Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Next/20201230/v10 #5693

Merged
merged 12 commits into from
Dec 31, 2020
Merged

Next/20201230/v10 #5693

merged 12 commits into from
Dec 31, 2020

Conversation

victorjulien
Copy link
Member

@victorjulien victorjulien commented Dec 30, 2020
edited
Loading

victorjulien and others added 12 commits December 30, 2020 15:17
@victorjulien
stream/tcp: fix invalid ack events in timewait state
8959380
@victorjulien
stream/midstream: handle packet loss after SYN/ACK
db2dbaa
@carlgsmith @victorjulien
nsh: Parsing of Network Services Header and payload
660b68a 
Support for EtherType 0x894F and basic header
@internetionals @victorjulien
eve: Log tenant_id for all eve-json messages
320de5f
@carlgsmith @victorjulien
lua: Make the rule action available to output scripts
9b84010 
Useful for those that want to do custom logging from lua
@JoshuaLumb @victorjulien
threads: More descriptive startup output
9d432bb
@regit @victorjulien
eve/dhcp: avoid to call common logging twice
8d034b4
@jufajardini @victorjulien
nbss: add parser tests
e33bbee 
Add tests to parse_nbss_record and parse_nbss_record_partial
@regit @victorjulien
ebpf: avoid need of 32 bit header
dfe5785 
Compilation of xdp_lb.c was failing in some case with the following
error:

/usr/include/x86_64-linux-gnu/gnu/stubs.h:7:11: fatal error: 'gnu/stubs-32.h' file not found

This patch add some define to be able to skip recursive inclusion of
header files leading to the problem.
@satta @victorjulien
doc: build all manpages
f78f444
@giannitedesco @victorjulien
detect-fast-pattern: Mark as OPTIONAL_OPT, instead of NOOPT
cebe15c 
Also update the erroneous comment about it.
@giannitedesco @victorjulien
detect: Validate that NOOPT options don't have optvals
10ea60a 
Without this, a simple typo between : and ; is able to hide actual bugs
in rules.

I discovered 2 bugs in ET open ruleset this way.
@victorjulien victorjulien requested review from jasonish, norg, regit and a team as code owners December 30, 2020 21:52
@victorjulien victorjulien merged commit 10ea60a into OISF:master Dec 31, 2020
This was referenced Dec 31, 2020
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
@victorjulien victorjulien deleted the next/20201230/v10 branch January 26, 2021 13:15
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 18, 2022
@lukashino
decode-udp: Add exception for invalid length on padded packets
bf5a606 
If the original packet is shorter than Ethernet's minimal transmission unit (64B),
the transmitting device pads packet to the given size.
Padding is added to the IP layer but UDP layer remaing unaffected. As a result,
UDP header length does not reach end of the packet as there is still padding
after the UDP layer.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 18, 2022
@lukashino
decode-udp: Add exception for invalid length on padded packets
2193e75 
If the original packet is shorter than Ethernet's minimal transmission
unit (64B), the transmitting device pads the packet to the given size.
Padding is added to the IP layer but the UDP layer remains unaffected.
As a result, the UDP header length does not reach the end of the packet
as there is still padding after the UDP layer.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 25, 2022
@lukashino
decode-udp: Allow UDP packets to be shorter than the remaining payloa…
a70e32a 
…d length

If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 25, 2022
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
d940c9b 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 25, 2022
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
c5ff970 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 26, 2022
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
666e497 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Nov 26, 2022
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
aa275e5 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Jan 4, 2023
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
f778140 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
@lukashino lukashino mentioned this pull request Jan 4, 2023
Closed
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 18, 2023
@inashivb
decode-udp: Allow shorter UDP packets than the remaining payload length
98cf8e8 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Jan 19, 2023
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
fa9c5b3 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid.

Redmine ticket: OISF#5693
@lukashino lukashino mentioned this pull request Jan 19, 2023
Closed
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 20, 2023
@inashivb
decode-udp: Allow shorter UDP packets than the remaining payload length
99ed5e8 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.

Redmine ticket: OISF#5693
inashivb pushed a commit to inashivb/suricata that referenced this pull request Jan 25, 2023
@inashivb
decode-udp: Allow shorter UDP packets than the remaining payload length
083234c 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid.

Redmine ticket: OISF#5693
victorjulien pushed a commit to victorjulien/suricata that referenced this pull request Jan 26, 2023
@victorjulien
decode-udp: Allow shorter UDP packets than the remaining payload length
d18e52e 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid.

Redmine ticket: OISF#5693
lukashino added a commit to lukashino/suricata that referenced this pull request Jan 27, 2023
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
9c7480f 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid. The keyword's evaluation remains the same.

Inspired by commit: d18e52e

Redmine ticket: OISF#5693
lukashino pushed a commit to lukashino/suricata that referenced this pull request Jan 27, 2023
@lukashino
decode-udp: Allow shorter UDP packets than the remaining payload length
636ca4b 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid. The keyword's evaluation remains the same.

Inspired by commit: d18e52e

Redmine ticket: OISF#5693
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasonish jasonish Awaiting requested review from jasonish

@norg norg Awaiting requested review from norg

@regit regit Awaiting requested review from regit

Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@victorjulien @carlgsmith @internetionals @JoshuaLumb @regit @jufajardini @satta @giannitedesco