suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	6750274d48	app-layer: make some arrays even more dynamic Ticket: 5053 Do not asume that we know the number of alprotos at the end of AppLayerNamesSetup, but make arrays allocated by later AppLayerProtoDetectSetup dynamic so that it can be reallocated from AppLayerParserRegisterProtocolParsers This helps have a single entry point for a protocol like SNMP	7 months ago
Jason Ish	22b77b0c56	conf: prefix conf API with SC	8 months ago
Lukas Sismis	59c3b8912b	util-mpm: prepare MPM codebase for ruleset caching	8 months ago
Philippe Antoine	4a82bb7866	app-layer: improve limits on number of probing parsers There was an implicit limit of 32 app-layer protocols used by probing parsers through a mask, meaning that Suricata should not support more than 32 app-layer protocols in total. This limit is relaxed to each flow not being able to run more than 32 probing parsers, meaning that for each source and destination port combination, the sum of registered probing parsers should not exceed 32, even if there are more than 32 in total. Also sets probing parsers done sooner in the case the other side of the connection was detected first. Ticket: 7437	8 months ago
Ilya Bakhtin	fec06f8ac3	protodetect: simplify code since DCERPC UDP detection is improved Protocol detection code is simplified. Removed dependency on explicit alproto constants from the common part of code that must not be aware of the each specific protocol features. Ticket - 7111	10 months ago
Philippe Antoine	b5094b00b6	protodetect: finish probing parser sooner Ticket: 7495 We want to finish also if we tested all the expected protocols in mask, or if we tested even more. There can be one more protocol coming from pe0, which can be the protocol already found in the other direction.	10 months ago
Philippe Antoine	ae1a4ef757	app-layer: make number of alprotos dynamic Ticket: 5053 The names are now dynamically registered at runtime. The AppProto alproto enum identifiers are still static for now. This is the final step before app-layer plugins.	10 months ago
Philippe Antoine	e6be049c5d	app-layer: move ALPROTO_FAILED definition Because some alprotos will remain static and defined as a constant, such as ALPROTO_UNKNOWN=0, or ALPROTO_FAILED. The regular already used protocols keep for now their static identifier such as ALPROTO_SNMP, but this could be made more dynamic in a later commit. ALPROTO_FAILED was used in comparison and these needed to change to use either ALPROTO_MAX or use standard function AppProtoIsValid	10 months ago
Philippe Antoine	9e9333b7d0	protodetect: use dynamic number of app-layer protos for alproto_names Ticket: 5053	10 months ago
Philippe Antoine	61657c8ec6	protodetect: use dynamic number of app-layer protos for expectation_proto Ticket: 5053	10 months ago
Philippe Antoine	6b7349dbc1	protodetect: make expectation_proto part of AppLayerProtoDetectCtx instead of a global variable. For easier initialization with dynamic number of protocols	10 months ago
Philippe Antoine	0ccad8fd88	doh: make dns and http keywords for doh2 Ticket: 5773	1 year ago
Philippe Antoine	1e82e20c65	doh: implement dns over http2 app-proto Ticket: 5773	1 year ago
Philippe Antoine	0d4efe0c0f	app-layer: fix -Wshorten-64-to-32 warnings Ticket: #6186 Warnings about downcast from 64 to 32 bits	1 year ago
Philippe Antoine	a262e203f9	src: remove some unused parameters	1 year ago
Philippe Antoine	78b766048e	protodetect: run expected probing parser When there is a protocol change, and a specific protocol is expected, like WebSeocket, always run it, no matter the port.	2 years ago
Philippe Antoine	155d671b26	protodetect: allows not port-based probing parsers As for WebSocket which is detected only by protocol change.	2 years ago
Philippe Antoine	97d94b1067	protodetect: remove unused field port is used in AppLayerProtoDetectProbingParserPort and not in AppLayerProtoDetectProbingParserElement	2 years ago
Jeff Lucovsky	ec1482cf48	calloc: Use nmemb with SCCalloc This commit modifies calls to SCCalloc that had a member count of 1 and a size count calculated as: element_count * sizeof(element).	2 years ago
Jeff Lucovsky	193e0ea1a9	memory/alloc: Use SCCalloc instead of malloc/memset	2 years ago
Victor Julien	68a2fcaad3	mpm: thread ctx cleanups Remove unused thread ctx' from AC variants Use single thread store in detection. Minor cleanups.	2 years ago
Philippe Antoine	30b5338af3	fuzz: enable by default all protocols That means DNP3, ENIP and NFS Ticket: #6189	2 years ago
Victor Julien	fd36459c96	spm: reduce spm_matcher size to uint8_t No more space is needed.	2 years ago
Victor Julien	f28459ed78	app-layer: spelling	3 years ago
Philippe Antoine	5b2605bdfe	debug: use AppProtoToString instead of recoding it. This way, setup-app-layer.py needs to patch one file less	3 years ago
Victor Julien	b31ffde6f4	output: remove error codes from output	3 years ago
Jason Ish	4a7567b3f0	template: rename template-rust to template Remove the distinction between the C template protocol "template" and the Rust template protocol "template-rust" and make the Rust parser simply template now that we no longer have support to generate a C protocol template.	3 years ago
Jason Ish	8683154115	templates: remove C app-layer templates	3 years ago
Philippe Antoine	ad713246a9	src: remove double includes Keep the unconditional include to be sure it works git grep '#include "' src/*.c \| sort \| uniq -c \| awk '$1 > 1'	3 years ago
Aaron Bungay	86037885a9	bittorrent-dht: add bittorrent-dht app layer Parses and logs the bittorrent-dht protocol. Note: Includes some compilation fixups after rebase by Jason Ish. Feature: #3086	3 years ago
Victor Julien	39cf5b151a	src: includes cleanup Work towards making `suricata-common.h` only introduce system headers and other things that are independent of complex internal Suricata data structures. Update files to compile after this. Remove special DPDK handling for strlcpy and strlcat, as this caused many compilation failures w/o including DPDK headers for all files. Remove packet macros from decode.h and move them into their own file, turn them into functions and rename them to match our function naming policy.	3 years ago
Victor Julien	b9ad1d1260	app-layer: fix compiler warning	3 years ago
Victor Julien	e250ef6402	debug: remove empty header	3 years ago
Philippe Antoine	11f849c3ee	protocol-change: sets event in case of failure Protocol change can fail if one protocol change is already occuring. Ticket: #5509	3 years ago
Jason Ish	f1f43cba5e	app-layer: don't wrap around on port 65535 A port value of 65535 caused the port value to wrap-around to 0 resulting in an infinite loop. Fixes: `53fc70a9a7` ("protodetect: fix int warnings")	3 years ago
Philippe Antoine	02f2602dde	src: rework includes as per cppclean	3 years ago
Victor Julien	84448d3bae	tests: remove unnecessary flow locks Added once to satisfy debug validation, but we don't mix unittests and debug validation anymore. sed -i -E '/.FLOWLOCK_.LOCK/d' *.c	3 years ago
Philippe Antoine	edd163252d	protodetect: be more tolerant Do not mask protocols on both directions with only first packet For instance : When the first packet is no valid DNS but on port 53 (a junk request) second packet (error response from server) does not get checked for DNS as first packet bit masked away DNS for both directions Ticket: #2757	4 years ago
Philippe Antoine	cedffdf14c	protocol: forbids concurrent protocol upgrades Ticket: 5243 When switching from SMTP to TLS, and getting HTTP1 instead of expected TLS, and HTTP1 requesting upgrade to HTTP2, we do not overwrite the alproto_orig value so as not to have type confusion in AppLayerParserStateProtoCleanup	4 years ago
Philippe Antoine	f30975fb16	app-layer: fix integer warnings Ticket: 4516	4 years ago
Philippe Antoine	bf30eb344a	detect: checking validity of rules with http protocol We want to check that a rule beginning with alert http can be valid, that is if either HTTP1 or HTTP2 is enabled. So, AppLayerProtoDetectGetProtoName will do a more complex check for this ALPROTO_HTTP (any).	4 years ago
Juliana Fajardini	579d7dcc01	pgsql: add initial support - add nom parsers for decoding most messages from StartupPhase and SimpleQuery subprotocols - add unittests - tests/fuzz: add pgsql to confyaml Feature: #4241	4 years ago
Emmanuel Thompson	7e51987263	quic: Add QUIC App Layer Parses quic and logs a CYU hash for gquic frames	4 years ago
Victor Julien	44c9241b6a	telnet: initial support with frames Bootstrapped using setup script. Basic option parsing for purpose of tagging frames.	4 years ago
Philippe Antoine	53fc70a9a7	protodetect: fix int warnings There is actually a real evasion with AppLayerProtoDetectPMGetProto using u16 instead of u32 for buflen	4 years ago
Philippe Antoine	ea4a509a54	app-layer: disable by default if not in configuration DNP3, ENIP, HTTP2 and Modbus are supposed to be disabled by default. That means the default configuration does it, but that also means that, if they are not in suricata.yaml, the protocol should stay disabled.	4 years ago
Jeff Lucovsky	1eeb96696b	general: Cleanup bool usage	5 years ago
frank honza	ecdf9f6b0b	ikev1: rename ikev2 to common ike Renaming was done with shell commands, git mv for moving the files and content like find -iname '*.c' \| xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.	5 years ago
frank honza	ab6171c429	detect: added support for protocol-aliases	5 years ago
Philippe Antoine	660e9e489b	protodetect: only run ProbingParserTc if STREAM_TOCLIENT	5 years ago

1 2 3 4 5 ...

270 Commits (dbc2f9d1db7cecab3cbbd9fb9fbc9fca9835b272)