Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

next/217/20231207/v1 #9999

Merged
merged 21 commits into from
Dec 7, 2023
Merged

next/217/20231207/v1 #9999

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d3095ac
util/time: Prevent usecs overflow
ilya-bakhtin Sep 29, 2023
417806c
napatech: Fix packet timestamps
ilya-bakhtin Sep 29, 2023
0850e3d
util/time: Improve usecs handling in time macros
sfd Nov 28, 2023
a7c9028
detect/content-inspect: reduce scope of variables
victorjulien Sep 25, 2023
0ba4b29
detect/content-inspect: pass const to inspect func
victorjulien Sep 25, 2023
b1fa975
detect/content-inspect: remove const casting
victorjulien Sep 23, 2023
1f265d9
detect/content-inspect: assist branch prediction
victorjulien Sep 23, 2023
b357532
detect/content-inspect: switch type of enum
victorjulien Dec 2, 2023
d73cce4
detect/content-inspect: add entry for InspectionBuffer
victorjulien Dec 2, 2023
c9ab95c
detect/dns.query: use new content inspect entry
victorjulien Dec 2, 2023
6a01f40
detect/krb5.sname: use new content inspect entry
victorjulien Dec 2, 2023
e9b33c4
detect/base64: move content inspection logic
victorjulien Sep 23, 2023
97f78e1
detect/content-inspect: reduce scope of internal func
victorjulien Sep 24, 2023
4cce7ba
detect/content-inspect: localize recursion counting
victorjulien Sep 24, 2023
c19d11f
detect/content-inspect: flatten branches
victorjulien Sep 24, 2023
6db0256
detect/isdataat: optimize recursion mismatches
victorjulien Sep 25, 2023
e2fbcf9
detect/payload: remove unneeded pointer reset
victorjulien Sep 25, 2023
5359170
detect/bytemath: pass match ctx directly
victorjulien Sep 26, 2023
0014077
detect: optimize struct layout
victorjulien Sep 26, 2023
06c8095
detect/content-inspect: optimize struct layout
victorjulien Sep 26, 2023
332c2ea
detect/content-inspect: improve header docs
victorjulien Dec 6, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 0 additions & 13 deletions src/detect-base64-data.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,19 +61,6 @@ static int DetectBase64DataSetup(DetectEngineCtx *de_ctx, Signature *s,
return 0;
}

int DetectBase64DataDoMatch(DetectEngineCtx *de_ctx,
DetectEngineThreadCtx *det_ctx, const Signature *s, Flow *f)
{
if (det_ctx->base64_decoded_len) {
return DetectEngineContentInspectionInternal(de_ctx, det_ctx, s,
s->sm_arrays[DETECT_SM_LIST_BASE64_DATA], NULL, f, det_ctx->base64_decoded,
det_ctx->base64_decoded_len, 0, DETECT_CI_FLAGS_SINGLE,
DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
}

return 0;
}

#ifdef UNITTESTS

static int g_file_data_buffer_id = 0;
Expand Down
2 changes: 0 additions & 2 deletions src/detect-base64-data.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,5 @@
#define __DETECT_BASE64_DATA_H__

void DetectBase64DataRegister(void);
int DetectBase64DataDoMatch(DetectEngineCtx *, DetectEngineThreadCtx *,
const Signature *, Flow *);

#endif /* __DETECT_BASE64_DATA_H__ */
3 changes: 2 additions & 1 deletion src/detect-byte.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,11 @@
*/

#include "suricata-common.h"
#include "rust.h"
#include "detect-byte.h"
#include "detect-byte-extract.h"
#include "detect-bytemath.h"
#include "rust.h"

/**
* \brief Used to retrieve args from BM.
*
Expand Down
13 changes: 7 additions & 6 deletions src/detect-bytemath.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,21 +29,23 @@
#include "threads.h"
#include "decode.h"

#include "app-layer-parser.h"
#include "app-layer-protos.h"

#include "detect.h"
#include "detect-parse.h"
#include "detect-engine.h"
#include "detect-engine-mpm.h"
#include "detect-engine-state.h"
#include "detect-engine-build.h"

#include "rust-bindings.h"

#include "detect-content.h"
#include "detect-pcre.h"
#include "detect-byte.h"
#include "detect-bytemath.h"

#include "app-layer-parser.h"
#include "app-layer-protos.h"
#include "rust-bindings.h"

#include "flow.h"
#include "flow-var.h"
#include "flow-util.h"
Expand Down Expand Up @@ -82,11 +84,10 @@ static inline bool DetectByteMathValidateNbytesOnly(const DetectByteMathData *da
(((data->flags & DETECT_BYTEMATH_FLAG_STRING) && nbytes <= 10) || (nbytes <= 4));
}

int DetectByteMathDoMatch(DetectEngineThreadCtx *det_ctx, const SigMatchData *smd,
int DetectByteMathDoMatch(DetectEngineThreadCtx *det_ctx, const DetectByteMathData *data,
const Signature *s, const uint8_t *payload, uint16_t payload_len, uint8_t nbytes,
uint64_t rvalue, uint64_t *value, uint8_t endian)
{
const DetectByteMathData *data = (DetectByteMathData *)smd->ctx;
if (payload_len == 0) {
return 0;
}
Expand Down
2 changes: 1 addition & 1 deletion src/detect-bytemath.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
void DetectBytemathRegister(void);

SigMatch *DetectByteMathRetrieveSMVar(const char *, const Signature *);
int DetectByteMathDoMatch(DetectEngineThreadCtx *, const SigMatchData *, const Signature *,
int DetectByteMathDoMatch(DetectEngineThreadCtx *, const DetectByteMathData *, const Signature *,
const uint8_t *, uint16_t, uint8_t, uint64_t, uint64_t *, uint8_t);

#endif /* __DETECT_BYTEMATH_H__ */
8 changes: 4 additions & 4 deletions src/detect-dns-query.c
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
/* Copyright (C) 2013-2018 Open Information Security Foundation
/* Copyright (C) 2013-2023 Open Information Security Foundation
*
* You can copy, redistribute or modify this Program under the terms of
* the GNU General Public License version 2 as published by the Free
Expand Down Expand Up @@ -92,6 +92,7 @@ static InspectionBuffer *DnsQueryGetData(DetectEngineThreadCtx *det_ctx,
return NULL;
}
InspectionBufferSetupMulti(buffer, transforms, data, data_len);
buffer->flags = DETECT_CI_FLAGS_SINGLE;

SCReturnPtr(buffer, "InspectionBuffer");
}
Expand All @@ -114,9 +115,8 @@ static uint8_t DetectEngineInspectDnsQuery(DetectEngineCtx *de_ctx, DetectEngine
if (buffer == NULL || buffer->inspect == NULL)
break;

const bool match = DetectEngineContentInspection(de_ctx, det_ctx, s, engine->smd, NULL, f,
(uint8_t *)buffer->inspect, buffer->inspect_len, buffer->inspect_offset,
DETECT_CI_FLAGS_SINGLE, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
const bool match = DetectEngineContentInspectionBuffer(de_ctx, det_ctx, s, engine->smd,
NULL, f, buffer, DETECT_ENGINE_CONTENT_INSPECTION_MODE_STATE);
if (match) {
return DETECT_ENGINE_INSPECT_SIG_MATCH;
}
Expand Down
Loading
Loading