata C code, then linking
the library of C code with the library of Rust code into a final
Suricata executable, or use with fuzz targets.

By moving AppLayerRegisterParser to the context structure and
calling it like a callback the circular reference is removed
allowing the convenience libraries to work again.

This is also a stepping block to proving a Suricata library
as a single .a or .so file.
 4 years ago
Philippe Antoine 32b604e8c7 template: use response_gap in rust parser 4 years ago
Victor Julien 3f807f3bf6 rust: update dependencies 4 years ago
Victor Julien ebde15f0e2 rust: lock all major crate versions 
To avoid surprises with dependencies bumping MSRV.
 4 years ago
Victor Julien 4b5af36061 rust: relax nom version to any >=5.1.1 4 years ago
Philippe Antoine d861228214 http2: decompression for files 
gzip and brotli decompression for files
 4 years ago
Philippe Antoine 2e46b5d100 rust: BIT_U16 macro utility 4 years ago
Philippe Antoine aee8e60149 rust: better panic message for missing file config 4 years ago
Philippe Antoine 8ac363c34d rust: fix warning about unused values in smb tests 4 years ago
Jason Ish 0a3b9e0220 rust/hashing: add function to finalize md5 to hex string 
New function, SCMd5FinalizeToHex to finalize an md5 hash
to a hex string.
 4 years ago
Jason Ish 26c1321668 rust/hashing: function to md5 hash buffer to hex 
Add function SCMd5HashBufferToHex to hash a single buffer to an
md5 hex string.
 4 years ago
Jason Ish 0f714be9f3 rust/hashing: method to SHA256 and finalize in one call 
Add SCSha256HashBuffer to hash a single buffer returning the
result.
 4 years ago
Jason Ish eb5cfd9b82 rust/hashing: new function to SHA1 hash a single buffer 
SCSha1HashBuffer will has a single buffer and compute the digest
in one call.
 4 years ago
Jason Ish ff37526c6b rust: remove md5 crate, unalias md-5 
Remove the md5 crate as a dependency as it is no longer removed.
We now use md-5 from RustCrypto.
 4 years ago
Jason Ish 0a2d8509c9 rust/ssh: use md-5 crate instead of md5 
The "md-5" crate is part of the RustCrypto project that also
uses the sha1 and sha256 crates we are using. These all implement
the Digest trait for a common API.
 4 years ago
Jason Ish 1022b217ed rust/hashing: a method to md5 hash a single buffer 
Add SCMd5HashBuffer as a replacement for NSS HASH_HashBuf as
used in ja3 to hash a single buffer.
 4 years ago
Jason Ish 46ceb13c08 rust: add ffi module for sha256, sha1 and md5 
Add a Rust module that exposes Rust implementations of
sha256, sha1 and md5 from the RustCrypto project.

This is an experiment in replacing the libnss hash functions with
pure Rust versions that will allow us to remove nss as a compile
time option.

Initial tests are good, even with a 10% or so performance
improvement when being called from C.

Also trying a module naming scheme where modules under the ffi
modules are purely for exports to C, as it doesn't make any
sense to use this new hashing module directly from Rust.
 4 years ago
Jeff Lucovsky 8ce2078a38 tftp: Add test cases 
This commit adds test cases for the TFTP parser.
 4 years ago
Jeff Lucovsky e900b6d265 tftp: Improve parser 
This commit improves TFTP parsing by ensuring the mode and opcode are
valid.
 4 years ago
Jason Ish f77fd0c0cb rust: include file cleanup 
The cbindgen generated header should not include rust.h as
rust.h already includes the generated binding.

Fixup C source code that only pulled the generated include, it
should instead pull in "rust.h" which includes the generated
binding plus other misc. stuff.
 4 years ago
Juliana Fajardini e33bbee9b7 nbss: add parser tests 
Add tests to parse_nbss_record and parse_nbss_record_partial
 4 years ago
Juliana Fajardini 5226ba1c15 Rust: generic files definition 
Issue: Optimization 3825
- filecontainer: add Files structure, to replace/unify SMBFiles,
NFSFiles and HTTP2Files
- smb/files: delete SMBFiles implementation
- smb/smb: replace SMBFiles with Files
- nfs/nfs: delete NFSFiles implementation, replace its former
 declarations with Files' ones
- http2/http2: replace HTTP2Files with Files
- http2/mod: Delete reference to file files.rs
- http2/files: Delete
 4 years ago
Sascha Steinbiss a4556c9427 dns: use rest() for NULL parsing 4 years ago
Sascha Steinbiss 81b206a5f4 dns: add test for SRV 4 years ago
Sascha Steinbiss 08a6f1441a dns: parse SRV records 4 years ago
Antti Tönkyrä f3ad7f14fa dns: add rdata logging for NS rrtype 4 years ago