aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,172 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '04e78ace0a'
${ noResults }
Commit Graph

9172 Commits (04e78ace0a9e30170c0724bffa717564ab3e1d76)
 

Author SHA1 Message Date
Mats Klepsland 04e78ace0a lua: add function 'TlsGetVersion' 
Add another function to get TLS version, since 'TlsGetCertInfo' only
works when a TLS session contains a clear text certificate, which is
not the case in TLSv1.3 or when a session is resumed.
 7 years ago
Mats Klepsland 10fcc8d2ca doc: update tls.version documentation 7 years ago
Mats Klepsland df9853b75c detect-tls-version: add support for 'raw' matching 
Add support for matching a 'raw' TLS version using a hex string, e.g:

  tls.version:0x7f12;

The above example matches TLSv1.3 draft 16.
 7 years ago
Mats Klepsland 4323e7840f detect-tls-version: add support for TLSv1.3 7 years ago
Mats Klepsland e813842731 detect-ssl-version: add support for TLSv1.3 7 years ago
Mats Klepsland db2fc9208a lua: use 'SSLVersionToString' in TlsGetCertInfo() 7 years ago
Mats Klepsland 13918be589 tlslog: add support for TLSv1.3 7 years ago
Mats Klepsland 25fb02da9a output-json-tls: add support for TLSv1.3 7 years ago
Mats Klepsland 97cc3475bf app-layer-ssl: add function to get string from version 
Add 'SSLVersionToString' to get string from version.
 7 years ago
Mats Klepsland 91acd3831f app-layer-ssl: add support for earlier TLSv1.3 drafts 
Add support for TLSv1.3 draft 1 to draft 21.
 7 years ago
Mats Klepsland 831ddb62d2 app-layer-ssl: add support for TLSv1.3 from draft 22 
Add support for draft 22 to draft 28 and for the final
version (RFC8446) of TLSv1.3.
 7 years ago
Mats Klepsland e0ef578c46 app-layer-ssl: add support for session tickets 
Add support for logging a session as 'resumed' when using a non-empty
session ticket extension in the client hello record.
 7 years ago
Mats Klepsland 21897a4d7a app-layer-ssl: add better session id support 
Verify that the session id from both the client hello record and the
server hello record matches before marking the session as 'resumed'.
 7 years ago
Mats Klepsland f22bd5a75b app-layer-ssl: decode server hello record 
Decoding server hello is needed to do a better implementation of
session resumption.
 7 years ago
jason taylor 0f1c8711ce doc: README.md minor fixes 
- Capitalization update
- Typo fix
- Spacing update

Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Victor Julien 93364b9175 flow/timeout: code simplification and cleanup 7 years ago
Victor Julien c8ecca59f8 stream: minor code cleanup 7 years ago
Victor Julien af6f52cc09 rules: hide 'template' from --list-keywords 7 years ago
Victor Julien b0577402b6 rules: hide internal keywords from --list-keywords 7 years ago
Victor Julien 8c7aee92eb flow-manager: fix unittest initialization 7 years ago
Mats Klepsland 68cc53d188 app-layer-ssl: make sure that JA3 stuff is only initialized once 
Avoid possible memory leaks by making sure that JA3 buffer and
string is only initialized once.
 7 years ago
Mats Klepsland 5ec2f6e7b3 app-layer-ssl: fix memleak/coredump (Bug #2603) 7 years ago
Eric Leblond fcd5e138b9 af-packet: close the socket in case of early fail 7 years ago
Eric Leblond 7e8a749227 log-filestore: fix file descriptor leak 
In the case we exceed the number of simultaneously open
file we can reach a state were we will not close the file
after writing.

Thanks to Steve Grubb <sgrubb@redhat.com> for the analysis.
 7 years ago
Victor Julien 876156d3a1 profiling/app-layer: fix TCP parsers showing UDP stats 7 years ago
Victor Julien 1f16b42d78 profiling: add missing logger labels 7 years ago
Victor Julien 1f4cd75f05 detect: clean up sgh flags and add cocci check 7 years ago
Victor Julien e6b74f8ee0 stream: minor code cleanups 7 years ago
Victor Julien 7abb8745bf detect/mpm: clean up setup code 7 years ago
Jason Ish 1c6bc5754c dhcp: check length of option before accessing 
Prevent Rust index out of bounds panic.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2571
 7 years ago
Jason Ish 7bc2469eb1 dhcp: remove println!() that got committed 7 years ago
Victor Julien 88277d0402 detect: fix file_data detect issue with alert ip 
Fix mpm progress being updated by irrelevant engines. Esp in the
case of file_data engines, signature can contain multiple versions
of the same engine, registered for different 'progress' values.

This would lead to signatures being considered 'can't match' even
in cases where they clearly could still match.

Only consider those progress values that apply to the protocol in
use.
 7 years ago
Victor Julien a68eec630f detect/parse: try to set flow direction for sigs w/o explict app proto as well 7 years ago
jason taylor 4c1173ffcd configure: added rust install notes 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
jason taylor 015cd93014 configure: updated fedora/centos references 
* updated fedora yum references to dnf
* updated/added centos/rhel references

Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Maurizio Abba bce7c2dd87 eve/http: add tx->request_port_number as http_port 
Add the port specified in the hostname (if any) to the http object in
eve. The port may be different from the dest_port used by the TCP flow.
 7 years ago
Konstantin Klinger 2938f797f2 yaml: add var for DC_SERVERS (Domain Controller) 7 years ago
Konstantin Klinger 99193b1492 yaml: add note for dns v1 not available with rust 7 years ago
Konstantin Klinger a3832e4594 yaml: add note for dns.log with Rust 
It is not availbale when rust is enabled.
 7 years ago
Eric Leblond 173e5a1c58 doc: iprep supports CIDR networks 7 years ago
Eric Leblond c9b9f7fd1b util-unittest: fix typo 7 years ago
Victor Julien 28e74abcc5 detect/files: fix inspection issues with 'alert ip' 
Don't track the 'skipped' engines as matches.
 7 years ago
Victor Julien 6ffa0507d2 detect/filehash: try to open data file from rulefile dir 
If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.

This makes QA much easier.
 7 years ago
Victor Julien 39ca1db8e8 files: only prune in own direction 
Only prune files in own direction. The opposite direction may still
require inspection.
 7 years ago
Victor Julien 1df38c3b97 cocci: add more flag checks 7 years ago
Victor Julien 67c90954c0 detect: use BIT_* macros 
Also add notes that when adding flags they should be added to the
analyzer as well.
 7 years ago
Victor Julien 25a87cbbed stream: use BIT_U8 for stream flags 7 years ago
Victor Julien 7fca17639d detect/prefilter: speed up setup 
If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those.
 7 years ago
Victor Julien 4f1befd217 detect/prefilter: fix prefilter when setting is 'mpm' 
When prefilter is not enabled globally, it is still possible to
enable it per signature. This was broken however, as the setup
code would never be called.

This commit always call the setup code and lets that sort out
which signatures (if any) to enable prefiltering for.
 7 years ago
Victor Julien 085521b218 detect: include keyword types in detect.h 7 years ago