Victor Julien
8a5710307d
hyperscan: don't abort on payloads > 64k
...
SPM API was recently updated to accept 32 bit length fields instead of
16 bits. This could trigger a BUG_ON in the hyperscan implementation.
7 years ago
Victor Julien
a5de9968dd
gcc8: fix format truncation warnings
7 years ago
Eric Leblond
f79f64097e
configure: fix error hw timestamp check
...
This fixes #2469
7 years ago
Victor Julien
5faaa5dceb
file_data/http: inspect cleanup
7 years ago
Eric Leblond
1d0727d85f
stream-tcp: fix stream depth computation
...
The stream depth computation was partly done with the stream_config
depth instead of using the value in the TCP session. As a result,
some configuration were resulting in abnormal behavior.
In particular, when stream depth was 0 and the file store depth was
not 0, Suricata was stopping the streaming on the flow as soon as
the filestore was started.
Reported-by: Pascal Delalande <pdl35@free.fr>
7 years ago
Eric Leblond
1012fc4466
file: update logger API to log direction
...
By adding the flow direction to the logger we can have an accurate
logging of fileinfo events that has source and destination IP
correctly set.
7 years ago
Eric Leblond
2515c8927b
app-layer-ftp: fill direction of transfer
...
This is required to return the file when asked with one direction.
7 years ago
Maurizio Abba
d2bf7a3ba9
detect: fix buffer length to uint32
...
There is a difference in the size of the buffer length as passed from
the content buffers (cfr HttpReassembledBody.buffer_len) and the buflen
variable passed to mpm primitives. This can cause a misdetection
whenever the bufferlen is multiple of 65536 (as uint16(X*65536) == 0).
Increasing the buflen variable type to uint32 solves the issue (this
does not cause any issue with primitives, they all accept uint32).
7 years ago
Victor Julien
2e8fd612a6
files: properly close files on flow timeout
...
If a file transfer stops on flow timeout, it won't be closed or
truncated. This patch makes sure that in such cases the files
are indeed truncated. This fixes the filestore-v2 output module,
as that requires a sha256 for storing the partial file correctly.
7 years ago
Victor Julien
73d94fff73
nfs4: support records wrapped in GSSAPI integrity
7 years ago
Victor Julien
53fa2af07c
nfs4: fix attr parsing corner case
7 years ago
Victor Julien
39489bc5fd
nfs4: implement COMMIT parsing and handling
7 years ago
Victor Julien
c7cb01b636
nfs4: parse GSSAPI init
7 years ago
Victor Julien
bfa60753f9
nfs4: create link support
7 years ago
Victor Julien
06f6c15954
nfs4: initial implementation
...
Implements record parsing and file extraction for READs and WRITEs.
Defines all types from RFC 7530.
7 years ago
Victor Julien
75c5722b7e
nfs/rpc: add parser for GSSAPI Integrity records
7 years ago
Victor Julien
81c0b53d3f
flow: track flow for ip proto 41
7 years ago
Victor Julien
8c75a022ea
eve/netflow: only log response record if we've seen response pkts
7 years ago
Victor Julien
c662383b53
flow: track flow for ICMP
...
Change packet layout to allow for expected counterpart type.
7 years ago
Victor Julien
708aad3f4a
unified2: address strict aliasing issue
7 years ago
Victor Julien
7ce77f9351
decode/ipv6: expose addr as 'struct in6_addr' as well
7 years ago
Victor Julien
49b02f8f1b
mingw: minor compile warning fixes
7 years ago
Giuseppe Longo
28849509b2
tests/detect-engine-hsbd: deinit det_ctx threads
7 years ago
Giuseppe Longo
c620fc3dc4
detect-engine: free events
...
Events are stored in a detection engine but actually
they are not freed.
7 years ago
Victor Julien
f461be75c5
smb: use inspect API v2 for smb keywords
...
Simplies code and supports transforms.
7 years ago
Victor Julien
3854c304d8
mpm/hs: fix minor coverity warning
...
CID 1428797 (#1 of 1): Unchecked return value (CHECKED_RETURN)
check_return: Calling HashTableAdd without checking return value
(as is done elsewhere 5 out of 6 times).
7 years ago
Victor Julien
7ea80b5c57
configure: fix small issue with libevent check
7 years ago
Eric Leblond
e249ce29bb
doc: add lua directory to Makefile
7 years ago
Victor Julien
4a90dced8e
doc/lua: small update to the usage intro
7 years ago
Eric Leblond
2546e86a16
doc: document lua function about flow var
7 years ago
Eric Leblond
0c4bf2d332
doc: add a lua support top level section
...
Both output and signature are using lua. So lua functions should
be displayed in a single section.
7 years ago
Eric Leblond
293b00798e
doc: document lua TLS functions
7 years ago
Pascal Delalande
e3c5784dd5
doc: minor updates (tls custom, TODO removal, ftp/smb file rules)
7 years ago
Victor Julien
e834d94fd2
detect/pktvar: clean up keyword parsing
7 years ago
Victor Julien
83bf60d897
doc: add ntlmssp, kerberos and other setup fields
7 years ago
Richard Sailer
5de77e3102
lua output: Update example script to match style of user doc examples
7 years ago
Richard Sailer
dc07c1fe13
lua output doc: Use more descriptive variable names in the examples
...
This also removes the "args" parameter of the hooking functions in the examples,
since this parameter is unused in all functions.
It would not be very helpful anyways since 3 of the 4 functions don't get passed
any parameters. The only exception is init() which gets a table containing:
script_api_ver = 1
7 years ago
Richard Sailer
3307f7a94e
lua output doc: Add explaining introduction text
7 years ago
Victor Julien
e09027915a
doc: fix json formatting in smb doc
7 years ago
Alexander Gozman
10a360280f
Print syslog format with SCLogDebug() instead of printf()
7 years ago
Mats Klepsland
21078521f8
app-layer-ssl: remove possibility to overflow HAS_SPACE macro
7 years ago
Mats Klepsland
598ef96b7b
app-layer-ssl: really fix CID 1433623
7 years ago
Victor Julien
67e81a9555
doc: initial smb eve documentation
7 years ago
Victor Julien
78437375c4
doc: add by_either to suppress explanation
7 years ago
Victor Julien
2c259f2239
doc: add smb section to yaml
7 years ago
Victor Julien
13bdcd5249
doc: minor fix
7 years ago
Mats Klepsland
900c27e235
app-layer-ssl: fix use-after-free (CID 1433623)
...
Ja3BufferAddValue frees the buffer on error, so there is no point
in doing it twice (use-after-free).
7 years ago
Mats Klepsland
fc0e339467
app-layer-ssl: fix use-after-free (CID 14336229)
...
Nullify JA3 buffer on free to avoid use-after-free vulnerability.
7 years ago
Victor Julien
3b474ac599
tls: work around coverity warnings
7 years ago
Victor Julien
1edd9d19fc
doc: add SMB to file extraction. Minor improvements.
7 years ago