Commit Graph

128 Commits (8b69089cb8ec2736488a93f03eedc90aa9f8129b)

Author SHA1 Message Date
Jason Ish 2c51744ccc rust/ffi: stub out a rust ffi crate
This crate is for Rust wrappers around the -sys crate which includes
only raw bindings. This is the place to add nice wrappers around those
bindings, however it should remain clear of dependencies on the main
Suricata core crates.

Ticket: #7666
5 months ago
Lukas Sismis 3e4fdb2118 misc: time unit parsing function 6 months ago
Victor Julien b1fe6a4ceb rust: update lru to 0.16.3; update lock
RUSTSEC-2026-0002

Ticket: #8210.
6 months ago
Jason Ish 16c42da57e rust: add nom8 as a dependency
For the update from nom 7 to nom 8.
9 months ago
Jason Ish 6fdf0d736b rust: update aes-gcm to 0.10.3 9 months ago
Jason Ish b9517de86e rust: update aes to 0.8.4 9 months ago
Jason Ish 3b9dfe620d rust: pin time crate to 0.3.41
0.3.42 introduces dependencies that require Rust 1.81.
11 months ago
Jason Ish f68b06798f rust/htp: follow suricata versioning
Have htp follow Suricata versioning so we don't have to worry about
version updates as it changes.

For example, between 8.0.0-beta1 and 8.0.0-rc1 there were changes to
the htp, however the version stayed at 2.0.0 making it impossible to
publish these changes to crates.io.
1 year ago
Jason Ish 25b8cd9761 lua: update to lua 5.4.8002
This updated crates remove tmpnam from being linked in, removing the
warning.
1 year ago
Pierre Chifflier c152c5c7e0 ldap: update ldap-parser to 0.5.0 1 year ago
Jason Ish b83c2dacd4 lua: update to Lua 5.4.8
Also uses a proper Lua tagged version that is not a pre-release.

Ticket: #7632
1 year ago
Jason Ish e7366e43b5 rust: update deps
Update all deps with cargo update. Additionally, apply the updated
versions to the Cargo.toml, which while not stricly required, does
make it more clear what the version in use is.
1 year ago
Jason Ish f0eaebe3a6 rust: set MSRV to 1.75.0
This is the Rust version found on Ubuntu LTS releases as of today, and
is the oldest we need to support.

Ticket: #6573
1 year ago
Philippe Antoine 97591230a9 rust: update brotli crate to latest version
Ticket: 7735

New version has a fix for an integer underflow
1 year ago
Jason Ish 9781f207f7 lua: update to suricata-lua-sys 0.1.0-alpha.9
This version supports picking up CFLAGS either passed with CFLAGS or
SURICATA_LUA_SYS_CFLAGS.
1 year ago
Philippe Antoine 44c8632284 rust: use flate2 with C zlib
move flate2.rs to a backend supporting the setting
of window_bits, which is not the case for miniz-oxide.

This will allow WebSocket to use Sec-WebSocket-Extensions
which can set a non-default window_bits
1 year ago
Jason Ish e3a400a581 htp: rename to suricata-htp; allow publishing to crates.io
As the "suricata" crate depends on htp, we need to publish htp to
crates.io first, however "htp" name is already taken. So rename "htp" to
"suricata-htp".
1 year ago
Alex Savage 778053876b pop3: app-layer parser using sawp-pop3
This module uses the sawp-pop3 crate to parse POP3 requests and responses
Features:
- eve logging
- events for parsable but non-RFC-compliant messages

Ticket: 3243
1 year ago
Eric Leblond 0b031a33c6 domain: add new transformation
Ticket: #5639
1 year ago
Todd Mortimer 9c324b796e http: Use libhtp-rs.
Ticket: #2696

There are a lot of changes here, which are described below.

In general these changes are renaming constants to conform to the
libhtp-rs versions (which are generated by cbindgen); making all htp
types opaque and changing struct->member references to
htp_struct_member() function calls; and a handful of changes to offload
functionality onto libhtp-rs from suricata, such as URI normalization
and transaction cleanup.

Functions introduced to handle opaque htp_tx_t:
- tx->parsed_uri => htp_tx_parsed_uri(tx)
- tx->parsed_uri->path => htp_uri_path(htp_tx_parsed_uri(tx)
- tx->parsed_uri->hostname => htp_uri_hostname(htp_tx_parsed_uri(tx))
- htp_tx_get_user_data() => htp_tx_user_data(tx)
- htp_tx_is_http_2_upgrade(tx) convenience function introduced to detect response status 101
  and “Upgrade: h2c" header.

Functions introduced to handle opaque htp_tx_data_t:
- d->len => htp_tx_data_len()
- d->data => htp_tx_data_data()
- htp_tx_data_tx(data) function to get the htp_tx_t from the htp_tx_data_t
- htp_tx_data_is_empty(data) convenience function introduced to test if the data is empty.

Other changes:

Build libhtp-rs as a crate inside rust. Update autoconf to no longer
use libhtp as an external dependency. Remove HAVE_HTP feature defines
since they are no longer needed.

Make function arguments and return values const where possible

htp_tx_destroy(tx) will now free an incomplete transaction

htp_time_t replaced with standard struct timeval

Callbacks from libhtp now provide the htp_connp_t and the htp_tx_data_t
as separate arguments. This means the connection parser is no longer
fetched from the transaction inside callbacks.

SCHTPGenerateNormalizedUri() functionality moved inside libhtp-rs, which
now provides normalized URI values.
The normalized URI is available with accessor function: htp_tx_normalized_uri()
Configuration settings added to control the behaviour of the URI normalization:
- htp_config_set_normalized_uri_include_all()
- htp_config_set_plusspace_decode()
- htp_config_set_convert_lowercase()
- htp_config_set_double_decode_normalized_query()
- htp_config_set_double_decode_normalized_path()
- htp_config_set_backslash_convert_slashes()
- htp_config_set_bestfit_replacement_byte()
- htp_config_set_convert_lowercase()
- htp_config_set_nul_encoded_terminates()
- htp_config_set_nul_raw_terminates()
- htp_config_set_path_separators_compress()
- htp_config_set_path_separators_decode()
- htp_config_set_u_encoding_decode()
- htp_config_set_url_encoding_invalid_handling()
- htp_config_set_utf8_convert_bestfit()
- htp_config_set_normalized_uri_include_all()
- htp_config_set_plusspace_decode()
Constants related to configuring uri normalization:
- HTP_URL_DECODE_PRESERVE_PERCENT => HTP_URL_ENCODING_HANDLING_PRESERVE_PERCENT
- HTP_URL_DECODE_REMOVE_PERCENT => HTP_URL_ENCODING_HANDLING_REMOVE_PERCENT
- HTP_URL_DECODE_PROCESS_INVALID => HTP_URL_ENCODING_HANDLING_PROCESS_INVALID

htp_config_set_field_limits(soft_limit, hard_limit) changed to
htp_config_set_field_limit(limit) because libhtp didn't implement soft
limits.

libhtp logging API updated to provide HTP_LOG_CODE constants along with
the message. This eliminates the need to perform string matching on
message text to map log messages to HTTP_DECODER_EVENT values, and the
HTP_LOG_CODE values can be used directly. In support of this,
HTP_DECODER_EVENT values are mapped to their corresponding HTP_LOG_CODE
values.

New log events to describe additional anomalies:
HTP_LOG_CODE_REQUEST_TOO_MANY_LZMA_LAYERS
HTP_LOG_CODE_RESPONSE_TOO_MANY_LZMA_LAYERS
HTP_LOG_CODE_PROTOCOL_CONTAINS_EXTRA_DATA
HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_START
HTP_LOG_CODE_CONTENT_LENGTH_EXTRA_DATA_END
HTP_LOG_CODE_SWITCHING_PROTO_WITH_CONTENT_LENGTH
HTP_LOG_CODE_DEFORMED_EOL
HTP_LOG_CODE_PARSER_STATE_ERROR
HTP_LOG_CODE_MISSING_OUTBOUND_TRANSACTION_DATA
HTP_LOG_CODE_MISSING_INBOUND_TRANSACTION_DATA
HTP_LOG_CODE_ZERO_LENGTH_DATA_CHUNKS
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_NO_PROTOCOL
HTP_LOG_CODE_REQUEST_LINE_UNKNOWN_METHOD_INVALID_PROTOCOL
HTP_LOG_CODE_REQUEST_LINE_NO_PROTOCOL
HTP_LOG_CODE_RESPONSE_LINE_INVALID_PROTOCOL
HTP_LOG_CODE_RESPONSE_LINE_INVALID_RESPONSE_STATUS
HTP_LOG_CODE_RESPONSE_BODY_INTERNAL_ERROR
HTP_LOG_CODE_REQUEST_BODY_DATA_CALLBACK_ERROR
HTP_LOG_CODE_RESPONSE_INVALID_EMPTY_NAME
HTP_LOG_CODE_REQUEST_INVALID_EMPTY_NAME
HTP_LOG_CODE_RESPONSE_INVALID_LWS_AFTER_NAME
HTP_LOG_CODE_RESPONSE_HEADER_NAME_NOT_TOKEN
HTP_LOG_CODE_REQUEST_INVALID_LWS_AFTER_NAME
HTP_LOG_CODE_LZMA_DECOMPRESSION_DISABLED
HTP_LOG_CODE_CONNECTION_ALREADY_OPEN
HTP_LOG_CODE_COMPRESSION_BOMB_DOUBLE_LZMA
HTP_LOG_CODE_INVALID_CONTENT_ENCODING
HTP_LOG_CODE_INVALID_GAP
HTP_LOG_CODE_ERROR

The new htp_log API supports consuming log messages more easily than
walking a list and tracking the current offset. Internally, libhtp-rs
now provides log messages as a queue of htp_log_t, which means the
application can simply call htp_conn_next_log() to fetch the next log
message until the queue is empty. Once the application is done with a
log message, they can call htp_log_free() to dispose of it.

Functions supporting htp_log_t:
htp_conn_next_log(conn) - Get the next log message
htp_log_message(log) - To get the text of the message
htp_log_code(log) - To get the HTP_LOG_CODE value
htp_log_free(log) - To free the htp_log_t
1 year ago
Bryan Benson 15da9d783e rust: Update sawp dependencies to 0.13.1 due to SPDX license compatibility. 1 year ago
Jason Ish 8fa347410e suricatactl: rust version of suricatactl 1 year ago
Jason Ish 8115669602 suricatasc: a Rust implementation of suricatasc
This is a re-implementation of suricatasc program in Rust that
attempts to be a 100% drop-in replacement.
1 year ago
Jason Ish 8f22e55678 rust/sys: stub in suricata-sys crate for Rust bindings to C
Follow Rust convention of using a "sys" crate for bindings to C
functions. The bindings don't exist yet, but will be generated by
bindgen and put into this crate.

Ticket: #7341
1 year ago
Jason Ish fd488170c4 lua: update lua to 5.4.7
This version of out Lua crate also supports cross compiling.
1 year ago
Philippe Antoine 770a75911f ldap: update ldap-parser crate
so that we can implement abandon request support

Ticket: #7477
2 years ago
Jason Ish 8e408d3730 rust: update num-derive to 0.4.2
This prevents the clippy warning:

508 | #[derive(FromPrimitive, Debug)]
    |          ^------------
    |          |
    |          `FromPrimitive` is not local
    |          move the `impl` block outside of this constant `_IMPL_NUM_FromPrimitive_FOR_IsakmpPayloadType`
509 | pub enum IsakmpPayloadType {
    |          ----------------- `IsakmpPayloadType` is not local
    |
    = note: the derive macro `FromPrimitive` defines the non-local `impl`, and may need to be changed
    = note: the derive macro `FromPrimitive` may come from an old version of the `num_derive` crate, try updating your dependency with `cargo update -p num_derive`
    = note: an `impl` is never scoped, even when it is nested inside an item, as it may impact type checking outside of that item, which can be the case if neither the trait or the self type are at the same nesting level as the `impl`
    = note: items in an anonymous const item (`const _: () = { ... }`) are treated as in the same scope as the anonymous const's declaration for the purpose of this lint
    = note: this warning originates in the derive macro `FromPrimitive` (in Nightly builds, run with -Z macro-backtrace for more info)
2 years ago
Jason Ish 13841c0b9e rust: put all rust/cargo env vars in CARGO_ENV
To ensure that all calls to cargo use the same environment variables,
put the environment variables in CARGO_ENV so every call to cargo can
easily use the same vars.

The Cargo build system is smarter than make, it can detect a change in
an environment variable that affects the build, and the setting of
SURICATA_LUA_SYS_HEADER_DST changing could cause a rebuild.

Also update suricata-lua-sys, which is smarter about copying headers. It
will only copy if the destination does not exist, or the source header
is newer than the target, which can also prevent unnecessary rebuilds.

This is mainly to fix an issue where subsequent builds may fail,
especially when running an editor with a LSP enabled:

    Update lua crate to 0.1.0-alpha.5. This update will force a rewrite of
    the headers if the env var SURICATA_LUA_SYS_HEADER_DST changes. This
    fixes the issue where the headers may not be written.

    The cause is that Rust dependencies are cached, and if your editor is
    using rust-analyzer, it might cache the build without this var being
    set, so these headers are not available to Suricata. This crate update
    forces the re-run of the Lua build.rs if this env var changes, fixing
    this issue.
2 years ago
Victor Julien 91828ec00b smb: use lru for guid2name map; rename
Use `lru` crate. Rename to reflect this.

Add `app-layer.protocols.smb.max-guid-cache-size` to control the max
size of the LRU cache.

Ticket: #5672.
2 years ago
Philippe Antoine 8984bc6801 transforms: move xor to rust
Ticket: 7229
2 years ago
Jason Ish 3a7eef8121 lua: update to newer lua crate
This crate lets us instruct it where to copy the header files instead
of our Makefile trying to find the correct ones and copying them into
place.

Can prevent the simultaneous copy errors sometimes seen on a make
without a clean.
2 years ago
Philippe Antoine 3f0512ebeb rust: unpin serde
As oss-fuzz uses a newer compatible rustc version
2 years ago
Philippe Antoine d3eb6569d2 rust: pin serde version
because oss-fuzz does not support newer rust nightly
and newer serde does not support oss-fuzz old nightly
2 years ago
Jason Ish 85ee2f882f lua: use lua from crates.io rather than github
This allows the source override in .cargo/config.toml to apply to the
suricata-lua-sys crate as well fixing offline builds.

Ticket: #7226
2 years ago
Shivani Bhardwaj e93743a094 rust/base64: upgrade crate to latest
base64 crate is updated to the latest version 0.22.1. This came with
several API changes which are applied to the code. The old calls have
been replaced with the newer calls.

This was done following the availability of better fns to directly
decode into slices/vectors as needed and also that previous version was
too old.
Along with this change, update the Cargo.lock.in to reflect all changes
in the package versions.

Task 7219
2 years ago
Victor Julien da1645b3e1 rust: bump time to most recent
Fixes build on rustc 1.80.

Bumps the MSRV to 1.67.1.

Bug: #7130.
2 years ago
Victor Julien 058ad87089 rust: set MSRV to 1.67.1
This is needed for updating the ``time`` crate.
2 years ago
Giuseppe Longo ce7e190501 rust/ldap: implement types and filters
This implementation adds types and filters specified in the LDAP RFC to
work with the ldap_parser.
Although using the parser directly would be
best, strange behavior has been observed during transaction logging.
It appears that C pointers are being overwritten, leading to incorrect
output when LDAP fields are logged.
2 years ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features
"default_features" is being deprecated in Rust 2024.
2 years ago
Jason Ish 2e440169d6 lua: remove lua as a compile time feature
Its always built-in. However, can be disabled at runtime.
2 years ago
Jason Ish 1fd2c1a379 rust/lua: remove lua_int8 feature
Now that we're fixed to Lua 5.4, the integer size is always 8.
2 years ago
Jason Ish bc011f2205 lua: use rust crate to vendor (bundle) lua
Remove lua-dev(el) from all CI tests.
2 years ago
Philippe Antoine 3b5f1173ab Revert "rust: temporary: disable debug assertions"
This reverts commit 14ab9aa763.
2 years ago
Jason Ish 14ab9aa763 rust: temporary: disable debug assertions 2 years ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC
Ticket: OISF#6379
2 years ago
Sascha Steinbiss 9d0db71ebf ja3: make feature compile time configurable 2 years ago
Jason Ish 1657b6ff3c cargo: add description and license
Required for publishing to crates.io.
2 years ago
Jason Ish b9127e8b96 automake/rust: remove path.lib
Remove the path.lib parameter that is substituted into the output
Cargo.toml by autoconf. Instead, as part of the build, "cd" into the
source directory. We already set the Rust target directory to the
external build directory.

This makes the Cargo.toml more generic, and in a format suitable for
publishing to crates.io. It also makes it easier to pull in external
crates without needing to patch up their Cargo.toml, for example, it
might make pulling libhtp-rs easier.
2 years ago
Victor Julien a2c817243f rust: add MSRV as rust-version
Update github-actions to use it for the MSRV check.
2 years ago
Victor Julien 1d3a156179 rust: update parser dependencies
Time locked to 0.3.20 to guarantee MSRV of 1.63.
Update snmp-parser to 0.10.0.
Update asn1-rs to 0.6.1.
Update kerberos-parser to 0.8.0.
Update x509-parser 0.16.0.
Update der-parser to 9.0.0.
Remove specific use of der-parser 6.

Ticket: #6817.
Ticket: #6818.
2 years ago