aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,857 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c3a220647b'
${ noResults }
Commit Graph

920 Commits (c3a220647b31b453b0fc14ecfb028defad2778dc)

Author SHA1 Message Date
Sam Muhammed c4bd3cd70e nfs4_records: add unittests 
Add unittests for setclientid, readdir records
Task #4866
 3 years ago
Pierre Chifflier c61cbd9b35 rust: simplify bits parser annotations 3 years ago
Pierre Chifflier 1b25bcbb13 rust/smb: simplify bits parser annotations 3 years ago
Pierre Chifflier 4d6aa6d532 rust: add 'bits' combinator to simplify nom bits parsers 
Add a specialized version of the 'bits' nom combinator so adding
bits-level parsers does not require type annotations.
 3 years ago
Victor Julien 44c9241b6a telnet: initial support with frames 
Bootstrapped using setup script. Basic option parsing for purpose
of tagging frames.
 3 years ago
Jason Ish 3cdefd5f8b smb: use derive AppLayerFrameType 3 years ago
Victor Julien 0c9fdf8f4f smb: implement frames 
SMB1 record parsing code simplification.

Frames:

    nbss.pdu
    nbss.hdr
    nbss.data

    smb1.pdu
    smb1.hdr
    smb1.data

    smb2.pdu
    smb2.hdr
    smb2.data

    smb3.pdu
    smb3.hdr
    smb3.data

The smb* frames are created for valid SMB records.
 3 years ago
Jason Ish 8a40b7b42e cbindgen: ignore frames module 3 years ago
Jason Ish de870e2fbf rust: derive macro for app-layer frame type 3 years ago
Jason Ish 0ece208074 rust/applayer: create trait for app-layer frame types 3 years ago
Jason Ish cb7f7a7e08 app/frames: implement rust API 3 years ago
Victor Julien e6f49e5a05 app/frames: implement name to id API for frames 3 years ago
Pierre Chifflier 3e19ccdc0c rust/http2: convert parser to nom7 functions (HTTP2 ranges) 3 years ago
Pierre Chifflier f8647b0ffb rust/http2: convert parser to nom7 functions (HTTP2 core functions) 3 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 3 years ago
Sam Muhammed 9bea850d53 nfs4_records: add unittests for nom7 parsers 
Task #4866
 3 years ago
Sam Muhammed 463fbdc36d nfs4_records: add missing field to res_sequence_ok() 
Missing _seqid in sequence op struct left a trailing four zeros
that are parsed by nfs4_res_compound_command() as a cmd
causing a Switch Error Code
 3 years ago
Sam Muhammed 4e2edd44aa nfs3-records: add unittests to nom7 parsers 
Task #4866
 3 years ago
Sam Muhammed 03906010a2 nfs3-records: add missing fields and update parsers 
Add missing fields to some record structures and
update their respective parsers
 3 years ago
Sam Muhammed 86c273dadc nfs2-records: add unittests for nom7 parsers 
Task #4866
 3 years ago
Victor Julien ddf14e51dc nfs2: improve READ parsing 
Take fill_bytes into account.
 3 years ago
Jason Ish 2011a5579c rust/app-layer: expose AppLayerEvent derive macro 
Export the AppLayerEvent derive macro so plugin (or library code) can
use it as expected, for example:

use suricata::applayer::AppLayerEvent;

enum MyEvent {
    EventOne,
    EventTwo,
}
 3 years ago
Jason Ish ba310440a6 rust/derive: make usable from a plugin or lib user 
The macro was generating code that references names use the "crate"
prefix which will fail if the macro is used by a library user or plugin.
Dynamically check where we are running an use the correct import paths
as needed.
 3 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust) 
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
 3 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro 
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
 3 years ago
Jason Ish 50fdcd098c rust/http2: use base64 crate for base64 decode 3 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation 
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
 3 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64 
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
 3 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 3 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 3 years ago
Jason Ish 0861b66e15 dns: add dns flag to dns request logging 
Ticket #4515
 3 years ago
Odin Jenseg dfb6f105e8 dns: Logging of Z-bit 
[Edit by Jason Ish: fix flag bit value]

Ticket #4515
 3 years ago
Jason Ish fcbdc30426 dns: create transaction even if z-bit was set 
It appears that DNS servers will still process a DNS request even if the
z-bit is set, our parser will fail the transaction. So create the
transaction, but still set the event.

Ticket #4924
 3 years ago
Pierre Chifflier d67f8f9196 rust/smb: convert parser to nom7 functions (SMB1) 3 years ago
Pierre Chifflier 895a54cea4 rust/smb: convert parser to nom7 functions (DCERPC records) 3 years ago
Pierre Chifflier 8d77ce1ffc rust/smb: convert parser to nom7 functions (SMB2) 3 years ago
Pierre Chifflier 5cadb878ff rust/smb: convert parser to nom7 functions (SMB3) 3 years ago
Pierre Chifflier 4c97dfa851 rust/smb: convert parser to nom7 functions (NTLM/SSP records) 3 years ago
Pierre Chifflier 3da816eb23 rust/smb: convert parser to nom7 functions (NBSS records) 3 years ago
Pierre Chifflier 90f9450971 rust: add nom7 combinator take_until_and_consume 3 years ago
Philippe Antoine 87d9c44ec5 rust: export constants via cbindgen 
so that constants are not defined twice in Rust anc C
So that we are sure they have the same value
 3 years ago
Philippe Antoine 784558df2e mime: handles multiple sections for a parameter 
Ticket: 4386

as per RFC2231.
For instance filename can be split between filename*0,
filename*1, etc...
 3 years ago
Philippe Antoine 8feb9c35ae mime: move FindMimeHeaderTokenRestrict to rust 
Also fixes the case where the token name is present
in a value
 3 years ago
Philippe Antoine 1b10848d84 mqtt: fix transaction completion 
Ticket: 4862

A transaction to client is always considered
complete in the direction to server and vice versa.
Otherwise, transactions are never complete for
AppLayerParserTransactionsCleanup
 3 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 3 years ago
Philippe Antoine 0caaf6bd23 range: prevents memory leak of file from HTTP2 
Ticket: 4811
Completes commit c023116857

state.free should also close files with ranges
as state.free_tx did already

And file_range field should be reset so that there is no
use after free.
 3 years ago
Jeff Lucovsky 23faeaea5c ftp: Remove diagnostic print 
This commit removes a diagnostic message displayed during extraction of
the EPSV port.
 3 years ago
Philippe Antoine c023116857 range: prevents memory leak of file from HTTP2 
If a HTTP2 transaction gets freed before the end of the range
request, we need to have the files container which is in
the state, to transfer owernship of this file to the files
container.

Ticket: 4811
 3 years ago
Pierre Chifflier acb3ec6db1 rust/nfs: convert parser to nom7 functions (NFS v2 records) 3 years ago
Pierre Chifflier ea1d03f8e3 rust/nfs: add a maximum number of operations per compound 
The `count` combinator preallocates a number of bytes. Since the value
is untrusted, this can result in an Out Of Memory allocation.
Use a maximum value, large enough to cover all current implementations.
 3 years ago
Pierre Chifflier 0ffe123330 rust/nfs: convert parser to nom7 functions (NFS v3 and v4 records) 3 years ago
Jason Ish eb6cc62937 dhcp: fix url in comment 
rustdoc was complaining about the format of the URL in a comment
while trying to generate documentation. Convert the comment to a
non-rustdoc comment for now to satisfy rustdoc.
 3 years ago
Jason Ish b57280ff48 rdp: fix transaction id 
By our convention the transaction ID is incremented then applied
to the new transaction. And the generic transaction iterator
requires this behaviour.
 3 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 3 years ago
Jason Ish f4b4d531b0 rdp: add tx iterator 3 years ago
Jason Ish 238ec953b7 krb5: use tx iterator 3 years ago
Jason Ish ef0c351953 ntp: add tx iterator 3 years ago
Jason Ish 871fb035b4 sip: add tx iterator 3 years ago
Jason Ish d6b2d7e16a ike: add tx iterator 
For IKE the manual iterator functions were there, but never
registered. So this commit does add a tx iterator to ike.
 3 years ago
Jason Ish 3f2d2bc12b snmp: use generic tx iterator 3 years ago
Jason Ish ac4c5ada2f dhcp: use generic tx iterator 3 years ago
Jason Ish 54e62ddf71 http2: use generic tx iterator 3 years ago
Jason Ish 6cffecfe3e template: use generic tx iterator 3 years ago
Jason Ish a936755731 nfs: use generic tx iterator 3 years ago
Jason Ish 0188a01daf rfb: use generic tx iterator 3 years ago
Jason Ish b335409690 mqtt: use generic tx iterator 3 years ago
Jason Ish d71bcd82d9 modbus: use generic tx iterator 3 years ago
Jason Ish fcfc9876ce smb: use generic tx iterator 3 years ago
Jason Ish 049d43212e rust/app-layer: provide generic implementation of iterator 
Create traits for app-layer State and Transaction that allow
a generic implementation of a transaction iterator that parser
can use when the follow the common pattern for iterating
transactions.

Also convert DNS to use the generic for testing purposes.
 3 years ago
Shivani Bhardwaj 26c7d3cc35 http2: remove needless borrows 3 years ago
Shivani Bhardwaj f3a1e3b92e core: Remove unneeded consts 3 years ago
Shivani Bhardwaj b5a123adb1 ssh: use Direction enum 3 years ago
Shivani Bhardwaj baf30cfc05 snmp: use Direction enum 3 years ago
Shivani Bhardwaj 89cb337930 smb: use Direction enum 3 years ago
Shivani Bhardwaj 8f9f78c2d0 sip: use Direction enum 3 years ago
Shivani Bhardwaj 11c438a07d nfs: use Direction enum 3 years ago
Shivani Bhardwaj a7ac79bed7 mqtt: use Direction enum 3 years ago
Shivani Bhardwaj 209e2f17fa krb: use Direction enum 3 years ago
Shivani Bhardwaj 243960a511 ike: use Direction enum 3 years ago
Shivani Bhardwaj ee5b300ccf http2: use Direction enum 3 years ago
Shivani Bhardwaj 0c6e9ac931 files: use Direction enum 3 years ago
Shivani Bhardwaj a19d2b4e1e dns: use Direction enum 3 years ago
Shivani Bhardwaj a866499bca dcerpc: use Direction enum 3 years ago
Shivani Bhardwaj 9512bfd729 core: add Direction enum 
Ticket: 3832
 3 years ago
Philippe Antoine 3212fa7d2b ntp: fixes leak of de_state 
Bug: #4752.
 3 years ago
Philippe Antoine 28a3181a2d snmp: fixes leak of de_state 
Bug: #4752.
 3 years ago
Philippe Antoine f37240a3e2 smb: midstream probing checks for netbios message type 
If it is available

Bug: #4620.
 3 years ago
Philippe Antoine 8f8823b6f2 rust: right condition for both uint to be zero 
Theay can overflow leading to their addition to be zero

If a NFS read reply indicates a count of 0xFFFFFFFF

Bug: #4680.
 3 years ago
Pierre Chifflier ce652511bd rust/tftp: convert parser to nom7 functions 3 years ago
Pierre Chifflier c525a1337c rust/dns: convert parser to nom7 functions 3 years ago
Pierre Chifflier 74be8b94ec rust/ssh: convert parser to nom7 functions 3 years ago
Pierre Chifflier 8a584c211e rust/mqtt: convert parser to nom7 functions 3 years ago
Pierre Chifflier d27125d77a rust/sip: convert parser to nom7 functions 3 years ago
Pierre Chifflier 1046a7d1a3 rust/ftp: convert parser to nom7 functions 3 years ago
Pierre Chifflier ebd5883da8 rust/dhcp: convert parser to nom7 functions 3 years ago
Pierre Chifflier 17170c41aa rust: add nom7 dependency 3 years ago
Modupe Falodun a87c7e5c08 rust: remove unnecessary nested match 
Bug: #4605
 3 years ago
Modupe Falodun 74c39500c3 rust: fix inherent to string 
Bug: OISF#4618
 3 years ago
Sam Muhammed 922a453da5 rust(lint): use is_null() instead of ptr::null_mut() 
Bug: #4594
 3 years ago
Sam Muhammed 23768c7181 rust(lint): use is_null() instead of ptr::null() 
Bug: #4594
 3 years ago