aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,200 Commits
10 Branches
167 Tags
218 MiB
main-8.0.x
main
main-7.0.x
dev-7.0.15/v1
dev-8.0.4/v1
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0bb07b550c'
${ noResults }
Commit Graph

8762 Commits (0bb07b550c1f00a95e6803aba7cdeb22d637fbc2)

Author SHA1 Message Date
Victor Julien a272e433a8 pd: don't reverse flow if TCP session not midstream 6 years ago
Jason Ish 5f1d21f247 dns: handle mid stream pickup on response packet 
Related Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2146
 6 years ago
Travis Green 9f8dcad287 doc: update of ssh-kewords documentation 
Modifies ssh-keywords.rst to fix syntax error in example rule as well as
update descriptions to indicate older keywords have been deprecated.
 6 years ago
Jeff Lucovsky 79d308db73 detect/analyzer: Add missing http_accept_enc handling 6 years ago
Victor Julien a3e5b91668 detect/dataset: fix 'state' path handling 6 years ago
Victor Julien 7ae86a0ae9 datarep: remove notice messages 6 years ago
Victor Julien 8045746bd1 datasets: remove notice messages and improve errors 6 years ago
Victor Julien 1d6a358d8a datasets: unix socket dataset-add command 6 years ago
Victor Julien 317376f59d datasets: match on lists of data 
Datasets are sets/lists of data that can be accessed or added from
the rule language.

This patch implements 3 data types:

1. string (or buffer)
2. md5
3. sha256

The patch also implements 2 new rule keywords:

1. dataset
2. datarep

The dataset keyword allows matching against a list of values to see if
it exists or not. It can also add the value to the set. The set can
optionally be stored to disk on exit.

The datarep support matching/lookups only. With each item in the set a
reputation value is stored and this value can be matched against. The
reputation value is unsigned 16 bit, so values can be between 0 and 65535.

Datasets can be registered in 2 ways:

1. through the yaml
2. through the rules

The goal of this rules based approach is that rule writers can start using
this without the need for config changes.

A dataset is implemented using a thash hash table. Each dataset is its own
separate thash.
 6 years ago
Victor Julien b286c14324 thash: generalize hash table as used in flow 
Thread safe hash table implementation based on the Flow hash, IP Pair
hash and others.

Hash is array of buckets with per bucket locking. Each bucket has a
list of elements which also individually use locking.
 6 years ago
Victor Julien 0b120bbe34 suricata: expose system as global 6 years ago
Victor Julien 5d5612f98e suricata: --data-dir option 6 years ago
Victor Julien dbbdfedb98 lzma: make mandatory 
Libhtp is starting to use it as well, so its safe to make it mandatory
here.

Remove guards for flash file decompression code.
 6 years ago
Philippe Antoine 8d4cbb3f7b http: fixes stream flags for http tests 6 years ago
Philippe Antoine 9665ab0409 http: wait for response line for filename 
See http evader case 481
 6 years ago
Victor Julien 579cc9f02b const: constify decoder, app-layer, detect funcs 6 years ago
Victor Julien 399ab35aa1 afl: fix compile warnings for decoder fuzz funcs 6 years ago
Philippe Antoine aa73d834b5 boyermoore: avoid one tolower call 
Fixes #1218
 6 years ago
Jeff Lucovsky 86deaefe66 ftp: Ensure non-zero command length with MPM init 6 years ago
Shivani Bhardwaj 85b56b633e detect: Improve rule keyword alproto registration 
1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.
 6 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 6 years ago
Fabrice Fontaine 9b05db7db0 fix build on m68k with uclibc 
uclibc on m68k defines _POSIX_SPIN_LOCKS but does not define
pthread_spin_unlock so check for this function before using
pthread_spin_xxx functions

Fixes:
 - http://autobuild.buildroot.org/results/ed923bcc1454ce90444b8dac7c064b5f4ea4a0a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Jeff Lucovsky 86fabef093 ftp: address review comments 6 years ago
Jeff Lucovsky f79316d71a ftp: remove RUST guards 6 years ago
Jeff Lucovsky cc5e9ca179 eve/ftp: Modifications for MPM-enabled command descriptor table 6 years ago
Jeff Lucovsky bc68ef4657 app-layer: Invoke FTP parser cleanup function 6 years ago
Jeff Lucovsky 09ab032a8d ftp: Use MPM for command lookup 6 years ago
Jeff Lucovsky 4f2a485c55 ftp: Remove LIBJANSSON guards 6 years ago
Jeff Lucovsky 3df2b3437c eve/ftp: Move "get next line" into app-layer-ftp.c 6 years ago
Victor Julien f43584661c stream: support debug notice message in tfo 7 years ago
Eric Leblond 5366f80941 bypass: fix build on Windows 
For the sake of unittests, we need to build capture bypass so we
end up with a Windows build of flow bypass.
 7 years ago
Eric Leblond 53a62953e9 bypass: introduce CAPTURE_OFFLOAD 
This define is used to remove reference to capture bypass in case
no capture method implementing this is active.

This patch also introduces CAPTURE_OFFLOAD_MANAGER that is defined
if we need the flow bypass manager code.
 7 years ago
Eric Leblond 094d28d40e flow-hash: generalize function 
THis patch generalizes the function to get a flow by its flowkey
by removing the call setting it to capture bypassed state.
 7 years ago
Victor Julien 7384744c3e detect: fix FP on ICMP unreachable errors 
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.

The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.

This all would lead to a false positive match.

This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.

Bug #2769.
 7 years ago
Jeff Lucovsky 240520a3cc main: fix typo in output 7 years ago
Jeff Lucovsky ef327ab194 stream/tcp: correct spelling typos 7 years ago
Victor Julien bc2267f131 stream/tcp: support TCP fast open 7 years ago
Victor Julien 8f8581beda decode/tcp: TCP fast open option decoding 
Support both regular TFO and TFO as part of the experimental
options support.
 7 years ago
Philippe Antoine c775a4af43 signature: fixes leak with duplicate signatures 7 years ago
Philippe Antoine 63deb8862f boyermoore: optimization with one alloc less 
Fixes #1220
 7 years ago
Philippe Antoine 5ff50773bd detectproto: adding missing probing parsers 
In direction TO_CLIENT for symetric protocols
 7 years ago
Eric Leblond cf98b0223e detect-geoip: add info for list keywords 7 years ago
Shivani Bhardwaj 9d6f1d318a unix/socket: Add rev date to version info 7 years ago
Jeff Lucovsky be22b23d2e cleanup: eliminate warnings/errors with debug build on macos 7 years ago
Shivani Bhardwaj 26bc0d6e1d src/detect: check DetectBufferSetActiveList return code 
Make sure to always check the return codes of DetectBufferSetActiveList.
Also, force this warning on function prototype.

Closes redmine ticket #3005.
 7 years ago
Philippe Antoine 15783fb322 signature: avoids overflow from VariableNameHash 7 years ago
Jeff Lucovsky 140bfd7b0c detect/analyzer: remove HAVE_LIBJANSSON cpp guards 7 years ago
Jeff Lucovsky 87bfce025d spelling: correct spelling typo 7 years ago
Jeff Lucovsky dcf5e247ca detect/analyzer: add support for http_content_type 7 years ago
jason taylor da2c4d7382 applayer: fix typo in debug output 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago