aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,344 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0d3c551b83'
${ noResults }
Commit Graph

14344 Commits (0d3c551b836ee737f70d16b0b42a33a02c747413)
 

Author SHA1 Message Date
Victor Julien 0d3c551b83 detect/base64_data: remove use of sm_list macro 2 years ago
Victor Julien 501388c912 detect/pcre: use util funcs for buffer test 2 years ago
Victor Julien 0b6ebd13ee detect: add util funcs to get first and last sigmatch for buffer 2 years ago
Philippe Antoine 6bc7f02e13 doc: rules can have http1 as protocol 
Ticket: #5962
 2 years ago
Victor Julien a42c225117 detect/content: add negated endswith test 2 years ago
Jeff Lucovsky c083cbda33 detect/content: Negated endswith matches 
Issue: 5541

This commit handles negated endswith matches.
 2 years ago
Haleema Khan 3531a4abaa rfb: rustfmt rfb.rs 2 years ago
Haleema Khan 3eee311350 rfb: add rfb frames, update tests 
Adds a PDU frame to the RFB parser.
Update function signature in tests to reflect frames

Ticket: 5717
 2 years ago
Victor Julien d3ab33edce detect/app-layer-protocol: remove use of sm_list macro 2 years ago
Victor Julien 5753d95040 detect: reduce sm_lists macro use 2 years ago
Victor Julien 88700f2744 detect/parse: remove obsolete and commented out code 2 years ago
Victor Julien 4a8f269000 detect/pcre: add comment indicating rawbytes is a no-op 2 years ago
Victor Julien 7ea6637d6d detect/content: remove commented tests 2 years ago
Victor Julien 7ac623e0c5 detect/bytemath: fix newline in debug message 2 years ago
Victor Julien 0bbc411743 nfs: fix newline in debug messages 2 years ago
Victor Julien 92d8a712aa detect/content: cleanup content setup/check code 
Pass SigMatch pointer instead of a list id to SigParseRequiredContentSize.
 2 years ago
Jeff Lucovsky fd46c93a8f doc/byte_math: Add divide by 0 discussion. 
Issue: 5945
 2 years ago
Jeff Lucovsky 38c5e89e29 detect/byte_math: fix bug in byte_math detection 
Issue: 5945

Avoid division by zero when the byte_math operation is division and the
rvalue is 0.
 2 years ago
Victor Julien 2ddd26446e pcap: fix return check 
The check that meant to check if pcap_dispatch processed fewer packets
than the desired number was inaccurate. It would also include all errors
(negative return values).

This patch considers only positive values for this check.

Fixes: 9fe08f2374 ("pcap: improve pcap_breakloop support")
 2 years ago
Shivani Bhardwaj 5f52b199ff smtp: enforce line limit even when LF is found 
Before:
If LF character was found, so far, we won't enforce the line limit on
the line. We only enforced limits in case of LF character missing in a
long line.

After this patch:
Line limit is enforced on the line if it is bigger than 4096 Bytes
irrespective of whether LF was found or not.

Redmine Bug: 5819
 2 years ago
Shivani Bhardwaj fd4e0fbafe util/mime: allow delim len 0 when line limit is hit 2 years ago
Shivani Bhardwaj c0bff5f921 smtp: move constant declaration to header 2 years ago
Justin Azoff aacb7dc291 detect/iponly: remove DetectEngineIPOnlyThreadCtx 
This is unused.

Issue: 4578
 2 years ago
Justin Azoff dfbc3da0eb detect/iponly: Reduce the size of the SigNumArray bitsets 
Instead of tracking ip only rules by the internal signum, track them by
a separate counter that starts at zero.  This results in dense
SigNumArrays instead of sparse ones and a much smaller max_idx.

Issue: 4578
 2 years ago
Victor Julien 9fe08f2374 pcap: improve pcap_breakloop support 
When pcap_breakloop has been issued on a handle, the current pcap_dispatch
call may return -2 (PCAP_ERROR_BREAK), but it can also return the number
of processed packets if lower than the desired number. So add this condition
as a check.
 2 years ago
Victor Julien 8a968faa04 detect: only breakloop threads that are lagging 
Sleep after all threads have been checked.

Bug: #5969.
 2 years ago
Victor Julien 5e4cf182ab flow/worker: refresh detect thread during housekeeping 
During housekeeping multiple flows are processed. If a rule reload happens
at that time, we need to use the new detect thread as soon as possible.

Bug: #5969.
 2 years ago
Victor Julien 4176c7df6a flow/worker: remove unused detect thread arg 2 years ago
Philippe Antoine 9adb59bcdb http2: faster when reducing dynamic headers size 
avoid quadratic complexity from removing the first element
and copying all the contents a big number fo times.

Ticket: #5909
 2 years ago
Philippe Antoine caf9940fd1 http: fix multipart completion 
As brought by commit 578f328e06

Ticket: #5952
 2 years ago
Jeff Lucovsky 035863d029 netmap: Forward port packet stall fix 
Issue: 5862

This commit forward ports fixes from master-6.0.x that address packet
stalling that may occur under IPS configurations.
 2 years ago
Cole Dishington b6c5c59bc3 app-layer-dnp3: Fix build for big endian 
Add missing include of util-byte.h for big endian targets that need
SCByteSwap(16|32|64) for DNP3_SWAP(16|32|64).
 2 years ago
Juliana Fajardini d314b57e6b userguide/muti-tenant: fix typo 2 years ago
jason taylor 5abcd50142 doc: add tenant id value requirement 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Maxim Korotkov 1c055dc370 output: fix logic error 
The logical error may have been made here. Comparison with the upper
bound of the variable type does not make sense. It may be worth adding
the cast of one of the multiplication operands to the 64-bit type for
avoiding overflow.

Found by Security Code with Svace static analyzer
Bug: #5789

Signed-off-by: Maxim Korotkov <m.korotkov@securitycode.ru>
 2 years ago
Victor Julien 39a6f411e9 stream: improve FIN checking 
After recent next_seq changes, the FIN checks could be too strict
leading to stalling sessions in IPS mode.

This patch requires a FIN to be >= last ack and <= next_win to be
accepted.
 2 years ago
Shivani Bhardwaj 418ddba38e util/base64: don't reset decoded bytes in RFC4648 
Old behavior:
With RFC4648, the decoded bytes were reset to 0 in case an unusual
character was encountered in the encoded string. This worked out fine
for small test cases where there weren't many bytes to be decoded.

Problem:
If a big encoded string had a character outside of the base alphabet,
the processing would stop and the number of decoded bytes were set to 0.
However, even though the processing should stop at the invalid
character, the number of decoded bytes should correctly store the bytes
decoded up until the point an invalid characted was encountered.

New behavor:
For any base64 encoded string given to the base64 decoder in RFC4648
mode, we make sure that the number of decoded bytes correctly reflect
the number of bytes processed up until the string was valid. This makes
sure any further calculations/use of the decoded data is done correctly.

Redmine ticket: 5885
 2 years ago
Jason Ish 8ef410e284 app-layer: add direction to transaction creation where needed 
Build on Eric's but set the direction on transaction creation when
needed. I think this makes it a little more clear, and easier to
document when creating single direction transactions.

This also somewhat abstracts the inner-workings of a directional
transaction from the implementation.

Ticket: #4759
 2 years ago
Eric Leblond 9f4ca26962 sip: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 301237f82e enip: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 1decdbe409 dnp3: activate unidirectional TX flag 
By implementing the no inspection flag we can now set
the unidirectional TX flag. Which means that the alstate
progress function can now be simplified to always return
1 f the transaction is complete.

Ticket: #5799
 2 years ago
Eric Leblond 8b0d56c414 nfs: TX are not unidirectional 
NFS transactions are not unidirectional so we should not declare
them as such.
 2 years ago
Eric Leblond 19174de4f3 quic: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 44482a68b0 ntp: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond c64e4526cd krb: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 322f3896ba mqtt: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 7ce557a44c ike: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 8926d82465 dns: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond 744fccee17 bittorrent_dht: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago
Eric Leblond a82a5aa84b snmp: add TX orientation 
Set no inspection in the opposite side of the transaction.

Ticket: #5799
 2 years ago