suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	4d5024255f	smb/dcerpc: remove now unused ssn2maxsize_map	7 years ago
Victor Julien	4d044483cf	smb/dcerpc: clean up and unify DCERPC probe logic	7 years ago
Victor Julien	ac4e888597	smb2/dcerpc: probe if response data is dcerpc If we missed the tree connect we can't know for sure if we're reading from a (DCERPC) PIPE or not. In this case probe the data to see if it looks like DCERPC. If the detection succeeds, use a special 'suricata::dcerpc' service in the TX. Simplify handling of DCERPC records that cross records Update logging for the response only TXs.	7 years ago
Victor Julien	9dd7c38113	smb2: skip rest of READ response if status is not success	7 years ago
Victor Julien	edd0c2246c	smb1: add SMB1_COMMAND_QUERY_INFO_DISK command mapping	7 years ago
Victor Julien	177966970a	smb: probing parser improvement	7 years ago
Victor Julien	2b581cd6db	smb: log trans2 that enable delete on close	7 years ago
Victor Julien	eefac0ef95	smb1: add support for trans2 set_path_info rename	7 years ago
Victor Julien	1b86d4e1a2	smb: improve dcerpc logic Detect whether a pipe is a dcerpc channel based on the name of the pipe.	7 years ago
Victor Julien	7c8a078a2c	smb1: improve NT Create response record parsing	7 years ago
Victor Julien	2e6014b15c	rust/smb: search for record on midstream start Calls with both START and MIDSTREAM mean the record might be cut and the start of it could be missing. For this case, enable the same logic as is used when catching up after a GAP. Search for the start of the record instead of assuming it sits exactly at the start of the input data.	7 years ago
Victor Julien	f40fc0293b	smb: minor optimizations	7 years ago
Victor Julien	b1e2783788	auth/krb5: move kerberos5 wrapper to rust root Make it available outside of just the SMB parser.	7 years ago
Victor Julien	4d58aaae90	smb: clean up partial read/write record handling	7 years ago
Victor Julien	aa8d64c2b8	smb: improve skip handling When skipping records the skip tracker could underflow if the record parsing had more data than expected. Enforce the calculation by moving it into a method and make the actual fields private.	7 years ago
Victor Julien	eac7a92200	smb2: improve read/write record parsing parse_smb2_response_read()/parse_smb2_response_write() can be called on incomplete data, so they didn't use the read/write length field to grab the data field. Instead it just used rest(). However in some cases SMB2 records have trailing data, which would be included in the READ/WRITE data. This patch addresses this by using the length field if enough data is available.	7 years ago
Victor Julien	ea1e13cb00	smb: suppress notice messages	7 years ago
Pierre Chifflier	576b8ef722	SMB: simplify code	7 years ago
Pierre Chifflier	cf5de0c58e	SMB: use String::from_utf8_lossy in logging functions	7 years ago
Pierre Chifflier	b5529e4ffb	SMB: use kerberos-parser to extract Real and PrincipalName	7 years ago
Victor Julien	0dfb3f0e7f	smb1: extract rename info from TRANS2 Exclude TRANS2 from generic TX lookup bypass.	7 years ago
Victor Julien	8eeda113c8	smb1: add parsing for RENAME command	7 years ago
Victor Julien	7b61f2c589	smb2: log renames	7 years ago
Victor Julien	15978d4e85	smb: if filename is missing, use '<unknown>'	7 years ago
Victor Julien	71742ed52b	smb: share can't be <share_root>	7 years ago
Victor Julien	bc193242ad	smb1: add OPEN_ANDX command name for logging	7 years ago
Victor Julien	32b19fac99	smb2: don't log/track each READ/WRITE/etc	7 years ago
Victor Julien	fb986abe81	smb: log file FID/GUID as fuid	7 years ago
Victor Julien	816bd022a6	smb1: improve non nt-status handling Support SRV error, with a couple of codes. Rename statux field to status_code.	7 years ago
Victor Julien	0519807639	smb1: ignore tree_id in session setup	7 years ago
Victor Julien	286c054472	smb: improve nbss/smb record detection	7 years ago
Victor Julien	7ab071a58d	rust/smb: implement minimal record parsing in probing	7 years ago
Victor Julien	283be3cade	smb2: break out ioctl handling	7 years ago
Victor Julien	bf08285602	smb2: parse async records	7 years ago
Victor Julien	5c26020714	smb2: add ioctl transactions to log the funcs	7 years ago
Victor Julien	75265ec376	smb2: map ioctl funcs to names List is based on Wireshark's list.	7 years ago
Victor Julien	7cd66516f0	smb: use formal MS names for disposition	7 years ago
Victor Julien	f7ed749d4f	smb: disable debug output	7 years ago
Victor Julien	eed492547c	smb1: extract server guid from negotiate	7 years ago
Victor Julien	6d56edc3de	smb2: log client and server guid from negotiate	7 years ago
Victor Julien	c56f5e11ca	smb2: log share type	7 years ago
Victor Julien	d75ebdb981	smb: log create empty filename as '<share_root>' like Bro does	7 years ago
Victor Julien	fcbeab70a4	smb1: log create 'service' fields	7 years ago
Victor Julien	90e2abaac4	smb1: use generic string parsing for trans	7 years ago
Victor Julien	76917a8732	smb1: generic smb string parse func	7 years ago
Victor Julien	668c747aee	smb1: more exact tree connect record parsing	7 years ago
Victor Julien	0ed00cf104	smb: move common parsing funcs into own file	7 years ago
Victor Julien	1c701dc50e	smb: make string parsing functions public	7 years ago
Victor Julien	1d4aac1d4d	smb1: set event on empty/malformed dialect	7 years ago
Victor Julien	c91242e71c	smb: rename file to filename in output	7 years ago
Victor Julien	caf29e92b3	smb1: parse and log timestamps in CREATE	7 years ago
Victor Julien	0e05ef7369	smb2: parse and log timestamps in CREATE	7 years ago
Victor Julien	28f16e38ac	smb1: disable 'generic tx's for common commands Don't create a generic TX for each READ, WRITE, TRANS, TRANS2, except if they cause events to trigger.	7 years ago
Victor Julien	78cd92a933	smb: generic event per trans/read/write for tx events	7 years ago
Victor Julien	05992f1772	smb: fix event handling when no tx is available	7 years ago
Victor Julien	be615c9fbc	smb: small cleanups, fixes and optimizations	7 years ago
Victor Julien	dab055d8c8	smb: update to der-parser 0.5.1	7 years ago
Victor Julien	0d69e7b8c2	smb: remove unused dialects from state	7 years ago
Victor Julien	ad1bc7f473	smb1: minor debug improvment	7 years ago
Victor Julien	a44504a1bf	smb: redo gap catch up handling	7 years ago
Victor Julien	7114d5d25b	smb1: parser cleanups	7 years ago
Victor Julien	d9e43d3e63	smb: cleaner server component parsing	7 years ago
Victor Julien	ecbf10da70	smb2: improve write error handling	7 years ago
Victor Julien	b34392051d	smb3: parse transform records	7 years ago
Victor Julien	894a73ee06	smb2: add missing commands and improve ioctl err handling	7 years ago
Victor Julien	170edf7c44	smb1: improve error handling	7 years ago
Victor Julien	7ceb67138f	smb: add status	7 years ago
Victor Julien	98b926bf72	smb1: implement WRITE_AND_CLOSE	7 years ago
Victor Julien	595557eb8d	smb1: locking andx may have no response	7 years ago
Victor Julien	7dff9b9969	smb/nbss: work around bad traffic	7 years ago
Victor Julien	8bef120898	smb: session setup improvements Improve ntlmssp version extraction and logging, make its data structures optional. Extract native os/lm from smb1 ssn setup. Move session setup handling into their own files. Only log auth data for the session setup tx.	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago

... 2 3 4 5 6

272 Commits (4e1945415273bf58876c5da43c506af71ff5b6bc)