Commit Graph

16845 Commits (a9bf6bbd0ee43bcc4f984d5bb8f66f7d30eca7b7)
 

Author SHA1 Message Date
Jason Ish a9bf6bbd0e detect-dns-response: disable clang-format around byte arrays
These arrays are manually formatted for readability.
5 months ago
Jason Ish a026293b42 dns: rename dns.response keyword to dns.response.rrname
This is a better name as the keyword is looking at all rrname type
fields in the response.
5 months ago
Nathan Scrivens d3953dee8b doc/userguide: document dns.response
Feature: 7012
5 months ago
Nathan Scrivens 07632fdf4e dns: add dns.response sticky buffer
Feature: 7012
Add dns.response sticky buffer to match on dns response fields.
Add rust functions to return dns response packet data.
Unit tests verifying signature matching.
5 months ago
Philippe Antoine f68e2f5537 files: append data on closing even with FILE_NOSTORE
Ticket: 7577

When HTTP1 post multipart handles a small file, it will call
HTPFileClose with some data
This data needs to be appended to the streaming buffer for usage
by file.data keyword even if we do not end up storing the file
5 months ago
Alice Akaki 137f7fe652 detect: add ldap.responses.message
ldap.responses.message matches on LDAPResult error message
This keyword maps the following eve fields:
ldap.responses[].bind_response.message
ldap.responses[].search_result_done.message
ldap.responses[].modify_response.message
ldap.responses[].add_response.message
ldap.responses[].del_response.message
ldap.responses[].mod_dn_response.message
ldap.responses[].compare_response.message
ldap.responses[].extended_response.message
It is a sticky buffer
Supports prefiltering

Ticket: #7532
5 months ago
Alice Akaki 84605db01d detect: add ldap.responses.result_code
ldap.responses.result_code matches on LDAP result code
This keyword maps the following eve fields:
ldap.responses[].bind_response.result_code
ldap.responses[].search_result_done.result_code
ldap.responses[].modify_response.result_code
ldap.responses[].add_response.result_code
ldap.responses[].del_response.result_code
ldap.responses[].mod_dn_response.result_code
ldap.responses[].compare_response.result_code
ldap.responses[].extended_response.result_code
It is an unsigned 32-bit integer
Doesn't support prefiltering

Ticket: #7532
5 months ago
Alice Akaki d827728661 ldap: create a generic funtion to match integer responses 5 months ago
Alice Akaki bfa3558cf0 ldap: refactor function aux_ldap_parse_protocol_resp_op
Split code to create a generic function that parses LdapIndex
5 months ago
Alice Akaki caffde9428 ldap: rename DetectLdapRespData struct to be more specific 5 months ago
Alice Akaki 599d33c5bf ldap: return empty buffer in ldap_tx_get_responses_dn
Funciton ldap_tx_get_responses_dn returns empty buffer in case
the response doesn't contain the distinguished name field

Fixes: 73ae6e997f ("detect: add ldap.responses.dn")
5 months ago
Alice Akaki 82ca3e667b ldap: fix LDAPDN nits
Change variable name 'req' to 'resp' in function ldap_tx_get_responses_dn and documentation nits

Fixes:
73ae6e997f ("detect: add ldap.responses.dn")
16dcee46fc ("detect: add ldap.request.dn")
5 months ago
Alice Akaki 3b6106e8f4 ldap: apply rustfmt
Fixes: 4554c4778d ("rust: use AppProto from generated bindings instead of duplicating")
5 months ago
Philippe Antoine 544469780a ci: fix clusterfuzzlite build 5 months ago
dependabot[bot] 93bd1935bb github-actions: bump actions/upload-artifact from 4.6.0 to 4.6.1
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.0 to 4.6.1.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](65c4c4a1dd...4cec3d8aa0)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot] 2d7937b3ce github-actions: bump codecov/codecov-action from 5.3.1 to 5.4.0
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.3.1 to 5.4.0.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](13ce06bfc6...0565863a31)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot] 5d38c4de19 github-actions: bump github/codeql-action from 3.28.8 to 3.28.10
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.8 to 3.28.10.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.28.8...v3.28.10)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot] 47e08ee48e github-actions: bump actions/download-artifact from 4.1.8 to 4.1.9
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.8 to 4.1.9.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](fa0a91b85d...cc20338598)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
dependabot[bot] 03b113f7e3
github-actions: bump ossf/scorecard-action from 2.4.0 to 2.4.1
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.4.0 to 2.4.1.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](62b2cac7ed...f49aabe0b5)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
5 months ago
Jason Ish 2e52e9501f mqtt: naming and visibility cleanups
- remove rs_prefix, replace with SC if needed
- remove pub and no_mangle where not needed
- remove some unused functions and fields

Related to ticket: #7498
5 months ago
Jason Ish 0fe11cdfe5 enip: remove rs_ prefix
Related to ticket: #7498
5 months ago
Jason Ish c726d67bb0 dcerpc: visibility and naming cleanups
- replace rs_ prefixed names with SC
- remove no_mangle and pub where not needed
- remove some unused functions

Related to ticket: #7498
5 months ago
Jason Ish f0116c3a6b bittorrent: no_mangle, pub and naming cleanups
- Remove rs_prefix
- Remove no_mangle and pub when not needed

Related to ticket: #7498
5 months ago
Jason Ish 05dd607f34 rust: use CBINDGEN variable and not "cbindgen"
This uses the cbindgen found during ./configure, and not the one
found on the path during "make", which while often the same, aren't
always the same.

Ticket: #6384
5 months ago
Jason Ish 1b27febdd8 github-ci: re-enable RPM builds
The RPM has been updated to handle the conversion of suricatasc and
suricatactl to Rust.

Also fixes the "if" expression to prevent one job running both upload
sections.
5 months ago
Jeff Lucovsky 9b088ed018 applayer/ftp: Misc cleanup
Issue: 4082

Small fixups.
5 months ago
Jeff Lucovsky b7d240fb14 applayer/ftp: Move MPM declaration
This commit moves the MPM fn declaration into core.rs making it
available for other Rust modules.

Issue: 4082
5 months ago
Jeff Lucovsky 4d0cf8a8fa app-layer/ftp: Fixup state values
Issue: 4082

Fixup the incorrect state values -- they should be the default enum
values to match the pre-Rust implementation.
5 months ago
Jason Ish 0dc5b72c89 github-ci: skip rpm builds for now
RPMs will need to be fixed after merge.
5 months ago
Jason Ish 1dcb1e3f29 github-ci: add var to disable rpm builds
There will be changes in our development branch that the RPMs need to
adapt to, but that can't be done until the changes have been merged to
master, then the RPM can catchup.

This gives us a single variable to turn off RPM building.
5 months ago
Jason Ish f1d305b373 doc: add upgrade note about suricatasc and suricatactl 5 months ago
Jason Ish 1aa47649ca dist: include generate-evedoc.sh
Without this script `make distcheck` fails on a system with
documentation tooling installed, as its required to build the EVE
appendix.
5 months ago
Jason Ish 357822c68c github-ci: add check for update to date Cargo.lock.in
After a build, check if Cargo.lock.in and Cargo.lock differ, if so,
Cargo.lock.in needs an update as part of a depedency update.
5 months ago
Jason Ish 11a589f633 doc: remove python references related to suricatasc
These should probably be removed even without the rewrite, and
suricatasc has been installed as a proper program for many releases.
5 months ago
Jason Ish fc2824a9f7 qa: fix suricatasc path 5 months ago
Jason Ish a0089190df python: remove python implementation of suricatasc/suricatactl 5 months ago
Jason Ish 8fa347410e suricatactl: rust version of suricatactl 5 months ago
Jason Ish 7e4de3d1b9 github-ci: do one Windows build from dist archive
As we have 2 Windows builds, do one using the release-style
distribution file.
5 months ago
Jason Ish 8115669602 suricatasc: a Rust implementation of suricatasc
This is a re-implementation of suricatasc program in Rust that
attempts to be a 100% drop-in replacement.
5 months ago
Jason Ish c33bebd630 rust: remove allow of static mutables
As references to static mutables are highly discouraged, remove the
global suppressing of the compiler warning. Each use case can be
suppressed as needed.

Ticket: #7417
5 months ago
Jason Ish 4a2f10d235 smb: wrap read access to static mutables in function
Simply wrapping in a function removes static_mut_refs compiler
warning.

Ticket: #7417
5 months ago
Jason Ish d8c080b268 smtp: suppress static_mut_refs where needed
Allows us to get rid of the global supression.

Ticket: #7417
5 months ago
Jason Ish 9ed5b4c002 smtp: remove SCMimeSmtpConfigExtractUrlsSchemeReset
It doesn't appear to be needed. The vec being cleared is only set once
per run, so never needs to be cleared.

Removes one point where we have to supress the static_mut_refs compiler
warning.

Ticket: #7417
5 months ago
Philippe Antoine 97ee95c1a2 dns: move unit tests to suricata-verify
Ticket: 3725
Ticket: 7529
5 months ago
Jeff Lucovsky 49d4686144 main/flush: Support periodic flush logs
Issue: 3449
5 months ago
Jeff Lucovsky 36111450ac detect/flag: Pseudo pkt "flush log" flag
Issue: 3449

Add a flush directive to the packet that is distinct from the existing
"log flush" flag as the new flag is to distinguish between the 2 use
cases.
5 months ago
Jeff Lucovsky b18622554d output/log: Add flushing infrastructure
Issue: 3449

Add flushing functions and infrastructure. This includes:
- Flushing functions for packet loggers
- Log file flushing support
5 months ago
Jeff Lucovsky 04767f69fc output: Support buffer-size value
Issue: 3449
5 months ago
Jeff Lucovsky a3a3ad8968 doc/output: EVE output buffering related settings 5 months ago
Jeff Lucovsky 92b2aebe75 conf/output: Buffering related config settings
This commit adds 2 EVE output buffering settings
- buffer-size value which specifies the amount of buffering, if any,
  for regular/file output types.
- flush-interval Specifies the cadence at which Suricata will direct
  detect threads to flush EVE output.

Issue: 3449
5 months ago