Querying an engine mode with an unknown value signals a bug when
the engine mode has not been determined but is already queried by
other functions.
Ticket: #5959
Master exception policy queried engine mode earlier than it was
determined from the configuration file/command line. As a result it
used the default (IDS) mode. However, the engine mode could have been
reconfigured later on to the IPS mode. This lead into an undefined behavior
as master exception policy behaves according to the configured engine mode.
Ticket: #5960
BPF codebase queried engine mode earlier than it was determined from
the configuration file/command line. As a result it used the default (IDS)
mode where it could've been configured later on to the IPS mode.
This could lead into an undefined behavior as some Suricata modules behave
according to the engine mode.
PF-Ring, Netmap and AF-Packet all shared almost identical code for
determining the engine mode. It was put into one common function.
Omitted the usage of SCStrdup function in PF-Ring module as it is
uppercased during thread initialization phase.
Ticket: #5957
sawp 0.12 is available and addresses future compilation failures in
dependent crates.
Updated modbus test case to expect 12 bytes needed instead of 15. This
aligns with expectations as the test case slices 3 bytes off the end of
a 12 byte message so needing 12 bytes is correct.
Ticket #5989
This commit modifies the log messages to follow the style of AF_PACKET
(and others). When the interface name is part of the message, the
message will be structured as: "<iface-name>: <message>"
Issue: 5975
This commit adds brief discussion for additional cluster types for use
with the pf-ring packet source.
Newly added:
- cluster_inner_flow
- cluster_inner_flow_2_tuple
- cluster_inner_flow_4_tuple
- cluster_inner_flow_5_tuple
Issue: 5975
Minimal modifications required on the Suricata side, mainly for fields
becoming private and needing an accessor instead.
Note: As the kerberos parser still depends on der-parser 6.0, we still
have to depend on that so it is depended on, but renamed to
der-parser6. There is not an udpated kerberos-parser yet that uses
der-parser 8.2.0.
Ticket: #5991
Updating snmp-parser required directly depending on the asn1-rs crate
for the Oid type, as snmp-parser does not re-export this type anymore.
Ticket: #5992
runmodes.c:541:13: warning: Use of memory after it is freed [unix.Malloc]
if (output->output_ctx != NULL && output->output_ctx->DeInit != NULL)
^~~~~~~~~~~~~~~~~~
1 warning generated.
runmode-dpdk.c:204:18: warning: Result of 'calloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'ptrdiff_t' [unix.MallocSizeof]
args->argv = SCCalloc(capacity, sizeof(ptrdiff_t)); // alloc array of pointers
^~~~~~~~ ~~~~~~~~~~~~~~~~~
./util-mem.h:36:18: note: expanded from macro 'SCCalloc'
#define SCCalloc calloc
^~~~~~
runmode-dpdk.c:278:16: warning: Result of 'malloc' is converted to a pointer of type 'char *', which is incompatible with sizeof operand type 'char **' [unix.MallocSizeof]
eal_argv = SCMalloc(args.argc * sizeof(args.argv));
^~~~~~~~ ~~~~~~~~~~~~~~~~~
./util-mem.h:35:18: note: expanded from macro 'SCMalloc'
#define SCMalloc malloc
^~~~~~
2 warnings generated.
Lukas Sismis
Jeff Lucovsky
William Correia
Juliana Fajardini
Jason Ish
Philippe Antoine
Victor Julien