Commit Graph

13175 Commits (d1a4dae36b636190235c07cdc88cd842f650de9c)
 

Author SHA1 Message Date
Victor Julien 1957c46efc threads: remove usused code; wrap in guards 4 years ago
Victor Julien e593dda356 threads: remove unused function 4 years ago
Victor Julien b55c8909c3 unittests: wrap unittest registration in guards 4 years ago
Victor Julien 905050a053 app-layer/profiling: hide profiling code behind guards 4 years ago
Victor Julien 93050c26b3 app-layer/events: remove unused function 4 years ago
Victor Julien 893ba84c0e output/frames: fix eof var overwrite 4 years ago
Victor Julien 1282b179cc stream/reassembly: reduce scope of variable 4 years ago
Victor Julien 3f375fd444 stream/buffer: remove redundant check 4 years ago
Victor Julien 002b335b4a decode/checksums: constify pointer args 4 years ago
Victor Julien 350be6cbac detect/state: address cppcheck warnings
src/detect-engine-state.c:127:91: style: Suspicious calculation. Please use parentheses to clarify the code. The code ''a&b?c:d'' should be written as either ''(a&b)?c:d'' or ''a&(b?c:d)''. [clarifyCalculation]
    DetectEngineStateDirection *dir_state = &state->dir_state[direction & STREAM_TOSERVER ? 0 : 1];
                                                                                          ^
src/detect-engine-state.c:194:53: style: Suspicious calculation. Please use parentheses to clarify the code. The code ''a&b?c:d'' should be written as either ''(a&b)?c:d'' or ''a&(b?c:d)''. [clarifyCalculation]
    de_state->dir_state[direction & STREAM_TOSERVER ? 0 : 1].filestore_cnt += file_no_match;
                                                    ^
src/detect-engine-state.c:201:57: style: Suspicious calculation. Please use parentheses to clarify the code. The code ''a&b?c:d'' should be written as either ''(a&b)?c:d'' or ''a&(b?c:d)''. [clarifyCalculation]
    if (de_state->dir_state[direction & STREAM_TOSERVER ? 0 : 1].filestore_cnt == sgh->filestore_cnt)
                                                        ^
4 years ago
Victor Julien 4feb0529a4 detect/file: minor code cleanup
Reduce scope where possible. Suggested by cppcheck.
4 years ago
Victor Julien a535cc5a25 runmodes: fix more warnings 4 years ago
Victor Julien f0479987ff memcmp: no-simd no case loop can scan forward 4 years ago
Victor Julien 0fc7ba45aa memcmp: use SCMEMCMP_BYTES everywhere; general cleanups 4 years ago
Victor Julien 87c5d69437 memcmp: work around GCC 12+ 'blend' issues
Since GCC 12 the memcmp code using `_mm_blendv_epi8` failed to work.
Inspection of the disassembled objects suggests that it simply omits
the instruction on systems that are not AVX512 capable. On AVX512
it does replace it with VPCMPB logic that appears to work.

Luckily our use of blend is actually uncessary. A simple AND is sufficient.

Bug: #5312.
4 years ago
Victor Julien ca97ed4436 memcmp: remove unreachable code from memcmp simd
cppcheck:

src/util-memcmp.h:281:18: warning: Identical condition 'len-offset<16', second condition is always false [identicalConditionAfterEarlyExit]
        if (diff < 16) {
                 ^
src/util-memcmp.h:280:24: note: 'diff' is assigned value 'len-offset' here.
        int diff = len - offset;
                       ^
src/util-memcmp.h:269:33: note: If condition 'len-offset<16' is true, the function will return/exit
        if (likely(len - offset < 16)) {
                                ^
src/util-memcmp.h:281:18: note: Testing identical condition 'len-offset<16'
        if (diff < 16) {
                 ^
src/util-memcmp.h:344:18: warning: Identical condition 'len-offset<16', second condition is always false [identicalConditionAfterEarlyExit]
        if (diff < 16) {
                 ^
src/util-memcmp.h:343:24: note: 'diff' is assigned value 'len-offset' here.
        int diff = len - offset;
                       ^
src/util-memcmp.h:318:33: note: If condition 'len-offset<16' is true, the function will return/exit
        if (likely(len - offset < 16)) {
                                ^
src/util-memcmp.h:344:18: note: Testing identical condition 'len-offset<16'
        if (diff < 16) {
                 ^
src/util-memcmp.h:171:18: warning: Identical condition 'len-offset<16', second condition is always false [identicalConditionAfterEarlyExit]
        if (diff < 16) {
                 ^
src/util-memcmp.h:170:24: note: 'diff' is assigned value 'len-offset' here.
        int diff = len - offset;
                       ^
src/util-memcmp.h:159:33: note: If condition 'len-offset<16' is true, the function will return/exit
        if (likely(len - offset < 16)) {
                                ^
src/util-memcmp.h:171:18: note: Testing identical condition 'len-offset<16'
        if (diff < 16) {
                 ^
src/util-memcmp.h:233:18: warning: Identical condition 'len-offset<16', second condition is always false [identicalConditionAfterEarlyExit]
        if (diff < 16) {
                 ^
src/util-memcmp.h:232:24: note: 'diff' is assigned value 'len-offset' here.
        int diff = len - offset;
                       ^
src/util-memcmp.h:208:33: note: If condition 'len-offset<16' is true, the function will return/exit
        if (likely(len - offset < 16)) {
                                ^
src/util-memcmp.h:233:18: note: Testing identical condition 'len-offset<16'
        if (diff < 16) {
                 ^
4 years ago
Victor Julien 9bdf18a3b0 detect/iponly: fix debug compiler warning 4 years ago
Jason Ish dfe76bb905 dcerpc: convert transaction list to vecdeque
Allows for more efficient removal from front of the list.

Ticket: #5271
4 years ago
Jason Ish 8790968281 mqtt, rdp: fix copyright dates 4 years ago
Philippe Antoine c78722a671 rust: RustParser same fields as AppLayerParser
So that there is no problem when crossing FFI
4 years ago
Sascha Steinbiss af745e4cc4 configure.ac: handle undefined LEVEL1_DCACHE_LINESIZE
On some platforms (riscv64, s390x) this value is "undefined" as returned
from getconf. We also need to handle this to avoid using the string
"undefined" blindly in further #defines.
4 years ago
jason taylor d799956348 doc: add note about file.data and file_data
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor 83f2056d20 doc: update file_data to file.data keyword
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor cd54d0dbc8 doc: remove extra newline in order to match style
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
jason taylor 38bd775ca0 doc: remove extraneous + characters
Signed-off-by: jason taylor <jtfas90@gmail.com>
4 years ago
Victor Julien 07bf921451 ftp-data: fix direction for active mode commands
Set correct direction for PORT mode, where the server connects
to the client.

The direction is not also strictly enforced. No data in the wrong
direction will be accepted to setup the file or to be added to the
file after setup.

This also fixes files getting closed twice.

Adds some general cleanups.

Bug: #3542.
4 years ago
Sam Muhammed 323fe1c1ac nfs3/records: Fix typo
Fix response_lookup unittest name
4 years ago
Philippe Antoine 94bcba4ea3 template: convert GetTx to SCLogDebug
as it is especially verbose for fuzzing
4 years ago
Jason Ish cd42c33195 scripts/bundle: use git instead of tar.gz
To better fit with our current CI processes, use git to clone the
suricata-update and libhtp dependencies.  The requirements.txt file has
been modified to take a repo URL and a `-b` command line option for tag
or branch.

For the master branch we will use the libhtp 0.5.x branch and the
suricata-update master branch.

Also allows for repo and branch names to be overrided with environment
variables:
- SU_REPO
- SU_BRANCH
- LIBHTP_REPO
- LIBHTP_BRANCH
4 years ago
Philippe Antoine 73ed780095 decode: fix integer warnings
Ticket: 4516
4 years ago
Jason Ish 9645285dff ftp: truncate first segment if over max length
The first segment was not limited to the configured maximum line length
allowing it to be up to 65k. This could result in the next input length
being negative, which while handled properly by the code, did trigger a
debug validation assertion.

The fix is to be consistent and apply the limit to the first segment as
well, which does ensure the input_len could never be less than 0.

Ticket #5281
4 years ago
Jason Ish b8b6a17a5b dns: add pdu frame
Adds a PDU frame to the DNS parser. For UDP this is the DNS payload
portion of the DNS packet, for TCP this is the payload minus the leading
legth field.

Ticket: 4984
4 years ago
Jason Ish 8d1840f595 frames(rust): don't call into C if running Rust unit tests
Wrap the calls behind frames to C code if a `cfg!(not(test))` so they
don't get compiled when running Rust unit tests.  Linkage to C functions
is not yet available for Rust unit tests, and this will keep the check
out of individual parsers.

Ticket: 4984
4 years ago
Jason Ish c74ea3840d frames (rust): method to create StreamSlice from slice
Useful in unit test for function that require a StreamSlice.
4 years ago
Jason Ish 6ceeb08351 doc/userguide: updates for eve dns v1 removal
Ticket: #4157
4 years ago
Jason Ish d712a8b29d eve/dns: remove dns v1 logging
Removal of DNS v1 logging was scheduled to be removed in May 2022.

Ticket: #4157
4 years ago
dependabot[bot] 83ca75fc3a github-actions: bump github/codeql-action from 2.1.8 to 2.1.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.8 to 2.1.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](1ed1437484...7502d6e991)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
4 years ago
Juliana Fajardini 192360aa05 detect: update copyright years 4 years ago
Juliana Fajardini 29b5f68bf0 assorted: fix low hanging typos 4 years ago
Juliana Fajardini 1956dc3d5d userguide: explain alert queue behavior and stats
Added sections along packet-alert-max config section explaining
packet alert queue overflow (when Suri reaches packet alert max), when
alerts are discarded etc.

Since from the user perspective it shouldn't matter how we process the
alert queue, the term "replace" is used, even though there's not exactly
a replacing action happening, with the queue bein pre-processed before
being appended to the Packet.

Also described the associated stats and added an explanation on when to
change packet-alert-max.

Task #5178
4 years ago
Juliana Fajardini 877b32c1e4 detect/stats: log out total of suppressed alerts
Related to
Task #4943
Task #5179
4 years ago
Juliana Fajardini 8616c90fe7 detect/stats: log out total of discarded alerts
Add a counter to our stats log with the total of alerts that have been
discarded due to packet alert queue overflow.

Task #5179
4 years ago
Juliana Fajardini 9b275d3878 detect/alert: move apply-action-flow code to func
Trying to clean PacketAlertFinalize a bit more.
4 years ago
Juliana Fajardini e4e688a9b0 detect/alert: remove unused functions
Since we now only copy the PacketAlerts to the Packet's queue after
processing them, we no longer do packet alert appending from
detect-engine-alert, nor do we remove PacketAlerts from the queue (if
they're discarded by overflow or thresholding, they're not copied to the
final alert queue).

Task #4943
4 years ago
Juliana Fajardini 185b43edff detect/alert: preprocess then append alert queue
Do all alert queue processing before actually appending
the PacketAlerts to the Packet's alert queue.

Task #4943
4 years ago
Juliana Fajardini a85340b1ab detect/alert: use tx id in alert if frame has it
Task #4943
4 years ago
Juliana Fajardini aa547a8de3 detect/engine: use alert queue from det_ctx
Task #4943
4 years ago
Juliana Fajardini 88805f03ee detect/alert: add infra for new alert queue
Initial work to bring part of the alert queue processing to
DetectEngineThreadCtx.

Task #4943
4 years ago
Juliana Fajardini 49542d0f1b doc/userguide: explain packet-alert-max config
Task #4207
4 years ago
Juliana Fajardini 3ace577d54 decode: make packet_alert_max configurable
The maximum of possible alerts triggered by a unique packet was
hardcoded to 15. With usage of 'noalert' rules, that limit could be
reached somewhat easily. Make that configurable via suricata.yaml.

Conf Bug#4941

Task #4207
4 years ago