aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,729 Commits
7 Branches
161 Tags
208 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Commit Graph

17729 Commits (master)
 

Author SHA1 Message Date
Philippe Antoine 990ed204eb detect/multi-buf: use only one progress 
for both inspect engine and app-layer mpm
 3 months ago
Philippe Antoine 8ecc3efdc8 detect/multi-buf: harmonize wrapper 
Introduce DetectGetMultiData which does the generic wrapping,
including the transforms.

And let each keyword do just the getter.
 3 months ago
Victor Julien bed96505aa github-ci: update to Fedora 42 3 months ago
Philippe Antoine f301cd3702 app-layer: remove obsolete NULL check 
Completes commit 833a738dd1

Fixes coverity 1646610
 3 months ago
Jason Ish be483dc873 doc/userguide: document that lua dns rules need hooks 
And remove the old "keywords" that a lua Rule can register with for
DNS.
 3 months ago
Jason Ish 13de319b01 lua: fix fast.lua example 
This one is a little different as it logs to a file, and is the same
fast.lua used in the new Suricata-Verify test.

Ticket: #7656
 3 months ago
Jason Ish b99f254105 lua: add suricata.rule library 
Add a "suricata.rule" library for accessing rule information from a
Lua rule, or a Lua output script.

This lib replaces the following global Lua functions:
- SCRuleIds
- SCRuleAction
- SCRuleMsg
- SCRuleClass

Ticket: #7490
 3 months ago
Jason Ish a5e662cb8a doc/lua/dns: fix typo 3 months ago
Philippe Antoine a6392ac5d4 rust: use pure rust helper for registering sticky buffers 
Mark sdp and sip keywords with flags SIGMATCH_INFO_STICKY_BUFFER
as a side effect.
 3 months ago
Philippe Antoine 9c8ec0d3a9 plugin: applayer: do not use suricata JsonError 
We do not need a specific error type
 3 months ago
Philippe Antoine 833a738dd1 http: fail tx creation if we cannot allocate user data 
So, we always have a libhtp.rs htp_tx_t and a Suricata tx
with its AppLayerTxData

Thus AppLayerParserGetTxData cannot return NULL

Ticket: 5739
 3 months ago
Philippe Antoine 0167001ce8 rust/htp: remove unused code 3 months ago
Philippe Antoine e728aae1e0 websocket: fixes substraction 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")
 3 months ago
Victor Julien 7af8ef07b3 github-ci: codecov llvm updates 
Use LLVM 15 with Rust 1.67.1
 3 months ago
Victor Julien fe07781bfc github-ci: update codecov unittest job 
LLVM 19, rust 1.85.1 and Ubuntu 24.04.
 3 months ago
Philippe Antoine e41c28f7c9 dnp3: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a dnp3 tx
 3 months ago
Philippe Antoine f24d3ffb74 ftp: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a ftp tx

Was already done right for updated_tc
 3 months ago
Philippe Antoine a5b987266b http1: always mark tx as updated on request/response start 
Ticket: 7668

We should set updated_tx when allocating HtpTxUserData
 3 months ago
Philippe Antoine aa7f926ff4 detect: rust helper to register sticky buffer 3 months ago
Philippe Antoine 96afdce283 detect: rename SCSigTableElmt to SCSigTableAppLiteElmt 3 months ago
Philippe Antoine a7f4fd12d5 detect: remove never set SIGMATCH_NOT_BUILT 3 months ago
Philippe Antoine 794f991ad6 unittests: more realistic packet from UTHBuildPacketReal 
So that its contents can be reused when translating unit tests
to SV tests
 3 months ago
Philippe Antoine 8757ad5fd3 detect/dns: support string for dns.rrtype 
Ticket: 6723
 3 months ago
Philippe Antoine 44a6f7f8ca detect/dns: support string for dns.rcode 
Ticket: 6723
 3 months ago
Philippe Antoine 9814b698c8 detect/dns: move keywords to rust 
Ticket: 7529
Ticket: 3725

Adds url for dns.opcode on the way
 3 months ago
Philippe Antoine bb9b8d2460 detect: new helper to register multi-buffer with progress 
This allows to use these engines for hook rules needing exact
progress (checked in SigValidate)
 3 months ago
Philippe Antoine 7d806dc7b7 ci: rustc wrapper to disable coverage for external crates 
To keep the disk usage good even when we use new crates
 3 months ago
Philippe Antoine a1ff7424e4 http1: brotli decompression 
Ticket: 5692

http2 already used brotli crate for decompression
 3 months ago
Philippe Antoine 128ee9ba46 output: fix leak in case of alloc error 
CID: 1638290
 3 months ago
Philippe Antoine 85f2f597f1 defrag: remove unnecessary NULL check 
CID: 727861
 3 months ago
Philippe Antoine 9dac5ec23c util/mpm: prevents double free 
CID: 1645545

PatternDatabaseGetCached frees cd on success
So, we should NULL it, so that in case PatternDatabaseGetSize fails
and we goto error, we do not free cd again.
 3 months ago
Philippe Antoine e301e038ef detect: explicitly skip check on SCConfGet 
CID: 1644571
 3 months ago
Eric Leblond adfa46ab1c dox/userguide: add tx_cnt documentation 3 months ago
Eric Leblond 0044b5f682 eve/schema: remove duplicate fields 3 months ago
Eric Leblond 5cf6459f3f eve/flow: log tx_cnt 
This patch adds a `tx_cnt` field to `netflow` events to give some
context about the underlying protocol activity.

Ticket: #7635
 3 months ago
Eric Leblond 668c6d646e eve/netflow: add tx_cnt 
This patch adds a `tx_cnt` field to `netflow` events to give some
context about the underlying protocol activity.

Ticket: #7635
 3 months ago
Eric Leblond db11078315 eve/smb: add tx_id to event 
As SMB protocol is using heavily transactions, getting the transaction
ID in SMB events can be really useful for automated analysis.
 3 months ago
Philippe Antoine 16f74c68aa websocket: use max window bits of 15 
Ticket: 7285

As this is the default for websocket, which is bigger than the
defaut for zlib usage

Also limit the decompressed content to the max-payload-size
configuration parameter also used for non-compressed content.

And also use a stateful decoder to store/remember the compression
state to be able to decompress later messages.
 3 months ago
Philippe Antoine 44c8632284 rust: use flate2 with C zlib 
move flate2.rs to a backend supporting the setting
of window_bits, which is not the case for miniz-oxide.

This will allow WebSocket to use Sec-WebSocket-Extensions
which can set a non-default window_bits
 3 months ago
Philippe Antoine ff57a162d7 websocket: decompress single pdu message 
Ticket: 7285

Previously, only messages over multiple PDUs could get decompressed
 3 months ago
Jeff Lucovsky d59f5d6db6 output/rotate: Remove extra rotation flag register 
Issue: 3436

Remove duplicate register of the rotation flag. Eventually, this will
cause corruption when the file context has been freed and the rotation
flag is deregistered.
 3 months ago
Jeff Lucovsky 33445d01b3 output/rotate: Serialize rotation flag handling 
Issue: 3436

Serialize rotation flag handling to avoid corruption.
 3 months ago
Alice Akaki bda0890834 detect: add email.received keyword 
email.received matches on MIME EMAIL Received
This keyword maps to the EVE field email.received[]
It is a sticky buffer
Supports multiple buffer matching
Supports prefiltering

Ticket: #7599
 3 months ago
James deb761367d doc: Update bypass docs to use new keyword format 
Ticket: #7143

Update documentation to reflect new sticky buffer keyword format
 3 months ago
Victor Julien e3c6554ee6 detect/app-layer-protocol: allow matching on 'unknown' 3 months ago
Victor Julien 8f9c05243c firewall: detect: set firewall support flag on select keywords 3 months ago
Victor Julien f96e97205c firewall: detect: add feature flag for keywords supporting firewall 3 months ago
Victor Julien e6bd69b419 firewall: detect: set per rule table 
For firewall mode, set the pseudo table in the rule and use this
in alert queue ordering, so that rule actions are applied in the
expected order:

        packet:filter -> packet:td -> app:filter -> app:td

This makes sure that a packet:td drop is applied before a app:filter
accept.
 3 months ago
Victor Julien 1643b017b6 detect: don't set conflicting packet/flow actions 
If for the same a packet a drop rule and a pass rule would match,
the applying of actions could be contradictionary:

- the drop would be applied to the packet
- the pass rule would also be considered, not overriding the drop,
  but still setting the flow pass flag.

This would lead to the packet being dropped, but the rest of the
flow getting passed, including retransmissions of the dropped
packet.

This patch only sets drop/pass actions if no conflicting action
has been set on the packet before. It respects the action-order.

Bug: #7653.
 3 months ago
Victor Julien d6e61b6690 firewall: detect: add explanation 3 months ago