Commit Graph

12832 Commits (1e2883602b8d95d96fa9c31e5ebbcb68ceeaa14a)
 

Author SHA1 Message Date
Steven Ottenhoff 260bc03603 test/pppoe: refactor to use FAIL/PASS macros 4 years ago
Modupe Falodun 3dbf74ff10 detect-file-data: remove SMTP unittests
These tests are reimplemented as Suricata-verify tests

Task: 4938
4 years ago
Eric Leblond 264eddb81f output/alert: don't call basic logging twice
Issue: 4106
4 years ago
Victor Julien a7e77dd22d stream: suppress noisy debug message 4 years ago
Victor Julien 78f5e082f5 stream: fix stream pruning being too aggressive
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: #4953.
4 years ago
Victor Julien 544ff0fb52 stream: debug code for showing segment list state 4 years ago
Jeff Lucovsky f30d8ece80 detect: Avoid recomputing ntohl() in addr match
This commit makes a small optimization when comparing IPv4 and IPv6
addresses by making the host order value invariant and calculating the
value once, before entering the loop.
4 years ago
Philippe Antoine 86ea7f2474 file: define own variable instead of PATH_MAX
to be used for maximum size of file names,
and not depend on the OS
4 years ago
Philippe Antoine c56b1c99d5 ssl: fix int warnings
especially increasing padding_len size
4 years ago
Philippe Antoine 078e1cdacc smtp: fix int warnings
and explicitly truncating filename's length
4 years ago
Philippe Antoine 23f242dfc2 app: fix int warnings in generic app files 4 years ago
Philippe Antoine 334b1382e0 http: : fix int warnings
Explicitly truncate file names to UINT16_MAX

Before, they got implicitly truncated, meaning a UINT16_MAX + 1
file name, went to 0 file name (because of modulo 65536)
4 years ago
Philippe Antoine defce022b4 ftp: fix int warnings
Explicitly truncate a file name if it is longer
than UINT16_MAX
4 years ago
Jeff Lucovsky 22e89ec4a3 log: Coverity REVERSE_INULL warnings
This commit addresses Coverity reported "REVERSE_INULL" warnings.

Issue: 4699
4 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 4 years ago
Sam Muhammed 9bea850d53 nfs4_records: add unittests for nom7 parsers
Task #4866
4 years ago
Sam Muhammed 463fbdc36d nfs4_records: add missing field to res_sequence_ok()
Missing _seqid in sequence op struct left a trailing four zeros
that are parsed by nfs4_res_compound_command() as a cmd
causing a Switch Error Code
4 years ago
Sam Muhammed 4e2edd44aa nfs3-records: add unittests to nom7 parsers
Task #4866
4 years ago
Sam Muhammed 03906010a2 nfs3-records: add missing fields and update parsers
Add missing fields to some record structures and
update their respective parsers
4 years ago
Sam Muhammed 86c273dadc nfs2-records: add unittests for nom7 parsers
Task #4866
4 years ago
Jeff Lucovsky fc6fdef070 suricatasc: Handle incomplete/empty recv values
Issue: 4947

Improve handling of values returned by recv. Sometimes, recv returns an
empty string if suricata terminates asynchronously.
4 years ago
Victor Julien ddf14e51dc nfs2: improve READ parsing
Take fill_bytes into account.
4 years ago
Jason Ish 2011a5579c rust/app-layer: expose AppLayerEvent derive macro
Export the AppLayerEvent derive macro so plugin (or library code) can
use it as expected, for example:

use suricata::applayer::AppLayerEvent;

enum MyEvent {
    EventOne,
    EventTwo,
}
4 years ago
Jason Ish ba310440a6 rust/derive: make usable from a plugin or lib user
The macro was generating code that references names use the "crate"
prefix which will fail if the macro is used by a library user or plugin.
Dynamically check where we are running an use the correct import paths
as needed.
4 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust)
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
4 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
4 years ago
Shivani Bhardwaj 613b12b0e7 rust: bump MSRV to 1.41.1
Ticket: #4902.
(cherry picked from commit 87f04475aa)
4 years ago
Jason Ish 50fdcd098c rust/http2: use base64 crate for base64 decode 4 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
4 years ago
Jason Ish 6d3dcf27a6 eve: use JsonBuilder for encoding base64
Replaces all usages of Base64Encode just before writing to a
JsonBuilder with jb_set_base64 and jb_append_base64.
4 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
4 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers
Remove input, input_len and flags in favor of stream slice.
4 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
4 years ago
Jeff Lucovsky 93842aa14a doc/yaml: Signal-termination option description 4 years ago
Jeff Lucovsky 7f0f463b64 logging/diag: Enable stacktrace diagnostic if config'd
This commit adds a signal handler for SIGSEGV when configured. The
signal handler emits a one line stack trace using SCLogError. The intent
is to provide diagnostic information in deployments where core files are
not possible.

The diagnostic message is from the offending thread and includes the
stack trace; each frame includes the symbol + offset.
4 years ago
Jeff Lucovsky 163f70be9d logging: Stacktrace on signal term setting
This commit adds a configuration setting to enable a stack trace message
if Suricata receives a signal that terminates execution, such as
SIGSEGV, SIGABRT.
4 years ago
Jeff Lucovsky 501c870a2c error: Add error code for sig-related diagnostics
This commit adds an error code for the diagnostic code used for
diagnostic messages following unexpected termination due to signals..
4 years ago
Jeff Lucovsky 303dd29b50 configure.ac: Support libunwind configuration
This commit adds support for enabling libunwind -- a library that can be
used to display stack information.

Libunwind is enabled and used by Suricata if present during
configuration.  A diagnostic message is displayed if libunwind
cannot be found.
4 years ago
Juliana Fajardini 6ae80b2819 doc: replace ohloh with openhub link 4 years ago
Juliana Fajardini de0ce26e3f userguide: update references to Suricata website
Many places were still referencing the old Suricata page.
Used git grep with replace to update them. Checked that new links work.
Left old references when they were only documentation examples (for
output or unittests).

Task#4915
4 years ago
Juliana Fajardini 7b20488d4e userguide: fix low-hanging typos Config page 4 years ago
Philippe Antoine bf9bbdd612 detect: fix app-layer-protocol keyword for HTTP
Ticket: 4920

Completes commit c8dbe24fb6
which introduced AppProtoEquals to have a generic
check for http in signature can mean http1 or http2 in
traffic.

This commit missed this case, as I only looked for
git grep "alproto ==" and here we deal with
alproto_tc and alproto_ts, but not alproto by itself.
4 years ago
Odin Jenseg 2a5d79e426 doc/eve-json-format/dns: Describing Z-bit 4 years ago
Jason Ish 0861b66e15 dns: add dns flag to dns request logging
Ticket #4515
4 years ago
Odin Jenseg dfb6f105e8 dns: Logging of Z-bit
[Edit by Jason Ish: fix flag bit value]

Ticket #4515
4 years ago
Jason Ish fcbdc30426 dns: create transaction even if z-bit was set
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket #4924
4 years ago
Lukas Sismis 4972021cd4 dpdk: add DPDK test support in Github CI
Add DPDK dependency to the build process in distributions with
a native support of DPDK in their default package managers.
4 years ago
Lukas Sismis dab3274263 dpdk: add documentation for the DPDK runmode
Briefly present the DPDK runmode through configuration file.
4 years ago
Lukas Sismis de53e07559 dpdk/ice: setup RSS for Intel ICE PMD
Set RSS hash function according to Intel ICE PMD available hash functions

Set hash functions according to the support by the ICE PMD, so that no warning
regarding RSS setting is issued.
4 years ago
Lukas Sismis 3f7a50eeb7 dpdk/ixgbe: setup RSS for Intel IXGBE PMD
Set RSS hash function according to Intel IXGBE PMD available hash functions.

During configuration, a warning appeared stating that RSS hash function
has been changed from one value to the other. This has meant that
the supported hash functions did not cover all required hash functions
by the configuration. This commit solves the warning.
4 years ago