Commit Graph

12047 Commits (8342641477466e11727e31bb1efcd28bd2c55da7)
 

Author SHA1 Message Date
Philippe Antoine a98d0fe6ed http2: http.uri keyword now works for HTTP2
cf #4067
5 years ago
Philippe Antoine 707f027231 protos: renaming ALPROTO_HTTP* constants
Having now ALPROTO_HTTP1, ALPROTO_HTTP2 and ALPROTO_HTTP

Run with 3 sed commands
git grep ALPROTO_HTTP | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP/ALPROTO_HTTP1/g'
git grep ALPROTO_HTTP12 | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP12/ALPROTO_HTTP2/g'
git grep ALPROTO_HTTP1_ANY | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP1_ANY/ALPROTO_HTTP/g'

and then running clang-format
5 years ago
Philippe Antoine 93e6401ce0 http: introduces ALPROTO_HTTP_ANY
For any versions of HTTP, both ALPROTO_HTTP and ALPROTO_HTTP2
5 years ago
Philippe Antoine c8dbe24fb6 proto: introduce signature protocol, as extension to flow protocol
AppProtoEquals function allows to check if a flow protocol
matches a signature protocol
5 years ago
Jason Ish 93ce39d450 github-ci: test install of library
Add library install test to Fedora 33 build. In this case the
shared library is disable so the test makes sure it is not
installed.

Also make sure the library and headers are not installed until
explicitly installed.

Add similar to test to an Ubuntu 24.04 build without disable-shared
and check that the shared library is installed.
5 years ago
Jason Ish 02218a8a42 Makefile: break headers and source into 2 vars
Split the headers and source into 2 variables. Headers are
marked noinst so they don't get automatically installed on
"make install". Instead they will be installed by a custom
Makefile target, "make install-headers".
5 years ago
Jason Ish dfd930a13e libsuricata-config: program to print build flags
Following the pattern of many other libraries, provide a -config
program to output cflags and libs to properly link an application
against the library.

usage: libsuricata-config [--cflags] [--libs] [--static]

--cflags and --libs can be used infividually or together.

--static will link against the static libraries instead of the
shared library. Note that if the shared library is not available,
the static libraries will be provided even without this option.
5 years ago
Jason Ish 2c5e1d6a6d rust: separate the rust lib from RUST_LDADD
Fix another issue with library ordering when breaking apart
LDFLAGS from LIBS for outputting usable command lines for
users of a Suricata library.

RUST_LDADD should just contain the extra libs required by
Rust, not the actual Suricata Rust library.
5 years ago
Jason Ish d648446c32 configure: put lua libs in LIBS not LDFLAGS
This is required to separate LIBS from LDFLAGS when outputting
a usable LIBS configuration line for users of the shared library.
5 years ago
Jason Ish dbae17dbc0 install: makefile target to install libraries
As we don't install the libraries by default, provide a make target,
"install-library" to install the libsuricata library files.

If shared library support exists, both the static and shared
libraries will be installed, otherwise only the static libraries
will be installed.
5 years ago
Jason Ish e227d97e5e lib: build shared library on Linux
Building the shared library on Linux is not something by default.
Instead a user must opt-in to building by running the
"make libsuricata.so" target in the src/ directory.

Currently shared library support is only available on Linux. More
OSs will be supported as we can test them.
5 years ago
Jason Ish a178ec6bef rust: rename lib to libsuricata_rust
Previously it was libsuricata.a, but eventually we want to get
to a place where libsuricata.a is a combination of the Rust
and C code.
5 years ago
Jason Ish 325096a07f github-ci: add -fsanitize=address to LDFLAGS for asan builds
With fPIC, -fsanitize-address also needs to be added to LDFLAGS
to build with ASAN support.

Also fix what looks to be a copy and paste typo.
5 years ago
Jason Ish 9f20297cb3 rust/Makefile: add Cargo.toml as make dependency
This will force Cargo.toml to be recreated if Cargo.toml.in
is modified.
5 years ago
Jason Ish e99dde0078 build: use a static convenience library for C code
With the circular reference gone, we can now make use
of a convenience library for the Suricata program
as well as any other programs that depend on the same
source such as the fuzzer.

While its not a libtool convenience library, it serves
the same purpose and is a common idiom in Make and CMake
projects whereas the COMMON_SOURCES approach was more
of a hack we had to resort to until the circular
reference was resolved.
5 years ago
Victor Julien 6bfc5afa23 host: improve compare logic
The old compare macro would compare all bytes of an address, even
when for IPv4 addresses the additional bytes were not in use. This
made the logic vulnerable to mistakes like in issue #4280.
5 years ago
Victor Julien 7b03e6837e detect/iprep: fix loading of mixed ipv4/ipv6 lists
Improper reuse of the address data structure between loading
different lines in the iprep file would lead to the host using
a malformed address.
5 years ago
Jason Ish 82ecf64fe6 github-ci: run suricata-verify on centos-7 build 5 years ago
Jason Ish 3ada5e1480 rust/ffi: provide AppLayerRegisterParser in context
AppLayerRegisterParser was creating a link error when attempting
to use a convenience library for the Suricata C code, then linking
the library of C code with the library of Rust code into a final
Suricata executable, or use with fuzz targets.

By moving AppLayerRegisterParser to the context structure and
calling it like a callback the circular reference is removed
allowing the convenience libraries to work again.

This is also a stepping block to proving a Suricata library
as a single .a or .so file.
5 years ago
Jason Ish 1c771e15ef .gitignore: ignore .a files
Ignore .a library files as we now have one created in src/
as part of adding a Suricata library.
5 years ago
Victor Julien 3ce05a3583 fuzz: run OSS-Fuzz corpus and track coverage 5 years ago
Philippe Antoine 2b043150ed detect: initializes memory in bytemath parsing 5 years ago
Philippe Antoine b5d24a9a57 fuzz: driver running directories as well as single files 5 years ago
Eric Leblond 0dba1b09de suricata: improve list keywords
Exit with error if a keyword is not supported or not existing
and display a message.
5 years ago
Eric Leblond 2e4af5a091 suricata: return error value of custom run modes 5 years ago
Eric Leblond 44460f1945 util/running-modes: don't exit in running mode 5 years ago
Eric Leblond 921d44b262 log/pcap: exit on invalid filename
If the filename has to % sign and if pcap logging is using multi
mode, then the pcap capture will fail. So let's exit if ever this
is the case.
5 years ago
Eric Leblond 6a45064d4c suricata: unix-socket mode and -l are compatible
Commit 93642a0d1d did prevent to
specify the logging directory on command line and use the unix
socket.

It looks like the implementation has evolved and the arbitrary
limitation can be removed allowing a user to start unix socket
without editing the configuration file.
5 years ago
Eric Leblond 7304389438 eve: only output ja3 and ja3s if present
This will prevent JSON entries like the following that occur
with the dedault configuration (ja3 deactivated and extended
tls ouput activated):

  "tls": {
    "subject": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
    "issuerdn": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
    "serial": "00:9C:FC:DA:1D:A4:70:87:5D",
    "fingerprint": "b8:18:2d:cb:c9:f8:1a:66:75:13:18:31:24:e0:92:35:42🆎96:89",
    "version": "TLSv1",
    "notbefore": "2020-05-03T11:07:28",
    "notafter": "2021-05-03T11:07:28",
    "ja3": {},
    "ja3s": {}
  }
5 years ago
Jeff Lucovsky cbb03dbb39 detect/pcre: Test capture group/var mismatch 5 years ago
Jeff Lucovsky 469d5bb214 detct/pcre: Correct capture group count check
This commit corrects the validation check between the number of
variables used and the number of specified capture groups.
5 years ago
Philippe Antoine 32b604e8c7 template: use response_gap in rust parser 5 years ago
Victor Julien ed05c51d99 detect/state: optimize state keeping 5 years ago
Victor Julien 13cebb1857 detect: fix heap overflow issue with buffer setup
In some cases, the InspectionBufferGet function would be followed by
a failure to set the buffer up, for example due to a HTTP body limit
not yet being reached. Yet each call to InspectionBufferGet would lead
to the matching list_id to be added to the
DetectEngineThreadCtx::inspect.to_clear_queue. This array is sized to
add each list only once, but in this case the same id could be added
multiple times, potentially overflowing the array.
5 years ago
Victor Julien 17a38f1823 flow/manager: (u)sleep slightly longer
Sleep 250 microseconds instead of 100 as running in KVM cause the
old value to use 100% CPU for these threads.

Perf testing suggests no measurable impact for the non-KVM case.

Ticket: #4096
5 years ago
Victor Julien 8baef60d60 app-layer: fix transaction cleanup
Fix a 'skipped' transaction early in the list leading to all further
transactions getting skipped, even if they were fully processed and
ready to be cleaned up.
5 years ago
Philippe Antoine 62e665c848 fuzz: rightly uses PacketFreeOrRelease in target
instead of PacketFree because packets
may belong to the pool
5 years ago
Philippe Antoine e586d8526b fuzz: use some value for max_pending_packets
so as not to timeout waiting forever for the condition
in PacketPoolWait
5 years ago
Philippe Antoine a6bbb608f7 fuzz: makes target sigpcap more reproducible
By removing the temporary rules file if it existed
before the first run
5 years ago
Victor Julien f2e9517434 github: run codecov verify test w/o optimizations 5 years ago
Victor Julien 3f807f3bf6 rust: update dependencies 5 years ago
Victor Julien ebde15f0e2 rust: lock all major crate versions
To avoid surprises with dependencies bumping MSRV.
5 years ago
Victor Julien 4b5af36061 rust: relax nom version to any >=5.1.1 5 years ago
Philippe Antoine b869ac01ee http: enables request decompression 5 years ago
Eric Leblond 85327890f5 suricata: avoid at exit crash in nfq mode
When Suricata was build with ebpf support and when it was started
in NFQ mode, it was crashing at exit because it was trying to free
the device extension.

This patch fixes the issue by only trigger the eBPF related code
when Suricata is running in AFP_PACKET mode.
5 years ago
Eric Leblond e6cfcb704c storage: fix a variable name 5 years ago
Eric Leblond 628458e7d3 detect: fix link to documentation 5 years ago
Philippe Antoine 43f25f127f ftp: ftp-data recognized by StringToAppProto 5 years ago
Philippe Antoine d861228214 http2: decompression for files
gzip and brotli decompression for files
5 years ago
Philippe Antoine 2e46b5d100 rust: BIT_U16 macro utility 5 years ago