aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,407 Commits
10 Branches
167 Tags
214 MiB
main-7.0.x
main-8.0.x
main
dev-7.0.15/v1
dev-8.0.4/v1
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Commit Graph

1239 Commits (main)

Author SHA1 Message Date
Shivani Bhardwaj 6702791a9c doc: add dcerpc.max-stub-size config param 1 week ago
Jason Ish 2c95f1ff44 dnp3: bound the maximum number of objects per tx 
Default to 2048, but provide a user configuration value.

Ticket: #8181
 1 week ago
Jason Ish 3a32bb5743 dnp3: set a bound on the number of points per message 
16384 is used as the max, but a configuration parameter has been
provided. The reason for setting an upper bound is that bit flags can
create a memory amplification as we parse them into individual data
structures.

Ticket: #8181
 1 week ago
Jason Ish a16f087b93 dnp3: reduce flood threshold to 32 and make configurable 
Lower the number of unreplied requests from 500 to 32 to consider a
flood. At the very least this is an anomaly given the DNP3 spec mentions
that DNP3 should only have one outstanding request at a time, with an
exception for unsolicited responses, so in practice no more than 2
should be seen.

Additionally make this value configurable by introducing the max-tx
parameter.

Ticket: #8181
 1 week ago
Lukas Sismis b596073a79 src: doc: remove double-space typos 2 weeks ago
Shivani Bhardwaj 30bdaa44e1 doc: add elephant.flow usage section 3 weeks ago
Shivani Bhardwaj 06eafb79d6 detect/flow-pkts: check for both dir 
The functionality of "both" can already be easily achieved by using both
"toclient" and "toserver" in a rule. This just adds the ease of
expression in rule. As it is added now, check the direction for the
pre-existing users of direction as well.
 3 weeks ago
Juliana Fajardini 0ca874b678 userguide: highlight exceptions interactions 
In corner cases, we assume that a midstream exception policy could be
triggered by a prior exception policy in effect. Explain this in the
docs.

Task #5830
 1 month ago
Ambre Iooss 91c9e34419 doc/userguide: update windivert instructions 
The IPS documentation for Windows had a dead link
to a PDF. Update the Windows build page to include
WinDivert instructions.

Documentation: #8137.
 1 month ago
Victor Julien 365ed2a2ff af-packet: disable hwtimestamp by default 
Add enable-hwtimestamp option to replace disable-hwtimestamp.

Ticket: #7585.
 1 month ago
Jeff Lucovsky 845544aad3 doc/luaxform: Clarify luaxform calling convention 
Issue: 8135

Clarify the calling convention for the Lua transform's `transform`
function.
 1 month ago
Juliana Fajardini 6c06ab6144 devguide: update backports policy for Suricata 7.0 
Also remove mentions to `master` and `6.0x`.

Task #7937
 1 month ago
Juliana Fajardini 907f4faff8 doc/thresholding: minor fix for backoff subsection 1 month ago
Philippe Antoine c93e69830a detect/ssl: properly handle negation in ssl_version keyword 
Ticket: 3220

DetectSslVersionMatch did not handle properly negation.
It could never match on a signatrue with ssl_version: !tls1.3
That is because, if we had such a signature and network traffic
with tls1.1, we were looking into DetectSslVersionData field
for tls1.1, which was not set, instead of looking at field
for tls1.3 which was set with negated flag.

Previous DetectSslVersionData was holding redundant information.
It did not need to have it for each ssl version, but just globally.
Also, it did not need to hold the version as a value in the array,
as it was redundant with the index of the array.
 1 month ago
Philippe Antoine 1329786f84 detect: new command line option : list-rule-protos 
To list the protocols we can use a in a rule header

Ticket: 635
 1 month ago
Victor Julien 08d625bb10 mpm: remove remaining ac-bs references 1 month ago
Victor Julien be2c40bde7 doc/af-packet: document disable-hwtimestamp option 
Ticket: #1954.
 1 month ago
Victor Julien 5194c877f2 threads: remove thread group name logic 
Once used to merge stats. Stats are tracked per thread and merge by counter
name in the current code.

It was set only for autofp modes.
 1 month ago
Juliana Fajardini 1647081b29 doc: remove remaining references to pruned flows 
These were removed with a5587fec2e but these mentions went under the
radar.
 2 months ago
Philippe Antoine af8390f2ca doc: upgrade note for engine-analysis breaking change 
For keywords that now use the generic integer framework

Ticket: 7889
 2 months ago
Philippe Antoine d94aea8331 detect: tcp.window is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine 68bb783e97 detect: tcp.seq is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine ed907bbd78 detect: tcp.ack is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine 7a8eb28cae detect: id is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine bff7413488 detect: icmp_seq is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine 79e66f76e6 detect: icmp_id is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine 09531447d1 detect: fragoffset is now a generic integer 
Ticket: 7889
 2 months ago
Philippe Antoine 85fa894425 detect: dnp3.func is now a generic integer 
Ticket: 7889
 2 months ago
Jeff Lucovsky b02d9bb4f1 doc/luaxform: Remove init function from example 
Issue: 8035

The `luaxform` transform doesn't support the `init` function. This
commit removes that from the example and clarifies how functions in the
Lua script are used.
 2 months ago
Victor Julien 558ab73a7f doc/devguide: explain alert logging changes 2 months ago
Philippe Antoine c61f1cb6d0 detect/integers: rename index all1 to all 
And all to all_or_absent

Ticket: 7929
 2 months ago
Victor Julien ec65fd430e exception-policy: rename 'reject-both' to 'rejectboth' 
To align it with the rule action.
 2 months ago
Jason Ish cdd4ea0f11 doc/devguide: document eve callback 
Document the callback for adding additional data to EVE.

Ticket: #4708
 3 months ago
Jason Ish 9fffc09ad7 doc/devguide: document eve file types 
Ticket: #4708
 3 months ago
Victor Julien 0c4a8fd183 doc/userguide: document reject-both expection policy 
Ticket: #5974.
 3 months ago
David Wharton 9d2d1c4f8f doc: minor verbiage tweaks and reST fix 3 months ago
Philippe Antoine d8cb00e795 detect/tcp: make tcp.flags a generic integer with bitflags 
Ticket: 6724

Allows to use numerical values for example

Also fixes some unit tests that were returning 1 after goto error
FlagsTestParse05 especially took this path as
de->ignored_flags != (TH_SYN|TH_RST) was false
we had de->ignored_flags == 0xff ^ (TH_SYN|TH_RST)
And then, we had a match, instead of what the not-run code
was supposing.
 3 months ago
Philippe Antoine 1f9236a6d8 detect/ipv4: make fragbits a generic uint16 bitflags keyword 
Ticket: 6724

Allows to use numerical values
 3 months ago
Philippe Antoine 633180c93f detect/integers: generalize support for bitflags modifier 
Ticket: 6724

Allows sugar syntax for bitflags keywords.
While the expressivity does not increase, because we could already
use numerial values with all generic integer modes, this modifier
prefix is used with the strings, and follows the syntax
that is already used for fragbits and tcp.flags keyword.
 3 months ago
Philippe Antoine 4b69a31dc3 detect/integers: count argument for multi-integers 
Ticket: 7211

Allows to count the number of elements, without matching on
individual elements
 3 months ago
Philippe Antoine 969739d067 detect: http2.errorcode is now a generic integer 
Ticket: 7889
 3 months ago
Philippe Antoine 401b2fcae6 detect: http2.frametype is now a generic integer 
Ticket: 7889
 3 months ago
Jeff Lucovsky 16d124cfda doc/output: Highlight ethertype value change 
Issue: 7855

Highlight the change to how ether_type values are displayed. Previously,
they were displayed in network order as a decimal value.

They are now displayed in host order as a decimal value.
 3 months ago
Jason Ish ced0c2c466 doc: upgrade notes for changes to ike output 3 months ago
Victor Julien 48972d544c doc/userguide: link to protocol details from transactional rules 4 months ago
Victor Julien 480e664b4c doc/userguide: add xbits tx scope support 
Ticket #7680.
 4 months ago
Victor Julien a1c4167d94 doc/userguide: add initial protocols overview 
Explain per protocol mechanics for rule matching.
 4 months ago
Victor Julien 7034a17d1d doc/devguide: remove WIP mention of files in txs 
Work has been completed, so comment is no longer accurate.
 4 months ago
Victor Julien e2a5bc058c doc/userguide: fix DCERPC headings 4 months ago
Victor Julien be5c83ed53 doc/userguide: add rule hooks to protocol doc 
Ticket #7662.
 4 months ago