Commit Graph

98 Commits (0977f40d1cf6d5dad75c95f31614678225a77943)

Author SHA1 Message Date
Jason Ish a5d66a7452 bundle.sh: comment line fixup
Accept lines that start with a hash, but not immediately followed by a
space as a comment as well.
3 years ago
Philippe Antoine e69e99f820 ci: checks include are necessary in github 3 years ago
Philippe Antoine 025b510cac detect: use generic integer functions for template2 3 years ago
Jason Ish cd42c33195 scripts/bundle: use git instead of tar.gz
To better fit with our current CI processes, use git to clone the
suricata-update and libhtp dependencies.  The requirements.txt file has
been modified to take a repo URL and a `-b` command line option for tag
or branch.

For the master branch we will use the libhtp 0.5.x branch and the
suricata-update master branch.

Also allows for repo and branch names to be overrided with environment
variables:
- SU_REPO
- SU_BRANCH
- LIBHTP_REPO
- LIBHTP_BRANCH
4 years ago
Juliana Fajardini 67af1504b3 devguide: drop use of mscgen script in builds/make
Currently, it seems easier to upload the diagram images to git than to
try to make the image generation script work with out of the tree builds
and other corner cases.

This means, however, that one must activelly remember to update msc
diagram files, run the script and re-add new png files, if those ever
need to be updated. To raise awareness to that, a watermark was added
to the diagram images.

Also removed configuration steps that added mscgen as dependency
(locally and for workflow builds and readthedocs).
4 years ago
Victor Julien 08346cb239 dnp3: update gen script to use jb_set_string_from_bytes
Bug: #5080.
4 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
4 years ago
Jason Ish 6d3dcf27a6 eve: use JsonBuilder for encoding base64
Replaces all usages of Base64Encode just before writing to a
JsonBuilder with jb_set_base64 and jb_append_base64.
4 years ago
Philippe Antoine 86b5c81ea2 dnp3: fix int warnings
There is a hack to know the type of an integer
and do an explicit cast in the python script
generating the C file

Also extends some bounds check against negative values
4 years ago
Jason Ish 16a21d7839 scripts: bundle script for requirements
Add a bundle.sh script to bundle the requirements of libhtp
and suricata-update. This uses a Python like requirements.txt
file to specify the URL to download for libhtp and suricata-update.
4 years ago
Philippe Antoine 126a7dcb4f dnp3: adds bounds check for prefix chararray
Ticket: #4558
Avoids intra structure overflow
4 years ago
Philippe Antoine 5ec9688f03 dnp3: use base64 macro in gen script
As is done already in C
cf commit ea0936199d
4 years ago
Juliana Fajardini c6a35d09b7 templates: fix typos
- *template*files[ch][rs]: fix typos
- scripts/setup-app-layer: fix typos
5 years ago
Juliana Fajardini 4748826dc7 scripts/setup-app-layer: fix Makefile.am patch
adjust lines for patching /src/Makefile.am, as current generated
Makefile wasn't building Suricata.
Add suggestion to run "./configure" before running "make".
Add --logger and --parser options to examples.
5 years ago
Philippe Antoine 15980af7de dnp3: avoids DOS by too long loop over null-sized objects 5 years ago
Philippe Antoine 5749024e3f dnp3: fix memory leak with object containing bytearrays 5 years ago
Philippe Antoine 001350547a dnp3: fix signed integer overflow
By using unsigned integers everywhere
5 years ago
Danny Browning ac37fd5e29 tools: bash from env
Use of hardcoded bash prevents users from using an upgraded bash which may
live in a different location. This behavior is often seen on OSX systems.

Utilize env to find the preferred bash to call for scripts.
5 years ago
Jason Ish 13049ae09d scripts/setup-app-layer: fix rust generation
Fix Rust app-layer generation. Main parser file was being named
gopher.rs instead of the name of the protocol.
5 years ago
Roland Fischer 69ed6f253f util: Add clang-format helper script 5 years ago
Jason Ish 85eaa2276c scripts/dnp3-gen: update to generate JsonBuilder code 5 years ago
Jason Ish 4976afd96a script/dnp3-gen: update generator to reflect in tree changes
Some changes were made to the generated files instead of the
generator script. Update the script to generate what is
in the current state of the in-tree generated files.
5 years ago
Philippe Antoine 293eebd999 fuzz: remove obsolete AFL code 6 years ago
Philippe Antoine 492504cf62 python: remove unused imports 6 years ago
Victor Julien edd2cd626f jansson: remove HAVE_LIBJANSSON guards 6 years ago
Jason Ish c1238af3e0 check-setup: fix script names for .sh to .py 7 years ago
Victor Julien 0b5a2ab49b setup-app-layer: support tests in tests/ 7 years ago
Jason Ish 7ec7d85ecc setup-app-layer.py: integrate detect buffer setup
Add --detect to setup a detect buffer.

Obsoletes setup-app-layer-detect.sh.
7 years ago
Jason Ish 15922dcd8c setup-app-layer.py: attempt to cd into correct directory
- If in src, cd to ..
- Error out early if the current directory does not look like a
  Suricata source directory.
7 years ago
Victor Julien 789b1474ed detect/template2: setup script 7 years ago
Victor Julien 5ed7e4fb5f setup-app-layer-detect: update for tests/ dir 7 years ago
Victor Julien 452355bb63 setup-simple-detect: update for new tests location 7 years ago
Jason Ish 9da00bebf0 scripts/setup: remove 'ed' based setup scripts
Removes:
- setup-app-layer.sh
- setup-app-layer-logger.sh

These have been replaced by setup-app-layer.py.
7 years ago
Jason Ish e232fcc415 setup-app-layer: rewrite script in Python
The idea being that it is easier to read and maintain than
wrapping ed commands.

This script also merges the parser and logger setup into a single
script, but still allows just the parser, or just the logger
to be generated with flags, --logger and --parser.
7 years ago
Jason Ish a7d90162d1 suricatasc: move into python/
Will be built and installed as part of the Python code used
for suricatactl, which is intended to be the generic place
for all Python utility code that gets installed with Suricata.

No change to suricatasc code.
8 years ago
Danny Browning 4b897c9060 source-pcap-file: Directory mode may miss files (bug #2394)
https://redmine.openinfosecfoundation.org/issues/2394

Certain parameters of delay and poll interval could cause newly added
files in a directory to be missed. Cleaned up how time is handled for
files in a directory and fix which time is used for future directory
traversals. Add a mutex to make sure processing time is not optimized
away.
8 years ago
Jason Ish f70e8d00ea dnp3-gen: require jinja2 v2.10 or later
Previous versions, but not all, have issues tracking
variables.
8 years ago
Philippe Antoine 6a6aa04f55 dnp3-gen: fix heap buffer overflow in generated code
Due to missing check before memcpy.
8 years ago
Eric Leblond 3c68a22092 suricatasc: implement autoreconnect
Implement a basic autoreconnect support. It tries to reconnect once
when connection has been lost. If it fails, it discards the command
and try again to connect at next command.
8 years ago
Eric Leblond 3d0ba36ba8 unix socket: protocol v0.2
This patch updates the unix socket protocol. Messages send from
the server and the client have now a '\n' at the end. This allows
both sides to detect easily the end of a command.

As a side effect, this fixes the problem of long answer in
suricatasc. There is now a limit at the arbitrary value of 65536.

Backward compatility is preserved as a client with the older
version of the protocol can still connect to a Suricata with
version 2 of the protocol.
8 years ago
Jason Ish 3fd7256af5 setup-app-layer-detect: update for changes in detect 8 years ago
Danny Browning 0813f08075 suricatasc: pcap-file-continuous (2412)
https://redmine.openinfosecfoundation.org/issues/2412

Suricatasc is not supporting pcap-file processing in continuous mode.
Register a new command pcap-file-continuous in the unix manager to work
with suricatasc. Add defaulted arguments for pcap-file to support
backwards compatibility.
8 years ago
Jason Ish 46d754044e suricatasc: don't use find -delete
For when -delete isn't supported by find. Instead use
-print0 with xargs -0.
8 years ago
Giuseppe Longo 16ddba61d6 suricatasc: add commands for memcap handling 8 years ago
Jason Ish 84f09d5124 template scripts: fixup detect setup scripts
Update scripts to reflect recent changes in the detection files.
8 years ago
Dana Helwig 3ab9120821 source-pcap-file: Pcap Directory Mode (Feature #2222)
https://redmine.openinfosecfoundation.org/issues/2222

Pcap file mode that when passed a directory will process all files in
that directory. If --pcap-file-continuous or continuous option is passed
in json, the directory will be monitored  until the directory is
moved/deleted, suricata is interrupted, or the pcap-interrupt command
is used with unix command socket. Existing file implementation and new
directory implementation has moved from source-pcap-file into
pcap-file-helper and pcap-directory-helper.

Engine state will not reset between files.

Also satisfies:
 * https://redmine.openinfosecfoundation.org/issues/2299
 * https://redmine.openinfosecfoundation.org/issues/724
 * https://redmine.openinfosecfoundation.org/issues/1476

Co-Authors: Dana Helwig <dana.helwig@protectwise.com> and
Danny Browning <danny.browning@protectwise.com>
8 years ago
Pierre Chifflier 862abd2fe4 applayer: add StringToAppProto
Add StringToAppProto to map a protocol name to a AppProto.

Exposing this function is required to let parsers discover their
AppProto identifier constant dynamically.
For example, a parser can request this value, and use it for
registration without knowing the value.
8 years ago
Jason Ish 40a1a972d6 template: script to check the setup scripts
This script applies the setup scripts one by one followed
by a make distcheck.
8 years ago
Jason Ish d1ac839333 template scripts: allow to be called from top or src
Allow the template setup script to be called from the top source
directory or from ./src to unify where they can be executed
from.
8 years ago
Jason Ish ea2ef1b51a templates: rename scripts to use - instead of _
Use "-" consistently instead of a mix of - and _.

setup_decoder.sh -> setup-decoder.sh
setup_simple_detect.sh -> setup-simple-detect.sh
8 years ago