4640b15d8c 
								
							
								 
							
						 
						
							
							
								
								log: prevents use of uninitialized variable  
							
							... 
							
							
							
							Even if the code seems unreachable for now 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8d1e4a1d0b 
								
							
								 
							
						 
						
							
							
								
								detect-content: error on single char hex pairs  
							
							... 
							
							
							
							Fix parsing of content like "|aa b cc|" which was parsed as "|aa bc|"
without error or warning. This will now fail out, requiring all hex
values to be 2 chars.
Ticket #5201  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6e90bf4739 
								
							
								 
							
						 
						
							
							
								
								streaming: remove unused 'auto slide' support  
							
							... 
							
							
							
							Add debug validation checks for "impossible" conditions. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								00da0d3420 
								
							
								 
							
						 
						
							
							
								
								detect: makes config keyword really require a flow  
							
							... 
							
							
							
							Ticket: 4972
Completes commit c3a220647 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								54bc43d3ed 
								
							
								 
							
						 
						
							
							
								
								detect-pcre: remove unittests  
							
							... 
							
							
							
							These tests are reimplemented in Suricata-Verify
Task: 4911 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3a490fb16c 
								
							
								 
							
						 
						
							
							
								
								nfs: Implement frames  
							
							... 
							
							
							
							Feature #4872 
Frames:
  - RPC Frames: Generic over TCP/UDP
     - rpc.pdu
     - rpc.hdr
     - rpc.data
     - rpc.creds -- for rpc calls
  - NFSv2, NFSv3
     - nfs.pdu
     - nfs.status -- for nfs responses
  - NFSv4 Only Frames
     - nfs4.pdu
     - nfs4.hdr
     - nfs4.ops -- for compound request/response operations
     - nfs4.status -- for nfs4 responses
RPC tcp/udp frames created with separate registeration functions e.g:
add_rpc_tcp_tc_frames()
add_rpc_udp_tc_frames() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d090dcbce9 
								
							
								 
							
						 
						
							
							
								
								rpc: Improve rpc_record struct  
							
							... 
							
							
							
							Add creds_len field to rpc_record
needed for rpc.creds frame length calculation 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8064a5348d 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_DESTROY_CLIENTID op parsers  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9d1fad28a7 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_DESTROY_SESSION op parsers  
							
							... 
							
							
							
							Also add respective request unittest
test_nfs4_request_destroy_session() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ff81cad4f1 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_LAYOUTRETURN op parsers  
							
							... 
							
							
							
							Also add respective request unittest
test_nfs4_request_layoutreturn() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								073244a0b8 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_GETDEVINFO op parsers  
							
							... 
							
							
							
							Also add respective response/request unittests
test_nfs4_response_getdevinfo()
test_nfs4_request_getdevinfo() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ff54a6d9d5 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_LAYOUTGET op parsers  
							
							... 
							
							
							
							Also add respective response/request unittests
test_nfs4_response_layoutget()
test_nfs4_request_layoutget() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3d542fcc67 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_SECINFO_NO_NAME op parsers  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b35d635ac7 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_RECLAIM_COMPLETE op parsers  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								2a41b46eca 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_CREATE_SESSION op parsers  
							
							... 
							
							
							
							Also add respective response/request unittests
test_nfs4_request_create_session()
test_nfs4_response_create_session() 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0a69c66153 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: Add NFSPROC4_EXCHANGEID response parser  
							
							... 
							
							
							
							Also add test_nfs4_response_exchangeid() unittest 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								fe7a49b737 
								
							
								 
							
						 
						
							
							
								
								rust/nfs4: improve NFSPROC4_OPEN op parser  
							
							... 
							
							
							
							Improve nfs4_res_open() parser to reflect other file-delegation types
Reflect the changes on test_nfs4_response_open() unittest 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								df83f7899d 
								
							
								 
							
						 
						
							
							
								
								fuzz: fix integer warnings  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								5790280c95 
								
							
								 
							
						 
						
							
							
								
								utils: fix integer warnings in r files  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								dca76a45a8 
								
							
								 
							
						 
						
							
							
								
								stream-tcp: fix integer warnings  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								068fb700df 
								
							
								 
							
						 
						
							
							
								
								util: fix int warnings in tm threads  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1bb51d114c 
								
							
								 
							
						 
						
							
							
								
								util: fix int warnings in unit tests  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b3ab126394 
								
							
								 
							
						 
						
							
							
								
								util: fix int warnings  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1e65324940 
								
							
								 
							
						 
						
							
							
								
								smb: rules for messages in the wrong direction  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								2341f47755 
								
							
								 
							
						 
						
							
							
								
								smb: handle records in the wrong direction  
							
							... 
							
							
							
							If an SMB record is seen in the wrong direction, set an event on the PDU
frame and don't process the record in the state.
No error is returned, so the next record will be processed. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								09e2d3b216 
								
							
								 
							
						 
						
							
							
								
								smb: expose smb1 request/reply flags with a method  
							
							... 
							
							
							
							Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								7b659489c8 
								
							
								 
							
						 
						
							
							
								
								smb: fix smb2 header flag parsing  
							
							... 
							
							
							
							The bits were being parsed in the order they're displayed in Wireshark,
rather than the order they were being seen on the wire, resulting in
direction and async being 0 more often than they should be.
Instead of bits, take the 4 bytes as an le_u32 and just use bit masks to
extract what we need into a struct, I think its easier to reason about
this way when comparing to the Microsoft documentation. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c3a220647b 
								
							
								 
							
						 
						
							
							
								
								detect: only apply ConfigApplyTx with app-layers  
							
							... 
							
							
							
							Ticket: 4972
Otherwise, it makes no sense to look for a tx... 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								e5838b8193 
								
							
								 
							
						 
						
							
							
								
								applayer/frame: remove output from GetFrame funcs  
							
							... 
							
							
							
							As these functions can be probed, having output there results in
misleading output. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								44208010db 
								
							
								 
							
						 
						
							
							
								
								detect-dce-iface: remove unittests  
							
							... 
							
							
							
							These tests are reimplemented in Suricata Verify
Task: 4911 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								935ea745f5 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: add tests for 5168  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								053b2b3b5b 
								
							
								 
							
						 
						
							
							
								
								detect/address: minor unittest cleanup  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								79b7b7a0dd 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: validate netmask  
							
							... 
							
							
							
							Only accept netmask in dotted quad notation if they can be turned
into a CIDR.
According to rfc 4632, CIDR (compat) netmasks are all that should be
used.
Bug: #5168 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								259bd8aa92 
								
							
								 
							
						 
						
							
							
								
								detect/address: validate netmasks  
							
							... 
							
							
							
							Only accept netmask in dotted quad notation if they can be turned
into a CIDR.
According to rfc 4632, CIDR (compat) netmasks are all that should be
used.
Bug: #5168 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4020e2faa7 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: break out range insert code  
							
							... 
							
							
							
							So we can reuse it. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a67b97e14c 
								
							
								 
							
						 
						
							
							
								
								util/cidr: add util to convert netmask to cidr  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								eb189e805a 
								
							
								 
							
						 
						
							
							
								
								src: use u8_tolower everywhere  
							
							... 
							
							
							
							Ticket: 4516
Instead of basic to_lower to get the cast to avoid warning
about integer
Sames goes for u8_toupper 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3fd8e908f8 
								
							
								 
							
						 
						
							
							
								
								range: better closing for out of order ranges  
							
							... 
							
							
							
							Ticket: 5132
In case of a duplicate range, we can return early, because
there is no new data to process.
More importantly, this commit adds a check about wether the file
got closed meanwhile, so that this just completed out of order
range, even if it brings new data, is now irrelevant.
This can happen for instance if there was a gap... 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								bfcd6cb46a 
								
							
								 
							
						 
						
							
							
								
								range: validity check when end is bigger than size  
							
							... 
							
							
							
							Ticket: 5132
Down the line, HttpRangeOpenFileAux assumes the range has a
valid value when doing buflen = end - start + 1; 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								14b21de306 
								
							
								 
							
						 
						
							
							
								
								detect-dnp3: remove dnp3_data unittests  
							
							... 
							
							
							
							These tests are reimplemented in Suricata-Verify
Task: 4911 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ae6c416972 
								
							
								 
							
						 
						
							
							
								
								util/mime: fix integer warnings  
							
							... 
							
							
							
							Ticket: 4516 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ec01a94a5f 
								
							
								 
							
						 
						
							
							
								
								detect: minor debug fixup  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b7526bf4e6 
								
							
								 
							
						 
						
							
							
								
								decode/vntag: don't leak memory in tests  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0437ca61ff 
								
							
								 
							
						 
						
							
							
								
								unittests: clean up packet clear logic  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f07d5b2d89 
								
							
								 
							
						 
						
							
							
								
								decode: release refs from PacketFree  
							
							... 
							
							
							
							Mostly helps unittests. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								49a36bb323 
								
							
								 
							
						 
						
							
							
								
								detect/iprep: fix host locking issues  
							
							... 
							
							
							
							Separate the code paths between reusing a Packet stored host reference
and fetching a new reference from the host hash.
This addresses the issue where in some conditions use_cnt could get
desync'd.
Bug: #2802 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								172d2b28a5 
								
							
								 
							
						 
						
							
							
								
								iprep: unify free handling  
							
							... 
							
							
							
							Introduce a new util function to free a Hosts iprep code. It also
handles the Host use_cnt decrement.
This change makes sure we also decrement the use_cnt when cleaning
up when shutting down the host table.
Move the BUG_ON check for use_cnt into the HostClearMemory() func
to check it in more cases. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a6a6f6d538 
								
							
								 
							
						 
						
							
							
								
								bytejump: fix ubsan warning  
							
							... 
							
							
							
							Instead of checking the offset, we checked the pointer after
adding the offset ot it... 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4f2f745bed 
								
							
								 
							
						 
						
							
							
								
								detect/ipproto: Use builtin protocol table  
							
							... 
							
							
							
							Issue 5072
This commit causes the built-in protocol table to be used for protocol
name and number validation. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3bd1d258a9 
								
							
								 
							
						 
						
							
							
								
								detect/tests: Register protoname tests  
							
							... 
							
							
							
							Issue: 5072
This commit registers the proto-name unit tests. 
							
						 
						
							4 years ago