Philippe Antoine
c4d9cb02ec
util: better hex print function
...
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
3 years ago
Philippe Antoine
6058792bee
rust: make suricata context const
...
So that it is read only and its pointers do not get modified
3 years ago
Philippe Antoine
5a00acece2
ftp: remove temporary fields from state
...
As input, input_len and direction only last for the scope of
one call of AppLayerParserParse, it is not necessary to keep them
in FtpState which lives longer, so we consume less memory.
3 years ago
Philippe Antoine
6224e283fa
modbus: bump up rust crate version
...
So that probing parser is more strict and does not accept unknown
function code as valid modbus.
Ticket: #5377
3 years ago
Jason Ish
c8a5207083
detect: introduce "like" ip-only signature type
...
Rules that look like they should be IP-only but contain a negated rule
address are now marked with an LIKE_IPONLY flag. This is so they are
treated like IPONLY rules with respect to flow action, but don't
interfere with other IPONLY processing like using the radix tree.
Ticket: #5361
3 years ago
Philippe Antoine
d5abaf0b38
decode: fix integer warning
...
Newly introduced warning.
Regular cast as value is checked just before.
Ticket: #4516
3 years ago
Philippe Antoine
717e51b7cf
defrag: fix integer warnings
...
Ticket: #4516
3 years ago
Philippe Antoine
2d761810db
rust: cbindgen first verifies existing bindings
...
So as not to recompile every C file inclusing rust.h
3 years ago
Philippe Antoine
ced96a8aad
detect: parsing avoiding infinite loop
...
by comparing size_t to strlen result
Instead of uint16_t which would loop
Ticket: #5310
3 years ago
Philippe Antoine
875eb58fb0
file: use functions on fd to avoid toctou
...
Ticket: #5308
3 years ago
Philippe Antoine
ecb8dd4de0
util: check for unsigned overflow in rohash
...
To make CodeQL happy
3 years ago
Jason Ish
adda8801d8
conf: remove ConfGetValue
...
All uses of ConfGetValue are satisfied by ConfGet
3 years ago
Philippe Antoine
5bd19135b0
util: remove malloc from streaming buffer config
...
as it is unused
3 years ago
dependabot[bot]
0dd7c23fa0
github-actions: bump actions/cache from 3.0.2 to 3.0.3
...
Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed
)
---
updated-dependencies:
- dependency-name: actions/cache
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
Andreas Dolp
db73a12540
doc/tls: Add documentation for TLS logging
3 years ago
Andreas Dolp
f42bb45ccd
doc/tls: Remove redundant example
3 years ago
Andreas Dolp
e9976a0e14
suricata.yaml.in: Fix default value of prealloc-sessions
3 years ago
Andreas Dolp
324f5ec10c
doc: Add missing ")" in example
3 years ago
Andreas Dolp
32b39d054f
suricata.yaml.in: Remove duplicate "with" in comment.
3 years ago
Andreas Dolp
e4163c4e02
doc: Fix typos
3 years ago
Andreas Dolp
49bd6cfa5d
doc: Fix broken link
3 years ago
Philippe Antoine
284ad462fc
output: adds schema.json
...
Ticket: #1369
3 years ago
Victor Julien
ebf0629615
log-pcap: remove tunnel locks
...
The tunnel lock mutex only "protects" the tunnel synchronization,
not the packet data, length or datalink fields.
3 years ago
Victor Julien
e7ab96c389
nflog: fix datalink compile issue
3 years ago
Juliana Fajardini
43d28f251f
util/action: convert unittests to FAIL/PASS API
...
Task #5371
3 years ago
Juliana Fajardini
9b9b6aa2ce
util/action: unittests clean-up (to sv tests)
...
Removing all unittests that work better as suricata-verify tests.
Task #5371
3 years ago
Victor Julien
4ed6c928aa
unittest: minor helper cleanup
3 years ago
Victor Julien
41b5364511
detect/parse: cleanup test
3 years ago
Victor Julien
a437dde739
detect: parsing test cleanups/improvements
3 years ago
Victor Julien
e738b10e23
host-os-info: add test to show mixed ipv4/ipv6
3 years ago
Victor Julien
f3d887310c
rule/vars: clean up tests
3 years ago
Victor Julien
1b65af2867
detect/iponly: minor code cleanup
3 years ago
Victor Julien
beecc1890f
detect/iponly: include postmatch in determination
3 years ago
Victor Julien
4b097460c2
detect/iponly: simplify handling of 'any' parsing
3 years ago
Victor Julien
ffef10c5d7
detect: address parsing variable rename to match code style
3 years ago
Victor Julien
51ef6f4e3a
detect/iponly: remove unused code
3 years ago
Juliana Fajardini
6ccc01a79c
rust: fix doc comments that trigger rust warnings
...
Rust generates warnings that are treated as errors for documentation
blocks before `extern` blocks.
3 years ago
dependabot[bot]
fbbf23b930
github-actions: bump ossf/scorecard-action from 1.0.4 to 1.1.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
3 years ago
Victor Julien
f4f63ebff8
stream: add packet header outside of lock
3 years ago
Victor Julien
419920288c
log/pcap: open handles outside of lock
3 years ago
Scott Jordan
c751c45850
log/pcap: add buffer timeout
...
Set timeout for pcap log so that packets do not sit
in buffer. Set default to one second.
3 years ago
Scott Jordan
2bf3172dd1
stream: memcap tracking for TcpSegment alloc
3 years ago
Eric Leblond
47a5e6356d
log/pcap: handle case of multiple link types
3 years ago
Eric Leblond
2c2fc6cd91
flow: set datalink for pseudo packet
...
Set pseudo packet datalink to the global one. This fixes the case
where the pcap handle is open with information coming from a
pseudo packet. Without this, we did end up in most cases with
an Ethernet packet being written in a Raw pcap.
3 years ago
Eric Leblond
1c2fba57f8
suricata: introduce global linktype
...
As Suricata is not supporting pcap-ng we have to stick with one single
datalink type for the capture if ever we want to do pcap logging.
Assuming this, this patch introduces a function to set the link
type globally. This will be used with pcap conditional logging
to get the logging of TCP segments with the correct link type.
3 years ago
Eric Leblond
584136ecb7
log/pcap: log segments for pseudo packets
3 years ago
Eric Leblond
8f0ef48e82
log/pcap: fix conditional pcap in tag mode
...
We were missing the first packet when using condition pcap logging
in tag mode as it was not tagged. As a result we were not getting
the stream data triggering the alert in the pcap file.
3 years ago
Eric Leblond
9f4d59b3f7
detect/tag: add a tag for first packet
...
We may need to know that a packet has been tagged but is the
first one (and thus is not tagged).
3 years ago
Scott Jordan
6cfc3343e7
log/pcap: dump segments of both sides of tcp session.
...
This patch updates tcp segment dumping to dump segments
from both sides of the session in order when capturing
alerts and tags.
3 years ago
Eric Leblond
6f06f7c22c
doc: add info about capture_file key
3 years ago