Commit Graph

12884 Commits (4640b15d8cc57487d61bb922049aa60f4137e904)
 

Author SHA1 Message Date
Philippe Antoine 4640b15d8c log: prevents use of uninitialized variable
Even if the code seems unreachable for now
4 years ago
Jason Ish 8d1e4a1d0b detect-content: error on single char hex pairs
Fix parsing of content like "|aa b cc|" which was parsed as "|aa bc|"
without error or warning. This will now fail out, requiring all hex
values to be 2 chars.

Ticket #5201
4 years ago
Victor Julien 6e90bf4739 streaming: remove unused 'auto slide' support
Add debug validation checks for "impossible" conditions.
4 years ago
Philippe Antoine 00da0d3420 detect: makes config keyword really require a flow
Ticket: 4972

Completes commit c3a220647

DETECT_CONFIG is added as DETECT_SM_LIST_POSTMATCH and not
as DETECT_SM_LIST_MATCH as other keywords handled in SignatureCreateMask
4 years ago
Modupe Falodun 54bc43d3ed detect-pcre: remove unittests
These tests are reimplemented in Suricata-Verify

Task: 4911
4 years ago
Sam Muhammed 3a490fb16c nfs: Implement frames
Feature #4872

Frames:
  - RPC Frames: Generic over TCP/UDP
     - rpc.pdu
     - rpc.hdr
     - rpc.data
     - rpc.creds -- for rpc calls

  - NFSv2, NFSv3
     - nfs.pdu
     - nfs.status -- for nfs responses

  - NFSv4 Only Frames
     - nfs4.pdu
     - nfs4.hdr
     - nfs4.ops -- for compound request/response operations
     - nfs4.status -- for nfs4 responses

RPC tcp/udp frames created with separate registeration functions e.g:
add_rpc_tcp_tc_frames()
add_rpc_udp_tc_frames()
4 years ago
Sam Muhammed d090dcbce9 rpc: Improve rpc_record struct
Add creds_len field to rpc_record
needed for rpc.creds frame length calculation
4 years ago
Sam Muhammed 8064a5348d rust/nfs4: Add NFSPROC4_DESTROY_CLIENTID op parsers 4 years ago
Sam Muhammed 9d1fad28a7 rust/nfs4: Add NFSPROC4_DESTROY_SESSION op parsers
Also add respective request unittest
test_nfs4_request_destroy_session()
4 years ago
Sam Muhammed ff81cad4f1 rust/nfs4: Add NFSPROC4_LAYOUTRETURN op parsers
Also add respective request unittest
test_nfs4_request_layoutreturn()
4 years ago
Sam Muhammed 073244a0b8 rust/nfs4: Add NFSPROC4_GETDEVINFO op parsers
Also add respective response/request unittests
test_nfs4_response_getdevinfo()
test_nfs4_request_getdevinfo()
4 years ago
Sam Muhammed ff54a6d9d5 rust/nfs4: Add NFSPROC4_LAYOUTGET op parsers
Also add respective response/request unittests
test_nfs4_response_layoutget()
test_nfs4_request_layoutget()
4 years ago
Sam Muhammed 3d542fcc67 rust/nfs4: Add NFSPROC4_SECINFO_NO_NAME op parsers 4 years ago
Sam Muhammed b35d635ac7 rust/nfs4: Add NFSPROC4_RECLAIM_COMPLETE op parsers 4 years ago
Sam Muhammed 2a41b46eca rust/nfs4: Add NFSPROC4_CREATE_SESSION op parsers
Also add respective response/request unittests
test_nfs4_request_create_session()
test_nfs4_response_create_session()
4 years ago
Sam Muhammed 0a69c66153 rust/nfs4: Add NFSPROC4_EXCHANGEID response parser
Also add test_nfs4_response_exchangeid() unittest
4 years ago
Sam Muhammed fe7a49b737 rust/nfs4: improve NFSPROC4_OPEN op parser
Improve nfs4_res_open() parser to reflect other file-delegation types
Reflect the changes on test_nfs4_response_open() unittest
4 years ago
Philippe Antoine df83f7899d fuzz: fix integer warnings
Ticket: 4516
4 years ago
Philippe Antoine 5790280c95 utils: fix integer warnings in r files
Ticket: 4516
4 years ago
Philippe Antoine dca76a45a8 stream-tcp: fix integer warnings
Ticket: 4516
4 years ago
Philippe Antoine 068fb700df util: fix int warnings in tm threads
Ticket: 4516
4 years ago
Philippe Antoine 1bb51d114c util: fix int warnings in unit tests
Ticket: 4516
4 years ago
Philippe Antoine b3ab126394 util: fix int warnings
Ticket: 4516
4 years ago
Jason Ish 1e65324940 smb: rules for messages in the wrong direction 4 years ago
Jason Ish 2341f47755 smb: handle records in the wrong direction
If an SMB record is seen in the wrong direction, set an event on the PDU
frame and don't process the record in the state.

No error is returned, so the next record will be processed.
4 years ago
Jason Ish 09e2d3b216 smb: expose smb1 request/reply flags with a method
Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
4 years ago
Jason Ish 7b659489c8 smb: fix smb2 header flag parsing
The bits were being parsed in the order they're displayed in Wireshark,
rather than the order they were being seen on the wire, resulting in
direction and async being 0 more often than they should be.

Instead of bits, take the 4 bytes as an le_u32 and just use bit masks to
extract what we need into a struct, I think its easier to reason about
this way when comparing to the Microsoft documentation.
4 years ago
Philippe Antoine c3a220647b detect: only apply ConfigApplyTx with app-layers
Ticket: 4972

Otherwise, it makes no sense to look for a tx...
4 years ago
Juliana Fajardini e5838b8193 applayer/frame: remove output from GetFrame funcs
As these functions can be probed, having output there results in
misleading output.
4 years ago
Modupe Falodun 44208010db detect-dce-iface: remove unittests
These tests are reimplemented in Suricata Verify

Task: 4911
4 years ago
Victor Julien 935ea745f5 detect/iponly: add tests for 5168 4 years ago
Victor Julien 053b2b3b5b detect/address: minor unittest cleanup 4 years ago
Victor Julien 79b7b7a0dd detect/iponly: validate netmask
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
4 years ago
Victor Julien 259bd8aa92 detect/address: validate netmasks
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
4 years ago
Victor Julien 4020e2faa7 detect/iponly: break out range insert code
So we can reuse it.
4 years ago
Victor Julien a67b97e14c util/cidr: add util to convert netmask to cidr 4 years ago
Philippe Antoine eb189e805a src: use u8_tolower everywhere
Ticket: 4516

Instead of basic to_lower to get the cast to avoid warning
about integer

Sames goes for u8_toupper
4 years ago
Philippe Antoine 3fd8e908f8 range: better closing for out of order ranges
Ticket: 5132

In case of a duplicate range, we can return early, because
there is no new data to process.

More importantly, this commit adds a check about wether the file
got closed meanwhile, so that this just completed out of order
range, even if it brings new data, is now irrelevant.
This can happen for instance if there was a gap...
4 years ago
Philippe Antoine bfcd6cb46a range: validity check when end is bigger than size
Ticket: 5132

Down the line, HttpRangeOpenFileAux assumes the range has a
valid value when doing buflen = end - start + 1;
4 years ago
Modupe Falodun 14b21de306 detect-dnp3: remove dnp3_data unittests
These tests are reimplemented in Suricata-Verify

Task: 4911
4 years ago
Philippe Antoine ae6c416972 util/mime: fix integer warnings
Ticket: 4516
4 years ago
Victor Julien ec01a94a5f detect: minor debug fixup 4 years ago
Victor Julien b7526bf4e6 decode/vntag: don't leak memory in tests 4 years ago
Victor Julien 0437ca61ff unittests: clean up packet clear logic 4 years ago
Victor Julien f07d5b2d89 decode: release refs from PacketFree
Mostly helps unittests.
4 years ago
Victor Julien 49a36bb323 detect/iprep: fix host locking issues
Separate the code paths between reusing a Packet stored host reference
and fetching a new reference from the host hash.

This addresses the issue where in some conditions use_cnt could get
desync'd.

Bug: #2802.
4 years ago
Victor Julien 172d2b28a5 iprep: unify free handling
Introduce a new util function to free a Hosts iprep code. It also
handles the Host use_cnt decrement.

This change makes sure we also decrement the use_cnt when cleaning
up when shutting down the host table.

Move the BUG_ON check for use_cnt into the HostClearMemory() func
to check it in more cases.
4 years ago
Philippe Antoine a6a6f6d538 bytejump: fix ubsan warning
Instead of checking the offset, we checked the pointer after
adding the offset ot it...
4 years ago
Jeff Lucovsky 4f2f745bed detect/ipproto: Use builtin protocol table
Issue 5072

This commit causes the built-in protocol table to be used for protocol
name and number validation.
4 years ago
Jeff Lucovsky 3bd1d258a9 detect/tests: Register protoname tests
Issue: 5072

This commit registers the proto-name unit tests.
4 years ago