Commit Graph

1076 Commits (7005443b8bbe521399a98dbafb7ea07e7db952bb)

Author SHA1 Message Date
Jason Ish 2a42386c28 rust: fix clippy lint for null comparison
Use .is_null() instead of checking for equality against
std::ptr::null().
3 years ago
Jason Ish 45dfea2497 rust/modbus: derive default instead of manual impl
Cleans up a clippy lint for a trivial default impl that can be derived.
3 years ago
Jason Ish 9218da0eb8 rust/frames: cleanup clippy lint for unsafe
Where possible mark the relevant functions unsafe.  Otherwise suppress
the warning for now as this pattern is supposed to be a safe API around
an unsafe one. Might need some further investigation, but in general the
"guarantee" here is provided from the C side.
3 years ago
Jason Ish 105d9a5f02 rust: fix clippy lint for unnecessary_unwrap
Avoid check if not none followed by unwrap.
3 years ago
Jason Ish 85cfa7254b rust: fix clippy lint for single_char_add_str
Idiomatic cleanup and a fix automatically done by `cargo clippy --fix`.
3 years ago
Jason Ish f3e4bcfe23 rust: fix clippy lint for bool_assert_comparison
Checking for is_empty is faster than checking for equality.
3 years ago
Jason Ish f60e1b30f6 rust: fix clippy lint for partialeq_to_none
Use .is_some() and .is_none() instead of comparing against None.
Comparing against None requires a value to impl PartialEq, is_none() and
is_some() do not and are more idiomatic.
3 years ago
Jason Ish 7d623f0854 rust: fix clippy lint for explicit_auto_deref
This adds unnecessary complexity to code.
3 years ago
Jason Ish c503ca62e2 rust: fix clippy lint for needless_late_init 3 years ago
Jason Ish 94dd85baed rust: fix clippy lint for borrow_deref_ref
This type of borrow then reference has no effect.
3 years ago
Jason Ish e9597f3d0c rust: fix clippy lint for redundant_closure
Removes a closure where the function can be directly provided.
3 years ago
Jason Ish c5b26e2043 rust: fix clippy ling for needless borrows
Cleanup needless borrows found by clippy. This fix done automatically by
`cargo clippy --fix`.
3 years ago
Jason Ish 63b3d73ccc rust: allow some more clippy lints
Allow these lints for now until some more investigation can be done, as
--fix attempts to fix these.
3 years ago
Eric Leblond a9519778de rust/smb: avoid allocation in smb status function
Avoid an allocation by returning a static string.
3 years ago
Eric Leblond 9cb06d4376 detect/smb: add smb.ntlmssp_domain keyword
Feature #5411.
3 years ago
Eric Leblond 5debb86cd5 rust/smb1: add a missing command 3 years ago
Eric Leblond 69ef1bc194 detect/smb: add smb.ntlmssp_user keyword
Feature #5411.
3 years ago
Eric Leblond f46f895e8d rust/smb: import NT status code for Microsoft doc
This patch updates the NT status code definition to use the status
definition used on Microsoft documentation website. A first python
script is building JSON object with code definition.

```
import json
from bs4 import BeautifulSoup
import requests

ntstatus = requests.get('https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55')

ntstatus_parsed = BeautifulSoup(ntstatus.text, 'html.parser')

ntstatus_parsed = ntstatus_parsed.find('tbody')

ntstatus_dict = {}

for item in ntstatus_parsed.find_all('tr'):
    cell = item.find_all('td')
    if len(cell) == 0:
        continue
    code = cell[0].find_all('p')
    description_ps = cell[1].find_all('p')
    description_list = []
    if len(description_ps):
        for desc in description_ps:
            if not desc.string is None:
                description_list.append(desc.string.replace('\n ', ''))
    else:
        description_list = ['Description not available']
    if not code[0].string.lower() in ntstatus_dict:
        ntstatus_dict[code[0].string.lower()] = {"text": code[1].string, "desc": ' '.join(description_list)}

print(json.dumps(ntstatus_dict))
```

The second one is generating the code that is ready to be inserted into the
source file:

```
import json

ntstatus_file = open('ntstatus.json', 'r')

ntstatus = json.loads(ntstatus_file.read())

declaration_format = 'pub const SMB_NT%s:%su32 = %s;\n'
resolution_format = '        SMB_NT%s%s=> "%s",\n'

declaration = ""
resolution = ""

text_max = len(max([ntstatus[x]['text'] for x in ntstatus.keys()], key=len))

for code in ntstatus.keys():
    text = ntstatus[code]['text']
    text_spaces = ' ' * (4 + text_max - len(text))
    declaration += declaration_format % (text, text_spaces, code)
    resolution += resolution_format % (text, text_spaces, text)

print(declaration)
print('\n')
print('''
pub fn smb_ntstatus_string(c: u32) -> String {
    match c {
''')
print(resolution)
print('''
        _ => { return (c).to_string(); },
    }.to_string()
}
''')
```

Bug #5412.
3 years ago
Victor Julien db0f9ddc69 files/tx: inspection, logging and loop optimizations
Introduce AppLayerTxData::file_tx as direction(s) indicator for transactions.
When set to 0, its not a file tx and it will not be considered for file
inspection, logging and housekeeping tasks.

Various tx loop optimizations in housekeeping and output.

Update the "file capable" app-layers to set the fields based on their
directional file support as well as on the traffic.
3 years ago
Victor Julien 79499e4769 app-layer: move files into transactions
Update APIs to store files in transactions instead of the per flow state.

Goal is to avoid the overhead of matching up files and transactions in
cases where there are many of both.

Update all protocol implementations to support this.

Update file logging logic to account for having files in transactions. Instead
of it acting separately on file containers, it is now tied into the
transaction logging.

Update the filestore keyword to consider a match if filestore output not
enabled.
3 years ago
Victor Julien 01e64d80da app-layer: trunc parser per direction 3 years ago
Victor Julien ff9d1807f9 app-layer: parser flags to u16 3 years ago
Victor Julien c27df6304d app-layer: introduce common AppLayerStateData API
Add per state structure for storing flags and other variables.
3 years ago
Victor Julien 879a46f085 rust: lock to time 0.3.13 to avoid MSRV bump to 1.59
Indirect dependency through x509-parser.
3 years ago
Pierre Chifflier 16db04c1a7 rust: remove nom 5 dependency 3 years ago
Pierre Chifflier 0acf75bff7 rust/applayertemplate: convert to nom7 3 years ago
Pierre Chifflier 378e915846 rust/asn1: convert parsers to nom7 3 years ago
Pierre Chifflier 0ba0572c4a rust/x509: finish transition to nom7 3 years ago
Pierre Chifflier 3ef5121ab0 rust/telnet: convert parsers to nom7 3 years ago
Pierre Chifflier d98b386f36 rust/conf: convert parser to nom7 3 years ago
Pierre Chifflier db9a1e17b6 rust/ssh: finish transition to nom7 3 years ago
Pierre Chifflier b31c72c06a rust/rdp: convert parsers to nom7 3 years ago
Pierre Chifflier 49520b2143 rust/rdp: upgrade dependency on tls-parser 3 years ago
Pierre Chifflier beadd090b8 rust: upgrade versions of BER/DER, Kerberos and SNMP parsers 3 years ago
Jason Ish baab1de735 rust: update x509-parser to 0.14.0
Resolves RustSec issues in time and chrono:
- https://rustsec.org/advisories/RUSTSEC-2020-0071
- https://rustsec.org/advisories/RUSTSEC-2020-0159

Ticket: #5259.

Ammended by Victor Julien to bump to 0.14 instead of 0.13.
3 years ago
Pierre Chifflier 3aace49649 rust/x509: update dependency on x509-parser 3 years ago
Jeff Lucovsky ab4d0f7f4a detect/stream_size: Rename detect.rs to stream_size.rs
This commit renames detect.rs to stream_size.rs to reflect its content.
3 years ago
Jeff Lucovsky 2386f2614f detect/iprep: Move iprep logic into a separate module 3 years ago
Jeff Lucovsky c957882d1c detect/uri: Move uri logic into a separate module 3 years ago
Jeff Lucovsky 484c34bc60 detect/uint: Move uint logic into a separate module
This commit moves the uint logic into its own module.
3 years ago
Jeff Lucovsky 8bfe427a74 rust/detect: Create detect module for rule parsing
This commit creates a module named "detect" for rule parsing logic. As
part of this commit, detect.rs is moved from its toplevel position into
the new module. Thus, use crate::detect::detect to refer to items within
detect.rs (instead of create::detect).

Ticket: 5077
3 years ago
Jeff Lucovsky ccd1063e43 detect/bytemath: convert parser to Rust
Issue: 5077

This commit
- Converts the PCRE based parser to Rust.
- Adds unit tests to the new Rust modules
- Removes the PCRE parser from detect-bytemath.c
- Adjusts the C source modules to refer to the Rust definitions
- Includes the multiply operator (missing from the C parser)
3 years ago
Philippe Antoine af40873127 pgsql: config limit maximum number of live transactions
As is done for other protocols

Ticket: #5527
3 years ago
Philippe Antoine e160917bcf mqtt: remove quadratic time complexity
When having many transactions in a single parsing call...

Fix has overhead of having one more field in the mqtt state.

Completes commit a8079dc978

Ticket: #5399
3 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword
Ticket: #5507
3 years ago
Philippe Antoine 6faf6299e0 dhcp: adds rebinding-time keyword
Ticket: #5506
3 years ago
Philippe Antoine 95f0424423 nfs4: fix write record handling
Ticket: #5280
3 years ago
Philippe Antoine bf43011a43 dcerpc: convert transaction list to vecdeque for UDP
As was done for TCP in dfe76bb90 and d745d28d4

Ticket: #5518
3 years ago
Eric Leblond 2cc9152fc9 rust/smb: log uuid of interface in dcerpc
When doing a DCERPC request, we can use the context id to log the
interface that is used. Doing that we can see in one single event
what is the DCERPC interface and opnum that are used. This allows
to have all the information needed to resolve the request to a
function call.

Feature #5413.
3 years ago
Eric Leblond b6f1cf255c rust/smb/dcerpc: parse context id
As context id is used to know to which variant of the endpoint the
request is done, it is interesting to parse it.

Feature #5413.
3 years ago