aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,835 Commits
8 Branches
165 Tags
216 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '715bf048ee'
${ noResults }
Commit Graph

124 Commits (715bf048ee13fd6e5a2ad4c8b90dd504a050d3b3)

Author SHA1 Message Date
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 2 years ago
Philippe Antoine 68b0052018 rust: fix clippy ptr_arg warnings 
error: writing `&Vec` instead of `&[_]` involves a new object where a slice will do
   --> src/dns/log.rs:371:29
    |
371 | pub fn dns_print_addr(addr: &Vec<u8>) -> std::string::String {
    |                             ^^^^^^^^ help: change this to: `&[u8]`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#ptr_arg
 2 years ago
Philippe Antoine 38db51b878 rust: make cargo clippy clean 
Fixing single_match and manual_find intertwined with SCLogDebug
 2 years ago
Victor Julien 389f166d78 file: remove FILE_USE_DETECT flag 
All implementations were converted to use the logic, so the flag itself
can be removed.
 2 years ago
Jason Ish 13fe957b7e rust/doc: wrap some code examples in backticks 3 years ago
Victor Julien 0bbc411743 nfs: fix newline in debug messages 3 years ago
Eric Leblond 8b0d56c414 nfs: TX are not unidirectional 
NFS transactions are not unidirectional so we should not declare
them as such.
 3 years ago
Jason Ish 7080ecbb76 rust: remove explicit lifetimes where not needed 3 years ago
Victor Julien 6cc9811edd files: move FileContainer into FileTransferTracker 
Update SMB, NFS, HTTP2.
 3 years ago
Victor Julien e3e55406a7 files: update API and callers to take stream config 
This is to allow not storing the stream buffer config in each file.
 3 years ago
Victor Julien 71bc9e75f5 app-layer: get sbconfg with files 3 years ago
Victor Julien 3a24cce289 nfs: explicity free files 
In preparation of adding an argument to the free functions which
means the drop trait can't be used anymore.
 3 years ago
Victor Julien 4bfeac6591 nfs: file handling cleanups 3 years ago
Jason Ish da12b77f18 rust/clippy: fix lint: new_without_default 3 years ago
Jason Ish f250b92180 rust/clippy: fix lint: extra_unused_lifetimes 3 years ago
Jason Ish f15ffbc869 rust/clippy: fix lint: single_match 
Allow this lint in some cases where a match statement adds clarity.
 3 years ago
Philippe Antoine bc287018e5 rust: cargo clippy --all-features --fix --allow-no-vcs 3 years ago
Gabriel Lima Luz 4e90d17fd9 rust: fix lint warnings about if same then else 
Ticket: 4609
 3 years ago
Kristina Jefferson 9cd00424c3 rust: fix lint warnings about ptr_arg 
Ticket: #4599
 3 years ago
Jason Ish 6a7439a26b rust: fix clippy lints for is_empty in debug code 3 years ago
Jason Ish b6cc0e25b1 rust: fix clippy lints for clippy::redundant_static_lifetimes 3 years ago
Jason Ish 6b71d69356 rust: fix clippy lints for clippy::bool_comparison 3 years ago
Jason Ish 5f7ba03e63 rust: fix clippy lints for clippy::needless_bool 3 years ago
Jason Ish f342d4aacd rust: fix clippy lints for clippy::len_zero 3 years ago
Victor Julien db0f9ddc69 files/tx: inspection, logging and loop optimizations 
Introduce AppLayerTxData::file_tx as direction(s) indicator for transactions.
When set to 0, its not a file tx and it will not be considered for file
inspection, logging and housekeeping tasks.

Various tx loop optimizations in housekeeping and output.

Update the "file capable" app-layers to set the fields based on their
directional file support as well as on the traffic.
 3 years ago
Victor Julien 79499e4769 app-layer: move files into transactions 
Update APIs to store files in transactions instead of the per flow state.

Goal is to avoid the overhead of matching up files and transactions in
cases where there are many of both.

Update all protocol implementations to support this.

Update file logging logic to account for having files in transactions. Instead
of it acting separately on file containers, it is now tied into the
transaction logging.

Update the filestore keyword to consider a match if filestore output not
enabled.
 3 years ago
Victor Julien c27df6304d app-layer: introduce common AppLayerStateData API 
Add per state structure for storing flags and other variables.
 3 years ago
Jason Ish f92708b8ca rust/frames: derive direction from StreamSlice 
On the Rust side, a Frame requires a StreamSlice to be created. We can
derive the direction from the StreamSlice removing the need for callers
to provide the direction when operating on the frame.
 3 years ago
Jason Ish 7b11b4d3a1 app-layer: more generic state trait 
Instead of a method that is required to return a slice of transactions,
use 2 methods, one to return the number of transactions in the
collection, and another to get a transaction by its index in the
collection.

This allows for the transaction collection to not be a contiguous array
and instead can be a VecDeque, or possibly another collection type that
supports retrieval by index.

Ticket #5278
 4 years ago
Sam Muhammed 3a490fb16c nfs: Implement frames 
Feature #4872

Frames:
  - RPC Frames: Generic over TCP/UDP
     - rpc.pdu
     - rpc.hdr
     - rpc.data
     - rpc.creds -- for rpc calls

  - NFSv2, NFSv3
     - nfs.pdu
     - nfs.status -- for nfs responses

  - NFSv4 Only Frames
     - nfs4.pdu
     - nfs4.hdr
     - nfs4.ops -- for compound request/response operations
     - nfs4.status -- for nfs4 responses

RPC tcp/udp frames created with separate registeration functions e.g:
add_rpc_tcp_tc_frames()
add_rpc_udp_tc_frames()
 4 years ago
Victor Julien 07b1100713 nfs: clean up partial record handling 
There should be no remaining data after parsing the partial
RPC record, so don't handle it but instead add a debug validation
bug on.

Successful processing for NFSv3 read/write records returns
AppLayerResult::ok() directly as all data is consumed.
 4 years ago
Victor Julien d85b77cad0 nfs3: improve read validation; fix partial handling 4 years ago
Victor Julien 4418fc1b02 nfs3: fix partial write record handling 4 years ago
Victor Julien 64d8a1e16e nfs/rpc: update full record parsers to be more exact 
Instead of 'take'ing all data for the RPC prog_data and then
letting the higher level parsers figure out which part to use
take the exact amount.
 4 years ago
Victor Julien bfb5ae867e nfs: break out partial record handling 4 years ago
Philippe Antoine 8adf172ab8 nfs: limits the number of active transactions per flow 
Ticket: 4530
 4 years ago
Philippe Antoine 0e85dea3ff nfs: remove unused events variable 4 years ago
Philippe Antoine e4f2f8f78d nfs: derive AppLayerEvent for NFSEvent 4 years ago
Victor Julien e6f49e5a05 app/frames: implement name to id API for frames 4 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 4 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 4 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 4 years ago
Pierre Chifflier 0ffe123330 rust/nfs: convert parser to nom7 functions (NFS v3 and v4 records) 4 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 4 years ago
Jason Ish a936755731 nfs: use generic tx iterator 4 years ago
Shivani Bhardwaj 11c438a07d nfs: use Direction enum 4 years ago
Shivani Bhardwaj 0c6e9ac931 files: use Direction enum 4 years ago
Sam Muhammed 922a453da5 rust(lint): use is_null() instead of ptr::null_mut() 
Bug: #4594
 4 years ago
Sam Muhammed 23768c7181 rust(lint): use is_null() instead of ptr::null() 
Bug: #4594
 4 years ago
Shivani Bhardwaj 7c9d573800 nfs: remove futile default port setting 4 years ago