5cadb878ff 
								
							
								 
							
						 
						
							
							
								
								rust/smb: convert parser to nom7 functions (SMB3)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4c97dfa851 
								
							
								 
							
						 
						
							
							
								
								rust/smb: convert parser to nom7 functions (NTLM/SSP records)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3da816eb23 
								
							
								 
							
						 
						
							
							
								
								rust/smb: convert parser to nom7 functions (NBSS records)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								90f9450971 
								
							
								 
							
						 
						
							
							
								
								rust: add nom7 combinator take_until_and_consume  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								87d9c44ec5 
								
							
								 
							
						 
						
							
							
								
								rust: export constants via cbindgen  
							
							... 
							
							
							
							so that constants are not defined twice in Rust anc C
So that we are sure they have the same value 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								784558df2e 
								
							
								 
							
						 
						
							
							
								
								mime: handles multiple sections for a parameter  
							
							... 
							
							
							
							Ticket: 4386
as per RFC2231.
For instance filename can be split between filename*0,
filename*1, etc... 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8feb9c35ae 
								
							
								 
							
						 
						
							
							
								
								mime: move FindMimeHeaderTokenRestrict to rust  
							
							... 
							
							
							
							Also fixes the case where the token name is present
in a value 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1b10848d84 
								
							
								 
							
						 
						
							
							
								
								mqtt: fix transaction completion  
							
							... 
							
							
							
							Ticket: 4862
A transaction to client is always considered
complete in the direction to server and vice versa.
Otherwise, transactions are never complete for
AppLayerParserTransactionsCleanup 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								7732efbec2 
								
							
								 
							
						 
						
							
							
								
								app-layer: include decoder events in app-layer tx data  
							
							... 
							
							
							
							As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0caaf6bd23 
								
							
								 
							
						 
						
							
							
								
								range: prevents memory leak of file from HTTP2  
							
							... 
							
							
							
							Ticket: 4811
Completes commit c023116857 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								23faeaea5c 
								
							
								 
							
						 
						
							
							
								
								ftp: Remove diagnostic print  
							
							... 
							
							
							
							This commit removes a diagnostic message displayed during extraction of
the EPSV port. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c023116857 
								
							
								 
							
						 
						
							
							
								
								range: prevents memory leak of file from HTTP2  
							
							... 
							
							
							
							If a HTTP2 transaction gets freed before the end of the range
request, we need to have the files container which is in
the state, to transfer owernship of this file to the files
container.
Ticket: 4811 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								acb3ec6db1 
								
							
								 
							
						 
						
							
							
								
								rust/nfs: convert parser to nom7 functions (NFS v2 records)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ea1d03f8e3 
								
							
								 
							
						 
						
							
							
								
								rust/nfs: add a maximum number of operations per compound  
							
							... 
							
							
							
							The `count` combinator preallocates a number of bytes. Since the value
is untrusted, this can result in an Out Of Memory allocation.
Use a maximum value, large enough to cover all current implementations. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0ffe123330 
								
							
								 
							
						 
						
							
							
								
								rust/nfs: convert parser to nom7 functions (NFS v3 and v4 records)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								eb6cc62937 
								
							
								 
							
						 
						
							
							
								
								dhcp: fix url in comment  
							
							... 
							
							
							
							rustdoc was complaining about the format of the URL in a comment
while trying to generate documentation. Convert the comment to a
non-rustdoc comment for now to satisfy rustdoc. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b57280ff48 
								
							
								 
							
						 
						
							
							
								
								rdp: fix transaction id  
							
							... 
							
							
							
							By our convention the transaction ID is incremented then applied
to the new transaction. And the generic transaction iterator
requires this behaviour. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9c67c634c1 
								
							
								 
							
						 
						
							
							
								
								app-layer: include DetectEngineState in AppLayerTxData  
							
							... 
							
							
							
							Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.
This allows us to remove the boilerplate every app-layer has
for managing detect engine state. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f4b4d531b0 
								
							
								 
							
						 
						
							
							
								
								rdp: add tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								238ec953b7 
								
							
								 
							
						 
						
							
							
								
								krb5: use tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ef0c351953 
								
							
								 
							
						 
						
							
							
								
								ntp: add tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								871fb035b4 
								
							
								 
							
						 
						
							
							
								
								sip: add tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d6b2d7e16a 
								
							
								 
							
						 
						
							
							
								
								ike: add tx iterator  
							
							... 
							
							
							
							For IKE the manual iterator functions were there, but never
registered. So this commit does add a tx iterator to ike. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3f2d2bc12b 
								
							
								 
							
						 
						
							
							
								
								snmp: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ac4c5ada2f 
								
							
								 
							
						 
						
							
							
								
								dhcp: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								54e62ddf71 
								
							
								 
							
						 
						
							
							
								
								http2: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6cffecfe3e 
								
							
								 
							
						 
						
							
							
								
								template: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a936755731 
								
							
								 
							
						 
						
							
							
								
								nfs: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0188a01daf 
								
							
								 
							
						 
						
							
							
								
								rfb: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b335409690 
								
							
								 
							
						 
						
							
							
								
								mqtt: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d71bcd82d9 
								
							
								 
							
						 
						
							
							
								
								modbus: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								fcfc9876ce 
								
							
								 
							
						 
						
							
							
								
								smb: use generic tx iterator  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								049d43212e 
								
							
								 
							
						 
						
							
							
								
								rust/app-layer: provide generic implementation of iterator  
							
							... 
							
							
							
							Create traits for app-layer State and Transaction that allow
a generic implementation of a transaction iterator that parser
can use when the follow the common pattern for iterating
transactions.
Also convert DNS to use the generic for testing purposes. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								26c7d3cc35 
								
							
								 
							
						 
						
							
							
								
								http2: remove needless borrows  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f3a1e3b92e 
								
							
								 
							
						 
						
							
							
								
								core: Remove unneeded consts  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b5a123adb1 
								
							
								 
							
						 
						
							
							
								
								ssh: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								baf30cfc05 
								
							
								 
							
						 
						
							
							
								
								snmp: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								89cb337930 
								
							
								 
							
						 
						
							
							
								
								smb: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8f9f78c2d0 
								
							
								 
							
						 
						
							
							
								
								sip: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								11c438a07d 
								
							
								 
							
						 
						
							
							
								
								nfs: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a7ac79bed7 
								
							
								 
							
						 
						
							
							
								
								mqtt: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								209e2f17fa 
								
							
								 
							
						 
						
							
							
								
								krb: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								243960a511 
								
							
								 
							
						 
						
							
							
								
								ike: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ee5b300ccf 
								
							
								 
							
						 
						
							
							
								
								http2: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0c6e9ac931 
								
							
								 
							
						 
						
							
							
								
								files: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a19d2b4e1e 
								
							
								 
							
						 
						
							
							
								
								dns: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a866499bca 
								
							
								 
							
						 
						
							
							
								
								dcerpc: use Direction enum  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9512bfd729 
								
							
								 
							
						 
						
							
							
								
								core: add Direction enum  
							
							... 
							
							
							
							Ticket: 3832 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3212fa7d2b 
								
							
								 
							
						 
						
							
							
								
								ntp: fixes leak of de_state  
							
							... 
							
							
							
							Bug: #4752 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								28a3181a2d 
								
							
								 
							
						 
						
							
							
								
								snmp: fixes leak of de_state  
							
							... 
							
							
							
							Bug: #4752 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f37240a3e2 
								
							
								 
							
						 
						
							
							
								
								smb: midstream probing checks for netbios message type  
							
							... 
							
							
							
							If it is available
Bug: #4620 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8f8823b6f2 
								
							
								 
							
						 
						
							
							
								
								rust: right condition for both uint to be zero  
							
							... 
							
							
							
							Theay can overflow leading to their addition to be zero
If a NFS read reply indicates a count of 0xFFFFFFFF
Bug: #4680 . 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ce652511bd 
								
							
								 
							
						 
						
							
							
								
								rust/tftp: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c525a1337c 
								
							
								 
							
						 
						
							
							
								
								rust/dns: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								74be8b94ec 
								
							
								 
							
						 
						
							
							
								
								rust/ssh: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8a584c211e 
								
							
								 
							
						 
						
							
							
								
								rust/mqtt: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d27125d77a 
								
							
								 
							
						 
						
							
							
								
								rust/sip: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1046a7d1a3 
								
							
								 
							
						 
						
							
							
								
								rust/ftp: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ebd5883da8 
								
							
								 
							
						 
						
							
							
								
								rust/dhcp: convert parser to nom7 functions  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								17170c41aa 
								
							
								 
							
						 
						
							
							
								
								rust: add nom7 dependency  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a87c7e5c08 
								
							
								 
							
						 
						
							
							
								
								rust: remove unnecessary nested match  
							
							... 
							
							
							
							Bug: #4605  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								74c39500c3 
								
							
								 
							
						 
						
							
							
								
								rust: fix inherent to string  
							
							... 
							
							
							
							Bug: OISF#4618 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								922a453da5 
								
							
								 
							
						 
						
							
							
								
								rust(lint): use is_null() instead of ptr::null_mut()  
							
							... 
							
							
							
							Bug: #4594  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								23768c7181 
								
							
								 
							
						 
						
							
							
								
								rust(lint): use is_null() instead of ptr::null()  
							
							... 
							
							
							
							Bug: #4594  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								da0a976e23 
								
							
								 
							
						 
						
							
							
								
								rust(lint): use let for binding single value  
							
							... 
							
							
							
							`match` is better used with binding to multiple variables,
for binding to a single value, `let` statement is recommended.
Bug: #4616  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								5bd065cb3c 
								
							
								 
							
						 
						
							
							
								
								range: checks that end is after start for HTTP2  
							
							... 
							
							
							
							As was done only for HTTP1 in previous commit
The verification part stays separated from the parsing part,
as we want to keep on logging invalid ranges values. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								accdad7881 
								
							
								 
							
						 
						
							
							
								
								ike: do not keep server transforms in state  
							
							... 
							
							
							
							Fixes  #4534 
Now, only the tx with the transforms will match
with ike.chosen_sa_attribute 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								83887510a8 
								
							
								 
							
						 
						
							
							
								
								modbus: tx iterator  
							
							... 
							
							
							
							When there are a lot of open transactions, as is possible with
modbus, the default tx_iterator will loop for the whole
transacations vector to find each transaction, that means
quadratic complexity.
Reusing the tx_iterator from the template, and keeping as a state
the last index where to start looking avoids this quadratic
complexity. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ea4a509a54 
								
							
								 
							
						 
						
							
							
								
								app-layer: disable by default if not in configuration  
							
							... 
							
							
							
							DNP3, ENIP, HTTP2 and Modbus are supposed to be disabled
by default. That means the default configuration does it,
but that also means that, if they are not in suricata.yaml,
the protocol should stay disabled. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8e8899c90c 
								
							
								 
							
						 
						
							
							
								
								http2: range: check return value when opening  
							
							... 
							
							
							
							HttpRangeContainerOpenFile can return NULL
so, http2_range_open can set file_range to NULL
And we should check this before calling http2_range_close 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								cb30772372 
								
							
								 
							
						 
						
							
							
								
								style: remove latest warnings  
							
							... 
							
							
							
							about unused variables 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								98f84d5a9b 
								
							
								 
							
						 
						
							
							
								
								http2: follow range requests  
							
							... 
							
							
							
							Move the content-range parsing code to rust 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								56fae072b2 
								
							
								 
							
						 
						
							
							
								
								http2: better rust lifetimes  
							
							... 
							
							
							
							so that borrow check gets happy 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a1f9e0c97a 
								
							
								 
							
						 
						
							
							
								
								rust: rename to StreamingBufferConfig as in C  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								42da0fb5c5 
								
							
								 
							
						 
						
							
							
								
								smb: fix broken stream depth setting  
							
							... 
							
							
							
							The stream depth setting was broken since it was moved to Rust because
of a missing parser for memory values in configuration.
Use get_memval fn from conf.rs to calculate and fetch the correct
values. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0cfe512ef0 
								
							
								 
							
						 
						
							
							
								
								rust/conf: add getter for memval  
							
							... 
							
							
							
							Add a parser for memory values like 50kb, 20mb, etc on the Rust side. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f3fcc39738 
								
							
								 
							
						 
						
							
							
								
								ssh: remove futile default port setting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1f48714e75 
								
							
								 
							
						 
						
							
							
								
								smb: remove futile default port setting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								13741540ce 
								
							
								 
							
						 
						
							
							
								
								rfb: remove futile default port setting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								7c9d573800 
								
							
								 
							
						 
						
							
							
								
								nfs: remove futile default port setting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f4f6387a00 
								
							
								 
							
						 
						
							
							
								
								dcerpc: use null for default ports  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								596a4a9d6e 
								
							
								 
							
						 
						
							
							
								
								http2: better rust style  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								48ed874dda 
								
							
								 
							
						 
						
							
							
								
								http2: concatenate one headers multiple values  
							
							... 
							
							
							
							For detection, as is done with HTTP1 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								e3ff0e7731 
								
							
								 
							
						 
						
							
							
								
								http2: generic http2_header_blocks  
							
							... 
							
							
							
							so as not to forget continuation and push promise
when iterating over headers 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0b0649d98e 
								
							
								 
							
						 
						
							
							
								
								http2: http.header keyword now works for HTTP2  
							
							... 
							
							
							
							As well as http.header.raw 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9b9f909d7d 
								
							
								 
							
						 
						
							
							
								
								http2: http.header_names keyword now works for HTTP2  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								547e9f4ab4 
								
							
								 
							
						 
						
							
							
								
								http2: http.host normalized keyword now works for HTTP2  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								75f75e1eb0 
								
							
								 
							
						 
						
							
							
								
								http2: turn Host header into authority during upgrade  
							
							... 
							
							
							
							HTTP1 uses Host, but HTTP2 uses rather :authority cf HPACK 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								bb98a18b3d 
								
							
								 
							
						 
						
							
							
								
								http2: better file tracking  
							
							... 
							
							
							
							If an HTTP2 file was within only ont DATA frame, the filetracker
would open it and close it in the same call, preventing the
firther call to incr_files_opened
Also includes rustfmt again for all HTTP2 files 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1378b2f451 
								
							
								 
							
						 
						
							
							
								
								http2: support deflate decompression  
							
							... 
							
							
							
							cf #4556  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c9cee7af49 
								
							
								 
							
						 
						
							
							
								
								smb: add debug validation on file counts  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								114d3ba730 
								
							
								 
							
						 
						
							
							
								
								smb: count files in tx  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c1dfb619c4 
								
							
								 
							
						 
						
							
							
								
								http2: support per-tx file accounting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1b3c3225cd 
								
							
								 
							
						 
						
							
							
								
								nfs: add debug validation on file counts  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1d48601c25 
								
							
								 
							
						 
						
							
							
								
								nfs: support per-tx file accounting  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								67759795c6 
								
							
								 
							
						 
						
							
							
								
								nfs: don't reuse file transactions  
							
							... 
							
							
							
							After a file has been closed (CLOSE, COMMIT command or EOF/SYNC part of
READ/WRITE data block) mark it as such so that new file commands on that
file do not reuse the transaction.
When a file transfer is completed it will be flagged as such and not be
found anymore by the NFSState::get_file_tx_by_handle() method. This forces
a new transaction to be created. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								56d3e28a3a 
								
							
								 
							
						 
						
							
							
								
								filestore: track files getting stored per tx  
							
							... 
							
							
							
							Avoid evicting a tx before the filedata logger has decided it is
done. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								c78f5ac316 
								
							
								 
							
						 
						
							
							
								
								app-layer/transactions: track files opens and logs  
							
							... 
							
							
							
							To make sure a transaction is not evicted before all file logging is complete. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9b8be5a650 
								
							
								 
							
						 
						
							
							
								
								smb: get file name in case of chained commands  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3e5f59e2cb 
								
							
								 
							
						 
						
							
							
								
								smb: fix parsing of file deletion over SMB1  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								fde753d9d2 
								
							
								 
							
						 
						
							
							
								
								smb: recognizes file deletion over SMB2  
							
							... 
							
							
							
							using set_info_level == SMB2_FILE_DISPOSITION_INFO 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								71679c6ad0 
								
							
								 
							
						 
						
							
							
								
								ike: use derive macro from app-layer events  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								eb55297876 
								
							
								 
							
						 
						
							
							
								
								modbus: use derive macro from app-layer events  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d3bd008e33 
								
							
								 
							
						 
						
							
							
								
								app-layer template: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								cef2832dcf 
								
							
								 
							
						 
						
							
							
								
								http2: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								e92cb36bb8 
								
							
								 
							
						 
						
							
							
								
								krb5: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								92561837f8 
								
							
								 
							
						 
						
							
							
								
								ntp: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1f71fb2cde 
								
							
								 
							
						 
						
							
							
								
								rfb: register None for get_event_info/get_event_info_by_id  
							
							... 
							
							
							
							Implementations are not required if they're just going to return
-1. We allow None to be registered for that. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4fd6aa866f 
								
							
								 
							
						 
						
							
							
								
								sip: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								18448f6ed6 
								
							
								 
							
						 
						
							
							
								
								snmp: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								bb094b17db 
								
							
								 
							
						 
						
							
							
								
								ssh: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9c3f06d9b5 
								
							
								 
							
						 
						
							
							
								
								dhcp: use derived app-layer event  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b9f10ba22f 
								
							
								 
							
						 
						
							
							
								
								smb: use derived get_event_info/get_event_info_by_id  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8eac5fc221 
								
							
								 
							
						 
						
							
							
								
								mqtt: derive AppLayerEvent for MQTTEvent  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6ed827a4ef 
								
							
								 
							
						 
						
							
							
								
								dns: use derive macro for DNSEvent  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9221f1d9d5 
								
							
								 
							
						 
						
							
							
								
								applayerevent: derive get_event_info and get_event_info_by_id  
							
							... 
							
							
							
							Add generation of wrapper functions for get_event_info
and get_event_info_by_id to the derive macro. Eliminates
the need for the wrapper method to be created by the parser
author. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0fa7b5c2a2 
								
							
								 
							
						 
						
							
							
								
								rust/applayer: provide generic event info functions  
							
							... 
							
							
							
							Provide generic functions for get_event_info and
get_event_info_by_id. These functions can be used by any app-layer
event enum that implements AppLayerEvent.
Unfortunately the parser registration cannot use these functions
directly as generic functions cannot be #[no_mangle]. So they
do need small extern "C" wrappers around them. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								27d1ee98ce 
								
							
								 
							
						 
						
							
							
								
								rust: derive crate: for custom derives  
							
							... 
							
							
							
							Currently has one derive, AppLayerEvent to be used like:
  #[derive(AppLayerEvent)]
  pub enum DNSEvent {
      MalformedData,
      NotRequest,
      NotResponse,
      ZFlagSet,
  }
Code will be generated to:
- Convert enum to a c type string
- Convert string to enum variant
- Convert id to enum variant 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								dbea7d636f 
								
							
								 
							
						 
						
							
							
								
								rust/applayer: define AppLayerEvent trait  
							
							... 
							
							
							
							The derive macro will implement this trait for app-layer
event enums. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								cf21694ba6 
								
							
								 
							
						 
						
							
							
								
								rust(lint): suppress clippy lints that we should fix  
							
							... 
							
							
							
							Suppress all remaining clippy lints that we trip. This can be
fixed on a per-lint basis. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								91402f9fba 
								
							
								 
							
						 
						
							
							
								
								rust(lint): remove manual implement of map method  
							
							... 
							
							
							
							Using `if let` expressions in these cases is better expressed
by the map method, and considered idiomatic Rust for this usage. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b021726a0d 
								
							
								 
							
						 
						
							
							
								
								rust(lint): map the error instead of using or_else  
							
							... 
							
							
							
							This is the preffered style and easier to understand the meaning
of the code. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								dcf57ecd96 
								
							
								 
							
						 
						
							
							
								
								rust(lint): replace push_str of single char to push(<char>)  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d5c0962299 
								
							
								 
							
						 
						
							
							
								
								rust(lint): fix some usages of references  
							
							... 
							
							
							
							- ref is discouraged for top level variables
- the other borrow is not required 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d0772e04b1 
								
							
								 
							
						 
						
							
							
								
								rust(lint): replace checked_mul with saturating_mul  
							
							... 
							
							
							
							When defaulting checked_mul to u64::max, Rust has a method
that does the same thing called saturating_mul. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d0be7541e9 
								
							
								 
							
						 
						
							
							
								
								rust(lint): removed unused unit () return  
							
							... 
							
							
							
							This is code that is not needed and is a bit confusing to see. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4abbfd0d97 
								
							
								 
							
						 
						
							
							
								
								rust(lint): remove extra parens around bitwise or  
							
							... 
							
							
							
							This is a readability fix, as on first look they almost look
like a Rust tuple. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ac3a20b6e0 
								
							
								 
							
						 
						
							
							
								
								rust(lint): remove useless conversions and clones  
							
							... 
							
							
							
							These add complexity and may not be optimized out by the compiler. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								8bb6dab69d 
								
							
								 
							
						 
						
							
							
								
								rust(lint): remove useless format calls  
							
							... 
							
							
							
							In these simple cases to_string() is recommended and likely
performs better as the formatter is not called. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								5bf5de3350 
								
							
								 
							
						 
						
							
							
								
								rust(lint): don't use unwrap_or for function calls  
							
							... 
							
							
							
							Calling a function in unwrap_or causes that function to always
be called even when not needed. Instead use unwrap_or_else with
a closure which will only be called when needed. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								602bb05e75 
								
							
								 
							
						 
						
							
							
								
								rust(lint): fix redundant closures  
							
							... 
							
							
							
							This lint checks for a closure where a function can be directly
supplied.  Runtime performance is unchanged, but this makes
less work for the compiler. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								69cf5c9eea 
								
							
								 
							
						 
						
							
							
								
								rust(lint): remove needless borrows  
							
							... 
							
							
							
							These are needless borrows (references) as the item is already
a reference. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								363b5f99c3 
								
							
								 
							
						 
						
							
							
								
								rust: functions that reference raw pointers are unsafe  
							
							... 
							
							
							
							Based on the Rust clippy lint that recommends that any public
function that dereferences a raw pointer, mark all FFI functions
that reference raw pointers with build_slice and cast_pointer
as unsafe.
This commits starts by removing the unsafe wrapper inside
the build_slice and cast_pointer macros then marks all
functions that use these macros as unsafe.
Then fix all not_unsafe_ptr_arg_deref warnings from clippy.
Fixes clippy lint:
https://rust-lang.github.io/rust-clippy/master/index.html#not_unsafe_ptr_arg_deref  
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								53413f2d7a 
								
							
								 
							
						 
						
							
							
								
								rust: remove all usage of transmute  
							
							... 
							
							
							
							All cases of our transmute can be replaced with more idiomatic
solutions and do no require the power of transmute.
When returning an object to C for life-time management, use
Box::into_raw to convert the boxed object to pointer and use
Box::from_raw to convert back.
For cases where we're just returning a pointer to Rust managed
data, use a cast. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9d24a53c53 
								
							
								 
							
						 
						
							
							
								
								nfs: minor code cleanup  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								aa9d8658ef 
								
							
								 
							
						 
						
							
							
								
								smb: minor formatting fixup  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								094208823b 
								
							
								 
							
						 
						
							
							
								
								smb: minor code cleanup  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								0a1747c1ba 
								
							
								 
							
						 
						
							
							
								
								nfs: fix comment  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								58ac9b0f38 
								
							
								 
							
						 
						
							
							
								
								nfs: Add rust registration function  
							
							... 
							
							
							
							Get rid of the C glue code and move registration completely to Rust. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								61fca4e9db 
								
							
								 
							
						 
						
							
							
								
								nfs: add missing code from rust impl of fns  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								de50ac631e 
								
							
								 
							
						 
						
							
							
								
								nfs: Change fn sign as per rust registration requirement  
							
							... 
							
							
							
							Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions.
Probe fn has also been changed to return AppProto as required by the new
fn signature. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								e5c948df87 
								
							
								 
							
						 
						
							
							
								
								smb: Add rust registration function  
							
							... 
							
							
							
							Get rid of the C glue code and move registration completely to Rust. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								27af4bb002 
								
							
								 
							
						 
						
							
							
								
								smb: add missing code from rust impl of fns  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6420df84b7 
								
							
								 
							
						 
						
							
							
								
								smb: Change fn sign as per rust registration requirement  
							
							... 
							
							
							
							Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								4d6b6b5dfe 
								
							
								 
							
						 
						
							
							
								
								smb: add constants  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d1ea00521b 
								
							
								 
							
						 
						
							
							
								
								rust/core: Add flow flags  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								222e55847c 
								
							
								 
							
						 
						
							
							
								
								flow: provide flags accessor function  
							
							... 
							
							
							
							Add an accessor function for flow flags. To be used by Rust where
the flow struct is an opaque data type. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								cb8bd8c669 
								
							
								 
							
						 
						
							
							
								
								rust/applayer: add more externs  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								31dccd1171 
								
							
								 
							
						 
						
							
							
								
								modbus: do not claim to handle gaps  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d541b3d4a8 
								
							
								 
							
						 
						
							
							
								
								rust: fix warnings with nightly  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								9e7ea631b2 
								
							
								 
							
						 
						
							
							
								
								dns: improve probing parser  
							
							... 
							
							
							
							Checks opcode is valid
Checks additional_rr do not exceed message length
Better logic for incomplete cases 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6f03ee2e47 
								
							
								 
							
						 
						
							
							
								
								dcerpc: handles bigger inputs than 2^16  
							
							... 
							
							
							
							By comparing integers with the largest size 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								7d0a39412b 
								
							
								 
							
						 
						
							
							
								
								detect: use u32 for InspectionBufferMultipleForList  
							
							... 
							
							
							
							So that we do not have an endless loop casting index to
u16 and having more than 65536 buffers in one transaction
Changes for all protocols, even ones where it is impossible
to have such a pattern, so as to avoid bad pattern copy/paste
in the future 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								b3c1f2ab48 
								
							
								 
							
						 
						
							
							
								
								nfs: improve probing parser  
							
							... 
							
							
							
							Checks credentials flavor is known 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								39575e2cc9 
								
							
								 
							
						 
						
							
							
								
								modbus: use ascii character classes while parsin rule  
							
							... 
							
							
							
							As the rust regex crate is unicode aware, which was
not the case of the C version 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								ef5755338f 
								
							
								 
							
						 
						
							
							
								
								rust: SCLogDebug is real nop when built as release  
							
							... 
							
							
							
							Before, even if there were no outputs, all the arguments
were evaluated, which could turn expensive
All variables which are used only in certain build configurations
are now prefixed by underscore to avoid warnings 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								20e8f90981 
								
							
								 
							
						 
						
							
							
								
								http2: set Debug on structs  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								3587033d9e 
								
							
								 
							
						 
						
							
							
								
								files: construct with default, free on drop  
							
							... 
							
							
							
							Update protocols. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d757545f03 
								
							
								 
							
						 
						
							
							
								
								files: implement default support  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								fdab22d924 
								
							
								 
							
						 
						
							
							
								
								rust: fix app-layer parser flags  
							
							... 
							
							
							
							This especially allows for SSH bypass to work 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								aa8871a5be 
								
							
								 
							
						 
						
							
							
								
								rust/default: Enable Default usage  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								6028ca7827 
								
							
								 
							
						 
						
							
							
								
								nfs: Rework constructs to use Self/Default  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								aafb0a60b7 
								
							
								 
							
						 
						
							
							
								
								dhcp: Rework constructs to use Self/Default  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								1ef0bd580b 
								
							
								 
							
						 
						
							
							
								
								dcerpc: Rework constructs to use Self/Default  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								00167121dc 
								
							
								 
							
						 
						
							
							
								
								dns: Rework constructs to use Self/Default  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								02dccb1529 
								
							
								 
							
						 
						
							
							
								
								smb: Rework constructs to use Self/Default  
							
							... 
							
							
							
							This commit modifies the constructors to use Self and/or
Default::default() when feasible 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								f502f21f9e 
								
							
								 
							
						 
						
							
							
								
								rust/default: Enable Default usage in SMB  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								581cb6223d 
								
							
								 
							
						 
						
							
							
								
								dcerpc/udp: Add rust registration function  
							
							... 
							
							
							
							Get rid of the C glue code and move registration completely to Rust. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d7007424bd 
								
							
								 
							
						 
						
							
							
								
								dcerpc/udp: Change fn sign as per rust registration requirement  
							
							... 
							
							
							
							Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								bac69af7e4 
								
							
								 
							
						 
						
							
							
								
								dcerpc: Add rust registration function  
							
							... 
							
							
							
							Get rid of the C glue code and move registration completely to Rust. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								a0a09a102b 
								
							
								 
							
						 
						
							
							
								
								dcerpc: Change fn sign as per rust registration requirement  
							
							... 
							
							
							
							Registering parsers in Rust requires signatures to be a certain way and
compatible with C. Change signatures of all the functions. 
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								dee972b863 
								
							
								 
							
						 
						
							
							
								
								rust/core: Make AppProto type u16  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d66ad96f0d 
								
							
								 
							
						 
						
							
							
								
								applayer/rust: add extern AppLayerProtoDetectPMRegisterPatternCSwPP  
							
							
							
						 
						
							4 years ago  
				
					
						
							
							
								 
						
							
							
								d7c3ecb6f9 
								
							
								 
							
						 
						
							
							
								
								http2: remove dead code  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b3c502d572 
								
							
								 
							
						 
						
							
							
								
								http2: remove assertion which can be wrong  
							
							... 
							
							
							
							Brotli decoder stops consuming input it it reaches the
end of its input 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c2720fc2fb 
								
							
								 
							
						 
						
							
							
								
								modbus: fix quantity and count calculation  
							
							... 
							
							
							
							The [Modbus Spec S6.11](https://modbus.org/docs/Modbus_Application_Protocol_V1_1b.pdf )
clearly states that the `count = quantity / 8` and not the other way
around. This is fixed in sawp-0.5.0. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								999327ba1f 
								
							
								 
							
						 
						
							
							
								
								http2: http.cookie keyword now works for HTTP2  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								df039555bc 
								
							
								 
							
						 
						
							
							
								
								http2: http.host.raw keyword now works for HTTP2  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								1e82d0b3c8 
								
							
								 
							
						 
						
							
							
								
								http2: http.method keyword now works for HTTP2  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								017e39d8fd 
								
							
								 
							
						 
						
							
							
								
								http2: makes all HTTP1 header keywords work  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a8a51dc004 
								
							
								 
							
						 
						
							
							
								
								modbus: add eve logging  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								8342641477 
								
							
								 
							
						 
						
							
							
								
								modbus: move tests from c to rust  
							
							... 
							
							
							
							Move tests in a seperate commit so that we can use the previous one for
regression testing. This also gets rid of the temporary glue that made
the C tests work with the rust implementation. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a458a94dca 
								
							
								 
							
						 
						
							
							
								
								modbus: move from C to rust  
							
							... 
							
							
							
							Adds a new rust modbus app layer parser and detection module.
Moves the C module to rust but leaves the test cases in place to
regression test the new rust module. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								f83d51d0cb 
								
							
								 
							
						 
						
							
							
								
								ike: set event for multiple server proposals  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ca6e434e0b 
								
							
								 
							
						 
						
							
							
								
								ftp: completely parses pasv and epsv responses  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6fe8bce3b0 
								
							
								 
							
						 
						
							
							
								
								http2: have filecontainer for both directions  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c7f44447c9 
								
							
								 
							
						 
						
							
							
								
								dns: remove flood protection purging  
							
							... 
							
							
							
							It doesn't look like flood protection is required with the
stateless parser anymore. It actually can get in the way of TCP
DNS when a large number of requests end-up in the same segment
where a TX can get purged before it has a chance to go through
the normal TX life-cycle. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c663ac6ddd 
								
							
								 
							
						 
						
							
							
								
								dcerpc/tcp: improve detection  
							
							... 
							
							
							
							Lately, some of the TLS data was misdetected as DCERPC/TCP because of
the pattern |05 00|. Add more checks in DCERPC probe function to ensure
that it is in fact DCERPC/TCP. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								d2d0e0adc9 
								
							
								 
							
						 
						
							
							
								
								rust: remove exported unused functions  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6da9a37285 
								
							
								 
							
						 
						
							
							
								
								rdp: correctly returns incomplete in parse_tc  
							
							... 
							
							
							
							Adding the already consumed bytes
In case an incomplete tls handshake is handled with/after
a refular rdp t123_tpkt 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								3de0123ffb 
								
							
								 
							
						 
						
							
							
								
								http2: adds check about dynamic headers table size  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								1ca4f041bb 
								
							
								 
							
						 
						
							
							
								
								http2: pass data through when decompression fails  
							
							... 
							
							
							
							as is done for HTTP1 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c6a35d09b7 
								
							
								 
							
						 
						
							
							
								
								templates: fix typos  
							
							... 
							
							
							
							- *template*files[ch][rs]: fix typos
- scripts/setup-app-layer: fix typos 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6853bf98fb 
								
							
								 
							
						 
						
							
							
								
								dns: only register a single logger  
							
							... 
							
							
							
							DNS no longer requires a logger to be registered for to-client and
to-server directions. This has not been required with the stateless
design of the Rust DNS parser. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								0105d4f017 
								
							
								 
							
						 
						
							
							
								
								rust: bump bitflags dependency version  
							
							... 
							
							
							
							So that lexical-core, needed by nom, and using bitflags
is used with version 0.7.5 instead of version 0.7.0
which fixed the fact that BITS is now a reserved keyword
in nightly version 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								cb150e97d0 
								
							
								 
							
						 
						
							
							
								
								kerberos: fix probing parser tag condition  
							
							... 
							
							
							
							according to the comment 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e2dbdd7fd5 
								
							
								 
							
						 
						
							
							
								
								ikev1: add ikev1 parser  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ecdf9f6b0b 
								
							
								 
							
						 
						
							
							
								
								ikev1: rename ikev2 to common ike  
							
							... 
							
							
							
							Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ab6171c429 
								
							
								 
							
						 
						
							
							
								
								detect: added support for protocol-aliases  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e9494ddd8f 
								
							
								 
							
						 
						
							
							
								
								util: add function converting u8-array into a hex-String  
							
							
							
						 
						
							5 years ago