aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,846 Commits
8 Branches
163 Tags
192 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
Commit Graph

17846 Commits (main)
 

Author SHA1 Message Date
Philippe Antoine dadf9012fc rust: bindgen detect-engine-buffer.h 
Ticket: 7667

And prefix SCDetectBufferSetActiveList to be exported

Allows less use of suricata crate in plugin as we get the functions
prototypes from suricata_sys and they are more correct.
 5 months ago
Philippe Antoine 0024de5e9e src: new file detect-engine-buffer.h 
Taken from detect-engine.h so that we can bindgen this smaller
unit.
 5 months ago
Philippe Antoine 31e30d4aa1 sdp: use rust join 
It is much faster as it does not do an allocation for each element
 5 months ago
Philippe Antoine 6436a5cebe websocket: limit allocation for small sizes 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")

We do not need to allocate 8kbytes for a small message
 5 months ago
Jason Ish 35b03b4077 lua: convert flowvar functions to lib 
New Lua lib, "suricata.flowvar" for working with flowvars from Lua.

Replaces functions:
- SCFlowvarGet (and ScFlowvarGet)
- SCFlowvarSet (and SCFlowvarSet)

Of note, the DetectLuaData has been made available to the init and
thread_init methods, instead of just the match. This is due to an
issue that if a flow variable is not registered in init, it will not
be logged, registering in thread_init is too late.

Ticket: #7486
 5 months ago
Philippe Antoine daabab7381 doc/ssh: document hooks 
Ticket: 7607
 5 months ago
Philippe Antoine 1d4ff8a8fd detect: flow friendly error on hook incompatibility 5 months ago
Philippe Antoine 1f2cb21786 ssh: rustfmt 5 months ago
Philippe Antoine 76d7ab5418 lua: convert ssh function into suricata.ssh lib 
Ticket: 7607
 5 months ago
Philippe Antoine fcac063cfe ssh: make hooks available 
Allows signature like `alert ssh:request_banner_done`
 5 months ago
Philippe Antoine bbc007b4d4 rust: derive for AppLayerState 
To enable easily hooks for rust app-layers such as SSH
 5 months ago
Philippe Antoine 78dc70f5fd dns/lua: remove now unused includes 
Completes commit 1206c1c5af
 5 months ago
Jeff Lucovsky 87b7a0cef6 ftp: Apply rustfmt changes 5 months ago
Jeff Lucovsky ff59f215d6 doc/ftp: Document ftp.dynamic_port keyword 
Document the sticky buffer for ftp.dynamic_port
 5 months ago
Jeff Lucovsky 19fe098e88 detect/ftp: Add ftp.dynamic_port keyword 
Issue: 7504

Add implementation of the ftp.dynamic_port rule keyword. The
implementation uses the U16 integer matching/parsing and thus supports
the comparison operations such as <, >, <=, >=, !, !=, and range (-).
 5 months ago
Jeff Lucovsky 04bf28d6a1 app/ftp: Use common API naming 
Modify the Rust API functions to conform to project naming format:
SCFTP*

Issue: 7504
 5 months ago
Philippe Antoine 808f8a877a detect/multi-buf: helper with more explicit direction 5 months ago
Philippe Antoine 990ed204eb detect/multi-buf: use only one progress 
for both inspect engine and app-layer mpm
 5 months ago
Philippe Antoine 8ecc3efdc8 detect/multi-buf: harmonize wrapper 
Introduce DetectGetMultiData which does the generic wrapping,
including the transforms.

And let each keyword do just the getter.
 5 months ago
Victor Julien bed96505aa github-ci: update to Fedora 42 5 months ago
Philippe Antoine f301cd3702 app-layer: remove obsolete NULL check 
Completes commit 833a738dd1

Fixes coverity 1646610
 5 months ago
Jason Ish be483dc873 doc/userguide: document that lua dns rules need hooks 
And remove the old "keywords" that a lua Rule can register with for
DNS.
 5 months ago
Jason Ish 13de319b01 lua: fix fast.lua example 
This one is a little different as it logs to a file, and is the same
fast.lua used in the new Suricata-Verify test.

Ticket: #7656
 5 months ago
Jason Ish b99f254105 lua: add suricata.rule library 
Add a "suricata.rule" library for accessing rule information from a
Lua rule, or a Lua output script.

This lib replaces the following global Lua functions:
- SCRuleIds
- SCRuleAction
- SCRuleMsg
- SCRuleClass

Ticket: #7490
 5 months ago
Jason Ish a5e662cb8a doc/lua/dns: fix typo 5 months ago
Philippe Antoine a6392ac5d4 rust: use pure rust helper for registering sticky buffers 
Mark sdp and sip keywords with flags SIGMATCH_INFO_STICKY_BUFFER
as a side effect.
 5 months ago
Philippe Antoine 9c8ec0d3a9 plugin: applayer: do not use suricata JsonError 
We do not need a specific error type
 5 months ago
Philippe Antoine 833a738dd1 http: fail tx creation if we cannot allocate user data 
So, we always have a libhtp.rs htp_tx_t and a Suricata tx
with its AppLayerTxData

Thus AppLayerParserGetTxData cannot return NULL

Ticket: 5739
 5 months ago
Philippe Antoine 0167001ce8 rust/htp: remove unused code 5 months ago
Philippe Antoine e728aae1e0 websocket: fixes substraction 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")
 5 months ago
Victor Julien 7af8ef07b3 github-ci: codecov llvm updates 
Use LLVM 15 with Rust 1.67.1
 5 months ago
Victor Julien fe07781bfc github-ci: update codecov unittest job 
LLVM 19, rust 1.85.1 and Ubuntu 24.04.
 5 months ago
Philippe Antoine e41c28f7c9 dnp3: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a dnp3 tx
 5 months ago
Philippe Antoine f24d3ffb74 ftp: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a ftp tx

Was already done right for updated_tc
 5 months ago
Philippe Antoine a5b987266b http1: always mark tx as updated on request/response start 
Ticket: 7668

We should set updated_tx when allocating HtpTxUserData
 5 months ago
Philippe Antoine aa7f926ff4 detect: rust helper to register sticky buffer 5 months ago
Philippe Antoine 96afdce283 detect: rename SCSigTableElmt to SCSigTableAppLiteElmt 5 months ago
Philippe Antoine a7f4fd12d5 detect: remove never set SIGMATCH_NOT_BUILT 5 months ago
Philippe Antoine 794f991ad6 unittests: more realistic packet from UTHBuildPacketReal 
So that its contents can be reused when translating unit tests
to SV tests
 5 months ago
Philippe Antoine 8757ad5fd3 detect/dns: support string for dns.rrtype 
Ticket: 6723
 5 months ago
Philippe Antoine 44a6f7f8ca detect/dns: support string for dns.rcode 
Ticket: 6723
 5 months ago
Philippe Antoine 9814b698c8 detect/dns: move keywords to rust 
Ticket: 7529
Ticket: 3725

Adds url for dns.opcode on the way
 5 months ago
Philippe Antoine bb9b8d2460 detect: new helper to register multi-buffer with progress 
This allows to use these engines for hook rules needing exact
progress (checked in SigValidate)
 5 months ago
Philippe Antoine 7d806dc7b7 ci: rustc wrapper to disable coverage for external crates 
To keep the disk usage good even when we use new crates
 5 months ago
Philippe Antoine a1ff7424e4 http1: brotli decompression 
Ticket: 5692

http2 already used brotli crate for decompression
 5 months ago
Philippe Antoine 128ee9ba46 output: fix leak in case of alloc error 
CID: 1638290
 5 months ago
Philippe Antoine 85f2f597f1 defrag: remove unnecessary NULL check 
CID: 727861
 5 months ago
Philippe Antoine 9dac5ec23c util/mpm: prevents double free 
CID: 1645545

PatternDatabaseGetCached frees cd on success
So, we should NULL it, so that in case PatternDatabaseGetSize fails
and we goto error, we do not free cd again.
 5 months ago
Philippe Antoine e301e038ef detect: explicitly skip check on SCConfGet 
CID: 1644571
 5 months ago
Eric Leblond adfa46ab1c dox/userguide: add tx_cnt documentation 5 months ago