suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	dc57460427	smb: fix event types for limit exceeded rules	3 years ago
Victor Julien	fc9b65d8d3	smb2: validate negotiate read/write max sizes Raise event if they exceed the configured limit.	3 years ago
Victor Julien	4be8334c9e	smb2: allow limiting in-flight data size/cnt Allow limiting in-flight out or order data chunks per size or count. Implemented for read and writes separately: app-layer.protocols.smb.max-write-queue-size app-layer.protocols.smb.max-write-queue-cnt app-layer.protocols.smb.max-read-queue-size app-layer.protocols.smb.max-read-queue-cnt	3 years ago
Victor Julien	5bcc4162f7	smb2: add options for max read/write size Add options for the max read/write size accepted by the parser.	3 years ago
Victor Julien	f28888513a	smb2: track max read/write size and enforce its values	3 years ago
Victor Julien	594acec5dc	smb: minor function cleanup Remove used argument from `filetracker_newchunk()`. We're not using fill_bytes with smb.	3 years ago
Philippe Antoine	3e48881b78	smb: prevents integer underflow Ticket: 5246 If msg_id is 0, we cannot find the previous request	3 years ago
Pierre Chifflier	8d77ce1ffc	rust/smb: convert parser to nom7 functions (SMB2)	4 years ago
Shivani Bhardwaj	89cb337930	smb: use Direction enum	4 years ago
Sam Muhammed	da0a976e23	rust(lint): use let for binding single value `match` is better used with binding to multiple variables, for binding to a single value, `let` statement is recommended. Bug: #4616	4 years ago
Philippe Antoine	9b8be5a650	smb: get file name in case of chained commands	4 years ago
Philippe Antoine	fde753d9d2	smb: recognizes file deletion over SMB2 using set_info_level == SMB2_FILE_DISPOSITION_INFO	4 years ago
Jason Ish	69cf5c9eea	rust(lint): remove needless borrows These are needless borrows (references) as the item is already a reference.	4 years ago
Philippe Antoine	ef5755338f	rust: SCLogDebug is real nop when built as release Before, even if there were no outputs, all the arguments were evaluated, which could turn expensive All variables which are used only in certain build configurations are now prefixed by underscore to avoid warnings	4 years ago
Philippe Antoine	caa7946888	smb: adds file overlap event against evasions Evasion scenario is - a first dummy write of one byte at offset 0 is done - the second full write of EICAR at offset 0 is then done and does not trigger detection The last write had the final value, and as we cannot "cancel" the previous write, we set an event which is then transformed into an app-layer decoder alert	5 years ago
Jason Ish	ac93ab281d	rust/logging: allow log macros to be used by plugins Fix plugin macros so they can be used by external Rust crates such as plugins.	5 years ago
Jason Ish	42e5065ab8	rust: update to Rust 2018 with cargo fix Migrate to Rust 2018 edition. Credit to Danny Browning for first demontrating this: https://github.com/OISF/suricata/pull/3604/commits	6 years ago
Pierre Chifflier	13b7399790	rust: upgrade all parsers to nom4	6 years ago
Victor Julien	4d044483cf	smb/dcerpc: clean up and unify DCERPC probe logic	7 years ago
Victor Julien	ac4e888597	smb2/dcerpc: probe if response data is dcerpc If we missed the tree connect we can't know for sure if we're reading from a (DCERPC) PIPE or not. In this case probe the data to see if it looks like DCERPC. If the detection succeeds, use a special 'suricata::dcerpc' service in the TX. Simplify handling of DCERPC records that cross records Update logging for the response only TXs.	7 years ago
Victor Julien	9dd7c38113	smb2: skip rest of READ response if status is not success	7 years ago
Victor Julien	4d58aaae90	smb: clean up partial read/write record handling	7 years ago
Victor Julien	aa8d64c2b8	smb: improve skip handling When skipping records the skip tracker could underflow if the record parsing had more data than expected. Enforce the calculation by moving it into a method and make the actual fields private.	7 years ago
Victor Julien	ea1e13cb00	smb: suppress notice messages	7 years ago
Victor Julien	7b61f2c589	smb2: log renames	7 years ago
Victor Julien	15978d4e85	smb: if filename is missing, use '<unknown>'	7 years ago
Victor Julien	32b19fac99	smb2: don't log/track each READ/WRITE/etc	7 years ago
Victor Julien	fb986abe81	smb: log file FID/GUID as fuid	7 years ago
Victor Julien	283be3cade	smb2: break out ioctl handling	7 years ago
Victor Julien	bf08285602	smb2: parse async records	7 years ago
Victor Julien	5c26020714	smb2: add ioctl transactions to log the funcs	7 years ago
Victor Julien	6d56edc3de	smb2: log client and server guid from negotiate	7 years ago
Victor Julien	c56f5e11ca	smb2: log share type	7 years ago
Victor Julien	0e05ef7369	smb2: parse and log timestamps in CREATE	7 years ago
Victor Julien	ecbf10da70	smb2: improve write error handling	7 years ago
Victor Julien	894a73ee06	smb2: add missing commands and improve ioctl err handling	7 years ago
Victor Julien	8bef120898	smb: session setup improvements Improve ntlmssp version extraction and logging, make its data structures optional. Extract native os/lm from smb1 ssn setup. Move session setup handling into their own files. Only log auth data for the session setup tx.	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago

38 Commits (dc574604275f6fe90266bbfc5cb2430b86f9cc09)