aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,367 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e1e03c25c9'
${ noResults }
Commit Graph

1014 Commits (e1e03c25c9c4289e10bbcadd0fd86ab41a3e4003)

Author SHA1 Message Date
Jason Ish c862e84c01 rust/frames: cleanups 
- Implement the Display trait on Direction to print "toserver" or
  "toclient" which used in a format string.

- Use Direction struct inside Frame instead of a u32.  Requires a helper
  method as there are two representation in C for direction, and the C
  methods for frames don't use the internal representation of the
  Direction enum (some sweeping changes could help here)
 3 years ago
Jason Ish f92708b8ca rust/frames: derive direction from StreamSlice 
On the Rust side, a Frame requires a StreamSlice to be created. We can
derive the direction from the StreamSlice removing the need for callers
to provide the direction when operating on the frame.
 3 years ago
Jason Ish b39d7f46e7 dns/tests: fix StreamSlice to satisfy debug validation 3 years ago
Philippe Antoine f3b6fd3329 quic: update to nom7 3 years ago
Philippe Antoine 95125811b8 quic: reassemble crypto frames and parse it 3 years ago
Philippe Antoine f242fb7f22 quic: events and rules on them 3 years ago
Philippe Antoine b9c1d9e86b quic: parse gquic version Q039 
Ticket: #5166
 3 years ago
Philippe Antoine 018fef5ef8 quic: ja3 computation and logging and detection 
Logging as is done in TLS.

Detection using the generic generic ja3.string keyword

Ticket: #5143
 3 years ago
Philippe Antoine c6cf61a39b quic: complete parsing of initial for non gquic 
The format of initial packet for quic ietf, ie quic v1,
is described in rfc 9000, section 17.2.2

Parse more frames and logs interesting extensions from crypto frame

Do not try to parse encrypted data, ie after we have seen
a crypto frame in each direction.

Use sni from crypto frame with tls for detection already implemented

Ticket: #4967
 3 years ago
Philippe Antoine 7044131c39 quic: rustfmt 3 years ago
Philippe Antoine 0c346af4a9 rust: bump up digest crates 
so that we can use hkdf crate for quic
 3 years ago
Philippe Antoine 2294e9cdbc rdp: bump up tls-parser crate version 
so that we can use new functions in quic parser
 3 years ago
Philippe Antoine 11e0eb9c89 quic: do not log empty cyu array 
Ticket: #5167
 3 years ago
Philippe Antoine 632581ac95 ike: do not log empty notify array 
Ticket: #5167
 3 years ago
Philippe Antoine 262a93ce18 mqtt: do not log reason_codes if there is none 
Ticket: #5167
 3 years ago
Philippe Antoine 1621f5e453 detect/nfs: use inclusive ranges 3 years ago
Philippe Antoine ed6955ee98 detect: use generic integer functions for iprep 
Ticket: #4112
 3 years ago
Philippe Antoine cfb60d0fce detect: use generic integer functions for urilen 
Ticket: #4112
 3 years ago
Philippe Antoine c57052181c snmp: rustfmt detect.rs 3 years ago
Philippe Antoine c7214be99b snmp: adds usm keyword 
as is logged

Ticker: #5416
 3 years ago
Philippe Antoine eb1c2a6083 smb: use default stream-depth 0 by default 
As broken by commit e5c948df87

Ticket: #5390
 3 years ago
Philippe Antoine c585be338c nfs: fix arbitrary allocation 
Bug introduced by https://github.com/OISF/suricata/pull/7111

Nom's count begins by allocating a Vector, which leads to arbitrary
allocation due to flavors_cnt coming from network, and not even
being checked against i.len()

Ticket: #5237
 3 years ago
Philippe Antoine 26dc70648c dns: remove unused events field from state 
found overflowing by oss-fuzz
 3 years ago
Philippe Antoine d1a4dae36b detect: use generic integer functions for streamsize 
By the way, adds the prefilter feature

Ticket: #2697
Ticket: #4112
 3 years ago
Philippe Antoine 35b6dcec7e detect: use generic integer functions for filesize 
Ticket: #4112
 3 years ago
Philippe Antoine f29b43defd detect: rust generic functions for integers 
Move it away from http2 to generic core crate.
And use it for DCERPC (and SMB)

And remove the C version.
Main change in API is the free function is not free itself, but
a rust wrapper around unbox.

Ticket: #4112
 3 years ago
Philippe Antoine c4d9cb02ec util: better hex print function 
Without dangerous snprintf pattern identified by CodeQL
even if this pattern is not a problem in those precise cases,
it may easily get copy pasted in a dangerous place, so better
get rid of it and make CodeQL happy
 3 years ago
Philippe Antoine 6058792bee rust: make suricata context const 
So that it is read only and its pointers do not get modified
 3 years ago
Philippe Antoine 6224e283fa modbus: bump up rust crate version 
So that probing parser is more strict and does not accept unknown
function code as valid modbus.

Ticket: #5377
 3 years ago
Philippe Antoine 2d761810db rust: cbindgen first verifies existing bindings 
So as not to recompile every C file inclusing rust.h
 3 years ago
Juliana Fajardini 6ccc01a79c rust: fix doc comments that trigger rust warnings 
Rust generates warnings that are treated as errors for documentation
blocks before `extern` blocks.
 3 years ago
Philippe Antoine d745d28d4a dcerpc: use vecdeque tx iterator 
Ticket: #5321
 3 years ago
Jason Ish dfe76bb905 dcerpc: convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5271
 4 years ago
Jason Ish 8790968281 mqtt, rdp: fix copyright dates 4 years ago
Philippe Antoine c78722a671 rust: RustParser same fields as AppLayerParser 
So that there is no problem when crossing FFI
 4 years ago
Sam Muhammed 323fe1c1ac nfs3/records: Fix typo 
Fix response_lookup unittest name
 4 years ago
Jason Ish b8b6a17a5b dns: add pdu frame 
Adds a PDU frame to the DNS parser. For UDP this is the DNS payload
portion of the DNS packet, for TCP this is the payload minus the leading
legth field.

Ticket: 4984
 4 years ago
Jason Ish 8d1840f595 frames(rust): don't call into C if running Rust unit tests 
Wrap the calls behind frames to C code if a `cfg!(not(test))` so they
don't get compiled when running Rust unit tests.  Linkage to C functions
is not yet available for Rust unit tests, and this will keep the check
out of individual parsers.

Ticket: 4984
 4 years ago
Jason Ish c74ea3840d frames (rust): method to create StreamSlice from slice 
Useful in unit test for function that require a StreamSlice.
 4 years ago
Jason Ish d712a8b29d eve/dns: remove dns v1 logging 
Removal of DNS v1 logging was scheduled to be removed in May 2022.

Ticket: #4157
 4 years ago
Jason Ish e319d31c14 template(rust): convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5298
 4 years ago
Jason Ish 9b0b2beac1 pgsql: convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5297
 4 years ago
Jason Ish 2db84726ad http2: convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5296
 4 years ago
Jason Ish 4e0ad5e0bd rdp: convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5295
 4 years ago
Jason Ish 3b422e25f3 mqtt: convert transaction list to vecdeque 
Allows for more efficient removal from front.

Ticket: #5294
 4 years ago
Jason Ish 3189414788 dns: convert transaction list to vecdeque 
Allows for more efficient removal from front of the list.

Ticket: #5277
 4 years ago
Jason Ish 7b11b4d3a1 app-layer: more generic state trait 
Instead of a method that is required to return a slice of transactions,
use 2 methods, one to return the number of transactions in the
collection, and another to get a transaction by its index in the
collection.

This allows for the transaction collection to not be a contiguous array
and instead can be a VecDeque, or possibly another collection type that
supports retrieval by index.

Ticket #5278
 4 years ago
Juliana Fajardini bbd9a2ff1a pgsql: apply clippy fixes 4 years ago
Juliana Fajardini 0fc9ade7a9 pgsql: fix uint overflow and optimizations 
Fuzzers found a possible integer overflow bug when parsing response
messages. To fix that, removed the case where we incremented the parsed
field length and created a new message type for situations where Suri
parsers an Unknown message. This is good because there may happen that
an unknown message to Suri is valid, and in this case, we would still be
able to log it.

Philippe Antoine found the bug while fuzzing with rust debug assertions.

Bug #5016
 4 years ago
Juliana Fajardini 8daa79513a pgsql: fix clippy is_null usage warning 4 years ago