aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,518 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1f6a15cdf3'
${ noResults }
Commit Graph

824 Commits (1f6a15cdf3a65d9d911b734dc6a8142dec3b2a7c)

Author SHA1 Message Date
Modupe Falodun a87c7e5c08 rust: remove unnecessary nested match 
Bug: #4605
 4 years ago
Modupe Falodun 74c39500c3 rust: fix inherent to string 
Bug: OISF#4618
 4 years ago
Sam Muhammed 922a453da5 rust(lint): use is_null() instead of ptr::null_mut() 
Bug: #4594
 4 years ago
Sam Muhammed 23768c7181 rust(lint): use is_null() instead of ptr::null() 
Bug: #4594
 4 years ago
Sam Muhammed da0a976e23 rust(lint): use let for binding single value 
`match` is better used with binding to multiple variables,
for binding to a single value, `let` statement is recommended.

Bug: #4616
 4 years ago
Philippe Antoine 5bd065cb3c range: checks that end is after start for HTTP2 
As was done only for HTTP1 in previous commit

The verification part stays separated from the parsing part,
as we want to keep on logging invalid ranges values.
 4 years ago
Philippe Antoine accdad7881 ike: do not keep server transforms in state 
Fixes #4534

Now, only the tx with the transforms will match
with ike.chosen_sa_attribute
 4 years ago
Philippe Antoine 83887510a8 modbus: tx iterator 
When there are a lot of open transactions, as is possible with
modbus, the default tx_iterator will loop for the whole
transacations vector to find each transaction, that means
quadratic complexity.

Reusing the tx_iterator from the template, and keeping as a state
the last index where to start looking avoids this quadratic
complexity.
 4 years ago
Philippe Antoine ea4a509a54 app-layer: disable by default if not in configuration 
DNP3, ENIP, HTTP2 and Modbus are supposed to be disabled
by default. That means the default configuration does it,
but that also means that, if they are not in suricata.yaml,
the protocol should stay disabled.
 4 years ago
Philippe Antoine 8e8899c90c http2: range: check return value when opening 
HttpRangeContainerOpenFile can return NULL
so, http2_range_open can set file_range to NULL
And we should check this before calling http2_range_close
 4 years ago
Philippe Antoine cb30772372 style: remove latest warnings 
about unused variables
 4 years ago
Philippe Antoine 98f84d5a9b http2: follow range requests 
Move the content-range parsing code to rust
 4 years ago
Philippe Antoine 56fae072b2 http2: better rust lifetimes 
so that borrow check gets happy
 4 years ago
Philippe Antoine a1f9e0c97a rust: rename to StreamingBufferConfig as in C 4 years ago
Shivani Bhardwaj 42da0fb5c5 smb: fix broken stream depth setting 
The stream depth setting was broken since it was moved to Rust because
of a missing parser for memory values in configuration.
Use get_memval fn from conf.rs to calculate and fetch the correct
values.
 4 years ago
Shivani Bhardwaj 0cfe512ef0 rust/conf: add getter for memval 
Add a parser for memory values like 50kb, 20mb, etc on the Rust side.
 4 years ago
Shivani Bhardwaj f3fcc39738 ssh: remove futile default port setting 4 years ago
Shivani Bhardwaj 1f48714e75 smb: remove futile default port setting 4 years ago
Shivani Bhardwaj 13741540ce rfb: remove futile default port setting 4 years ago
Shivani Bhardwaj 7c9d573800 nfs: remove futile default port setting 4 years ago
Shivani Bhardwaj f4f6387a00 dcerpc: use null for default ports 4 years ago
Philippe Antoine 596a4a9d6e http2: better rust style 4 years ago
Philippe Antoine 48ed874dda http2: concatenate one headers multiple values 
For detection, as is done with HTTP1
 4 years ago
Philippe Antoine e3ff0e7731 http2: generic http2_header_blocks 
so as not to forget continuation and push promise
when iterating over headers
 4 years ago
Philippe Antoine 0b0649d98e http2: http.header keyword now works for HTTP2 
As well as http.header.raw
 4 years ago
Philippe Antoine 9b9f909d7d http2: http.header_names keyword now works for HTTP2 4 years ago
Philippe Antoine 547e9f4ab4 http2: http.host normalized keyword now works for HTTP2 4 years ago
Philippe Antoine 75f75e1eb0 http2: turn Host header into authority during upgrade 
HTTP1 uses Host, but HTTP2 uses rather :authority cf HPACK
 4 years ago
Philippe Antoine bb98a18b3d http2: better file tracking 
If an HTTP2 file was within only ont DATA frame, the filetracker
would open it and close it in the same call, preventing the
firther call to incr_files_opened

Also includes rustfmt again for all HTTP2 files
 4 years ago
Philippe Antoine 1378b2f451 http2: support deflate decompression 
cf #4556
 4 years ago
Victor Julien c9cee7af49 smb: add debug validation on file counts 4 years ago
Victor Julien 114d3ba730 smb: count files in tx 4 years ago
Victor Julien c1dfb619c4 http2: support per-tx file accounting 4 years ago
Victor Julien 1b3c3225cd nfs: add debug validation on file counts 4 years ago
Victor Julien 1d48601c25 nfs: support per-tx file accounting 4 years ago
Victor Julien 67759795c6 nfs: don't reuse file transactions 
After a file has been closed (CLOSE, COMMIT command or EOF/SYNC part of
READ/WRITE data block) mark it as such so that new file commands on that
file do not reuse the transaction.

When a file transfer is completed it will be flagged as such and not be
found anymore by the NFSState::get_file_tx_by_handle() method. This forces
a new transaction to be created.
 4 years ago
Victor Julien 56d3e28a3a filestore: track files getting stored per tx 
Avoid evicting a tx before the filedata logger has decided it is
done.
 4 years ago
Victor Julien c78f5ac316 app-layer/transactions: track files opens and logs 
To make sure a transaction is not evicted before all file logging is complete.
 4 years ago
Philippe Antoine 9b8be5a650 smb: get file name in case of chained commands 4 years ago
Philippe Antoine 3e5f59e2cb smb: fix parsing of file deletion over SMB1 4 years ago
Philippe Antoine fde753d9d2 smb: recognizes file deletion over SMB2 
using set_info_level == SMB2_FILE_DISPOSITION_INFO
 4 years ago
Jason Ish 71679c6ad0 ike: use derive macro from app-layer events 4 years ago
Jason Ish eb55297876 modbus: use derive macro from app-layer events 4 years ago
Jason Ish d3bd008e33 app-layer template: use derived app-layer event 4 years ago
Jason Ish cef2832dcf http2: use derived app-layer event 4 years ago
Jason Ish e92cb36bb8 krb5: use derived app-layer event 4 years ago
Jason Ish 92561837f8 ntp: use derived app-layer event 4 years ago
Jason Ish 1f71fb2cde rfb: register None for get_event_info/get_event_info_by_id 
Implementations are not required if they're just going to return
-1. We allow None to be registered for that.
 4 years ago
Jason Ish 4fd6aa866f sip: use derived app-layer event 4 years ago
Jason Ish 18448f6ed6 snmp: use derived app-layer event 4 years ago
Jason Ish bb094b17db ssh: use derived app-layer event 4 years ago
Jason Ish 9c3f06d9b5 dhcp: use derived app-layer event 4 years ago
Jason Ish b9f10ba22f smb: use derived get_event_info/get_event_info_by_id 4 years ago
Jason Ish 8eac5fc221 mqtt: derive AppLayerEvent for MQTTEvent 4 years ago
Jason Ish 6ed827a4ef dns: use derive macro for DNSEvent 4 years ago
Jason Ish 9221f1d9d5 applayerevent: derive get_event_info and get_event_info_by_id 
Add generation of wrapper functions for get_event_info
and get_event_info_by_id to the derive macro. Eliminates
the need for the wrapper method to be created by the parser
author.
 4 years ago
Jason Ish 0fa7b5c2a2 rust/applayer: provide generic event info functions 
Provide generic functions for get_event_info and
get_event_info_by_id. These functions can be used by any app-layer
event enum that implements AppLayerEvent.

Unfortunately the parser registration cannot use these functions
directly as generic functions cannot be #[no_mangle]. So they
do need small extern "C" wrappers around them.
 4 years ago
Jason Ish 27d1ee98ce rust: derive crate: for custom derives 
Currently has one derive, AppLayerEvent to be used like:

  #[derive(AppLayerEvent)]
  pub enum DNSEvent {
      MalformedData,
      NotRequest,
      NotResponse,
      ZFlagSet,
  }

Code will be generated to:
- Convert enum to a c type string
- Convert string to enum variant
- Convert id to enum variant
 4 years ago
Jason Ish dbea7d636f rust/applayer: define AppLayerEvent trait 
The derive macro will implement this trait for app-layer
event enums.
 4 years ago
Jason Ish cf21694ba6 rust(lint): suppress clippy lints that we should fix 
Suppress all remaining clippy lints that we trip. This can be
fixed on a per-lint basis.
 4 years ago
Jason Ish 91402f9fba rust(lint): remove manual implement of map method 
Using `if let` expressions in these cases is better expressed
by the map method, and considered idiomatic Rust for this usage.
 4 years ago
Jason Ish b021726a0d rust(lint): map the error instead of using or_else 
This is the preffered style and easier to understand the meaning
of the code.
 4 years ago
Jason Ish dcf57ecd96 rust(lint): replace push_str of single char to push(<char>) 4 years ago
Jason Ish d5c0962299 rust(lint): fix some usages of references 
- ref is discouraged for top level variables
- the other borrow is not required
 4 years ago
Jason Ish d0772e04b1 rust(lint): replace checked_mul with saturating_mul 
When defaulting checked_mul to u64::max, Rust has a method
that does the same thing called saturating_mul.
 4 years ago
Jason Ish d0be7541e9 rust(lint): removed unused unit () return 
This is code that is not needed and is a bit confusing to see.
 4 years ago
Jason Ish 4abbfd0d97 rust(lint): remove extra parens around bitwise or 
This is a readability fix, as on first look they almost look
like a Rust tuple.
 4 years ago
Jason Ish ac3a20b6e0 rust(lint): remove useless conversions and clones 
These add complexity and may not be optimized out by the compiler.
 4 years ago
Jason Ish 8bb6dab69d rust(lint): remove useless format calls 
In these simple cases to_string() is recommended and likely
performs better as the formatter is not called.
 4 years ago
Jason Ish 5bf5de3350 rust(lint): don't use unwrap_or for function calls 
Calling a function in unwrap_or causes that function to always
be called even when not needed. Instead use unwrap_or_else with
a closure which will only be called when needed.
 4 years ago
Jason Ish 602bb05e75 rust(lint): fix redundant closures 
This lint checks for a closure where a function can be directly
supplied.  Runtime performance is unchanged, but this makes
less work for the compiler.
 4 years ago
Jason Ish 69cf5c9eea rust(lint): remove needless borrows 
These are needless borrows (references) as the item is already
a reference.
 4 years ago
Jason Ish 363b5f99c3 rust: functions that reference raw pointers are unsafe 
Based on the Rust clippy lint that recommends that any public
function that dereferences a raw pointer, mark all FFI functions
that reference raw pointers with build_slice and cast_pointer
as unsafe.

This commits starts by removing the unsafe wrapper inside
the build_slice and cast_pointer macros then marks all
functions that use these macros as unsafe.

Then fix all not_unsafe_ptr_arg_deref warnings from clippy.

Fixes clippy lint:
https://rust-lang.github.io/rust-clippy/master/index.html#not_unsafe_ptr_arg_deref
 4 years ago
Jason Ish 53413f2d7a rust: remove all usage of transmute 
All cases of our transmute can be replaced with more idiomatic
solutions and do no require the power of transmute.

When returning an object to C for life-time management, use
Box::into_raw to convert the boxed object to pointer and use
Box::from_raw to convert back.

For cases where we're just returning a pointer to Rust managed
data, use a cast.
 4 years ago
Victor Julien 9d24a53c53 nfs: minor code cleanup 4 years ago
Victor Julien aa9d8658ef smb: minor formatting fixup 4 years ago
Victor Julien 094208823b smb: minor code cleanup 4 years ago
Shivani Bhardwaj 0a1747c1ba nfs: fix comment 4 years ago
Shivani Bhardwaj 58ac9b0f38 nfs: Add rust registration function 
Get rid of the C glue code and move registration completely to Rust.
 4 years ago
Shivani Bhardwaj 61fca4e9db nfs: add missing code from rust impl of fns 4 years ago
Shivani Bhardwaj de50ac631e nfs: Change fn sign as per rust registration requirement 
Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions.
Probe fn has also been changed to return AppProto as required by the new
fn signature.
 4 years ago
Shivani Bhardwaj e5c948df87 smb: Add rust registration function 
Get rid of the C glue code and move registration completely to Rust.
 4 years ago
Shivani Bhardwaj 27af4bb002 smb: add missing code from rust impl of fns 4 years ago
Shivani Bhardwaj 6420df84b7 smb: Change fn sign as per rust registration requirement 
Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions.
 4 years ago
Shivani Bhardwaj 4d6b6b5dfe smb: add constants 4 years ago
Shivani Bhardwaj d1ea00521b rust/core: Add flow flags 4 years ago
Jason Ish 222e55847c flow: provide flags accessor function 
Add an accessor function for flow flags. To be used by Rust where
the flow struct is an opaque data type.
 4 years ago
Shivani Bhardwaj cb8bd8c669 rust/applayer: add more externs 4 years ago
Philippe Antoine 31dccd1171 modbus: do not claim to handle gaps 4 years ago
Sascha Steinbiss d541b3d4a8 rust: fix warnings with nightly 4 years ago
Philippe Antoine 9e7ea631b2 dns: improve probing parser 
Checks opcode is valid
Checks additional_rr do not exceed message length
Better logic for incomplete cases
 4 years ago
Philippe Antoine 6f03ee2e47 dcerpc: handles bigger inputs than 2^16 
By comparing integers with the largest size
 4 years ago
Philippe Antoine 7d0a39412b detect: use u32 for InspectionBufferMultipleForList 
So that we do not have an endless loop casting index to
u16 and having more than 65536 buffers in one transaction

Changes for all protocols, even ones where it is impossible
to have such a pattern, so as to avoid bad pattern copy/paste
in the future
 4 years ago
Philippe Antoine b3c1f2ab48 nfs: improve probing parser 
Checks credentials flavor is known
 4 years ago
Philippe Antoine 39575e2cc9 modbus: use ascii character classes while parsin rule 
As the rust regex crate is unicode aware, which was
not the case of the C version
 4 years ago
Philippe Antoine ef5755338f rust: SCLogDebug is real nop when built as release 
Before, even if there were no outputs, all the arguments
were evaluated, which could turn expensive

All variables which are used only in certain build configurations
are now prefixed by underscore to avoid warnings
 4 years ago
Victor Julien 20e8f90981 http2: set Debug on structs 4 years ago
Victor Julien 3587033d9e files: construct with default, free on drop 
Update protocols.
 4 years ago
Victor Julien d757545f03 files: implement default support 4 years ago
Philippe Antoine fdab22d924 rust: fix app-layer parser flags 
This especially allows for SSH bypass to work
 4 years ago