aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,024 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '089972fd31'
${ noResults }
Commit Graph

12024 Commits (089972fd314f881c947ba562c273a82652bfcdf0)
 

Author SHA1 Message Date
Eric Leblond 0dba1b09de suricata: improve list keywords 
Exit with error if a keyword is not supported or not existing
and display a message.
 4 years ago
Eric Leblond 2e4af5a091 suricata: return error value of custom run modes 4 years ago
Eric Leblond 44460f1945 util/running-modes: don't exit in running mode 4 years ago
Eric Leblond 921d44b262 log/pcap: exit on invalid filename 
If the filename has to % sign and if pcap logging is using multi
mode, then the pcap capture will fail. So let's exit if ever this
is the case.
 4 years ago
Eric Leblond 6a45064d4c suricata: unix-socket mode and -l are compatible 
Commit 93642a0d1d did prevent to
specify the logging directory on command line and use the unix
socket.

It looks like the implementation has evolved and the arbitrary
limitation can be removed allowing a user to start unix socket
without editing the configuration file.
 4 years ago
Eric Leblond 7304389438 eve: only output ja3 and ja3s if present 
This will prevent JSON entries like the following that occur
with the dedault configuration (ja3 deactivated and extended
tls ouput activated):

  "tls": {
    "subject": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
    "issuerdn": "C=GB, ST=London, L=London, O=Global Security, OU=IT Department, CN=example.com",
    "serial": "00:9C:FC:DA:1D:A4:70:87:5D",
    "fingerprint": "b8:18:2d:cb:c9:f8:1a:66:75:13:18:31:24:e0:92:35:42🆎96:89",
    "version": "TLSv1",
    "notbefore": "2020-05-03T11:07:28",
    "notafter": "2021-05-03T11:07:28",
    "ja3": {},
    "ja3s": {}
  }
 4 years ago
Jeff Lucovsky cbb03dbb39 detect/pcre: Test capture group/var mismatch 4 years ago
Jeff Lucovsky 469d5bb214 detct/pcre: Correct capture group count check 
This commit corrects the validation check between the number of
variables used and the number of specified capture groups.
 4 years ago
Philippe Antoine 32b604e8c7 template: use response_gap in rust parser 4 years ago
Victor Julien ed05c51d99 detect/state: optimize state keeping 4 years ago
Victor Julien 13cebb1857 detect: fix heap overflow issue with buffer setup 
In some cases, the InspectionBufferGet function would be followed by
a failure to set the buffer up, for example due to a HTTP body limit
not yet being reached. Yet each call to InspectionBufferGet would lead
to the matching list_id to be added to the
DetectEngineThreadCtx::inspect.to_clear_queue. This array is sized to
add each list only once, but in this case the same id could be added
multiple times, potentially overflowing the array.
 4 years ago
Victor Julien 17a38f1823 flow/manager: (u)sleep slightly longer 
Sleep 250 microseconds instead of 100 as running in KVM cause the
old value to use 100% CPU for these threads.

Perf testing suggests no measurable impact for the non-KVM case.

Ticket: #4096
 4 years ago
Victor Julien 8baef60d60 app-layer: fix transaction cleanup 
Fix a 'skipped' transaction early in the list leading to all further
transactions getting skipped, even if they were fully processed and
ready to be cleaned up.
 4 years ago
Philippe Antoine 62e665c848 fuzz: rightly uses PacketFreeOrRelease in target 
instead of PacketFree because packets
may belong to the pool
 4 years ago
Philippe Antoine e586d8526b fuzz: use some value for max_pending_packets 
so as not to timeout waiting forever for the condition
in PacketPoolWait
 4 years ago
Philippe Antoine a6bbb608f7 fuzz: makes target sigpcap more reproducible 
By removing the temporary rules file if it existed
before the first run
 4 years ago
Victor Julien f2e9517434 github: run codecov verify test w/o optimizations 4 years ago
Victor Julien 3f807f3bf6 rust: update dependencies 4 years ago
Victor Julien ebde15f0e2 rust: lock all major crate versions 
To avoid surprises with dependencies bumping MSRV.
 4 years ago
Victor Julien 4b5af36061 rust: relax nom version to any >=5.1.1 4 years ago
Philippe Antoine b869ac01ee http: enables request decompression 4 years ago
Eric Leblond 85327890f5 suricata: avoid at exit crash in nfq mode 
When Suricata was build with ebpf support and when it was started
in NFQ mode, it was crashing at exit because it was trying to free
the device extension.

This patch fixes the issue by only trigger the eBPF related code
when Suricata is running in AFP_PACKET mode.
 4 years ago
Eric Leblond e6cfcb704c storage: fix a variable name 4 years ago
Eric Leblond 628458e7d3 detect: fix link to documentation 4 years ago
Philippe Antoine 43f25f127f ftp: ftp-data recognized by StringToAppProto 4 years ago
Philippe Antoine d861228214 http2: decompression for files 
gzip and brotli decompression for files
 4 years ago
Philippe Antoine 2e46b5d100 rust: BIT_U16 macro utility 4 years ago
Philippe Antoine aee8e60149 rust: better panic message for missing file config 4 years ago
Philippe Antoine 8ac363c34d rust: fix warning about unused values in smb tests 4 years ago
Philippe Antoine 76db6e34a1 protocol detection: fix failure case 
as reached by CIFuzz even if unreachable from Suricata
 4 years ago
Philippe Antoine f5d8e953a8 protodetect: debug validation when multiple patterns match 4 years ago
Victor Julien 00d7c9034b stream: remove debug assert 
In cases of large windows in the past the check would tigger.
 4 years ago
Victor Julien b66d013294 detect/http_client_body: minor test cleanups 4 years ago
Eric Leblond 64f994f753 dataset: fix dataset string lookup 
The data was unlocked but the use_cnt was not decreased resulting
in the data entry not being removable.
 4 years ago
Victor Julien 191461a028 detect/file_data: cleanup tests 4 years ago
Victor Julien 116c089de0 stream/tests: minor cleanups 4 years ago
Victor Julien 80a3bbef3d qa/cocci: support FAIL macros in malloc check 4 years ago
Victor Julien 711cfe5657 github: codecov fix path handling 4 years ago
Victor Julien ee6d792b02 stream: move tests into tests/ 4 years ago
Victor Julien 226a82bade detect/fast_pattern: redo unittests 4 years ago
Victor Julien 66d7f5941a detect/fast_pattern: remove dead code 4 years ago
Victor Julien bc9e7743f3 detect/http-ua: cleanup tests 4 years ago
Emmanuel Thompson f12daa710f decode/flow/esp: Add ESP decoder & flow 
- Adds an ESP (Encapsulating Security Payload) header decoder
- Tracks ESP flows via the SPI field
 4 years ago
Victor Julien 9adeae07b1 decode: reformat REINIT macro 4 years ago
Victor Julien 3f4398cc90 decode: minor unittest cleanups 4 years ago
Victor Julien bf00285d0a proto/names: add SCTP if not defined in system 
If SCTP is missing from /etc/protocols, add it manually.
 4 years ago
Victor Julien 5303901790 github: add codecov.yml 
Don't report until both cov runs are available to avoid partial
reporting in pull request comments.
 4 years ago
Victor Julien c25afbccc1 json: remove unused jansson wrappers 4 years ago
Victor Julien b6b317cae6 http: enable and fix content range tests 4 years ago
Victor Julien a7cd765f20 app-layer/nfs: dead code removal 4 years ago