aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,747 Commits
8 Branches
165 Tags
218 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b195ffbe18'
${ noResults }
Commit Graph

102 Commits (b195ffbe1838a7301df4a5aecdaff7268832427c)

Author SHA1 Message Date
Shivani Bhardwaj b195ffbe18 applayer/ftp: convert to FAIL/PASS API 5 years ago
Victor Julien efc9a7a398 app-layer: remove callback for completion status 
Since the completion status was a constant for all parsers, remove the
callback logic and instead register the values themselves. This should
avoid a lot of unnecessary callback calls.

Update all parsers to take advantage of this.
 5 years ago
Philippe Antoine 057c4b34c8 ftp: optimize FTPGetOldestTx by starting from last handled tx 
Avoids DOS by quadratic complexity algorithm.
Attack is
1 stack many requests/transactions (like cwd commands on a line)
2 get many answers
 5 years ago
Philippe Antoine 547d6c2d78 applayer: pass parameter to StateAlloc 
This parameter is NULL or the pointer to the previous state
for the previous protocol in the case of a protocol change,
for instance from HTTP1 to HTTP2

This way, the new protocol can use the old protocol context.
For instance, HTTP2 mimicks the HTTP1 request, to have a HTTP2
transaction with both request and response
 5 years ago
Victor Julien 4f73943df9 app-layer: split EOF flag per direction 5 years ago
Xiaofan Wang 071f55dcd7 ftp: fix direction of expectation for STOR command 
Fix direction in active mode.
 5 years ago
Victor Julien 7c364017da ftp: small code cleanup 5 years ago
Jeff Lucovsky 72e2f36f9b ftp: Restrict file name lengths 
Restrict file name lengths to PATH_MAX - 1 to avoid over subscribing
memory to FTP file name tracking.
 5 years ago
Victor Julien c98f597831 ftp: support AppLayerTxData 5 years ago
Jeff Lucovsky 648bd5afff output/ftp: Use "Eve" prefix with FTP helpers 
This commit changes the prefix of the FTP helper routines from Json to
Eve.
 5 years ago
Jeff Lucovsky 03de315bc2 ftp/eve: Convert FTP logging to use JsonBuilder 
This commit converts the FTP logging mechanisms to use JsonBuilder.
 5 years ago
Jeff Lucovsky aa3f784d32 detect/ftp: FTP memory accounting fixes 
This commit continues the work started by @vanlink and corrects the
accounting of FTP memory usage against the memcap limit.
 6 years ago
Philippe Antoine fef124b92d ftp: use switch for ftp commands for style 6 years ago
Philippe Antoine 6f36403219 ftp: FTPGetAlstateProgress for done port commands 
For a done transaction with command PORT,
we expect FTP_STATE_FINISHED
and we got FTP_STATE_PORT_DONE instead
which prevented logging of these transactions

We change the order of the evaluations to get the right result
 6 years ago
Philippe Antoine 699d6682da ftp: indent FTPParseResponse again 6 years ago
Philippe Antoine a6294d6ec2 ftp: FTPParseResponse bufferizes lines 
Protects against evasion by TCP packet splitting

The problem arised if the FTP response is split on multiple packets

The fix is to bufferize the content, until we get a complete line
 6 years ago
Victor Julien 44d3f264bf app-layer: update API to return more details 
Add AppLayerResult struct as the Parser return type in
preparation of allowing returning 'Incomplete(size)' similar
to what nom in Rust allows.
 6 years ago
Victor Julien 3bcf948a75 app-layer: change return codes 
This patch simplifies the return codes app-layer parsers use,
in preparation of a patch set for overhauling the return type.

Introduce two macros:

APP_LAYER_OK (value 0)
APP_LAYER_ERROR (value -1)

Update all parsers to use this.
 6 years ago
Victor Julien 157d01e87e ftp: minor code cleanups 6 years ago
Danny Browning b573c16dd5 build: cbindgen 
Rust headers are now generated using cbindgen. If cbindgen is present, they can
be generated during dist, otherwise they will be available for builds.
 6 years ago
Jason Ish b1beb76fd7 ftpdata: add tx detect flags 6 years ago
Jeff Lucovsky 354074bac6 ftp: Handle malformed RETR/STOR 
Ensure that RETR (STOR) have a filename -- otherwise, treat the command
string as malformed.

Added unittests for each command and verified that SEGV's occur without
parser change and no longer occur with the parser change.
 6 years ago
Jason Ish ebcc4db84a file extraction: always prune files after detect 
If a keyword like filemd5 was being used without a filestore,
or a file output enabled, it would be pruned before detection
had a chance to match.

Consolidate file pruning to the end of the flow worker so files
are available for detection even when a file output is not
enabled.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2490
 6 years ago
Jeff Lucovsky b4070b6dcd ftp: Use rust parsers to parse dynamic ports 6 years ago
Victor Julien 579cc9f02b const: constify decoder, app-layer, detect funcs 6 years ago
Jeff Lucovsky 86deaefe66 ftp: Ensure non-zero command length with MPM init 6 years ago
Jeff Lucovsky 86fabef093 ftp: address review comments 6 years ago
Jeff Lucovsky f79316d71a ftp: remove RUST guards 6 years ago
Jeff Lucovsky 09ab032a8d ftp: Use MPM for command lookup 6 years ago
Jeff Lucovsky 4f2a485c55 ftp: Remove LIBJANSSON guards 6 years ago
Jeff Lucovsky 3df2b3437c eve/ftp: Move "get next line" into app-layer-ftp.c 6 years ago
Jeff Lucovsky 911d423a6b ftp: Generalize prelim positive reply 
Extend special case for reply code 150 to handle all preliminary
positive reply -- reply codes with `1xy`.
 6 years ago
Victor Julien 343ba45916 ftp: reply code 150 doesn't end tx 6 years ago
Victor Julien b595da6c51 ftp: fix reply without request 
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
 6 years ago
Victor Julien dc80d520af ftp: implement progress tracking 
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
 6 years ago
Victor Julien 8ae691155d ftp: be more strict with tx type 6 years ago
Jeff Lucovsky fb019213e7 eve/ftp: minor cleanups and fixes 6 years ago
Zach Kelly 1588cd8735 eve/ftp: Bug fix and banner capture 
1. Correct off-by-one error in server response whitespace removal
2. Include banner response (before first command entered)
 6 years ago
Jeff Lucovsky a04b1c1664 eve/ftp: Log initial responses 
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
 6 years ago
Jeff Lucovsky 2149807bd6 eve/ftp: Transaction support for unmatched requests 
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
 6 years ago
Jeff Lucovsky 1930b1f504 eve/ftp: Log FTP transactions 
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
 6 years ago
Philippe Antoine 94a976d47e ftp: removes one use of atoi 
Fixes only one small part of #3053
 6 years ago
Jeff Lucovsky de983fb7c9 app-layer-ftp: Potential memory leak fixed 
Ensure that when handling failures during STOR command
processing, that all memory is freed on the error path.
 7 years ago
Victor Julien 9132e4032a files: open files with track id only 7 years ago
Victor Julien 3ae2edb22a ftp: fix realloc handling to avoid valgrind warning 
Bug #2951
 7 years ago
Jeff Lucovsky 4f33b8c18d decode: Improved FTP active mode handling 
This changeset addresses 2 issues:
- 2459
- 2527
and improves handling for FTP active mode over IPv4 and IPv6.

Active mode is triggered when the FTP client conveys the port
that should be used for a data connection (PORT, EPRT).

When this occurs, the FTP state is marked as "active".
 7 years ago
Victor Julien 7e1235c9c8 eve/ftp: don't alloc memory to log filename 7 years ago
Victor Julien 7bc3c3ac6e app-layer: pass STREAM_* flags to parser 
Pass the STREAM_* flags to the app-layer parser functions so that
the parser can know more about how it is called.
 7 years ago
Eric Leblond 2515c8927b app-layer-ftp: fill direction of transfer 
This is required to return the file when asked with one direction.
 8 years ago
Victor Julien 7548944b49 app-layer: remove unused HasTxDetectState call 
Also remove the now useless 'state' argument from the SetTxDetectState
calls. For those app-layer parsers that use a state == tx approach,
the state pointer is passed as tx.

Update app-layer parsers to remove the unused call and update the
modified call.
 8 years ago