aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,137 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7384744c3e'
${ noResults }
Commit Graph

315 Commits (7384744c3e52977b8db8a451df7f15a06cb8a2b8)

Author SHA1 Message Date
Shivani Bhardwaj 6d39f6fd7d rust: Fix deprecation warnings 
Fix the following warnings by compiler,
(1) warning: use of deprecated item 'take_until_s': Please use `take_until` instead
(2) warning: `...` range patterns are deprecated

For the second warning, the builtin lint
"ellipsis_inclusive_range_pattern" has been added which causes the
following warning to show up with rustc 1.24.

warning: unknown lint: `ellipsis_inclusive_range_patterns`
  --> /home/travis/build/OISF/suricata/suricata-5.0.0-dev/rust/src/lib.rs:18:10
   |
18 | #![allow(ellipsis_inclusive_range_patterns)]
   |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
   = note: #[warn(unknown_lints)] on by default

Since there is no other way to fix this, the above warning shall stay.
We need to take care of modifying this if and when the support for 1.24
as MSRV is dropped.
 5 years ago
Shivani Bhardwaj bbfd706e1f rust: fix compiler warning 
rustc 1.36 introduced:

error: variable does not need to be mutable
   --> src/dhcp/parser.rs:202:17
    |
202 |             let mut malformed_options = false;
    |                 ----^^^^^^^^^^^^^^^^^
    |                 |
    |                 help: remove this `mut`
    |
note: lint level defined here
   --> src/lib.rs:18:38
    |
18  | #![cfg_attr(feature = "strict", deny(warnings))]
    |                                      ^^^^^^^^
    = note: #[deny(unused_mut)] implied by #[deny(warnings)]

error: aborting due to previous error

error: Could not compile `suricata`.

Ticket #3072.
 5 years ago
Pierre Chifflier af7d245a31 rust/snmp: add event when expected/received PDU versions mismatch 5 years ago
Pierre Chifflier 1880f6945c rust/snmp: use generic parsing function, for all SNMP versions 
Do no restrict parsing to the version seen in the first packet, but
use a generic function, independent of the version.
 5 years ago
Jeff Lucovsky 6911cc01ad rust/snmp: Support get-info-by-id 5 years ago
Jeff Lucovsky 7560b75591 rust/ntp: Support get-info-by-id 5 years ago
Jeff Lucovsky 12c2d18c8b rust/krb: Support get-info-by-id 5 years ago
Jeff Lucovsky fb01641629 rust/ikev2: Support get-info-by-id 5 years ago
Jeff Lucovsky e3ca6b43fc rust/dhcp: Support get-info-by-id 5 years ago
Jeff Lucovsky a5d9d37c34 rust/parser: Extend Rust parser for event-by-id 
Extend the Rust parsing infrastructure with the "get event info by id"
calls. This changeset extends the parser structure, the C-based
registration handlers and the template parser.
 5 years ago
Jeff Lucovsky 9ccc28baeb rust/smb: Implement get event by id 5 years ago
Jeff Lucovsky 643864a8f5 rust/snmp: fix libc deprecation warnings 5 years ago
Victor Julien 3f6624bf16 rust: remove libc crate dependency 
Use std::os::raw instead.
 5 years ago
Victor Julien 28ed0d3a18 nfs: implement get_event_info_by_id callback 5 years ago
Victor Julien 429ca858dc rust/gen: turn *mut*const T into const T ** 5 years ago
Jeff Lucovsky d568e7fadd eve/logging: 2991 Optimize logging by TX 
This changeset makes changes to the TX logging path. Since the txn
is passed to the TX logger, the TX can be used directly instead of
through the TX id.
 5 years ago
Jeff Lucovsky 1a1d32c6b2 make: Remove rust generated headers during clean 5 years ago
Pierre Chifflier c1b30fe9fd rust/snmp: fix libc deprecation warnings for int types 5 years ago
Pierre Chifflier bc07656ce7 rust/snmp: use snake_case when logging PDU types 5 years ago
Pierre Chifflier c60f2028e5 rust/snmp: fix missing IPPROTO_* declarations (use core) 5 years ago
Pierre Chifflier 031cbbe868 rust/snmp: fix selection of v1/v2c parser 5 years ago
Pierre Chifflier 9dfec7e734 SNMP: add the "snmp.pdu_type" detection keyword 5 years ago
Pierre Chifflier e1dd19a0eb SNMP: add the "snmp.community" detection keyword 5 years ago
Pierre Chifflier aa608e0ca2 SNMP: add the "snmp.version" detection keyword 5 years ago
Pierre Chifflier 60324740e6 SNMP: use explicit references to support build with old rust compiler 5 years ago
Pierre Chifflier 57b233f462 SNMP: start looking for transactions from end of list 5 years ago
Pierre Chifflier 6fc7fc74cb SNMP: add logger 5 years ago
Pierre Chifflier 2df840a8b8 Add SNMP (v1/v2c/v3) application layer 5 years ago
Pierre Chifflier b65896c0de Rust: expose function AppLayerParserRegisterGetTxIterator 5 years ago
Victor Julien b1d4931842 rust: fix warnings about wrong type of comments 
"rustdoc does not generate documentation for macro expansions"
 5 years ago
Victor Julien bf1bd407dd rust: fix libc deprecation warnings for int types 5 years ago
Victor Julien 723f1586ca ikev2: remove excess new lines 5 years ago
Victor Julien adcbac1c77 tftp: properly implement tx handling 5 years ago
Victor Julien 63ab296cca nfs: fix integer underflow 
Fix int underflow that leads to Rust panic in NFS3 readdirplus
parsing.

Reported-by: Sirko Höer -- Code Intelligence for DCSO.
 6 years ago
Jason Ish 8be4142aaf dhcp: verify client id len before parsing data 
Verify that the client id length is at least 2 per the DHCP
protocol rfc before parsing the data.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2902
 6 years ago
Jason Ish 9d75fdc6ea rust/ftp: validate port components in passive reponse 
Make sure they are valid 8 bit integers before combining the
two parts into a u16 to prevent an overflow of the u16
return value.

Add unit tests to check parsing of invalid ports.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2904
 6 years ago
Victor Julien 24d6a16459 rust/mingw: build fixes 
Fix path passed to cargo by using 'cygpath' if available.
 6 years ago
Victor Julien f84667ceb7 nfs: small cleanups 6 years ago
Victor Julien 822a434036 nfs: implement midstream reverse flow support 
Register special midstream version of protocol detection that
can indicate the flow is the wrong direction based on the record
properties.
 6 years ago
Victor Julien 7f0bdc6621 rust/mingw: fix C glue code generator 6 years ago
Victor Julien 0301ceab13 rust/mingw: fix missing IPPROTO_* declarations 
The libc crate doesn't provide these on MinGW, so define them in
our 'core' instead. We only use IPPROTO_TCP and IPPROTO_UDP.

Bug #2733
 6 years ago
Victor Julien 422e4892cc proto-detect: improve midstream support 
When Suricata picks up a flow it assumes the first packet is
toserver. In a perfect world without packet loss and where all
sessions neatly start after Suricata itself started, this would be
true. However, in reality we have to account for packet loss and
Suricata starting to get packets for flows already active be for
Suricata is (re)started.

The protocol records on the wire would often be able to tell us more
though. For example in SMB1 and SMB2 records there is a flag that
indicates whether the record is a request or a response. This patch
is enabling the procotol detection engine to utilize this information
to 'reverse' the flow.

There are three ways in which this is supported in this patch:

1. patterns for detection are registered per direction. If the proto
   was not recognized in the traffic direction, and midstream is
   enabled, the pattern set for the opposing direction is also
   evaluated. If that matches, the flow is considered to be in the
   wrong direction and is reversed.

2. probing parsers now have a way to feed back their understanding
   of the flow direction. They are now passed the direction as
   Suricata sees the traffic when calling the probing parsers. The
   parser can then see if its own observation matches that, and
   pass back it's own view to the caller.

3. a new pattern + probing parser set up: probing parsers can now
   be registered with a pattern, so that when the pattern matches
   the probing parser is called as well. The probing parser can
   then provide the protocol detection engine with the direction
   of the traffic.

The process of reversing takes a multi step approach as well:

a. reverse the current packets direction
b. reverse most of the flows direction sensitive flags
c. tag the flow as 'reversed'. This is because the 5 tuple is
   *not* reversed, since it is immutable after the flows creation.

Most of the currently registered parsers benefit already:

- HTTP/SMTP/FTP/TLS patterns are registered per direction already
  so they will benefit from the pattern midstream logic in (1)
  above.

- the Rust based SMB parser uses a mix of pattern + probing parser
  as described in (3) above.

- the NFS detection is purely done by probing parser and is updated
  to consider the direction in that parser.

Other protocols, such as DNS, are still to do.

Ticket: #2572
 6 years ago
Victor Julien f7a41412d6 smb1: fix NT create andx records filename parsing 
Use file name parsing routines that take unicode into account
and consider padding bytes as well.
 6 years ago
Wesley van der Ree cc50908f8d smb: fix NT create filename parsing 
parse_smb_create_andx_request_record skipped 1 byte too much before
the filename.

Fixes: #2894
 6 years ago
Pierre Chifflier f90733fe3f rust/ikev2: fix events not being raised in first message 
The `set_event` function requires that the transaction is already
inserted, or the event set is silently lost.
When parsing first IKEv2 message, first insert transaction, prepare
values, and borrow back inserted transaction to update it.
 6 years ago
Victor Julien 25112ee7e3 rust/smb: fix and optimize record search 
Get rid of struct with just a slice reference as well.
 6 years ago
Pierre Chifflier 9e7f261a88 rust: fix cargo tests 6 years ago
Pierre Chifflier f22695130b rust: nom4 requires to add complete!() when using many! combinators 6 years ago
Pierre Chifflier 8c0cde36c6 rust: fix warnings for unused variables (add _) 6 years ago
Pierre Chifflier 13b7399790 rust: upgrade all parsers to nom4 6 years ago