Commit Graph

13168 Commits (c4d9cb02ec5521bf051ebef6d0fcd986b6cc3b51)
 

Author SHA1 Message Date
Philippe Antoine c4d9cb02ec util: better hex print function
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
3 years ago
Philippe Antoine 6058792bee rust: make suricata context const
So that it is read only and its pointers do not get modified
3 years ago
Philippe Antoine 5a00acece2 ftp: remove temporary fields from state
As input, input_len and direction only last for the scope of
one call of AppLayerParserParse, it is not necessary to keep them
in FtpState which lives longer, so we consume less memory.
3 years ago
Philippe Antoine 6224e283fa modbus: bump up rust crate version
So that probing parser is more strict and does not accept unknown
function code as valid modbus.

Ticket: #5377
3 years ago
Jason Ish c8a5207083 detect: introduce "like" ip-only signature type
Rules that look like they should be IP-only but contain a negated rule
address are now marked with an LIKE_IPONLY flag. This is so they are
treated like IPONLY rules with respect to flow action, but don't
interfere with other IPONLY processing like using the radix tree.

Ticket: #5361
3 years ago
Philippe Antoine d5abaf0b38 decode: fix integer warning
Newly introduced warning.
Regular cast as value is checked just before.

Ticket: #4516
3 years ago
Philippe Antoine 717e51b7cf defrag: fix integer warnings
Ticket: #4516
3 years ago
Philippe Antoine 2d761810db rust: cbindgen first verifies existing bindings
So as not to recompile every C file inclusing rust.h
3 years ago
Philippe Antoine ced96a8aad detect: parsing avoiding infinite loop
by comparing size_t to strlen result
Instead of uint16_t which would loop

Ticket: #5310
3 years ago
Philippe Antoine 875eb58fb0 file: use functions on fd to avoid toctou
Ticket: #5308
3 years ago
Philippe Antoine ecb8dd4de0 util: check for unsigned overflow in rohash
To make CodeQL happy
3 years ago
Jason Ish adda8801d8 conf: remove ConfGetValue
All uses of ConfGetValue are satisfied by ConfGet
3 years ago
Philippe Antoine 5bd19135b0 util: remove malloc from streaming buffer config
as it is unused
3 years ago
dependabot[bot] 0dd7c23fa0 github-actions: bump actions/cache from 3.0.2 to 3.0.3
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](48af2dc4a9...30f413bfed)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
Andreas Dolp db73a12540 doc/tls: Add documentation for TLS logging 3 years ago
Andreas Dolp f42bb45ccd doc/tls: Remove redundant example 3 years ago
Andreas Dolp e9976a0e14 suricata.yaml.in: Fix default value of prealloc-sessions 3 years ago
Andreas Dolp 324f5ec10c doc: Add missing ")" in example 3 years ago
Andreas Dolp 32b39d054f suricata.yaml.in: Remove duplicate "with" in comment. 3 years ago
Andreas Dolp e4163c4e02 doc: Fix typos 3 years ago
Andreas Dolp 49bd6cfa5d doc: Fix broken link 3 years ago
Philippe Antoine 284ad462fc output: adds schema.json
Ticket: #1369
3 years ago
Victor Julien ebf0629615 log-pcap: remove tunnel locks
The tunnel lock mutex only "protects" the tunnel synchronization,
not the packet data, length or datalink fields.
3 years ago
Victor Julien e7ab96c389 nflog: fix datalink compile issue 3 years ago
Juliana Fajardini 43d28f251f util/action: convert unittests to FAIL/PASS API
Task #5371
3 years ago
Juliana Fajardini 9b9b6aa2ce util/action: unittests clean-up (to sv tests)
Removing all unittests that work better as suricata-verify tests.

Task #5371
3 years ago
Victor Julien 4ed6c928aa unittest: minor helper cleanup 3 years ago
Victor Julien 41b5364511 detect/parse: cleanup test 3 years ago
Victor Julien a437dde739 detect: parsing test cleanups/improvements 3 years ago
Victor Julien e738b10e23 host-os-info: add test to show mixed ipv4/ipv6 3 years ago
Victor Julien f3d887310c rule/vars: clean up tests 3 years ago
Victor Julien 1b65af2867 detect/iponly: minor code cleanup 3 years ago
Victor Julien beecc1890f detect/iponly: include postmatch in determination 3 years ago
Victor Julien 4b097460c2 detect/iponly: simplify handling of 'any' parsing 3 years ago
Victor Julien ffef10c5d7 detect: address parsing variable rename to match code style 3 years ago
Victor Julien 51ef6f4e3a detect/iponly: remove unused code 3 years ago
Juliana Fajardini 6ccc01a79c rust: fix doc comments that trigger rust warnings
Rust generates warnings that are treated as errors for documentation
blocks before `extern` blocks.
3 years ago
dependabot[bot] fbbf23b930 github-actions: bump ossf/scorecard-action from 1.0.4 to 1.1.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](c1aec4ac82...5c8bc69dc8)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
Victor Julien f4f63ebff8 stream: add packet header outside of lock 3 years ago
Victor Julien 419920288c log/pcap: open handles outside of lock 3 years ago
Scott Jordan c751c45850 log/pcap: add buffer timeout
Set timeout for pcap log so that packets do not sit
in buffer. Set default to one second.
3 years ago
Scott Jordan 2bf3172dd1 stream: memcap tracking for TcpSegment alloc 3 years ago
Eric Leblond 47a5e6356d log/pcap: handle case of multiple link types 3 years ago
Eric Leblond 2c2fc6cd91 flow: set datalink for pseudo packet
Set pseudo packet datalink to the global one. This fixes the case
where the pcap handle is open with information coming from a
pseudo packet. Without this, we did end up in most cases with
an Ethernet packet being written in a Raw pcap.
3 years ago
Eric Leblond 1c2fba57f8 suricata: introduce global linktype
As Suricata is not supporting pcap-ng we have to stick with one single
datalink type for the capture if ever we want to do pcap logging.
Assuming this, this patch introduces a function to set the link
type globally. This will be used with pcap conditional logging
to get the logging of TCP segments with the correct link type.
3 years ago
Eric Leblond 584136ecb7 log/pcap: log segments for pseudo packets 3 years ago
Eric Leblond 8f0ef48e82 log/pcap: fix conditional pcap in tag mode
We were missing the first packet when using condition pcap logging
in tag mode as it was not tagged. As a result we were not getting
the stream data triggering the alert in the pcap file.
3 years ago
Eric Leblond 9f4d59b3f7 detect/tag: add a tag for first packet
We may need to know that a packet has been tagged but is the
first one (and thus is not tagged).
3 years ago
Scott Jordan 6cfc3343e7 log/pcap: dump segments of both sides of tcp session.
This patch updates tcp segment dumping to dump segments
from both sides of the session in order when capturing
alerts and tags.
3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago