The regular expression was accepting something like
"flowbits:!isset,isma;" without complaining even if it is not
correct and don't have the expected result.
So far the suricatactl parser was unclear about the options to use and
did not well display the required and optional param difference. Fix
that to make it legible for any user.
Before
```
└─ $ ▶ ./bin/suricatactl filestore -h
usage: suricatactl filestore [-h] {prune} ...
positional arguments:
{prune}
optional arguments:
-h, --help show this help message and exit
└─ $ ▶ ./bin/suricatactl filestore prune -h
usage: suricatactl filestore prune [-h] [-d DIRECTORY] [--age AGE] [-n] [-v]
[-q]
optional arguments:
-h, --help show this help message and exit
-d DIRECTORY, --directory DIRECTORY
filestore directory
--age AGE prune files older than age
-n, --dry-run only print what would happen
-v, --verbose increase verbosity
-q, --quiet be quiet, log warnings and errors only
```
After
```
└─ $ ▶ ./bin/suricatactl filestore -h
usage: suricatactl filestore [-h] {prune} ...
positional arguments:
{prune} sub-command help
prune Remove files in specified directory older than specified age
optional arguments:
-h, --help show this help message and exit
└─ $ ▶ ./bin/suricatactl filestore prune -h
usage: suricatactl filestore prune [-h] -d DIRECTORY [--age AGE] [-n] [-v]
[-q]
optional arguments:
-h, --help show this help message and exit
-n, --dry-run only print what would happen
-v, --verbose increase verbosity
-q, --quiet be quiet, log warnings and errors only
required arguments:
-d DIRECTORY, --directory DIRECTORY
filestore directory
--age AGE prune files older than age, units: s, m, h, d
```
Pylint is a tool to make sure we do not regress the support for Python
3. The following conventions, warnings, errors, refactors have been
fixed.
W0301: Unnecessary semicolon (unnecessary-semicolon)
C0303: Trailing whitespace (trailing-whitespace)
W1401: Anomalous backslash in string
C0103: Variable name doesn't conform to snake_case naming style
R1705: Unnecessary "elif" after "return"
W1201: Specify string format arguments as logging function parameters
W0611: Unused import
R1710: Either all return statements in a function should return an expression, or none of them should
W0612: Unused variable
C0103: Method name doesn't conform to snake_case naming style
R0201: Method could be a function
Call to suricatactl was failing with Python3 with the following error:
```
Traceback (most recent call last):
File "bin/suricatactl", line 40, in <module>
sys.exit(main())
File "./suricata/ctl/main.py", line 50, in main
args.func(args)
AttributeError: 'Namespace' object has no attribute 'func'
```
Fix this by making it run with Py3 just like it does with Py2.
Closes redmine ticket #2793
In low memory or memcap reached conditions a crash could happen in
inline stream detection.
The crash had the following path:
A packet would come in and it's data was added to the stream. Due
to earlier packet loss, the stream buffer uses a stream buffer block
tree to track the data blocks. When trying to add the current packets
block to the tree, the memory limit was reached and the add fails.
A bit later in the pipeline for the same packet, the inline stream
mpm inspection function gets the data to inspect. For inline mode
this is the current packet + stream data before and after the packet,
if available.
The code looking up the packets data in the stream would not
consider the possibility that the stream block returned wasn't
the right one. The tree search returns either the correct or the
next block. In adjusting the returned block to add the extra stream
data it would miscalculate offsets leading to a corrupt pointer to the
data.
This patch more carefully checks the result of the lookup, and
falls back to simply inspecting the packet payload if the lookup
didn't produce the expected result.
Bug 2842.
Reported-by: Ad Schellevis <ad@opnsense.org>
Process multiple packets at nm_dispatch. Use zero copy for workers
recv mode.
Add configure check netmap check for API 11+ and find netmap api version.
Add netmap guide to the userguide.
Cipher suites length should always be divisible by two. If it is a
odd number, which should not happen with normal traffic, it ends up
reading one byte too much.
No resizing is done in Ja3BufferResizeIfFull() when the buffer is
empty. This leads to a potential overflow when this happens, since
a ',' is appended even when the buffer is empty.
Bug #2762
Add rust but have it disabled as it is broken.
Add windivert, winpcap and npcap builds.
Run unittests on one of the builds.
Use reasonably strict CFLAGS.
No longer set stream events after a gap or wrong thread. We know
we lost sync and are now in 'lets make the best of it'-mode. No
point in flooding the system with stream events.
Ticket #2484
This commit addresses the following three cases:
1. Do not use maxsplit keyword arg
maxsplit argument to the split command was not a part of Python 2
and using it with Python 2 causes the following failure:
```
TypeError: split() takes no keyword arguments
```
Avoid this by eliminating all the named arguments from split.
2. Fix failure on extra arguments
Up until now, suricatasc fails if any command which is not supposed to
take args is given args.
Fix this by ignoring any extra params.
Closes redmine ticket #2813
3. Fix failure on different type of args
If a command was given a string argument where it expected an int, it
would fail and the process would exit.
Fix this by handling the exception caused in such cases.
Closes redmine ticket #2812
Eric Leblond
Shivani Bhardwaj
Victor Julien
magenbluten
Travis Green
Alexander Gozman
Mats Klepsland