aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,026 Commits
8 Branches
169 Tags
217 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6256391408'
${ noResults }
Commit Graph

1433 Commits (62563914081ed631d58d9e1f7ac56e4bef6b7655)

Author SHA1 Message Date
Philippe Antoine 5bb5b4f46f rust: remove unnecessary nested unsafe 2 years ago
Philippe Antoine 4ccbcc4684 sip: use right slice to take line from 
We iterate over input, but we are now at start.
Avois quadratic complexity turning to OOM.

Ticket: 7093
 2 years ago
Jason Ish 49ecf37126 rust/ike: prefix never read field names with _ 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
 2 years ago
Jason Ish 29d7ff026a rust: simply matches with unwrap_or_default 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
 2 years ago
Jason Ish ee2175cdb6 rust: fix clippy lint for legacy_numeric_constants 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
 2 years ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features 
"default_features" is being deprecated in Rust 2024.
 2 years ago
Philippe Antoine 4fe3f04fa3 detect/enip: move keywords to rust 
Ticket: 4863
 2 years ago
Philippe Antoine ce1eea4ad6 detect/websocket: move keywords to rust 
Ticket: 4863
 2 years ago
Philippe Antoine 16952d67e7 detect/dhcp: move keywords to rust 
Ticket: 4863
 2 years ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 2 years ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords 
detect: make number of keywords dynamic

Ticket: 4683
 2 years ago
Philippe Antoine 08c511f1bf enip: remove unnecessary unsafe 
As the function SCEnipRegisterParsers is already marked as unsafe
 2 years ago
Victor Julien 37be66eef9 detect/iprep: update function naming 
Bring in line with new Rust code naming for FFI functions.
 2 years ago
Victor Julien 83976a4cd4 detect/iprep: implement isset and isnotset 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

Internally it is implemented outside the uint support.

Ticket: #6857.
 2 years ago
Victor Julien 539ab3a404 detect/iprep: update keyword parser for extendibility 2 years ago
Jason Ish f0dbfe863d misc: prefix functions with SC not Sc 2 years ago
Philippe Antoine d9d5170ec0 websocket: add data frame 
Ticket: 7051
 2 years ago
Juliana Fajardini bb45ac71ef dns: allow triggering raw stream reassembly 
For TCP streams, app proto stream reassembly can start earlier, instead
of waiting and queueing up data before doing so.

Task #7018
Related to
Bug #7004
 2 years ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 2 years ago
Philippe Antoine 0d267e29a5 files: remove the need for state in callbacks 
As files now belong to transactions
 2 years ago
Philippe Antoine 5167ff6411 smtp/mime: look for urls in base64 message 
Ticket: 5185

Previously, it was looked for message in plain text, and base64
encoding was only handled for attachments.

This commit also fixes the buffering got such base64 data streamed
into urls finding, by buffering a beginning non-empty line,
and by ensuring that we run extraction on the last line,
even if it had no EOL.
 2 years ago
Juliana Fajardini 0946c213cd pgsql: trigger raw stream reassembly 
Expose the raw stream earlier to the detection engine, as Pgsql can have
multiple messages per transaction and usually will have a message
complete within one TCP packet.

Bug #7000

Related to
Bug #7026
 2 years ago
Juliana Fajardini 69e26de197 pgsql/logger: open json object from logger function 
Before, the JsonBuilder object for the pgsql event was being created
from the C-side function that actually called the Rust logger.

This resulted that if another module - such as the Json Alert called the
PGSQL logger, we wouldn't have the `pgsql` key present in the log output
- only its inner fields.

Bug #6983
 2 years ago
Philippe Antoine 7fb10676e7 dns: remove unneeded mut in logger 2 years ago
Philippe Antoine a10c1f1dde smtp: use rust for mime parsing 
Ticket: #3487
 2 years ago
Philippe Antoine 5f75b9a6e3 http: use rust for mime parsing 
Ticket: #3487
 2 years ago
Philippe Antoine 5555aa6788 mime: improved token parsing 
Accepts escaped quote in escaped string
 2 years ago
Jason Ish 936930778c rust/Makefile: cleanup "clean" targets 
Remove maintainer-clean-local, this is not needed.

In distclean-local, remove "rust/dist" and "rust/vendor" as they are
created during "make dist".

In "clean-local", remove "rust/target" and "rust/gen" as they are
created during a normal "make".
 2 years ago
Jason Ish 2e440169d6 lua: remove lua as a compile time feature 
Its always built-in. However, can be disabled at runtime.
 2 years ago
Jason Ish 1fd2c1a379 rust/lua: remove lua_int8 feature 
Now that we're fixed to Lua 5.4, the integer size is always 8.
 2 years ago
Jason Ish bc011f2205 lua: use rust crate to vendor (bundle) lua 
Remove lua-dev(el) from all CI tests.
 2 years ago
Shivani Bhardwaj 3a1c12414a tls: store list of subject alternative names 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
 2 years ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml 
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
 2 years ago
Philippe Antoine 3b5f1173ab Revert "rust: temporary: disable debug assertions" 
This reverts commit 14ab9aa763.
 2 years ago
Philippe Antoine 37a9003736 rust/probing: safety check for null input 
Ticket: 7013

Done consistently for all protocols

This may change some protocols behaviors which failed early
if they found there was not enough data...
 2 years ago
Philippe Antoine 5dc8dea869 rust: return empty slice without using from_raw_parts 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`

Ticket: 7013
 2 years ago
Philippe Antoine 806052d762 websocket: fix opcodes values for ping/pong 
And also set close

Ticket: 7025
 2 years ago
Philippe Antoine 8b103ae755 dns: set tx id for frames 2 years ago
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 2 years ago
Jeff Lucovsky cb56752bf7 config/ja3: Eliminate warnings when JA3 is disabled 
This commit eliminates warnings when either ja3, ja4 or both are
disabled.
 2 years ago
Jason Ish 14ab9aa763 rust: temporary: disable debug assertions 2 years ago
Philippe Antoine c53e9ac0dd sdp: fix logging medias 
As introduced by bff790b6ac

Also handles errors in the caller

Ticket: 6994
 2 years ago
Jason Ish df8568ee30 rust/dns: visibility cleanups 
Remove pub from functions that don't require it.
 2 years ago
Jason Ish 556cfe56bf rust/dns: ffi naming and visibility cleanups 
- Remove no_mangle and pub from FFI functions that are only accessed
  with a function pointer.
- Rename all no_mangle FFI functions to our C naming scheme.
 2 years ago
Giuseppe Longo 868493529b rust/sip: parse and log sdp 
If SDP payload is found within a SIP message, it will be parsed and then
logged.

Ticket #6627
 2 years ago
Giuseppe Longo bff790b6ac rust/sdp: implement logger 
This implements a logger for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627
 2 years ago
Giuseppe Longo 1ccfc35214 rust/sdp: implement protocol parser 
This implements a parser for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627.
 2 years ago
Philippe Antoine d8e0c72644 app-layer: remove unused C wrappers 
Ticket: 4083
 2 years ago
Philippe Antoine 03442c9071 http2: do not log duplicate headers 
Ticket: 6900

And thus avoid DOS by logging a request using a compressed
header block repeated many times and having a long value...
 2 years ago
Philippe Antoine 390f09692e http2: use a reference counter for headers 
Ticket: 6892

As HTTP hpack header compression allows one single byte to
express a previously seen arbitrary-size header block (name+value)
we should avoid to copy the vectors data, but just point
to the same data, while reamining memory safe, even in the case
of later headers eviction from the dybnamic table.

Rust std solution is Rc, and the use of clone, so long as the
data is accessed by only one thread.
 2 years ago