Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Websockets 2695 v13 #10163

Closed
wants to merge 12 commits into from
Closed

Websockets 2695 v13 #10163

wants to merge 12 commits into from

Commits on Jan 11, 2024

  1. detect: integer keywords now support hexadecimal 

    So that we can write enip.revision: 0x203

Ticket: 6645
    @catenacyber
    catenacyber committed Jan 11, 2024
    Configuration menu
    Copy the full SHA
    b62120d View commit details
    Browse the repository at this point in the history

  2. detect: integer keywords now accept negated ranges 

    Ticket: 6646
    @catenacyber
    catenacyber committed Jan 11, 2024
    Configuration menu
    Copy the full SHA
    6a07bd2 View commit details
    Browse the repository at this point in the history

  3. detect/integer: rust derive for enumerations 

    Ticket: 6647

Allows keywords using integers to use strings in signature
parsing based on a rust enumeration with a derive.
    @catenacyber
    catenacyber committed Jan 11, 2024
    Configuration menu
    Copy the full SHA
    8379adc View commit details
    Browse the repository at this point in the history

  4. detect: integer keywords now accept bitmasks 

    Ticket: 6648

Like &0x40=0x40 to test for a specific bit set
    @catenacyber
    catenacyber committed Jan 11, 2024
    Configuration menu
    Copy the full SHA
    7633932 View commit details
    Browse the repository at this point in the history

  5. doc: integer keywords 

    Ticket: 6628

Document the generic detection capabilities for integer keywords.
and make every integer keyword pointing to this section.
    @catenacyber
    catenacyber committed Jan 11, 2024
    Configuration menu
    Copy the full SHA
    96ad5f4 View commit details
    Browse the repository at this point in the history

Commits on Jan 15, 2024

  1. enip: register on default 44818/tcp port 

    if no config option is found,
as is done for udp

Ticket: 6304
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    1b6beef View commit details
    Browse the repository at this point in the history

  2. http2: add settings from newer RFCs 

    Including the one for websocket over HTTP/2
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    c60afaf View commit details
    Browse the repository at this point in the history

  3. protodetect: remove unused field 

    port is used in AppLayerProtoDetectProbingParserPort
and not in AppLayerProtoDetectProbingParserElement
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    38c832e View commit details
    Browse the repository at this point in the history

  4. protodetect: allows not port-based probing parsers 

    As for WebSocket which is detected only by protocol change.
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    6100223 View commit details
    Browse the repository at this point in the history

  5. protodetect: run expected probing parser 

    When there is a protocol change, and a specific protocol is
expected, like WebSeocket, always run it, no matter the port.
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    8c0cc48 View commit details
    Browse the repository at this point in the history

  6. app-layer: websockets protocol support 

    Ticket: 2695
    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    5da5d49 View commit details
    Browse the repository at this point in the history

  7. websocket: configurable logging of payload in alerts

    @catenacyber
    catenacyber committed Jan 15, 2024
    Configuration menu
    Copy the full SHA
    fde5adc View commit details
    Browse the repository at this point in the history