]>
git.ipfire.org Git - thirdparty/suricata.git/log
Victor Julien [Tue, 21 Apr 2020 08:52:04 +0000 (10:52 +0200)]
app-layer: fix protocol detection bail conditions for TCP fastopen
Victor Julien [Mon, 27 Apr 2020 06:17:51 +0000 (08:17 +0200)]
datasets: reputation value validation
Victor Julien [Fri, 24 Apr 2020 08:27:18 +0000 (10:27 +0200)]
fastlog: fix unlikely memleak
Fix memleak is case of alloc error during startup.
(cherry picked from commit
28837b203e45a8cc24b4b7b97f7bf9c5e118eb7b )
Jason Ish [Fri, 24 Apr 2020 15:55:13 +0000 (09:55 -0600)]
doc: typo: http.server_body should be http.response_body
Thanks to Jason Williams for pointing this out.
(cherry picked from commit
0dd1b2a616decfaa5ad5526540c72b9bf3ae1092 )
jason taylor [Thu, 17 Oct 2019 00:26:51 +0000 (20:26 -0400)]
conf: add value checks for datasets hash/preallocSigned-off-by: jason taylor <jtfas90@gmail.com>
Jason Ish [Tue, 21 Apr 2020 15:29:57 +0000 (09:29 -0600)]
github-ci: check all commits on pr
On a pull request, attempt to compile all commits from
the base branch to the head of the PR branch.
The job is in a separate workflow file to limit it to
pull-requests only, as the base branch is not available
on push (something to look into).
(cherry picked from commit
d955acc01cc0ce7bd5bf04b0e36a96fb55ee56f5 )
Victor Julien [Fri, 3 Apr 2020 08:09:07 +0000 (10:09 +0200)]
flow: cleanup expectations first
Make sure to cleanup expectations for a flow as the first step, before
parts of the flow itself are getting cleaned/freed.
Also indicate use unlikely as flows with expectations should be relatively
rare.
(cherry picked from commit
09a21545ce00de8ef161f097603f98770351e9be )
Eric Leblond [Sun, 9 Feb 2020 19:33:21 +0000 (20:33 +0100)]
app-layer-expectation: update copyright date
(cherry picked from commit
bcff8ec5b5690ed5507b8d78656f682d07abd4b7 )
Eric Leblond [Fri, 7 Feb 2020 23:05:01 +0000 (00:05 +0100)]
app-layer-expectation: clean expectation and add limits
When a flow timeout, we can have still existing expectations that
are linked to this flow. Given that there is a delay between the
real ending of the flow and its destruction by Suricata, the
expectation should be already honored so we can assume the risk
to clean the expectations that have been triggered by the
to-be-deleted flow.
This patch introduces a limitation in term of number of
expectations attached to one IPPair. This is done using
a circle list so we have a FIFO approach on expectation
handling.
Circleq list code is copied from BSD code like was pre existing code
in queue.h.
(cherry picked from commit
a4cea196c0ea9aa5f2b34a43140056d689003c13 )
(cherry picked from commit
230dbafa22dc015552ec73a3b0eb70e209ed2190 )
Commits squashed to avoid circular dependeny by Victor Julien.
Eric Leblond [Tue, 10 Dec 2019 21:15:14 +0000 (22:15 +0100)]
app-layer-expectation: remove unused parameter
(cherry picked from commit
403eb3bf6121f8d6d198a4aab80d694c771f7e27 )
Jeff Lucovsky [Tue, 21 Apr 2020 14:36:27 +0000 (10:36 -0400)]
detect/ftp: FTP memory accounting fixes
This commit continues the work started by @vanlink and corrects the
accounting of FTP memory usage against the memcap limit.
(cherry picked from commit
aa3f784d32308b642052c076787ace547b260781 )
Victor Julien [Fri, 17 Apr 2020 12:58:06 +0000 (14:58 +0200)]
datasets: remove useless variables
(cherry picked from commit
1d8d03184dd91a33251e6a45f5286b387bfda38e )
Victor Julien [Tue, 14 Apr 2020 12:21:31 +0000 (14:21 +0200)]
datasets: add 'dataset-remove' unix command
(cherry picked from commit
7a6269798ba309deedc7110c5cc8bb763bd89926 )
Victor Julien [Mon, 13 Apr 2020 14:31:50 +0000 (16:31 +0200)]
datasets: add 'remove' support
(cherry picked from commit
af06883f65ff50d2b118ffd772d1bd93bb3b00f0 )
Victor Julien [Tue, 14 Apr 2020 19:57:06 +0000 (21:57 +0200)]
datasets: silence noisy 'dataset-add' log
(cherry picked from commit
03dc5d1d74dbee2ef63c402a599d0cddbec93f05 )
Victor Julien [Tue, 14 Apr 2020 19:49:33 +0000 (21:49 +0200)]
datasets: fix return values for 'add's
(cherry picked from commit
ff55a444d423f1b3b55be51712bee065f0d4fbda )
Victor Julien [Tue, 14 Apr 2020 19:44:34 +0000 (21:44 +0200)]
datasets: fix ref cnt handling
Each 'add' and 'lookup' would increment the use_cnt, without anything
bringing it back down.
Since there is no removal yet, nothing is actually affected by it yet.
(cherry picked from commit
381bc2dd64b2ba6a61b99563194df3a2739ed364 )
Victor Julien [Mon, 13 Apr 2020 14:31:35 +0000 (16:31 +0200)]
thash: add 'remove' support
(cherry picked from commit
51726e0a0f9c56c452cf9c4a566ba302a26cb1d4 )
Victor Julien [Mon, 13 Apr 2020 13:47:18 +0000 (15:47 +0200)]
datasets: improve 'dataset-add' error checking
(cherry picked from commit
b80ab56d10d9907e3dcab8cdcd2285c711201de8 )
Victor Julien [Fri, 17 Apr 2020 13:00:40 +0000 (15:00 +0200)]
conf/datadir: fix possible out of bounds array access
(cherry picked from commit
0ce489bcc9629b7b4cc5a29288df318d2d5472a6 )
Philippe Antoine [Mon, 20 Apr 2020 11:57:44 +0000 (13:57 +0200)]
detect: fix insertion in linked list for fast pattern
Make sure we do not add the same list_id twice
by checking at least all the lists with the current priority
(cherry picked from commit
a0823bc6ecc0c9787fc148229331957fd55f9e97 )
Jeff Lucovsky [Fri, 24 Apr 2020 12:56:33 +0000 (08:56 -0400)]
detect/lua: Unregister Lua object on free
Jeff Lucovsky [Sat, 21 Mar 2020 14:10:09 +0000 (10:10 -0400)]
detect: Provide function to clear per-thread ctx
This commit provides an interface to free previously allocated
per-thread contextual information on the keyword lists.
(cherry picked from commit
d1151f3f8e5d21f08c47dd9d3e3650768f7d3004 )
Philippe Antoine [Fri, 20 Mar 2020 13:42:50 +0000 (14:42 +0100)]
ftp: indent FTPParseResponse again
(cherry picked from commit
699d6682daad908fb30f2b871129dfa826f4a476 )
Philippe Antoine [Mon, 16 Mar 2020 13:52:32 +0000 (14:52 +0100)]
ftp: use switch for ftp commands for style
(cherry picked from commit
fef124b92dbabe64c6f1580113a251fae639857f )
Philippe Antoine [Mon, 16 Mar 2020 13:48:40 +0000 (14:48 +0100)]
ftp: FTPGetAlstateProgress for done port commands
For a done transaction with command PORT,
we expect FTP_STATE_FINISHED
and we got FTP_STATE_PORT_DONE instead
which prevented logging of these transactions
We change the order of the evaluations to get the right result
(cherry picked from commit
6f36403219687b1bbcb667078a57c1c9d4aed185 )
Philippe Antoine [Mon, 16 Mar 2020 13:46:51 +0000 (14:46 +0100)]
ftp: FTPParseResponse bufferizes lines
Protects against evasion by TCP packet splitting
The problem arised if the FTP response is split on multiple packets
The fix is to bufferize the content, until we get a complete line
(cherry picked from commit
a6294d6ec25d0f2f0b5d25f7a824c7325e8f87ce )
Philippe Antoine [Wed, 15 Apr 2020 09:48:13 +0000 (11:48 +0200)]
conf: returns instead of exiting in ConfYamlParse
So that we can keep on fuzzing even on too much recursion
(cherry picked from commit
fe1d36ec7eff8fecbe39f4d7447c0ab24a9d37ee )
Philippe Antoine [Fri, 6 Mar 2020 09:45:23 +0000 (10:45 +0100)]
kerberos: fix against packet split in record size
(cherry picked from commit
23f796a021cd4a0f2614418a5d2d40acefd56df3 )
Victor Julien [Fri, 10 Apr 2020 08:02:43 +0000 (10:02 +0200)]
detect/parse: properly free bidir sigs in error path
(cherry picked from commit
fc6ada85411caa9c08df3eae1cc908436a4ea257 )
Victor Julien [Fri, 10 Apr 2020 07:55:36 +0000 (09:55 +0200)]
detect/parse: fix minor memory leak in error path
Only reachable on SCMalloc so should be unlikely to be reached.
(cherry picked from commit
5abead93259e8d0bfb3f7556b9653debe320621a )
Victor Julien [Sat, 11 Apr 2020 11:54:00 +0000 (13:54 +0200)]
detect/iponly: fix parsing of '0' valued netmask
(cherry picked from commit
4d50eb1647709c9f2b8809f91b2af67be99ce4ab )
Jason Ish [Thu, 9 Apr 2020 21:59:23 +0000 (15:59 -0600)]
conf/yaml: limit recursion depth while paring YAML
A deeply nested YAML file can cause a stack-overflow while
reading in the configuration to do the recursive parser. Limit
the recursion level to something sane (128) to prevent this
from happening.
The default Suricata configuration has a recursion level of 128
so there is still lots of room to grow (not that we should).
Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3630
(cherry picked from commit
4dc80a6e6f9b396de5dc25d3468522316c4661d0 )
Victor Julien [Fri, 20 Mar 2020 08:40:23 +0000 (09:40 +0100)]
nfs: fix buffering code using wrong dir
Jeff Lucovsky [Mon, 30 Mar 2020 11:57:36 +0000 (07:57 -0400)]
detect/tls: Use pcre_copy_substring to avoid leak
This commit eliminates a memory leak while parsing TLS version
information. The leak was identified through fuzzing.
(cherry picked from commit
2823bc5aed3ade2f916a9592c0ecf214bb62481b )
Jeff Lucovsky [Mon, 6 Apr 2020 13:55:41 +0000 (09:55 -0400)]
detect/ssl: Fix memory leak in version parsing
This commit fixes a memory leak in the SSL version handling that
manifests when the version identifier is incomplete or incorrect.
(cherry picked from commit
6bffe0bd353654b0f2e5e123cd3f68d2570c5553 )
Victor Julien [Sun, 5 Apr 2020 14:56:35 +0000 (16:56 +0200)]
detect/pktvar: fix memory leaks
(cherry picked from commit
aba4e195484a4ee2068ca13ed7852aab81f00d5a )
Jeff Lucovsky [Wed, 4 Mar 2020 14:37:04 +0000 (09:37 -0500)]
detect/threshold: Correct typos
(cherry picked from commit
c20ab53eaeb57d873a5ea065f31adcec28786078 )
Jeff Lucovsky [Wed, 4 Mar 2020 14:35:54 +0000 (09:35 -0500)]
detect/threshold: Don't allow duplicates
This commit detects duplicate threshold rule options. When duplicates
are found in a rule, an error message is displayed and the rule is
rejected.
(cherry picked from commit
ff9a01ee1b63452d1b047f9bcc7522e3ab1eda10 )
Sascha Steinbiss [Mon, 17 Feb 2020 16:29:59 +0000 (17:29 +0100)]
sip: address trailing space parsing
(cherry picked from commit
11912bd71517408000f70e68407571dff3be449a )
Sascha Steinbiss [Thu, 20 Feb 2020 09:47:32 +0000 (10:47 +0100)]
snmp-version: make comment more clear
(cherry picked from commit
efaa1755c636a11ef509b5e951b20c56fd36bf5b )
Sascha Steinbiss [Thu, 20 Feb 2020 09:46:55 +0000 (10:46 +0100)]
snmp: do not set SIGMATCH_NOOPT
(cherry picked from commit
f02a18e55747b40950a79095b930095407cc97b8 )
Victor Julien [Fri, 28 Feb 2020 12:17:03 +0000 (13:17 +0100)]
pcap/file: improve time handling
This patch addresses two problems.
First, various parts of the engine, but most notably the flow manager (FM),
use a minimum of the time notion of the packet threads. This did not
however, take into account the scenario where one or more of these
threads would be inactive for prolonged times. This could lead to the
time used by the FM could get stale.
This is addressed by keeping track of the last time the per thread packet
timestamp was updated, and only considering it for the 'minimum' when it
is reasonably current.
Second, there was a minor race condition at start up, where the FM would
already inspect the hash table(s) while the packet threads weren't active
yet. Since FM gets the time from the packet threads, it would use a bogus
time of 0.
This is addressed by adding a wait loop to the start of the FM that waits
for 'time' to get ready.
(cherry picked from commit
1e9333288f06ddc2f469053205a5d6662bf32ed7 )
Victor Julien [Fri, 28 Feb 2020 12:06:09 +0000 (13:06 +0100)]
threads/time: rename ts to pktts to make purpose clear
(cherry picked from commit
b60520503247f31c9c58157f67d2f901cfb23d93 )
Victor Julien [Thu, 27 Feb 2020 16:20:18 +0000 (17:20 +0100)]
pcap/file: fix race during pcap processing start
A race condition during the start of pcap file processing could cause
missed alerts and logged events. This race happens between the packet
threads and the flow manager. It was observed on slower hardware, but in
theory could happen on any machine. It required the 'autofp' runmode.
In commit
6f560144c1b9 ("time: improve offline time handling") the logic
was added to make the flow manager use a minimum of all the packet threads
perception of time.
The race condition was that the flow manager may become active _before_
all of the packet threads have started processing packets and thus setting
their timestamp. The threads that had not yet initialized their timestamp
would not be considered when calculating the minimum.
As a result of this, older packets timestamps would not yet be registered.
This would give the Flow Manager a timestamp too far in the future. While
the FM was running, the packet processing would start and a flow would
be created. This flow would then immediately be considered 'timed out' by
the FM, due to the timestamp too far in the future.
In the observed case, the thread processing packet 1 from the pcap had not
yet started processing while other threads had already started. The FM was
also already active. Due to the timestamps in the pcap this meant that the
time the FM used was about 500 seconds in the future compared to packet 1.
This patch fixes the issue by initializing all of the threads timestamps
with the timestamp value of the first packet. This way the minimum will
always consider this timestamp.
(cherry picked from commit
9f1922e1756017b66c7161d49202a4120dd7f231 )
Victor Julien [Fri, 28 Feb 2020 09:38:22 +0000 (10:38 +0100)]
pcap/file: fix function ptr naming
(cherry picked from commit
7f211dfb671e49de6b47ea322fc3f04f91995696 )
Victor Julien [Fri, 28 Feb 2020 09:22:23 +0000 (10:22 +0100)]
time: fix function name typo
(cherry picked from commit
a765494dcb6ff696daa8aeffe9595177b1772173 )
Victor Julien [Thu, 27 Feb 2020 19:27:20 +0000 (20:27 +0100)]
time: remove unused time structure
(cherry picked from commit
c68af5a23e183d4a6aa2aabf833062ecbe8c2447 )
Victor Julien [Thu, 27 Feb 2020 19:20:33 +0000 (20:20 +0100)]
time: minor code cleanup
(cherry picked from commit
0325d185a85d69e10bf9e41af17d205097360b47 )
Victor Julien [Thu, 19 Mar 2020 20:30:45 +0000 (21:30 +0100)]
stream/tcp: fix fast open off by one
With data on SYN the sequence number used for the first data
was off by one, leading to the next segments to appear to come
after a one byte gap.
(cherry picked from commit
b85539b2aba4cc95a2773b71da44821cd225b50a )
Victor Julien [Tue, 17 Mar 2020 19:44:33 +0000 (20:44 +0100)]
smb: fix rustc 1.42 warnings
(cherry picked from commit
a729d266c398d0d3a9f43d7df3f351245d1773e3 )
Victor Julien [Tue, 31 Mar 2020 12:04:07 +0000 (14:04 +0200)]
detect/parse: fix crash on 'internal' keyword use
When keyword __flowvar__postmatch__, an internal keyword, is used
in a rule the 'Setup' func ptr will be NULL. This caused a crash.
(cherry picked from commit
095981cb2a7b204e66770ab5ab4efcf5034caa27 )
Victor Julien [Tue, 31 Mar 2020 09:37:51 +0000 (11:37 +0200)]
detect/pkt_data: code and test cleanup
(cherry picked from commit
e1c474a1b08eb31e53c455cd7a14c64d8af96acc )
Victor Julien [Tue, 31 Mar 2020 08:38:06 +0000 (10:38 +0200)]
detect/pkt_data: error on unconsumed transforms
If a rule has transforms w/o consuming them (e.g. a content keyword),
don't consider 'pkt_data' valid.
(cherry picked from commit
13c9d0ca7e3a41a8023dc80def36e24686288742 )
Victor Julien [Tue, 31 Mar 2020 08:35:54 +0000 (10:35 +0200)]
detect: more robust against transform issues
In case of transform issues (transform not consumed before pkt_data
for example), the code would hit an ugly BUG_ON.
Address this by a more graceful error message, that will still
invalidate the sig but not crash the engine.
(cherry picked from commit
7f19da1cc0956a36982b6027e8bce517ca447609 )
Jeff Lucovsky [Tue, 31 Mar 2020 12:46:38 +0000 (08:46 -0400)]
tests/bsize: Fuzzing test case added
This commit adds a test case to validate the issue found during fuzz
testing.
(cherry picked from commit
0ae6b0b2503f6e50ee876f27627b071734a3b757 )
Jeff Lucovsky [Mon, 30 Mar 2020 13:51:27 +0000 (09:51 -0400)]
detect/bsize: Ensure numeric values fit
This commit ensures that the numeric values will not exceed the size of
the containers used to hold them.
(cherry picked from commit
5b38bc989492672277178e93b8685b9e63fe6ec8 )
Victor Julien [Mon, 23 Mar 2020 10:06:55 +0000 (11:06 +0100)]
decode/teredo: implement port support
Implement support for limiting Teredo detection and decoding to specific
UDP ports, with 3544 as the default.
If no ports are specified, the old behaviour of detecting/decoding on any
port is still in place. This can also be forced by specifying 'any' as the
port setting.
(cherry picked from commit
e97cdb48f3e32e8d76aaa2f7325a1a67e245be8e )
Eric Leblond [Tue, 11 Feb 2020 14:21:39 +0000 (16:21 +0200)]
configure: correctly display nss/nspr status
If autodiscovery of libnss was used (default), then the line
libnss support: yes
was never set to no.
Same behavior for libnspr.
Broken by commit 'configure: fix nspr check logic' (
7ea269a212a3a2209effc3cc9300873d6a06859e )
(cherry picked from commit
752fc77cdcd0f74d5a7d7b8061b04b482a83c728 )
Victor Julien [Tue, 24 Mar 2020 12:11:03 +0000 (13:11 +0100)]
stream/tcp: fix STREAM_HAS_SEEN_DATA macro
The macro would not return true for smaller TCP streams, leading to
cases where the app-layer was not notified of EOF.
(cherry picked from commit
e500c59b994ef2c4ba1c2bd17b4d4ff674a144ef )
Jeff Lucovsky [Mon, 23 Mar 2020 17:57:32 +0000 (13:57 -0400)]
actions: Use newer checkout action for some
Jeff Lucovsky [Mon, 23 Mar 2020 13:08:14 +0000 (09:08 -0400)]
doc: Remove bitmask documentation
Philippe Antoine [Thu, 12 Mar 2020 08:11:52 +0000 (09:11 +0100)]
doc: adds doc for ipv4.hdr signature keyword
(cherry picked from commit
0715e1352f38af4fd51660ba2cd3e584fec7f98f )
Philippe Antoine [Wed, 9 Oct 2019 14:59:13 +0000 (16:59 +0200)]
detect/parse: move spaces skip up the stack
Switch to isspace() as well.
(cherry picked from commit
52970d850858bb9784fe562422e9cf2c3aec4230 )
Jeff Lucovsky [Tue, 3 Mar 2020 13:50:37 +0000 (08:50 -0500)]
decode/erspan: ERSPAN TypeI configurable
For the backport, ERSPAN TypeI decode is
1. Disabled by default
2. Configurable: `decoder.erspan_typeI.enabled`
(cherry picked from commit
ae6beedd13df60b129de702eabc0a7364fd973d5 )
Jeff Lucovsky [Sat, 28 Dec 2019 14:44:56 +0000 (09:44 -0500)]
decode: Handle ERSPAN Type I
(cherry picked from commit
aec4e9a032855a710d71a4c397affcdce5351b39 )
(cherry picked from commit
e00de3dce36b0bc6a912e3754e430908fdcd231a )
Jeff Lucovsky [Sat, 28 Dec 2019 14:45:31 +0000 (09:45 -0500)]
decode: Fix typos/spelling
(cherry picked from commit
427ec4e739611975b983fcf06bec8fc9b8f8917e )
(cherry picked from commit
ed6c976bb0c945ae47169be8e65d354c69514389 )
Jeff Lucovsky [Sat, 22 Feb 2020 18:19:28 +0000 (13:19 -0500)]
doc: Correct RST quote usage
Corrects misplaced backticks preventing proper formatting of `mpm-algo`
section.
(cherry picked from commit
8c132c0b8746ee2b91693c54625076e6a3be123e )
Jeff Lucovsky [Sat, 22 Feb 2020 18:21:36 +0000 (13:21 -0500)]
detect/filestore: Fix memory leaks from pcre_get_substring
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
(cherry picked from commit
c2071e1c4e2d2ff89f7f7e07cefb307c095338e3 )
Jeff Lucovsky [Sat, 22 Feb 2020 18:23:04 +0000 (13:23 -0500)]
detect/flowvar: Fix memory leaks from pcre_get_substring
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
(cherry picked from commit
9fe51a8bd280c3662d5b48bbd9c8745a7bdd0822 )
Jeff Lucovsky [Sat, 22 Feb 2020 18:24:13 +0000 (13:24 -0500)]
detect/ssl_state: Fix memory leaks from pcre_get_substring
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
(cherry picked from commit
6c3503932ff604443820b85421ef0271deaf7032 )
Jeff Lucovsky [Sat, 22 Feb 2020 18:24:45 +0000 (13:24 -0500)]
spelling: Fix spelling error
(cherry picked from commit
6d94b096a9bdf069465aae447aea036609bfb9bb )
Jeff Lucovsky [Sat, 22 Feb 2020 18:25:02 +0000 (13:25 -0500)]
util-error: define SC_ERR_PCRE_COPY_SUBSTRING
(cherry picked from commit
bcea73026635c3bf080d9dab1717077acc23c5f2 )
Jeff Lucovsky [Fri, 14 Feb 2020 13:38:53 +0000 (08:38 -0500)]
mime: Test cases for filename length limit
(cherry picked from commit
c92975e22b809e9f4121b653670ae1233fe3e567 )
Jeff Lucovsky [Wed, 5 Feb 2020 14:21:05 +0000 (09:21 -0500)]
smtp/mime: Fix typos
(cherry picked from commit
9a33b5d5ded247e94a6572092ab2aca3f51752b3 )
Jeff Lucovsky [Wed, 5 Feb 2020 14:20:29 +0000 (09:20 -0500)]
smtp/mime: Set event when name exceeds limit
(cherry picked from commit
130b8d26e7e8e64ca42dc7e4db9890619d9730aa )
Jeff Lucovsky [Tue, 4 Feb 2020 15:13:49 +0000 (10:13 -0500)]
smtp/mime: Restrict file name lengths
This commit places restrictions on the length of the file name specified
in attachments (`name=` or `filename=`) to `NAME_MAX`. Names exceeding
these limits will be truncated and processing will continue with the
truncated name.
(cherry picked from commit
d0d20bd8746ad8933a515fa4facf9e3e10f22ecc )
Stephen Donnelly [Thu, 5 Mar 2020 21:49:17 +0000 (10:49 +1300)]
dag: Skip over ERF_TYPE_META records
Suricata generates an error on unrecognised ERF types.
Suricata should ignore ERF 'Provenance' records with ERF_TYPE_META.
(cherry picked from commit
47082dd5df1b71485333039cd6af75b39cdfffeb )
Victor Julien [Tue, 17 Mar 2020 12:08:33 +0000 (13:08 +0100)]
stream: fix direction flags in corner case
When a TCP DNS flow would start with a GAP on the TS side, the successful
protocol detection on the TC side would trigger 'opposing side' reassembly
and app-layer processing. In this case the stream flags would indicate the
wrong direction and the wrong parser would be called.
(cherry picked from commit
efee458af8a711323d74045af67b1fa9b648569c )
Victor Julien [Thu, 13 Feb 2020 13:43:59 +0000 (14:43 +0100)]
version: starting work on 5.0.3
Victor Julien [Thu, 13 Feb 2020 10:57:47 +0000 (11:57 +0100)]
version: release 5.0.2
Victor Julien [Thu, 13 Feb 2020 10:57:04 +0000 (11:57 +0100)]
changelog: update for 5.0.2
vanlink [Thu, 16 Jan 2020 08:27:57 +0000 (16:27 +0800)]
stream/reassembly: fix data overlap check
Fix function CheckOverlap bug.
(cherry picked from commit
2456f27d08142b571a06ffd211c90a5fa557366a )
Victor Julien [Tue, 11 Feb 2020 10:55:18 +0000 (11:55 +0100)]
nfs: implement post-GAP transaction cleanup
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.
After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.
This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.
This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.
Bug #3424.
Bug #3425.
(cherry picked from commit
f68c255f090a94162df1fcd7e7262548a2119c50 )
Victor Julien [Wed, 29 Jan 2020 12:50:05 +0000 (13:50 +0100)]
tls: fix missing extern logic for cert_id tracking
Victor Julien [Wed, 29 Jan 2020 12:46:56 +0000 (13:46 +0100)]
stats: fix missing extern keyword
Victor Julien [Wed, 29 Jan 2020 12:43:49 +0000 (13:43 +0100)]
defrag: fix use of globals
Victor Julien [Wed, 29 Jan 2020 12:30:35 +0000 (13:30 +0100)]
threading: fix queue handlers globals use
Victor Julien [Wed, 29 Jan 2020 12:28:17 +0000 (13:28 +0100)]
htp: fix globals use for flags
Victor Julien [Wed, 29 Jan 2020 12:27:58 +0000 (13:27 +0100)]
proto: fix globals use
Victor Julien [Wed, 29 Jan 2020 12:23:36 +0000 (13:23 +0100)]
flow: fix global variable use
Victor Julien [Wed, 29 Jan 2020 10:55:27 +0000 (11:55 +0100)]
stream: fix global declaration of the config
Victor Julien [Wed, 29 Jan 2020 10:51:11 +0000 (11:51 +0100)]
threading/modules: fix global declarations
Victor Julien [Wed, 29 Jan 2020 09:56:54 +0000 (10:56 +0100)]
ippair: fix global declarations
Victor Julien [Wed, 29 Jan 2020 09:37:44 +0000 (10:37 +0100)]
host: fix global declarations
Victor Julien [Wed, 29 Jan 2020 09:28:16 +0000 (10:28 +0100)]
mpm: fix global declarations
Victor Julien [Wed, 29 Jan 2020 09:22:57 +0000 (10:22 +0100)]
detect: fix global declaration of sigmatch_table
Victor Julien [Wed, 29 Jan 2020 09:11:54 +0000 (10:11 +0100)]
spm: fix global declaration of spm_table
Victor Julien [Wed, 29 Jan 2020 07:33:18 +0000 (08:33 +0100)]
threading: fix global declaration of threading_set_cpu_affinity
Victor Julien [Wed, 29 Jan 2020 07:27:43 +0000 (08:27 +0100)]
threading: fix global declaration of trans_q
projects / thirdparty / suricata.git / log
