Commit Graph

872 Commits (24a21af4ab9e4bb7ebf37a42577294733dca64d8)

Author SHA1 Message Date
Victor Julien 24a21af4ab quic: redo quic.version; parser cleanups
Reimplement quic.version as sticky buffer.

Removed unused parts of the parser.

Set unidirectional tx flag to fix double matching.
4 years ago
Emmanuel Thompson 7e51987263 quic: Add QUIC App Layer
Parses quic and logs a CYU hash for gquic frames
4 years ago
Sam Muhammed c4bd3cd70e nfs4_records: add unittests
Add unittests for setclientid, readdir records
Task #4866
4 years ago
Pierre Chifflier c61cbd9b35 rust: simplify bits parser annotations 4 years ago
Pierre Chifflier 1b25bcbb13 rust/smb: simplify bits parser annotations 4 years ago
Pierre Chifflier 4d6aa6d532 rust: add 'bits' combinator to simplify nom bits parsers
Add a specialized version of the 'bits' nom combinator so adding
bits-level parsers does not require type annotations.
4 years ago
Victor Julien 44c9241b6a telnet: initial support with frames
Bootstrapped using setup script. Basic option parsing for purpose
of tagging frames.
4 years ago
Jason Ish 3cdefd5f8b smb: use derive AppLayerFrameType 4 years ago
Victor Julien 0c9fdf8f4f smb: implement frames
SMB1 record parsing code simplification.

Frames:

    nbss.pdu
    nbss.hdr
    nbss.data

    smb1.pdu
    smb1.hdr
    smb1.data

    smb2.pdu
    smb2.hdr
    smb2.data

    smb3.pdu
    smb3.hdr
    smb3.data

The smb* frames are created for valid SMB records.
4 years ago
Jason Ish 8a40b7b42e cbindgen: ignore frames module 4 years ago
Jason Ish de870e2fbf rust: derive macro for app-layer frame type 4 years ago
Jason Ish 0ece208074 rust/applayer: create trait for app-layer frame types 4 years ago
Jason Ish cb7f7a7e08 app/frames: implement rust API 4 years ago
Victor Julien e6f49e5a05 app/frames: implement name to id API for frames 4 years ago
Pierre Chifflier 3e19ccdc0c rust/http2: convert parser to nom7 functions (HTTP2 ranges) 4 years ago
Pierre Chifflier f8647b0ffb rust/http2: convert parser to nom7 functions (HTTP2 core functions) 4 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 4 years ago
Sam Muhammed 9bea850d53 nfs4_records: add unittests for nom7 parsers
Task #4866
4 years ago
Sam Muhammed 463fbdc36d nfs4_records: add missing field to res_sequence_ok()
Missing _seqid in sequence op struct left a trailing four zeros
that are parsed by nfs4_res_compound_command() as a cmd
causing a Switch Error Code
4 years ago
Sam Muhammed 4e2edd44aa nfs3-records: add unittests to nom7 parsers
Task #4866
4 years ago
Sam Muhammed 03906010a2 nfs3-records: add missing fields and update parsers
Add missing fields to some record structures and
update their respective parsers
4 years ago
Sam Muhammed 86c273dadc nfs2-records: add unittests for nom7 parsers
Task #4866
4 years ago
Victor Julien ddf14e51dc nfs2: improve READ parsing
Take fill_bytes into account.
4 years ago
Jason Ish 2011a5579c rust/app-layer: expose AppLayerEvent derive macro
Export the AppLayerEvent derive macro so plugin (or library code) can
use it as expected, for example:

use suricata::applayer::AppLayerEvent;

enum MyEvent {
    EventOne,
    EventTwo,
}
4 years ago
Jason Ish ba310440a6 rust/derive: make usable from a plugin or lib user
The macro was generating code that references names use the "crate"
prefix which will fail if the macro is used by a library user or plugin.
Dynamically check where we are running an use the correct import paths
as needed.
4 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust)
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
4 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
4 years ago
Jason Ish 50fdcd098c rust/http2: use base64 crate for base64 decode 4 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
4 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
4 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers
Remove input, input_len and flags in favor of stream slice.
4 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
4 years ago
Jason Ish 0861b66e15 dns: add dns flag to dns request logging
Ticket #4515
4 years ago
Odin Jenseg dfb6f105e8 dns: Logging of Z-bit
[Edit by Jason Ish: fix flag bit value]

Ticket #4515
4 years ago
Jason Ish fcbdc30426 dns: create transaction even if z-bit was set
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket #4924
4 years ago
Pierre Chifflier d67f8f9196 rust/smb: convert parser to nom7 functions (SMB1) 4 years ago
Pierre Chifflier 895a54cea4 rust/smb: convert parser to nom7 functions (DCERPC records) 4 years ago
Pierre Chifflier 8d77ce1ffc rust/smb: convert parser to nom7 functions (SMB2) 4 years ago
Pierre Chifflier 5cadb878ff rust/smb: convert parser to nom7 functions (SMB3) 4 years ago
Pierre Chifflier 4c97dfa851 rust/smb: convert parser to nom7 functions (NTLM/SSP records) 4 years ago
Pierre Chifflier 3da816eb23 rust/smb: convert parser to nom7 functions (NBSS records) 4 years ago
Pierre Chifflier 90f9450971 rust: add nom7 combinator take_until_and_consume 4 years ago
Philippe Antoine 87d9c44ec5 rust: export constants via cbindgen
so that constants are not defined twice in Rust anc C
So that we are sure they have the same value
4 years ago
Philippe Antoine 784558df2e mime: handles multiple sections for a parameter
Ticket: 4386

as per RFC2231.
For instance filename can be split between filename*0,
filename*1, etc...
4 years ago
Philippe Antoine 8feb9c35ae mime: move FindMimeHeaderTokenRestrict to rust
Also fixes the case where the token name is present
in a value
4 years ago
Philippe Antoine 1b10848d84 mqtt: fix transaction completion
Ticket: 4862

A transaction to client is always considered
complete in the direction to server and vice versa.
Otherwise, transactions are never complete for
AppLayerParserTransactionsCleanup
4 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
4 years ago
Philippe Antoine 0caaf6bd23 range: prevents memory leak of file from HTTP2
Ticket: 4811
Completes commit c023116857

state.free should also close files with ranges
as state.free_tx did already

And file_range field should be reset so that there is no
use after free.
4 years ago
Jeff Lucovsky 23faeaea5c ftp: Remove diagnostic print
This commit removes a diagnostic message displayed during extraction of
the EPSV port.
4 years ago
Philippe Antoine c023116857 range: prevents memory leak of file from HTTP2
If a HTTP2 transaction gets freed before the end of the range
request, we need to have the files container which is in
the state, to transfer owernship of this file to the files
container.

Ticket: 4811
4 years ago