upstream/suricata
1
0
Fork 0
mirror of https://github.com/OISF/suricata.git synced 2026-06-10 09:21:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
19112 commits 10 branches 171 tags 204 MiB
Commit graph

110 commits

Author SHA1 Message Date
Jason Ish
546209ff12 bindgen: fix include ordering 
At some point, bindgen include ordering changed such that
AppLayerGetFileState was being bindgen'd as opaque, as the definition of
StreamBufferingConfig was not available when bindgen hit
AppLayerGetFileState, and bindgen processes in order.

Move the util includes before the app-layer includes to fix the ordering
problem, but still keep util includes grouped.

The sys diff is large as many things have been re-ordered.
 2026-06-05 12:38:58 +00:00
Giuseppe Longo
13df0f7a06 llmnr: implement parser 
This adds a parser for LLMNR protocol over both UDP and TCP.

The parser reuses the existing DNS functions since LLMNR shares
the same wire format as DNS, but implements its own protocol-specific
validation:

- LLMNR-specific flag checks (C, TC, T bits)
- Opcode validation (only standard query opcode 0 is valid)
- An Event is set if Z-flag is set, since it's must be zero per RFC4795

LLMNR transactions inherit DNS behavior where each packet creates a new state
with one transaction.

Ticket #8366
 2026-06-02 06:26:10 +00:00
Jason Ish
9f40968bba rust/ffi: bindgen thread storage 
Ticket: #8445
 2026-06-01 15:56:57 +00:00
Juliana Fajardini
372cb8c692 rust/sys: update bindgen SIGMATCH_ constants 
Part of
Ticket #8551
 2026-05-29 15:18:49 +00:00
Jason Ish
c689af0bbb rust/ffi: bindgen thread lifecycle callbacks 
Ticket: #8605
 2026-05-28 20:49:56 +00:00
Philippe Antoine
4c42998feb detect/engine: helper to know if a transform happens in-place 2026-05-18 07:41:33 +02:00
Jason Ish
d4dc8be3b2 rust: bindgen flow lifecycle callbacks 
Ticket: #8446
 2026-05-09 04:17:38 +00:00
Philippe Antoine
3d56472d16 detect: bindgen more functions 
To prepare to move dcerpc.stub_data keyword to full rust
 2026-04-28 12:18:44 +00:00
Philippe Antoine
a36af353bc rust: bindgen SCFlowGetAppProtocol 2026-04-21 07:20:31 +00:00
Philippe Antoine
8f824458c2 detect: helper for buffer register requires progress 
Ticket: 8395

For protocols where tx are complete at start, that is
the `tx_get_progress` function returns 1 inconditionnally,
we can use the progress 1, not losing time on detection in ips
mode, and getting ready for firewall mode

For the other protocols (where a tx needs both a request and response
for instance), keep progress 0 as was the case before
 2026-04-16 05:58:16 +00:00
Philippe Antoine
d14af54b3b detect/transforms: constify some callbacks arguments 
Ticket: 8298
 2026-04-08 20:44:47 +00:00
Philippe Antoine
4f4912c042 rust: bindgen SIGMATCH_ constants 2026-04-01 19:55:48 +00:00
Jason Ish
f6b11ac855 output-eve: finish exposing to bindgen 
As all out output-eve.h is now exposed, merge output-eve.h and
output-eve-bindgen.h back into one file, output-eve.h.
 2026-02-13 13:34:27 +00:00
Jason Ish
f79158ae55 rust/sys: generate jsonbuilder bindings in sys 
Bindgen the Rust bindings to the C JsonBuilder API along with the rest
of the Rust bindings to C. Breaking it out was probably the wrong
idea.

This should make it easier, and more correct to bindgen C functions
that use SCJsonBuilder types.
 2026-02-13 13:34:27 +00:00
Jason Ish
2d0bf9a2ed output-eve: bindgen SCEveFileType callback types 2026-02-13 13:34:26 +00:00
Jason Ish
e9611a4d7c output-eve: bindgen SCRegisterEveFileType to Rust 
Used by Rust output plugins.
 2026-02-13 13:34:26 +00:00
Jason Ish
1b182025bc output-eve: expose SCEveFileType to Rust with bindgen 
There is an unfortunate side-affect that one has to read
output-eve-bindgen.h for the documentation on this type, however, I
think we can resolve that in time.
 2026-02-13 13:34:26 +00:00
Philippe Antoine
df495d7e22 rust: bindgen SCDetectGetLastSMFromLists 
to use it from rust keywords
 2026-02-13 13:34:25 +00:00
Victor Julien
a2e9ac21f8 flow: turn flags field into uint64_t 
Entire space is used.
 2026-02-12 14:10:51 +00:00
Jason Ish
c7f806a728 rust/sys: allow unknown lints 
allow(unpredictable_function_pointer_comparisons) is needed on newer
versions of Rust, but is unknown to our MSRV, so for now, allow unknown
lints.
 2026-02-09 05:41:18 +00:00
Philippe Antoine
364d2c077d rust: bindgen SCAppLayerRegisterParser 
Ticket: 7662
 2026-02-05 21:11:16 +00:00
Philippe Antoine
8857b78f6a rust: move AppLayerTxData definition to C 
and bindgen it to rust

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerTxData

Move also the free function to C SCAppLayerTxDataCleanup
As suricata-sys crate defines AppLayerTxData for rust,
It must itself implement the Drop trait, and thus,
We need to define a feature surest
 2026-02-05 21:11:16 +00:00
Philippe Antoine
8eaced3c1e rust: move AppLayerResult definition to C 
and bindgen it to rust

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerResult

Keep From<> impl in sys crate that defines it
 2026-02-05 21:11:16 +00:00
Philippe Antoine
06f78b2a22 rust: move StreamSlice definition to C 
and bindgen it to rust

Will make easier the bindgen of RustParser structure which uses
a callback which uses StreamSlice
 2026-02-05 21:11:16 +00:00
Philippe Antoine
41f543ca35 rust: move AppLayerGetTxIterTuple definition to C 
and bindgen it to rust

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerGetTxIterTuple
 2026-02-05 21:11:16 +00:00
Philippe Antoine
64d29fcd1c rust: move AppLayerStateData definition to C 
and bindgen it to rust, and use default trait instead of new

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerStateData
 2026-02-05 21:11:16 +00:00
Philippe Antoine
76efb8af4d rust: move AppLayerGetFileState definition to C 
and bindgen it to rust.

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerGetFileState
 2026-02-05 21:11:16 +00:00
Philippe Antoine
fc23e54c6d rust: bindgen with derive eq 
As will be needed such as AppLayerTxData
 2026-02-05 21:11:16 +00:00
Philippe Antoine
7dbe033ae0 app-layer: function to register ci pattern + probe 
Ticket: 6591
 2026-02-02 15:49:25 +00:00
Philippe Antoine
2cf9a327d5 detect/ssh: move ssh.hassh to rust
Some checks are pending
builds / Ubuntu 24.04 (RUSTC+CARGO vars) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (unittests coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (unix socket mode coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (afpacket and dpdk coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (pcap unix socket ASAN) (push) Blocked by required conditions
Details
builds / Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (fuzz corpus coverage) (push) Blocked by required conditions
Details
builds / Ubuntu 20.04 (-DNDEBUG) (push) Blocked by required conditions
Details
builds / Ubuntu 20.04 (unsupported rust) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Debug Validation) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Fuzz) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Netmap build) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (Minimal/Recommended Build) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 (DPDK Build) (push) Blocked by required conditions
Details
builds / Debian 12 (xdp) (push) Blocked by required conditions
Details
builds / Debian 13 (xdp) (push) Blocked by required conditions
Details
builds / Ubuntu 22.04 Dist Builder (push) Blocked by required conditions
Details
builds / Debian 12 MSRV (push) Blocked by required conditions
Details
builds / Debian 11 (push) Blocked by required conditions
Details
builds / MacOS Latest (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (NPcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (libpcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 UCRT64 (libpcap) (push) Blocked by required conditions
Details
builds / Windows MSYS2 MINGW64 (WinDivert) (push) Blocked by required conditions
Details
builds / PF_RING (push) Blocked by required conditions
Details
CodeQL (Rust/C) / Analyze (push) Waiting to run
Details
Nix Env Build / tests (push) Waiting to run
Details
Check Rust / Check Rust (push) Waiting to run
Details
Scan-build / Scan-build (push) Waiting to run
Details
Scorecards supply-chain security / Scorecards analysis (push) Waiting to run
Details 
Introduces helper SCDetectRegisterBufferLowerMd5Callbacks
 2026-01-29 03:45:00 +00:00
Philippe Antoine
83360cfce0 detect/ssh: move ssh.hassh string to rust 
bindgen needed SCSigMatchSilentErrorEnabled on the way
 2026-01-29 03:45:00 +00:00
Philippe Antoine
ea8ac2a02a detect/ssh: move ssh.software to rust 
Adds helper function SCDetectHelperBufferProgressMpmRegister on the way
 2026-01-16 21:07:39 +00:00
Philippe Antoine
c0d6747e82 app-layer: GetTxIteratorFn uses a AppLayerGetTxIterState 
Even if every current rust parser uses the u64 variant of the C union
 2026-01-16 21:07:38 +00:00
Philippe Antoine
4b541b39f2 rust: move AppLayerEventType definition to C 
and bindgen it to rust.

Will make easier the bindgen of RustParser structure which uses
a callback which uses AppLayerEventType
 2026-01-16 21:07:38 +00:00
Lukas Sismis
3e4fdb2118 misc: time unit parsing function 2026-01-16 06:09:37 +00:00
Jason Ish
d89b35db56 conf: add SCConfNodeChildValueIsFalse to check for false value 
New function to check is a value is actually set to a false value.
 2025-12-17 09:48:14 -06:00
Jeff Lucovsky
9c81f817e8 rust: bindgen update 
Issue: 7389

Update bindgen with `make update-bindgen`
 2025-12-15 22:18:55 +00:00
Philippe Antoine
b4d8aea0ae rust: bindgen SCAppLayerRegisterProtocolDetection 
Ticket: 7662

Changing the struct passed to it to have the minimal number
of useful fields.
 2025-12-11 04:30:43 +00:00
Philippe Antoine
1329786f84 detect: new command line option : list-rule-protos 
To list the protocols we can use a in a rule header

Ticket: 635
 2025-12-03 01:51:36 +00:00
Philippe Antoine
15b1bf4865 rust: bindgen SCHTPFileCloseHandleRange
Some checks failed
builds / Fedora 42 (gcc, debug, flto, asan, wshadow, rust-strict) (push) Has been cancelled
Details
builds / Fedora (non-root, debug, clang, asan, wshadow, rust-strict, no-ja) (push) Has been cancelled
Details
builds / AlmaLinux 9 (no jansson) (push) Has been cancelled
Details
builds / AlmaLinux 9 (Minimal/Recommended Build) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (cocci) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (RUSTC+CARGO vars) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (unittests coverage) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (unix socket mode coverage) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (afpacket and dpdk coverage) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (pcap unix socket ASAN) (push) Has been cancelled
Details
builds / Ubuntu 24.04 (afpacket and dpdk live tests with ASAN) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (fuzz corpus coverage) (push) Has been cancelled
Details
builds / Ubuntu 20.04 (-DNDEBUG) (push) Has been cancelled
Details
builds / Ubuntu 20.04 (unsupported rust) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Debug Validation) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Fuzz) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Netmap build) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (Minimal/Recommended Build) (push) Has been cancelled
Details
builds / Ubuntu 22.04 (DPDK Build) (push) Has been cancelled
Details
builds / Debian 12 (xdp) (push) Has been cancelled
Details
builds / Debian 13 (xdp) (push) Has been cancelled
Details
builds / Ubuntu 22.04 Dist Builder (push) Has been cancelled
Details
builds / Debian 12 MSRV (push) Has been cancelled
Details
builds / Debian 11 (push) Has been cancelled
Details
builds / MacOS Latest (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (NPcap) (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (libpcap) (push) Has been cancelled
Details
builds / Windows MSYS2 UCRT64 (libpcap) (push) Has been cancelled
Details
builds / Windows MSYS2 MINGW64 (WinDivert) (push) Has been cancelled
Details
builds / PF_RING (push) Has been cancelled
Details 
Ticket: 7762
 2025-11-29 12:47:28 +00:00
Philippe Antoine
cddbd0b906 rust: bindgen more file functions 
Ticket: 7762
 2025-11-29 12:47:28 +00:00
Philippe Antoine
327b8b04a9 rust: bindgen with default derive 
Ticket: 7762
 2025-11-29 12:47:28 +00:00
Philippe Antoine
cba13ed9b1 rust: bindgen functions needed for datasets 
Ticket: 7762
 2025-11-13 18:51:26 +00:00
Philippe Antoine
12892ba010 rust: bindgen functions neede for features 
Ticket: 7762
 2025-11-13 18:51:26 +00:00
Li Heng
c141c55bc6 snmp: can be set to detection-only 
Realloc alp_ctx.ctxs when a dynamic alproto is registered and
g_alproto_max increases. So dynamic alproto can be treated as
real/normal ones. And app-layer switch can be set to any value
of no/deteciton-only/yes.

Ticket: 8000
 2025-11-04 06:19:29 +00:00
Philippe Antoine
439f96dea7 rust: bindgen frames functions 
Ticket: 7667
 2025-11-04 06:19:28 +00:00
Philippe Antoine
92c7be1cb6 rust: bindgen SCSRepCatGetByShortname 
Ticket: 7667
 2025-11-04 06:19:28 +00:00
Philippe Antoine
7447651fa0 output/jsonbuilder: helper function SCJbSetPrintAsciiString 
To replace C PrintStringsToBuffer and avoid a stack alloc
+ copy

Ticket: 8004
 2025-11-01 03:46:31 +00:00
Philippe Antoine
2e9027fd5a plugins: update SC_API_VERSION to 9 
So that plugins built for 8 will fail to load with 9 as there
were already breaking changes in the structures and functions
prototypes
 2025-10-29 15:33:53 +00:00
Philippe Antoine
dc7874b2ac rust: bindgen more http range functions used in http2 
Ticket: 7667
 2025-10-18 03:53:38 +02:00