Commit Graph

131 Commits (5db471500c69890d01e4b61bd15f9ac16695c83b)

Author SHA1 Message Date
Jason Ish b9127e8b96 automake/rust: remove path.lib
Remove the path.lib parameter that is substituted into the output
Cargo.toml by autoconf. Instead, as part of the build, "cd" into the
source directory. We already set the Rust target directory to the
external build directory.

This makes the Cargo.toml more generic, and in a format suitable for
publishing to crates.io. It also makes it easier to pull in external
crates without needing to patch up their Cargo.toml, for example, it
might make pulling libhtp-rs easier.
2 years ago
Victor Julien a2c817243f rust: add MSRV as rust-version
Update github-actions to use it for the MSRV check.
2 years ago
Victor Julien 1d3a156179 rust: update parser dependencies
Time locked to 0.3.20 to guarantee MSRV of 1.63.
Update snmp-parser to 0.10.0.
Update asn1-rs to 0.6.1.
Update kerberos-parser to 0.8.0.
Update x509-parser 0.16.0.
Update der-parser to 9.0.0.
Remove specific use of der-parser 6.

Ticket: #6817.
Ticket: #6818.
2 years ago
Philippe Antoine 6896a93d87 rust: update test_case crate
fixes unused_unit

warning: unneeded unit expression
   --> src/bittorrent_dht/parser.rs:590:5
    |
590 | /     #[test_case(
591 | |         b"",
592 | |         "Error: discovered Dict but expected EOF" ;
593 | |         "test parse bittorrent dht packet err 1"
594 | |     )]
    | |______^
3 years ago
Philippe Antoine b6cd66f41d http2: update brotli crate
Fixes debug assertion found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63144
3 years ago
Jason Ish 039c27789b rust: use 2021 edition
With the MSRV being bumped to 1.62 for 7.0, we can move the edition up
to 2021.
3 years ago
Jason Ish f8ec993401 rust/time: add note why this needs to be pinned 3 years ago
Jason Ish 5925b63d82 rust: update x509-parser to 0.15.0 3 years ago
William Correia e378aa8d15 modbus: bump crate version
sawp 0.12 is available and addresses future compilation failures in
dependent crates.
Updated modbus test case to expect 12 bytes needed instead of 15. This
aligns with expectations as the test case slices 3 bytes off the end of
a 12 byte message so needing 12 bytes is correct.

Ticket #5989
3 years ago
Jason Ish b4f0d3c741 rust: update der-parser to 8.2.0
Minimal modifications required on the Suricata side, mainly for fields
becoming private and needing an accessor instead.

Note: As the kerberos parser still depends on der-parser 6.0, we still
have to depend on that so it is depended on, but renamed to
der-parser6. There is not an udpated kerberos-parser yet that uses
der-parser 8.2.0.

Ticket: #5991
3 years ago
Jason Ish 3d9fc3bf1d rust: update snmp-parser to 0.9.0
Updating snmp-parser required directly depending on the asn1-rs crate
for the Oid type, as snmp-parser does not re-export this type anymore.

Ticket: #5992
3 years ago
Jason Ish d4418034d1 rust: update aes and aes-gcm crates
Addresses RUSTSEC-2021-0059, RUSTSEC-2021-0060.
3 years ago
Todd Mortimer 7d1a8cc335 file/swf: Use lzma-rs decompression instead of libhtp.
Use the lzma-rs crate for decompressing swf/lzma files instead of
the lzma decompressor in libhtp. This decouples suricata from libhtp
except for actual http parsing, and means libhtp no longer has to
export a lzma decompression interface.

Ticket: #5638
4 years ago
Jason Ish 91617f479a rust: sha-1 is now sha1
This is the same crate, but renamed to be more consistent with the
RustCrypto project naming. Some recent discussion is available here:

    https://github.com/RustCrypto/hashes/issues/438
4 years ago
Aaron Bungay 86037885a9 bittorrent-dht: add bittorrent-dht app layer
Parses and logs the bittorrent-dht protocol.

Note: Includes some compilation fixups after rebase by Jason Ish.

Feature: #3086
4 years ago
Victor Julien 879a46f085 rust: lock to time 0.3.13 to avoid MSRV bump to 1.59
Indirect dependency through x509-parser.
4 years ago
Pierre Chifflier 16db04c1a7 rust: remove nom 5 dependency 4 years ago
Pierre Chifflier beadd090b8 rust: upgrade versions of BER/DER, Kerberos and SNMP parsers 4 years ago
Jason Ish baab1de735 rust: update x509-parser to 0.14.0
Resolves RustSec issues in time and chrono:
- https://rustsec.org/advisories/RUSTSEC-2020-0071
- https://rustsec.org/advisories/RUSTSEC-2020-0159

Ticket: #5259.

Ammended by Victor Julien to bump to 0.14 instead of 0.13.
4 years ago
Pierre Chifflier 3aace49649 rust/x509: update dependency on x509-parser 4 years ago
Philippe Antoine 675de33405 krb: bump up crate version
kerberos parser crate is also used by other procotols : nfs and
smb. These protocols use an older der_parser crate version.
Upgrading der_parser will simplify the code further.
4 years ago
Philippe Antoine c6cf61a39b quic: complete parsing of initial for non gquic
The format of initial packet for quic ietf, ie quic v1,
is described in rfc 9000, section 17.2.2

Parse more frames and logs interesting extensions from crypto frame

Do not try to parse encrypted data, ie after we have seen
a crypto frame in each direction.

Use sni from crypto frame with tls for detection already implemented

Ticket: #4967
4 years ago
Philippe Antoine 0c346af4a9 rust: bump up digest crates
so that we can use hkdf crate for quic
4 years ago
Philippe Antoine 2294e9cdbc rdp: bump up tls-parser crate version
so that we can use new functions in quic parser
4 years ago
Philippe Antoine 6224e283fa modbus: bump up rust crate version
So that probing parser is more strict and does not accept unknown
function code as valid modbus.

Ticket: #5377
4 years ago
Victor Julien 93d5bce0aa rust: update regex & memchr dependencies
Bug: #5260.
4 years ago
Pierre Chifflier b5166bdb93 rust/ntp: upgrade dependency on ntp-parser 4 years ago
Pierre Chifflier fa63945bdc rust/ike: convert parser to nom7 functions and upgrade dependency 4 years ago
Emmanuel Thompson 7e51987263 quic: Add QUIC App Layer
Parses quic and logs a CYU hash for gquic frames
5 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust)
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
5 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
5 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
5 years ago
Pierre Chifflier 17170c41aa rust: add nom7 dependency 5 years ago
Jason Ish 27d1ee98ce rust: derive crate: for custom derives
Currently has one derive, AppLayerEvent to be used like:

  #[derive(AppLayerEvent)]
  pub enum DNSEvent {
      MalformedData,
      NotRequest,
      NotResponse,
      ZFlagSet,
  }

Code will be generated to:
- Convert enum to a c type string
- Convert string to enum variant
- Convert id to enum variant
5 years ago
Simon Dugas c2720fc2fb modbus: fix quantity and count calculation
The [Modbus Spec S6.11](https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf)
clearly states that the `count = quantity / 8` and not the other way
around. This is fixed in sawp-0.5.0.
5 years ago
Simon Dugas a458a94dca modbus: move from C to rust
Adds a new rust modbus app layer parser and detection module.

Moves the C module to rust but leaves the test cases in place to
regression test the new rust module.
5 years ago
Philippe Antoine 0105d4f017 rust: bump bitflags dependency version
So that lexical-core, needed by nom, and using bitflags
is used with version 0.7.5 instead of version 0.7.0
which fixed the fact that BITS is now a reserved keyword
in nightly version
5 years ago
Jason Ish a178ec6bef rust: rename lib to libsuricata_rust
Previously it was libsuricata.a, but eventually we want to get
to a place where libsuricata.a is a combination of the Rust
and C code.
5 years ago
Victor Julien 3f807f3bf6 rust: update dependencies 6 years ago
Victor Julien ebde15f0e2 rust: lock all major crate versions
To avoid surprises with dependencies bumping MSRV.
6 years ago
Victor Julien 4b5af36061 rust: relax nom version to any >=5.1.1 6 years ago
Philippe Antoine d861228214 http2: decompression for files
gzip and brotli decompression for files
6 years ago
Jason Ish ff37526c6b rust: remove md5 crate, unalias md-5
Remove the md5 crate as a dependency as it is no longer removed.
We now use md-5 from RustCrypto.
6 years ago
Jason Ish 46ceb13c08 rust: add ffi module for sha256, sha1 and md5
Add a Rust module that exposes Rust implementations of
sha256, sha1 and md5 from the RustCrypto project.

This is an experiment in replacing the libnss hash functions with
pure Rust versions that will allow us to remove nss as a compile
time option.

Initial tests are good, even with a 10% or so performance
improvement when being called from C.

Also trying a module naming scheme where modules under the ffi
modules are purely for exports to C, as it doesn't make any
sense to use this new hashing module directly from Rust.
6 years ago
Jason Ish ea1338b464 rust: function macro now returns the function name
Borrow a macro from https://github.com/popzxc/stdext-rs that
will give us the Rust function name in SCLog messages in Rust.

As this trick only works on Rust 1.38 and newer, keep the old
macro around and set a feature based on a Rust version test
done during ./configure.
6 years ago
Jason Ish 3672cea876 rust/Cargo: build as rlib for plugin linkage
Build Rust code as an rlib, in addition to a staticlib so plugins
can link with the Rust code.
6 years ago
Emmanuel Thompson 63704fdf13 rust/asn1: Introduce ASN1 rust module
This module uses the `der-parser` crate to parse ASN1 objects in order to replace src/util-decode-asn1.c
It also handles the parsing of the asn1 keyword rules and detection checks performed in src/detect-asn1.c
6 years ago
Emmanuel Thompson 6b8517dc12 rust: Update der, kerberos and snmp parser dependencies
- The update to der-parser allows us to use the latest API changes
6 years ago
Vadym Malakhatko 536cee3ba9 rust/ssh: add hassh generation
Add generation of hassh fingerprints based on fields in the kexinit record
6 years ago
Jason Ish 639f3d265e rust: lock to nom 5.1.1
5.1.2 pulls in dependencies that don't build on Rust 1.34.
6 years ago
Jason Ish c1f4edc434 rust: bring back libc as a dependency
Its already pulled in by some of other dependencies so adds zero
extra weight, and provides handy definitions for basic functions
like free().
6 years ago
Shivani Bhardwaj 6db1f19d62 rust: Add debug_validate_bug_on macro
This macro allows to check if certain parts of the code are reachable
during fuzzing.
6 years ago
Shivani Bhardwaj 57ad609a97 rust: Add new crate uuid 6 years ago
Pierre Chifflier 36d2e257c6 rust/x509: use the raw serial number so leading zeros are not removed 6 years ago
Pierre Chifflier 5b809f77f1 rust: upgrade all parsers to nom 5 6 years ago
Jason Ish 53aaa82deb rust: set edition to 2018 7 years ago
Jason Ish f9c9548b74 configure: detect lua integer size
Lua 5.1 and 5.3 use a different integer size. Run a test program
to set the integer size used in the Rust FFI layer to Rust.
7 years ago
Zach Kelly caef8b5b38 protocol parser: rdp
Initial implementation of feature 2314:
1. Add protocol parser for RDP
2. Add transactions for RDP negotiation
3. Add eve logging of transactions
7 years ago
Victor Julien 3f6624bf16 rust: remove libc crate dependency
Use std::os::raw instead.
7 years ago
Pierre Chifflier 2df840a8b8 Add SNMP (v1/v2c/v3) application layer 7 years ago
Victor Julien 24d6a16459 rust/mingw: build fixes
Fix path passed to cargo by using 'cygpath' if available.
7 years ago
Pierre Chifflier d3011e3ee8 rust: update dependencies for nom4 transition 8 years ago
Pierre Chifflier 3a017f61b0 Kerberos 5: pretty-print error code when logging 8 years ago
Pierre Chifflier 77f0c11c9e Add Kerberos 5 application layer 8 years ago
Jason Ish d73b5ee276 rust: cargo fixes for out of tree build 8 years ago
Pierre Chifflier 2d1c4420de Update ntp-parser to 0.2.0 8 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental'
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
8 years ago
Pierre Chifflier 4e4cf00c07 Remove the 'experimental' mark for IKEv2 8 years ago
Pierre Chifflier c99b9462d7 Add new parser: IKEv2
Add a new parser for Internet Key Exchange version (IKEv2), defined in
RFC 7296.
The IKEv2 parser itself is external. The embedded code includes the
parser state and associated variables, the state machine, and the
detection code.

The parser looks the first two messages of a connection, and analyzes
the client and server proposals to check the cryptographic parameters.
8 years ago
Pierre Chifflier b5529e4ffb SMB: use kerberos-parser to extract Real and PrincipalName 8 years ago
Victor Julien dab055d8c8 smb: update to der-parser 0.5.1 8 years ago
Victor Julien 75d7c9d64a rust/smb: initial support
Implement SMB app-layer parser for SMB1/2/3. Features:
- file extraction
- eve logging
- existing dce keyword support
- smb_share/smb_named_pipe keyword support (stickybuffers)
- auth meta data extraction (ntlmssp, kerberos5)
8 years ago
Pierre Chifflier b69acaadf5 Rust: add 'debug' feature
The 'debug' feature is enabled if suricata was configured with the
--enabled-debug' flag.
If enabled, the SCLogDebug format and calls the logging function as
usual. Otherwise, this macro is a no-op (similarly to the C code).
8 years ago
Victor Julien 6e82df274d rust: update dependencies 9 years ago
Victor Julien bb65a48edd rust: require at least libc 0.2.33
Required to be higher than 0.2.24 for IPPROTO_UDP. Upgraded to latest
version.
9 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 9 years ago
Pierre Chifflier efe11dc37e Add NTP parser (rust-experimental) 9 years ago
Victor Julien db2d928151 rust/nfs: add (file)handle to log as crc32 9 years ago
Jason Ish ee83f7a0db rust: build fixes and nom update
Update nom to ~3.0.

Prefix dependencies with ~, which will allow for newer patch
versions only. Minor version updates should get a test before
using.

Remove Cargo.lock from the repo, but still generate as part
of the vendoring process for release builds. This will ensure
that all users of a particular distribution tarball will be
linking against the same Rust dependencies.
9 years ago
Jason Ish 9d687025e2 rust: lua wrapper
Rust wrapper for working with lua state.
9 years ago
Jason Ish 8f81792da5 rust: hook rust into the build
Rust is currently optional, use the --enable-rust configure
argument to enable Rust.

By default Rust will be built in release mode. If debug is enabled
then it will be built in debug mode.

On make dist, "cargo vendor" will be run to make a local copy
of Rust dependencies for the distribution archive file.

Add autoconf checks to test for the vendored source, and if it
exists setup the build to use the vendored code instead of
fetching it from the network.

Also, as Cargo requires semantic versioning, the Suricata version
had to change from 4.0dev to 4.0.0-dev.
9 years ago