suricata

Commit Graph

Author	SHA1	Message	Date
Shivani Bhardwaj	72dab0a8b7	snmp: convert to jsonbuilder Closes redmine ticket 3756.	5 years ago
Jason Ish	abc71dc4a5	applayer template (rust): better gap handling example In the request parser, show checking if a gap was received and what one example of trying to continue might look like.	5 years ago
Jason Ish	b91bb92b7d	applayer template (rust): incomplete support Show how to use the incomplete AppLayerResult type within the limits of what the template protocol parser can provide. Redmine issue: https://redmine.openinfosecfoundation.org/issues/3541	5 years ago
Jason Ish	3f615f751b	rust app-layer template: add stubs for gap handling	5 years ago
Jason Ish	d60671d855	rust/dns: use new flags field to set parser option flags	5 years ago
Jason Ish	53aa967e0b	applayer: add flags to parser registration struct This will allow Rust parsers to register for gap handing from Rust (some Rust parsers do handle gaps, but they set the flag from C).	5 years ago
Jason Ish	9d9a901b68	dns: conditional logging Apply config to newly created response TX.	5 years ago
Victor Julien	ac3cf6ff75	detect/config: set config for special cases Allow app-layer to declare the txs are uni-directional and special care is needed for applying config.	5 years ago
Victor Julien	5dd4d948d9	app-layer: remove unused detect flags API	5 years ago
Victor Julien	c94a5e6392	app-layer/rust: don't use option for GetTxDataFn anymore	5 years ago
Victor Julien	8fe9faecb2	app-layer: remove DetectFlags API. Replaced by AppLayerTxData	5 years ago
Victor Julien	88dd0abb38	rdp: support AppLayerTxData	5 years ago
Victor Julien	9664f73f75	app-layer: remove logged API calls	5 years ago
Victor Julien	e0debed0b4	tftp: support AppLayerTxData	5 years ago
Victor Julien	4ff51a0e07	sip: support AppLayerTxData	5 years ago
Victor Julien	cc1210c956	ntp: support AppLayerTxData	5 years ago
Victor Julien	e0f75157a0	ikev2: support AppLayerTxData	5 years ago
Victor Julien	64e2a27512	applayer/template: support AppLayerTxData	5 years ago
Victor Julien	a484bbbe1b	dhcp: support AppLayerTxData	5 years ago
Victor Julien	11e2434526	snmp: support AppLayerTxData	5 years ago
Victor Julien	5afe4835ad	rfb: support AppLayerTxData	5 years ago
Victor Julien	9f29366c7c	krb5: support AppLayerTxData	5 years ago
Victor Julien	2aab1938d7	ssh: support AppLayerTxData	5 years ago
Victor Julien	a1e06247a6	dcerpc/udp: support AppLayerTxData	5 years ago
Victor Julien	3202d29325	dcerpc: support AppLayerTxData	5 years ago
Victor Julien	77a95eddd9	smb: support AppLayerTxData	5 years ago
Victor Julien	7a7805cde6	nfs: support AppLayerTxData	5 years ago
Victor Julien	fb3bdd8cf3	dns: remove detect_flags and logged now that we use AppLayerTxData	5 years ago
Victor Julien	5665fc8301	app-layer: add ApplyTxConfig API Optional callback a parser can register for applying configuration to the 'transaction'. Most parsers have a bidirectional tx. For those parsers that have different types of transaction handling, this new callback can be used to properly apply the config.	5 years ago
Victor Julien	e15995e2d2	detect: store detect flags in AppLayerTxData	5 years ago
Victor Julien	c797c9f09c	app-layer: add logger flags to AppLayerTxData	5 years ago
Victor Julien	411f428a38	app-layer: define AppLayerTxData and AppLayerTxConfig AppLayerTxData is a structure each tx should include that will contain the common fields the engine needs for tracking logging, detection and possibly other things. AppLayerTxConfig will be used by the detection engine to configure the transaction.	5 years ago
Jason Ish	03efbccfe6	jsonbuilder: set_float, append_float methods New methods for setting and appending float values.	5 years ago
Philippe Antoine	ece29c4210	ssh: fix incomplete return for ssh kex In the case where we already parsed some records	5 years ago
Philippe Antoine	ca6d072297	dcerpc: detect right parsing of empty op version	5 years ago
Emmanuel Thompson	6e5d64f102	detect/asn1: Simplify errors and checks	5 years ago
Emmanuel Thompson	4fc45b5c60	detect/asn1: Update ASN1 struct lifetime - 'static is only realistic when allocating and leaking it over the FFI boundary	5 years ago
Emmanuel Thompson	627e90a4bd	detect/asn1: Log out errors - Failure to parse asn1-max-frames - Failure on asn1 detection checks	5 years ago
Emmanuel Thompson	88601b1993	detect/asn1: Update relative_offset keyword - To be consistent with recent C version changes - Add checks for over/underflows	5 years ago
Emmanuel Thompson	7af6cdb7ec	detect/asn1: Update asn1 C files to use rust code Mark rust extern "C" functions as pub in asn1 module to expose via cbindgen Update detect-asn1.c/h to use rust functions	5 years ago
Emmanuel Thompson	63704fdf13	rust/asn1: Introduce ASN1 rust module This module uses the `der-parser` crate to parse ASN1 objects in order to replace src/util-decode-asn1.c It also handles the parsing of the asn1 keyword rules and detection checks performed in src/detect-asn1.c	5 years ago
Emmanuel Thompson	6b8517dc12	rust: Update der, kerberos and snmp parser dependencies - The update to der-parser allows us to use the latest API changes	5 years ago
Jason Ish	43b9bfaed4	applayer template (rust): convert to JsonBuilder	5 years ago
Vadym Malakhatko	126597144c	eve: add Hassh fields to SSH JSON logger and add ssh log condition	5 years ago
Vadym Malakhatko	536cee3ba9	rust/ssh: add hassh generation Add generation of hassh fingerprints based on fields in the kexinit record	5 years ago
Jeff Lucovsky	d5bb41011c	output/ikev2: Convert to JsonBuilder Convert the IKEV2 Json logging to use JsonBuilder.	5 years ago
Victor Julien	65e9a7c31c	smb: fix 'dangling' files in lossy sessions In case of lossy connections the SMB state would properly clean up transactions, including file transactions. However for files the state was never set to 'truncated', leading to files to stay 'active'. This would lead these files staying in the SMB's state. In long running sessions with lots of files this would lead to performance and memory use issues. This patch cleans truncates the file that was being transmitted when a file transaction is being closed.	5 years ago
Victor Julien	25f2efe977	smb: check post-gap timeouts once a second at most	5 years ago
Victor Julien	8aa380600d	smb: update ts only if it changed	5 years ago
Jeff Lucovsky	8c5c949cfa	output/tftp: Convert to JsonBuilder This commit converts the TFTP logging mechanisms to JsonBuilder.	5 years ago

1 2 3 4 5 ...

447 Commits (72dab0a8b75fabef3a1edeb59644231c26232c62)