aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,863 Commits
8 Branches
169 Tags
241 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd630db85f3'
${ noResults }
Commit Graph

626 Commits (d630db85f3d373531c49d7713b5b72297b0964b2)

Author SHA1 Message Date
Jason Ish c37f4b7e54 rust/ike: suppress some compile warnings when not debug 
Due to ef5755338f, the variables
that are only used for debug output now emit unused variable
warnings when Suricata is not built with debug. Prefix these
variables with _ to suppress these warnings.
 5 years ago
Shivani Bhardwaj 6a53185797 ikev2: remove transforms fields 5 years ago
Philippe Antoine d70bbb24f4 rust: SCLogDebug is real nop when built as release 
Before, even if there were no outputs, all the arguments
were evaluated, which could turn expensive

All variables which are used only in certain build configurations
are now prefixed by underscore to avoid warnings

(cherry picked from commit ef5755338f)
 5 years ago
Philippe Antoine 234cafdcfe detect: use u32 for InspectionBufferMultipleForList 
So that we do not have an endless loop casting index to
u16 and having more than 65536 buffers in one transaction

Changes for all protocols, even ones where it is impossible
to have such a pattern, so as to avoid bad pattern copy/paste
in the future

(cherry picked from commit 7d0a39412b)
 5 years ago
Philippe Antoine 80c3bc4827 dcerpc: handles bigger inputs than 2^16 
By comparing integers with the largest size

(cherry picked from commit 6f03ee2e47)
 5 years ago
Jason Ish 0e8a248b99 rust/template: suppress unread variable warning 
Suppress the warning about an unused variable in the template
parser. As this is just a template I think this is OK, however
master should make sure this variable is used, if only to be
more self documenting.
 5 years ago
Sascha Steinbiss b6fd5e0c2d rust: fix warnings with nightly 5 years ago
Philippe Antoine 41054a68ef http2: http.cookie keyword now works for HTTP2 
(cherry picked from commit 999327ba1f)
 5 years ago
Philippe Antoine 7d5dd8b5b2 http2: makes all HTTP1 header keywords work 
(cherry picked from commit 017e39d8fd)
 5 years ago
Philippe Antoine f81985596b http2: http.host.raw keyword now works for HTTP2 
(cherry picked from commit df039555bc)
 5 years ago
Philippe Antoine 9c1349ac18 http2: http.method keyword now works for HTTP2 
(cherry picked from commit 1e82d0b3c8)
 5 years ago
Philippe Antoine a79b784edd http2: http.user_agent keyword now works for HTTP2 
(cherry picked from commit 47928babfc)
 5 years ago
Philippe Antoine 00eadac277 http2: http.uri keyword now works for HTTP2 
cf #4067

(cherry picked from commit a98d0fe6ed)
 5 years ago
Philippe Antoine 9aa5c6aff0 rust: fix app-layer parser flags 
This especially allows for SSH bypass to work

(cherry picked from commit fdab22d924)
 5 years ago
Philippe Antoine 437b7d3348 ftp: completely parses pasv and epsv responses 
(cherry picked from commit ca6e434e0b)
 5 years ago
Philippe Antoine e0764e1e12 http2: make decompression a configure-time option 5 years ago
Philippe Antoine 56bda0f9cb http2: have filecontainer for both directions 
(cherry picked from commit 6fe8bce3b0)
 5 years ago
Philippe Antoine 2504b96c48 http2: adds check about dynamic headers table size 
(cherry picked from commit 3de0123ffb)
 5 years ago
Victor Julien a3f94435d3 http2: remove dead code 
(cherry picked from commit de280c47d9)
 5 years ago
Philippe Antoine eb250e5512 http2: remove assertion which can be wrong 
Brotli decoder stops consuming input it it reaches the
end of its input

(cherry picked from commit b3c502d572)
 5 years ago
Philippe Antoine 6109855bca http2: pass data through when decompression fails 
as is done for HTTP1

(cherry picked from commit 1ca4f041bb)
 5 years ago
Philippe Antoine 899a9b8e17 http2: decompression for files 
gzip and brotli decompression for files

(cherry picked from commit d861228214)
 5 years ago
Philippe Antoine 0e6ffb966f rust: BIT_U16 macro utility 
(cherry picked from commit 2e46b5d100)
 5 years ago
Philippe Antoine 9287f6ae7f rust: better panic message for missing file config 
(cherry picked from commit aee8e60149)
 5 years ago
Jason Ish a8e1172e7f rust: pin memchr to ~2.3 
2.4+ requires a newer version of Rust.
 5 years ago
Philippe Antoine 76a981f7a2 rdp: correctly returns incomplete in parse_tc 
Adding the already consumed bytes
In case an incomplete tls handshake is handled with/after
a refular rdp t123_tpkt

(cherry picked from commit 6da9a37285)
 5 years ago
Philippe Antoine effa7ac54f kerberos: fix probing parser tag condition 
according to the comment

(cherry picked from commit cb150e97d0)
 5 years ago
Philippe Antoine 90fdb53439 smb: relax probing parser to handle first NBSS message 
cf dcerpc-udp S-V test :
First message is Message Type: Session request (0x81)
Second message is SMB

(cherry picked from commit 8307010255)
 5 years ago
Philippe Antoine bfa66c6d6c smb: probing parser for start and midstream 
The probing parser is more strict at the start of the stream

(cherry picked from commit 1b6e81cd72)
 5 years ago
Philippe Antoine fe50461346 smb: split probing function for code style 
Introduces rs_smb_probe_tcp_midstream

(cherry picked from commit 9dc5258a21)
 5 years ago
Philippe Antoine 2c9a2cc895 protodetect: rename direction to flags 
And use whole flags in AppLayerProtoDetectPPGetProto

(cherry picked from commit c6aadf0dfa)
 5 years ago
Shivani Bhardwaj dd2285724e dcerpc: trigger raw assembly on record completion 
(cherry picked from commit 0ac5c5376a)
 5 years ago
Shivani Bhardwaj 772b8f61e7 rust/context: add AppLayerParserTriggerRawStreamReassembly 
(cherry picked from commit c77c8e7005)
 5 years ago
Shivani Bhardwaj a0fce7bb4e dcerpc/udp: improve detection 
Lately, Wireguard proto starting w pattern |04 00| is misdetected as
DCERPC/UDP which also starts with the same pattern, add more checks
to make sure that it is the best guess for packet to be dcerpc/udp.

(cherry picked from commit f967a49104)
 5 years ago
Shivani Bhardwaj d7a633a684 dcerpc: add probe function 
(cherry picked from commit 3641f1b522)
 5 years ago
Shivani Bhardwaj f8f0c2534e rust/applayer: split EOF flag per direction 
(cherry picked from commit d7a3523b12)
 5 years ago
Shivani Bhardwaj 6801590aa1 dcerpc/udp: remove transmute 
The book defines transmute as "This is really, truly, the most horribly unsafe
thing you can do in Rust. The guardrails here are dental floss."
Transmute can result into mind boggling undefined behaviors. Get rid of
it wherever possible.

(cherry picked from commit 0ca8591994)
 5 years ago
Victor Julien 5c940c363c rust: require test-case 1.0.1; don't use 1.1 5 years ago
Philippe Antoine f574663352 http2: files inspection API fixes 
uses right transaction id for file tracker
uses FILE_USE_DETECT for good matches with keyword startswith
 5 years ago
Philippe Antoine a63ee5adbd http2: allow multiple size updates in one headers batch 
cf RFC 7541 section 4.2
 5 years ago
Philippe Antoine 6181459086 smb: do not rely on one valid NBSS byte for probing 
Need to have the SMB header so as to validate
 5 years ago
Jason Ish f3c59ef8a6 rust: handle windows naming change from .lib to .a 
Prior to Rust 1.44, Cargo would name static libs with the .lib
extension. 1.44 changes this extension to .a when running under
a GNU environment on Windows like msys to make it more similar
to other unix environments.

Now assume static library name to be the same on Windows and
unix, but rename the .lib if found to still support older
versions of Rust on Windows.
 5 years ago
Victor Julien ba781265a4 dcerpc/udp: fix transaction handling and logging 
Implement missing transaction handling.

Fix logging wrongly casting 'state' to DCERPCState instead of
DCERPCUDPState leading to crashes and malformed output.

Remove unused fields from DCERPCUDPState.
 5 years ago
Philippe Antoine 8db78208f9 rust: fix warnings found by nightly compiler 
warning: getting the inner pointer of a temporary `CString`
this `CString` is deallocated at the end of the statement,
bind it to a variable to extend its lifetime
 5 years ago
Jason Ish 2f81f3fbe9 rust/log: clarify comment in non-debug mode SCLogDebug 6 years ago
Jason Ish a453d28bc6 rust/log: order log macros in descending order 
Readability cleanup.
- error, notice, ... debug
 6 years ago
Jason Ish 411a5d41c1 rust/log: expand macros after checking log level 
Expand macros in the do_log macro after checking the log level
instead of each log macro (ie: SCLogDebug) expanding the macros
then passing off to do_log to have the log level check.

Will eliminate any expense of expanding macros if this log level
does not permit the given message to be logged.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4114
 6 years ago
Shivani Bhardwaj 269324e84d dcerpc/log: Log fields particular to an RPC version 
Log fields that only are meant to be in a PDU for a particular RPC
version. Since DCERPC/UDP works on RPC version 4 and DCERPC/TCP works on
RPC version 5, there are certain fields that are particular to each
version.
Remove call_id from the logger for UDP.
Add activityuuid and seqnum fields to the logger for UDP.
call_id and (activityuuid + seqnum) fields are used to uniquely pair a
request with response for RPC versions 5 and 4 respectively.
 6 years ago
Ilya Bakhtin 2033f386f9 rust/dcerpc: Remove redundant fields 6 years ago
Ilya Bakhtin 2840a2e064 rust/dcerpc: Make tx_id u64 6 years ago