Some changes were made to the generated files instead of the
generator script. Update the script to generate what is
in the current state of the in-tree generated files.
(cherry picked from commit 4976afd96a)
This changeset fixes a bug that was preventing suricata to dump
alert metadata info when running in unix-socket mode.
When running in unix-socket mode, suricata was skipping the
initialization of the output modules and, as a consequence,
the metadata output module was never invoked.
(cherry picked from commit ea15282f47)
When stateful detection rules, for which detection has already started
for a previous packet, are added to the candidates array, the array
is sorted to mantain the correct inspection order. However, due to a
trivial error in the sort helper the array was sorted in descending
instead of ascending order.
(cherry picked from commit 4664444067)
DNP3 uses little endian on the wire, for the most part this
is handled as the messages are deserialize. However, the link
header is a cast over raw data, so swap these bytes as they
are being logged.
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4173
(cherry picked from commit 76e011a5ba)
This commit improves handling of ICMPv4 messages, especially those with
variable sized headers.
This commit also adds a header length variable for use by the new
sticky buffer for the header.
(cherry picked from commit 988bb26828)
In case of lossy connections the SMB state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.
This would lead these files staying in the SMB's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.
This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.
(cherry picked from commit 65e9a7c31c)
(cherry picked from commit c8be282533)
Builds for suricata with rustc 1.24.1 give the warning:
warning: unknown lint: `ellipsis_inclusive_range_patterns`
The builtin lint had been added to fix a deprecation warning
for the `...` range patterns. Although rustc 1.24.1 is
no longer the MSRV, rendering the lint unnecessary, removing it
results in a strict error for rustc 1.47.x.
Add relevant code to allow unknown lints.
Builds for suricata fail with rustc 1.24.1 due to usage of `crate`
to specify the absolute path for the app-layer-parser with the errors:
error[E0433]: `crate` can only be used in absolute paths
error: `crate` in paths is experimental
Modify relevant files to use relative paths instead.
Fixes Bug #4064
Bidirectional signatures are really two signatures with one id
This needs to be handled with care when changing a linked list
(cherry picked from commit 5ac8e41a13)
Evasion scenario is
- a first dummy write of one byte at offset 0 is done
- the second full write of EICAR at offset 0 is then done
and does not trigger detection
The last write had the final value, and as we cannot "cancel"
the previous write, we set an event which is then transformed into
an app-layer decoder alert
(cherry picked from commit caa7946888)
Scenario is use of dummy padding in write AndX request
or other similar commands using a data offset.
Parsing skips now these dummy bytes, and generates one event
(cherry picked from commit aaa69fe3c5)
Ensure the client version is valid by checking hello flags
Ensure no integer underflow occurs in SSLv3ParseHandshakeType
(cherry picked from commit 2eacc6a9a8)
As it can be confused between SSLv2 and TLSv13
In SSLv2, this variable is not used after the function scope, so
we can use a temporary variable.
(cherry picked from commit 4706b38866)
This will allow Rust parsers to register for gap handing from
Rust (some Rust parsers do handle gaps, but they set the flag
from C).
(cherry picked from commit 53aa967e0b)
This is a partial backport of:
ac3cf6ff75
detect/config: set config for special cases
Allow app-layer to declare the txs are uni-directional and special
care is needed for applying config.
This commit changes the size of reporting variables to be dynamic based
on the buffer ids in use instead of a fixed value to address a SEGV when
the fixed value was less than the max buffer/type id in use.
(cherry picked from commit d911fb87b8)
Victor Julien
Philippe Antoine
Jason Ish
Angelo Mirabella
Shivani Bhardwaj
Jeff Lucovsky
Sumera Priyadarsini
Philippe Antoine