aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,172 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '04e78ace0a'
${ noResults }
Commit Graph

9172 Commits (04e78ace0a9e30170c0724bffa717564ab3e1d76)
 

Author SHA1 Message Date
Elazar Broad 6ba02cac50 Fix segfault when the protocol is anything other than HTTP 
When a file is transferred over anything other than HTTP, the previously hard-coded HTTP protocol would trigger a non-existent index into htp_list_array_get(), causing a segfault. This patch mimics the logic in detect-lua-extensions.c.
 7 years ago
Mats Klepsland 2d2c01e772 detect-tls-cert-fingerprint: fix typo in unittest 7 years ago
Mats Klepsland 4671d57d7a detect-tls-cert-fingerprint: fix failing unittest 
Fix unittest that failed with the content validation callback.
 7 years ago
Mats Klepsland f36d578ee0 detect-tls-ja3-hash: add setup callback to lowercase content 
Add setup callback that lowercase the content that follows 'ja3_hash'.
 7 years ago
Mats Klepsland 5b954212f7 detect-tls-ja3-hash: add warning if nocase is used 7 years ago
Mats Klepsland 2501d48ac8 detect-tls-cert-serial: add warning if nocase is used 7 years ago
Mats Klepsland 2c5d5bbdaa detect-tls-cert-fingerprint: add warning if nocase is used 7 years ago
Mats Klepsland 4c9d448fa1 detect-tls-ja3-hash: add content validation callback 
Validate that the content that follows the 'ja3_hash' keyword has
the correct length.
 7 years ago
Mats Klepsland 52d9d45747 detect-tls-cert-fingerprint: add setup callback to lowercase content 
Add setup callback that lowercase the content that follows
'tls_cert_fingerprint'.
 7 years ago
Mats Klepsland f788719348 detect-tls-cert-fingerprint: add content validation callback 
Validate that the content that follows the 'tls_cert_fingerprint'
keyword is on the correct form and has the correct length.
 7 years ago
Mats Klepsland 6cf4c3c26e detect-tls-cert-serial: add setup callback to uppercase content 
Add setup callback that uppercase the content that follows
'tls_cert_serial'.
 7 years ago
Mats Klepsland 321603de37 detect-engine: add DetectEngineCtx to setup callback function 
Add detect engine context as variable to setup callback function
in 'DetectBufferTypeRegisterSetupCallback'.
 7 years ago
Mats Klepsland 48a5ea9df0 detect-tls-cert-serial: add content validation callback 
Validate that the content that follows the 'tls_cert_serial' keyword
is on the correct form. If it's longer than two bytes it should be
separated by colons.
 7 years ago
Max Fillinger ce270a8f6a Add info about pcap log compression to user guide 7 years ago
Max Fillinger 58e92392ea configure: Show installation info for liblz4 if not found 7 years ago
Max Fillinger b85a0b188b Add an option for compressing pcap-log files 
Introduces the option 'outputs.pcap-log.compression' which can be set
to 'none' or 'lz4', plus options to set the compression level and to
enable checksums. SCFmemopen is used to make pcap_dump() write to a
buffer which is then compressed using liblz4.
 7 years ago
Eric Leblond 6062c27eb7 af-packet: kill some white spaces 7 years ago
Eric Leblond 75b6972cfd util-ioctl: fix a typo in setter message 7 years ago
Eric Leblond f53e687bb8 af-packet: dump counters when timeout occurs 
When traffic is becoming null (mainly seen in tests) we reach the
situation where there is timeouts in the poll on the socket and
only that. Existing code is then just looping on the poll and
the result is that the packet iface counters are not updated.

This patch calls the dump counter function to be sure to get
the counter right faster (and not only right at exit).
 7 years ago
Jason Ish e048a74ecd rules: set default rule dir to suricata-update if bundled 
If suricata-update is bundled, set the default-rule-dir
to lib/suricata/rules under the $localstatedir

For now use 2 rule-files section that are renamed depending
on if suricata-update is bundled or not.
 7 years ago
Jason Ish 732ce3f123 install-rules: use suricata-update if available 
If Suricata update was bundled, use it for "install-rules" instead
of curl or wget.
 7 years ago
Jason Ish b9e083a703 python: put some defaults on suricata.config.defaults 
This is a module that can contain installation default. For now
it includes the sysconfdir, and rules data directory for use
by suricata-update.
 7 years ago
Jason Ish 7bf490062c rules: install to $datadir/suricata/rules 
Common /usr/share/suricata/rules or /usr/local/share/suricata/rules.

The rules provided by the distribution are installed here as part
of the Suricata install process so will always be installed, even
without the use of install-rules.
 7 years ago
Victor Julien de6fcb7c92 wirefuzz: add 'quiet' mode 
Adds -q commandline option to force quiet operation.
 7 years ago
Victor Julien 8a5710307d hyperscan: don't abort on payloads > 64k 
SPM API was recently updated to accept 32 bit length fields instead of
16 bits. This could trigger a BUG_ON in the hyperscan implementation.
 7 years ago
Victor Julien a5de9968dd gcc8: fix format truncation warnings 7 years ago
Eric Leblond f79f64097e configure: fix error hw timestamp check 
This fixes #2469
 7 years ago
Victor Julien 5faaa5dceb file_data/http: inspect cleanup 7 years ago
Eric Leblond 1d0727d85f stream-tcp: fix stream depth computation 
The stream depth computation was partly done with the stream_config
depth instead of using the value in the TCP session. As a result,
some configuration were resulting in abnormal behavior.

In particular, when stream depth was 0 and the file store depth was
not 0, Suricata was stopping the streaming on the flow as soon as
the filestore was started.

Reported-by: Pascal Delalande <pdl35@free.fr>
 7 years ago
Eric Leblond 1012fc4466 file: update logger API to log direction 
By adding the flow direction to the logger we can have an accurate
logging of fileinfo events that has source and destination IP
correctly set.
 7 years ago
Eric Leblond 2515c8927b app-layer-ftp: fill direction of transfer 
This is required to return the file when asked with one direction.
 7 years ago
Maurizio Abba d2bf7a3ba9 detect: fix buffer length to uint32 
There is a difference in the size of the buffer length as passed from
the content buffers (cfr HttpReassembledBody.buffer_len) and the buflen
variable passed to mpm primitives. This can cause a misdetection
whenever the bufferlen is multiple of 65536 (as uint16(X*65536) == 0).
Increasing the buflen variable type to uint32 solves the issue (this
does not cause any issue with primitives, they all accept uint32).
 7 years ago
Victor Julien 2e8fd612a6 files: properly close files on flow timeout 
If a file transfer stops on flow timeout, it won't be closed or
truncated. This patch makes sure that in such cases the files
are indeed truncated. This fixes the filestore-v2 output module,
as that requires a sha256 for storing the partial file correctly.
 7 years ago
Victor Julien 73d94fff73 nfs4: support records wrapped in GSSAPI integrity 7 years ago
Victor Julien 53fa2af07c nfs4: fix attr parsing corner case 7 years ago
Victor Julien 39489bc5fd nfs4: implement COMMIT parsing and handling 7 years ago
Victor Julien c7cb01b636 nfs4: parse GSSAPI init 7 years ago
Victor Julien bfa60753f9 nfs4: create link support 7 years ago
Victor Julien 06f6c15954 nfs4: initial implementation 
Implements record parsing and file extraction for READs and WRITEs.

Defines all types from RFC 7530.
 7 years ago
Victor Julien 75c5722b7e nfs/rpc: add parser for GSSAPI Integrity records 7 years ago
Victor Julien 81c0b53d3f flow: track flow for ip proto 41 7 years ago
Victor Julien 8c75a022ea eve/netflow: only log response record if we've seen response pkts 7 years ago
Victor Julien c662383b53 flow: track flow for ICMP 
Change packet layout to allow for expected counterpart type.
 7 years ago
Victor Julien 708aad3f4a unified2: address strict aliasing issue 7 years ago
Victor Julien 7ce77f9351 decode/ipv6: expose addr as 'struct in6_addr' as well 7 years ago
Victor Julien 49b02f8f1b mingw: minor compile warning fixes 7 years ago
Giuseppe Longo 28849509b2 tests/detect-engine-hsbd: deinit det_ctx threads 7 years ago
Giuseppe Longo c620fc3dc4 detect-engine: free events 
Events are stored in a detection engine but actually
they are not freed.
 7 years ago
Victor Julien f461be75c5 smb: use inspect API v2 for smb keywords 
Simplies code and supports transforms.
 7 years ago
Victor Julien 3854c304d8 mpm/hs: fix minor coverity warning 
CID 1428797 (#1 of 1): Unchecked return value (CHECKED_RETURN)
    check_return: Calling HashTableAdd without checking return value
    (as is done elsewhere 5 out of 6 times).
 7 years ago