aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,369 Commits
8 Branches
165 Tags
200 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Commit Graph

18369 Commits (main)
 

Author SHA1 Message Date
Giuseppe Longo f1b9669ed5 flow: swap MACs when flow direction is swapped 
When FlowSwap() reverses the direction of a flow, the MAC address sets
stored in the flow also need to be swapped to maintain consistency with
the new direction. Previously, MAC addresses were not swapped along with
other flow properties like packet/byte counters.

Ticket #8172
 5 days ago
Giuseppe Longo 8050738fea util/macset: fix code style 
Code style fixed using clang-format.

Ticket #8172
 5 days ago
Victor Julien da87bd61d0 detect/luaxform: fix allowed lua rules check 
Meant to be enabled by default, but wasn't.
 5 days ago
Victor Julien d7866495c2 detect/lua: exclude script setup from the max-bytes limit 
Make sure the script can use all bytes configured. So exclude setup like
input buffers that are put on the lua state before script is executed.

Bug #8173.
 5 days ago
Victor Julien 1f58bc1a07 detect/luaxform: disable bytes limit during setup 
During per inspection setup the buffer could already use up all the budget.

Bug #8173.
 5 days ago
Victor Julien 7bc4b7d713 lua/sandbox: allow disabling the bytes limit 
Meant for setting up from C, where we may use more bytes than expected.

Bug: #8173.
 5 days ago
Shivani Bhardwaj 30bdaa44e1 doc: add elephant.flow usage section 5 days ago
Shivani Bhardwaj 33a3448f45 detect/flow: add support for elephant flow detection 
Expose elephant flow flags on a flow via rule language. The rule keyword
is defined as "flow.elephant: <dir>;" where the <dir> can expand to:
- toserver
- toclient
- either
- both

Feature 8117
 5 days ago
Shivani Bhardwaj 0f92583702 flow: split elephant flow detection per dir 
The tracking for elephant flow is done per direction however, the flag
was set on the flow whenever either of the directions crossed the
rate-limit defined in the settings. Given that the tracking was already
split, it makes sense to split the detection tracking per direction as
well and allow user to have a better control via rule language.
 5 days ago
Shivani Bhardwaj 06eafb79d6 detect/flow-pkts: check for both dir 
The functionality of "both" can already be easily achieved by using both
"toclient" and "toserver" in a rule. This just adds the ease of
expression in rule. As it is added now, check the direction for the
pre-existing users of direction as well.
 5 days ago
Shivani Bhardwaj 77abcde9ee rust/flow: add public wrapper for dir 
in order to be able to use it on the C side for elephant flow detection.
 5 days ago
Victor Julien cc2287beb4 tcp/tfo: set PKT_STREAM_EST flag 
Detection and logging skip a lot of work if PKT_STREAM_EST is not set. When
a TFO packet with data comes in the TCP state is not yet established, but
the data still needs to be considered.

So for this case set the PKT_STREAM_EST flag.

Bug #6744.
 1 week ago
Victor Julien 8247ec65b5 features: use strcmp instead of memcmp 1 week ago
Victor Julien 4a58c84862 string-hash: use strcmp instead of memcmp 1 week ago
Victor Julien c226626a7f counters: use strcmp instead of memcmp 1 week ago
Victor Julien 7a794945c6 proto: use strcmp instead of memcmp 1 week ago
Victor Julien 8f655c7d8d reference: use strcmp instead of memcmp 1 week ago
Victor Julien 3fbce40def classification: use strcmp instead of memcmp 1 week ago
Victor Julien 5a12096dd9 spm: minor unittest cleanup 1 week ago
Victor Julien a16c6ff6a5 memcpy: rename memcpy_tolower 
Rename to match coding style. Update callers.

Minor loop cleanup.
 1 week ago
Ali Saidi c4360cd515 util: add timing assembly for arm64 1 week ago
Jason Ish b3d45e5507 profiling: log rule profiling as json by default 
We've been forcing JSON logging in our default configuration for some
time now, just make it the actual default.
 2 weeks ago
Jason Ish d89b35db56 conf: add SCConfNodeChildValueIsFalse to check for false value 
New function to check is a value is actually set to a false value.
 2 weeks ago
Jason Ish 6eda4b9f59 configure: remove @e_enable_evelog@ 
Jansson/JSON has been mandatory for a long time now, so this value has
evaluated to yes for many years now.
 2 weeks ago
Jason Ish e895cbbf58 profiling: don't enable rule profiling by default 
Update the suricata.yaml rule profiling section to not turn on rule
profiling by default, as its not on by default when commented out.

Also update the comments.
 2 weeks ago
Jason Ish aa7091f927 ebpf: ignore *.bpf 
Add the compiled .bpf programs to .gitignore.
 2 weeks ago
Philippe Antoine af246ae7ab http: do not use a loop to find the tx count 
As we want the last tx

Ticket: 8156

The generic function AppLayerParserGetTxCnt calls for HTTP1
Transactions.size()

This function has some specific code, as we may have pre-created
a tx that we do not want to count.
This used to get the last tx by iterating over all the transactions
waiting to find the one with max index.
So, instead of using the Transactions.get function, we get the last
tx out of the VecDeque and check its index.
 2 weeks ago
Jeff Lucovsky 5c0f95faec gen: Fix typos 2 weeks ago
Jeff Lucovsky 9c81f817e8 rust: bindgen update 
Issue: 7389

Update bindgen with `make update-bindgen`
 2 weeks ago
Jeff Lucovsky e80e881335 main/options: display level name, not numeric 
Issue: 7389

Follow-up change for verbose handling. Instead of displaying the numeric
verbose level, display the level name.

I.e., instead of 4, display Debug
 2 weeks ago
Shivani Bhardwaj a53ba4af94 detect: use PrefilterIsPrefilterableById where possible 
cocci script used:

@@
identifier s, sm, DETECT_TYPE;
@@

- for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
-     switch (sm->type) {
-         case DETECT_TYPE:
-             return true;
-     }
- }
- return false;
+ return PrefilterIsPrefilterableById(s, DETECT_TYPE);

followed by some basic cmdline manipulations to get rid of extras left.
 2 weeks ago
Philippe Antoine 726139a539 fuzz: really restrict path for nalloc 
Ticket: 4125
 2 weeks ago
Philippe Antoine e305c6c9df conf: do not exit on alloc failure 
Ticket: 6188

Just return an error
 2 weeks ago
Philippe Antoine 6882159692 fuzz: set engine stage for conf yaml target 
Ticket: 6188

Allows allocations failures not to be fatal as in init
 2 weeks ago
Jason Ish 50224f2ee5 rust: fix clippy warning for unused import 
While debug_validate_bug_on is still used, it does not need to be
imported directly, as that macro is marked with `macro_export`, making
it globally available to the crate.
 2 weeks ago
Philippe Antoine 24405a7b76 doc: http fields in json schema 
Ticket: 6075
 2 weeks ago
Philippe Antoine 2f39c8c099 jsonschema: remove obsolete http fields 
These were moved to array request_headers/response_headers

Ticket: 6075
 2 weeks ago
Juliana Fajardini 0ca874b678 userguide: highlight exceptions interactions 
In corner cases, we assume that a midstream exception policy could be
triggered by a prior exception policy in effect. Explain this in the
docs.

Task #5830
 3 weeks ago
Philippe Antoine b7bd7f7d4c fuzz: allocation failures with nalloc 
Ticket: 4125
 3 weeks ago
Victor Julien 984fc260c5 github-ci: update Fedora to 43 3 weeks ago
Philippe Antoine 455b7d1b3b rust: use snake case for applayer_register_protocol_detection 3 weeks ago
Philippe Antoine b4d8aea0ae rust: bindgen SCAppLayerRegisterProtocolDetection 
Ticket: 7662

Changing the struct passed to it to have the minimal number
of useful fields.
 3 weeks ago
Ambre Iooss 91c9e34419 doc/userguide: update windivert instructions 
The IPS documentation for Windows had a dead link
to a PDF. Update the Windows build page to include
WinDivert instructions.

Documentation: #8137.
 3 weeks ago
Ambre Iooss 3bcad5f364 windivert: upgrade to 2.0.0 
WinDivert 2 was released in 2019. This introduced some minimal
changes to some functions arguments.

Bug: #8138.
 3 weeks ago
Philippe Antoine cf88ed518c jsonschema: check for duplicate keys 
Ticket: 6691

And fix the one duplicate found
 3 weeks ago
Victor Julien 365ed2a2ff af-packet: disable hwtimestamp by default 
Add enable-hwtimestamp option to replace disable-hwtimestamp.

Ticket: #7585.
 3 weeks ago
Jeff Lucovsky 845544aad3 doc/luaxform: Clarify luaxform calling convention 
Issue: 8135

Clarify the calling convention for the Lua transform's `transform`
function.
 3 weeks ago
James Kaddu 78d8fd7b9d output/file: validate force-hash YAML values 
Previously, the force-hash configuration for file logging silently accepted
unknown or invalid hash types (e.g., 'shanani')
Now, invalid values trigger FatalError.

Bug OISF#4330
 3 weeks ago
James Kaddu 354e9987e4 detect/analyzer: add details for the xbits keyword 
Add xbits keyword details. Exposes cmd, name, track, and expire
properties, following the same pattern as byte_jump and flowbits.

Task #6351
 3 weeks ago
Juliana Fajardini 6c06ab6144 devguide: update backports policy for Suricata 7.0 
Also remove mentions to `master` and `6.0x`.

Task #7937
 3 weeks ago