Skip to content

Next/60x/20221125/v7#8212

Merged
victorjulien merged 15 commits intoOISF:master-6.0.xfrom
victorjulien:next/60x/20221125/v7
Nov 26, 2022
Merged

Next/60x/20221125/v7#8212
victorjulien merged 15 commits intoOISF:master-6.0.xfrom
victorjulien:next/60x/20221125/v7

Conversation

@victorjulien
Copy link
Member

@victorjulien victorjulien commented Nov 26, 2022
edited
Loading

jasonish and others added 13 commits November 22, 2022 09:07
@jasonish
readthedocs: enable all formats
10e3c15 
Ticket: OISF#5654
@jasonish @victorjulien
afpacket/netmap: warn about mixed ips, ids/tap deprecation
e9a0ac1 
Suricata already logs if AF_PACKET or Netmap are running in a mixed IPS
and IDS/TAP mode.  As the behavior is undefined when these modes are
mixed, it is best to deprecate and to not allow this behavior. For now
warn that it will be unsupported and fail in Suricata 8.

Ticket: 5587
(cherry picked from commit 0c00f28)
@catenacyber @victorjulien
http2: support padded data frames
9cc92b8 
Ticket: OISF#5691
(cherry picked from commit c6349d3)
@catenacyber @victorjulien
http2: fix decompression buffering
0324a9b 
It was not enough to set Cursor position to 0,
also its inner Vec should be cleared.

This way, a new input gets written at the beginning of the
Cursor and its inner Vec...

Ticket: OISF#5691
(cherry picked from commit 086b28d)
@catenacyber @victorjulien
fuzz: fixes a leak in applayerparse target
b9be616 
If a protocol change was requested, the target did not handle
it as Suricata, as the target is meant to handle only one
app-layer protocol.

(cherry picked from commit ca054f7)
@victorjulien
detect: fixes to action handling; fix PASS
82c24bf 
Fix PASS handling by setting and checking in the correct packet.

There are 3 types of packets:
1. tunnel packets (inner layer of encapsulation)
2. "root" packets (outmost layer of encapsulated packet)
3. normal packets (no encapsulation)

Tunnel packet have a pointer to their "root". The "root" is the packet
that is ultimately used by the capture method to issue a verdict:
DROP or ACCEPT (forward).

For tunnels:
DROP actions are always issued on the root packet.
The PASS action is issued on the packet currently in the detection
engine.

Non-tunnels:
DROP and PASS are both set in the current packet.

Bug: OISF#5697.
@victorjulien
streaming/buffer: set hard limit on buffer size
b68b170 
Don't allow the buffer to grow beyond 1GiB. Add a once per thread
warning if it does reach it.

Bug: OISF#5703.
(cherry picked from commit df7d8d9)
@victorjulien
rust/filecontainer: remove unused declaration
304fd17 
(cherry picked from commit ad869e1)
@victorjulien
rust/files: open file without trackid as pointer
acec24a 
(cherry picked from commit cade604)
@victorjulien
files: always initialize inspect_window and min_inspect_depth
5db0ef4 
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: OISF#5703.
(cherry picked from commit e601ebd)
@victorjulien
smtp/files: don't modify prev file on open failure
2f35376 
(cherry picked from commit 9f4dd4f)
@catenacyber @victorjulien
smb: do not use tree id to match create request and response
d84eee3 
As an SMB2 async response does not have a tree id, even if
the request has it.

Per spec, MessageId should be enough to identifiy a message request
and response uniquely across all messages that are sent on the same
SMB2 Protocol transport connection.
So, the tree id is redundant anyways.

Ticket: OISF#5508
(cherry picked from commit e94920b)
@catenacyber @victorjulien
smb: do not use tree id to match request and response
05509b5 
Completes commit e94920b

This must be true for access to state ssn2vecoffset_map

Ticket: OISF#5161
@victorjulien victorjulien requested review from a team and jasonish as code owners November 26, 2022 09:41
@suricata-qa
Copy link

suricata-qa commented Nov 26, 2022

Information: QA ran without warnings.

Pipeline 10940

@victorjulien victorjulien merged commit a1ebc3d into OISF:master-6.0.x Nov 26, 2022
This was referenced Nov 26, 2022
Closed
Closed
@victorjulien victorjulien deleted the next/60x/20221125/v7 branch January 31, 2023 18:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasonish jasonish Awaiting requested review from jasonish jasonish is a code owner

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@victorjulien @suricata-qa @jasonish @catenacyber