suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	0e40231189	app-layer: improve transaction cleanup handling The app layers with a custom iterator would skip a tx if during the ..Cleanup() pass a transaction was removed. Address this by storing the current index instead of the next index. Also pass in the next "min_tx_id" to be incremented from the last TX. Update loops to do this increment. Also make sure that the min_id is properly updated if the last TX is removed when out of order. Finally add a SMB unittest to test this. Reported by: Ilya Bakhtin	7 years ago
Victor Julien	1b1e136c4f	nfs: improve file tracking under packet loss In case of packet loss during an in-progress chunk the file tracker could loose track of a file because it couldn't map the XID to a file handle. The file tracker would then panic if a new file was opened, as it noticed the last chunk wasn't yet complete. This patch tracks the file handle for a in-progress chunk in the state, just like the tracking of the size that is left. Bug #2717	7 years ago
Victor Julien	27f87567ca	rust/nfs: improve debug output	7 years ago
Victor Julien	c6e79f4410	nfs4: create tx for CREATE procedure	7 years ago
Victor Julien	90e0e3da27	nfs: fix applying nfs3 logging logic to nfs4	7 years ago
Victor Julien	cb3abba1e0	nfs4: log remove procedure + add multi-proc support Add TX creation for NFS4 transactions. Start with the 'REMOVE' procedure. Start on logging all procs. In NFS4 COMPOUND records there are multiple procedures. One of them can be considered the 'main' procedure, with others as supporting utility. This patch adds the first step in supporting to track those in the TX for logging and inspection.	7 years ago
Victor Julien	ff518e5c64	nfs4: for putrootfh set 'mount root' as name	7 years ago
Victor Julien	22e0fc97f8	nfs: rename generic functions from nfs3 to nfs	7 years ago
Victor Julien	d22c170c38	nfs: move v2 parsing into own file	7 years ago
Victor Julien	9b42073e54	nfs3: move nfs3 specific handling into own file	7 years ago
Victor Julien	4c09766b33	nfs: request parser cleanup	7 years ago
Victor Julien	f570905f8c	nfs: get rid of reachable panic statements	7 years ago
Victor Julien	8a1af5c367	nfs4: remove panic calls, set events instead	7 years ago
Victor Julien	f2382356b1	nfs4: support 4.1 SEQUENCE procedure	7 years ago
Victor Julien	73d94fff73	nfs4: support records wrapped in GSSAPI integrity	8 years ago
Victor Julien	53fa2af07c	nfs4: fix attr parsing corner case	8 years ago
Victor Julien	39489bc5fd	nfs4: implement COMMIT parsing and handling	8 years ago
Victor Julien	c7cb01b636	nfs4: parse GSSAPI init	8 years ago
Victor Julien	bfa60753f9	nfs4: create link support	8 years ago
Victor Julien	06f6c15954	nfs4: initial implementation Implements record parsing and file extraction for READs and WRITEs. Defines all types from RFC 7530.	8 years ago
Victor Julien	75c5722b7e	nfs/rpc: add parser for GSSAPI Integrity records	8 years ago
Victor Julien	91307dafd9	nfs/rpc: fix reponse parsing	8 years ago
Victor Julien	53f63f7498	nfs/rpc: improve RPCv2 parser, add GssApi Improve RPCv2 credentials parsing. Add GssApi and turn creds into an enum. Minor cleanups and optimizations.	8 years ago
Victor Julien	47ebef3af8	nfs: minor cleanup	8 years ago
Jason Ish	c411519605	app-layer: remove has events callback - not used	8 years ago
Victor Julien	f815027cdf	rust/dns: simplify tx freeing Now that we no longer need the state when freeing a TX, we can simply do cleanup from the Drop trait.	8 years ago
Victor Julien	7548944b49	app-layer: remove unused HasTxDetectState call Also remove the now useless 'state' argument from the SetTxDetectState calls. For those app-layer parsers that use a state == tx approach, the state pointer is passed as tx. Update app-layer parsers to remove the unused call and update the modified call.	8 years ago
Victor Julien	1c270cae13	nfs: remove old test code	8 years ago
Victor Julien	e96d9c1159	app-layer: add tx iterator API Until now, the transaction space is assumed to be terse. Transactions are handled sequentially so the difference between the lowest and highest active tx id's is small. For this reason the logic of walking every id between the 'minimum' and max id made sense. The space might look like: [..........TTTT] Here the looping starts at the first T and loops 4 times. This assumption isn't a great fit though. A protocol like NFS has 2 types of transactions. Long running file transfer transactions and short lived request/reply pairs are causing the id space to be sparse. This leads to a lot of unnecessary looping in various parts of the engine, but most prominently: detection, tx house keeping and tx logging. [.T..T...TTTT.T] Here the looping starts at the first T and loops for every spot, even those where no tx exists anymore. Cases have been observed where the lowest tx id was 2 and the highest was 50k. This lead to a lot of unnecessary looping. This patch add an alternative approach. It allows a protocol to register an iterator function, that simply returns the next transaction until all transactions are returned. To do this it uses a bit of state the caller must keep. The registration is optional. If no iterator is registered the old behaviour will be used.	8 years ago
Victor Julien	e8939335ea	rust/nfs: explicitly handle GAPs from C It seems that Rust optimizes this code in such a way that it passes the null ptr along as real data. if buf.as_ptr().is_null() && input_len > 0 {	8 years ago
Victor Julien	d27ed5957f	rust/nfs: fix read reply handling READ replies with large data chunks are processed partially to avoid queuing too much data. When the final chunk was received however, the start of the chunk would already tag the transaction as 'done'. The more aggressive tx freeing that was recently merged would cause this tx to be freed before the rest of the in-progress chunk was done. This patch delays the tagging of the tx until the final data has been received.	8 years ago
Victor Julien	8cda2a4351	rust/nfs: add support for detect_flags API	8 years ago
Victor Julien	bca0cd71ae	app-layer: use logger bits to avoid looping Avoid looping in transaction output. Update app-layer API to store the bits in one step and retrieve the bits in a single step as well. Update users of the API.	8 years ago
Victor Julien	e1e9ada9df	rust/nfs: improve file close handling	8 years ago
Nick Price	350b5d99ce	rust/nfs: don't panic on malformed NFS traffic Instead set events.	8 years ago
Victor Julien	fd38e5e82b	rust/nfs: fix new warnings in rustc 1.21	8 years ago
Victor Julien	a306ccfd34	rust/nfs: implement events Remove lots of panic statements in favor of setting non-fatal events. Bug #2175.	8 years ago
Victor Julien	82bd732f4e	rust/nfs: improve proto detect	8 years ago
Victor Julien	6b4a04510a	rust/nfs: remove debug rec_size check Records larger than 40k are perfectly valid. Bug #2162.	8 years ago
Victor Julien	7c119cc595	nfs: log number of chunks that xfer'd a file	9 years ago
Victor Julien	e8dae2e093	nfs: add to fileinfo events	9 years ago
Victor Julien	db2d928151	rust/nfs: add (file)handle to log as crc32	9 years ago
Victor Julien	becf1a2dfe	rust/nfs: fix style warning	9 years ago
Victor Julien	e0c6565e68	nfs: nfs_version keyword Store nfs version in tx and add keyword to match on it.	9 years ago
Victor Julien	aff576b524	eve/nfs: log nfs version	9 years ago
Victor Julien	0d79181d78	nfs: rename nfs3 to nfs Since the parser now also does nfs2, the name nfs3 became confusing. As it's still in beta, we can rename so this patch renames all 'nfs3' logic to simply 'nfs'.	9 years ago
Victor Julien	28cdf7b628	nfs3: create file tx for read on request This is done so that we can add creds to it.	9 years ago
Victor Julien	7e0d9619ac	nfs3: add readdirplus path	9 years ago
Victor Julien	41376da03c	nfs: log more rpc	9 years ago
Victor Julien	9edbb6f235	nfs: split record parsers into different files	9 years ago

1 2

61 Commits (e62c75335ee760dcaadd496e95284b5f954d0727)