Commit Graph

12003 Commits (bc667a4a939c887bc298bbb865eda4338f8cea2f)
 

Author SHA1 Message Date
Victor Julien bc667a4a93 flow/storage: use dedicated 'id' type
Wrap the id in a new FlowStorageId struct to avoid id confusion with other
storage API calls.
5 years ago
Philippe Antoine d2d0e0adc9 rust: remove exported unused functions 5 years ago
Victor Julien 4b3be24506 app-layer/expectation: clean up storage id logic 5 years ago
Philippe Antoine 68d6922e3c ftp: fixes leak with duplicate expectation 5 years ago
Philippe Antoine cd8c2ef994 fuzz: use stream.midstream=true 5 years ago
Philippe Antoine e9b76a0e66 fuzz: specify protocol with fuzz target name
cf https://redmine.openinfosecfoundation.org/issues/4125

This allows fuzz_applayerparser_parse to fuzz one specific
app-layer protocol based on the binary name, as is done
with the environment variable FUZZ_APPLAYER
That is if we rename/copy to fuzz_applayerparser_parse_smb,
it will fuzz only SMB protocol
This way, we can easily produce different fuzz targets for
each protocol in oss-fuzz
5 years ago
Philippe Antoine 6da9a37285 rdp: correctly returns incomplete in parse_tc
Adding the already consumed bytes
In case an incomplete tls handshake is handled with/after
a refular rdp t123_tpkt
5 years ago
Philippe Antoine 3de0123ffb http2: adds check about dynamic headers table size 5 years ago
Andreas Herz c93073c246 rules: add newer rule files to makefile for release tarball 5 years ago
Jeff Lucovsky 2893b04ab0 general: Typo cleanup 5 years ago
Jeff Lucovsky 02ceac8b8d detect/threshold: Improve threshold.config perf
This commit improves performance when parsing threshold.config by
removing a loop-invariant to create a one-time object with the parsed
address(es).

Then, as needed, copies of this object are made as the suppression
rule(s) are processed.
5 years ago
Jeff Lucovsky e873632a28 detect/threshold: Function to deep-copy thresh obj
This commit adds a function to make a deep copy of a DetectThresholdData
object.

The function is used when parsing threshold.config items to make a
one-time object and then add copies as needed.
5 years ago
Jeff Lucovsky 11f9cc6524 detect/address: Expose DetectAddressCopy function 5 years ago
Philippe Antoine 1ca4f041bb http2: pass data through when decompression fails
as is done for HTTP1
5 years ago
Jeff Lucovsky ef62761e8c threshold-config: Improve support for big IP lists 5 years ago
Juliana Fajardini c6a35d09b7 templates: fix typos
- *template*files[ch][rs]: fix typos
- scripts/setup-app-layer: fix typos
5 years ago
Juliana Fajardini 4748826dc7 scripts/setup-app-layer: fix Makefile.am patch
adjust lines for patching /src/Makefile.am, as current generated
Makefile wasn't building Suricata.
Add suggestion to run "./configure" before running "make".
Add --logger and --parser options to examples.
5 years ago
Jason Ish 877e5214b8 logging: removed unused logger IDs
- pre-json dns logger
- unified2
- pre-json drop logger
5 years ago
Jason Ish 6853bf98fb dns: only register a single logger
DNS no longer requires a logger to be registered for to-client and
to-server directions. This has not been required with the stateless
design of the Rust DNS parser.
5 years ago
Victor Julien b1fee90392 output/tx: add warning to avoid future bugs 5 years ago
Victor Julien 3cc3df2172 output/tx: move eof checks out of logging loop 5 years ago
Victor Julien b05bd058e9 app-layer: minor code cleanups 5 years ago
Victor Julien 1098e3b7c6 app-layer: remove conditional logic around API calls
Remove logic that suggested some API calls could be conditional,
even though Suricata wouldn't even start up if they weren't
registered.
5 years ago
Jason Ish 4d5d7b4bd3 eve/netflow: use generic json context 5 years ago
Jason Ish a68d50608b eve/flow: use generic json context 5 years ago
Jason Ish 67c4621bdb eve/ftp: use generic json context
The FTP logger contained no extra data in its context so the
generic json context can be used.
5 years ago
Jason Ish 2d78afe4b0 eve: refactor CreateEveHeaderWithTx to include common options 5 years ago
Jason Ish 06ba611667 eve cleanup: remove duplicate/redundant code
The first change was to have CreateEveHeader add the common options
as this was left out in a few loggers. While update all the loggers
that use CreateEveHeader, remove redundant code, in particular
from loggers that don't need to use their own context but
can use the generic one.
5 years ago
Jason Ish 64330498f8 eve/mqtt: fix mqtt logging with threaded eve
Mqtt was not setting up a per-thread file context for logging
in threaded mode, leading a crash when used in threaded mode.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4404
5 years ago
Jeff Lucovsky dd8eeb6353 general: Correct typos 5 years ago
Jeff Lucovsky 11ec61d0b4 thresholds: Improve validation of threshold.config
This commit improves the handling of threshold.config. When used with
"-T", a non-zero return code occurs when the file cannot be validated.

To maintain legacy behavior, when "-T" is not used and threshold.config
contains one or more invalid lines, Suricata continues execution.
5 years ago
Jeff Lucovsky cb03455c04 error: Add code for threshold config validation
This commit adds a new warning code for threshold config file validation
failures.
5 years ago
Eric Leblond a73b5f0ea5 eve/ike: restore common option logging 5 years ago
Philippe Antoine 2997be6707 sslv2: precise detection pattern with probing parser 5 years ago
Philippe Antoine e8415f249b fuzz: adds structure aware target
so as not to fuzz libpcap
and generate structure aware signatures
5 years ago
Philippe Antoine 0105d4f017 rust: bump bitflags dependency version
So that lexical-core, needed by nom, and using bitflags
is used with version 0.7.5 instead of version 0.7.0
which fixed the fact that BITS is now a reserved keyword
in nightly version
5 years ago
Philippe Antoine cb150e97d0 kerberos: fix probing parser tag condition
according to the comment
5 years ago
Jason Ish abb3cc85d5 install: better warning on install-full and don't fail
If suricata-update is not available on "make install-full", don't
exit 1, instead give the reason why its not installed, but still
succeed the install.
5 years ago
Victor Julien ae29804a28 github-ci: add libnet to ubuntu-20-04-cov-sv builder 5 years ago
Victor Julien 398ebf9345 eve/drop: use highest priority drop
When adding the alert to a drop record make sure the add the highest
priority.

It would until now add all drops from high to low prio, effectively
overwriting the record each time.

Ticket #4397
5 years ago
Victor Julien 6cf44fc839 detect/alert: apply pd only actions to flow
Ticket #4394
5 years ago
Victor Julien 6c594d29db detect/alert: minor code refactor
Use a simpler reject check and move logic into util func.
5 years ago
Victor Julien fbcdd2ec26 detect/iponly: don't check & set flow flags twice
Per flow IP-only flags are checked and set by IP-only engine, so
no need to set/check them per alert.
5 years ago
Victor Julien 55a0e29c8e eve/ike: gracefully handle renamed output config 5 years ago
frank honza ab59ef0d79 ikev1: add documentation for ikev1 5 years ago
Sascha Steinbiss 37940180a8 ikev1: add metadata to alerts 5 years ago
Sascha Steinbiss e2dbdd7fd5 ikev1: add ikev1 parser 5 years ago
frank honza ecdf9f6b0b ikev1: rename ikev2 to common ike
Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.
5 years ago
frank honza ab6171c429 detect: added support for protocol-aliases 5 years ago
frank honza e9494ddd8f util: add function converting u8-array into a hex-String 5 years ago