aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,344 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0d3c551b83'
${ noResults }
Commit Graph

14344 Commits (0d3c551b836ee737f70d16b0b42a33a02c747413)
 

Author SHA1 Message Date
Jason Ish 3d8130614e github-ci/rust: display clippy diff 2 years ago
Jason Ish e21ae88e05 rust: utility function to copy Rust strings to C strings 
As there are a few places where a Rust string is copied into a provided
C string buffer, create a utility function to take care of these
details.
 2 years ago
Jason Ish 6344501dba tls: fix date logging for dates before 1970 
The Rust time crate used by the x509-parser crate represents dates
before 1970 as negative numbers which do not survive the conversion to
SCTime_t and formatting with the current time formatting functions.

Instead of fixing our formatting functions to handle such dates,
create a Rust function for logging TLS dates directly to JSON using
the time crate that handles such dates properly.

Also add a FFI function for formatting to a provided C buffer for the
legacy tls-log.

Issue: 5817
 2 years ago
Jason Ish ef48c5064f schema: add regular expression for tls date format 2 years ago
Victor Julien 9e41075d5d detect/frames: improve IPS and GAP handling 
Inspect individual chunks in lossy traffic.

Don't use the frame idx as the inspection buffer idx. Engines are running
per frame, so multi inspection can be used for stream chunks instead.

Ticket: #4977.
 2 years ago
Victor Julien 6fcf48d09a detect/frames: handle duplicate sigs in candidates 
Prefilter engines run on each stream chunk in a lossy stream, so
we can get the same sid in the list multiple times.
 2 years ago
Victor Julien 8ff2543343 stream: add util to get absolute right edge of data 2 years ago
Victor Julien a95934b5ee detect/frames: reduce scope of private function 2 years ago
Victor Julien 652de0cc99 output: move function name in non-release output 2 years ago
Victor Julien f834377c5f detect/tls.certs: improve buffer init logic 2 years ago
Victor Julien aa4a128fb0 detect/quic: update buffer initialization logic 2 years ago
Victor Julien 6f1574276f detect/mqtt: update buffer initialization logic 2 years ago
Victor Julien 83e97a9283 detect/krb5.sname: update buffer initialization logic 2 years ago
Victor Julien d3675d5197 detect/krb5.cname: update buffer initialization logic 2 years ago
Victor Julien 849f1cf1b8 detect/ike.vendor: update buffer initialization logic 2 years ago
Victor Julien 158e648d87 detect/http2: update buffer initialization logic 2 years ago
Victor Julien 5e783a01fe detect/file.name: update buffer initialization logic 2 years ago
Victor Julien 576bfc6bf0 detect/file.magic: update buffer initialization logic 2 years ago
Victor Julien 50fd691efb detect/file.data: update buffer initialization logic 2 years ago
Victor Julien 9c34e82471 detect/http.uri: update buffer initialization logic 2 years ago
Victor Julien f6fd1b017f detect/dce.stub_data: update buffer initialization logic 2 years ago
Victor Julien e31ead9bc2 detect/dns: update buffer initialization logic 2 years ago
Victor Julien 70125a29f6 detect/buffer: add initialized flag to simplify buffer logic 2 years ago
Jeff Lucovsky c1c67536b6 decode/stat: Add decode counters for unknown/arp 
Issue: 5761

This commit adds statistics for ARP and unknown ethertype packets for
diagnostic purposes.
 2 years ago
Philippe Antoine e3105a6614 ftp: adds a config option ftp-hash for autofp-scheduler 
This allows ftp-data and ftp flows to be processed by the same
thread. Otherwise, there may be a concurrency issue where the
would-be ftp-data flow is first processed, and thus not recognized
as such. And the ftp flow gets processed later and the expectation
coming from it is never found.

To do so, the flow hash gets used as usual, except for flows that
may be either ftp or ftp-data, that is either one port is 21, or
both ports are high ones.

Ticket: #5205
 2 years ago
Philippe Antoine c1f615b8d2 src: fix coverity warning about sizeof 
CID: 1520601
CID: 1520602

> In this particular case sizeof (char **) happens to be equal to
sizeof (char *), but this is not a portable assumption.
 2 years ago
Jason Ish 84d1ed58bb config: check return value of dotted override 
Fixes commit fbb0d2b0f4.
 2 years ago
Jason Ish 64cb687a65 rust: suppress specific manual_flatten list 
In this case of debug code, the explicit iterator seems to make more
sense.
 2 years ago
Jason Ish 7080ecbb76 rust: remove explicit lifetimes where not needed 2 years ago
Jason Ish e7f5bd047d rust: fix needless borrows of references 
Fixed automatically by cargo clippy --fix.
 2 years ago
Jason Ish 29f345af1a rust: allow uninlined_format_args 
Newer versions of Rust/clippy are getting picky about format strings.
We should allow and use the new style, but also not prevent the old
style.
 2 years ago
Jason Ish 0490279a75 rules/readme: document sid ranges in source tree 2 years ago
Jason Ish 3f4dad8676 ftp: add events for command too long 
Issue: 5235
 2 years ago
Jason Ish 48920bd784 rust/derive: allow event name to be set as attribute 
When deriving AppLayerEvent, allow the event name to be set with the
"name" attribute in cases where the transformed name is not suitable.

This allows us to use enum variant names like
"FtpEventRequestCommandTooLong" for direct use in C, but is also a
name that doesn't transform well to an event name in rules, where we
want to see "request_command_too_long".
 2 years ago
Jason Ish 1b844cd7f7 doc/userguide: document --include command line option 2 years ago
Jason Ish dcfa6a6002 suricata: allow additional include files on command line 
Add a new command line option, --include. This will merge additional
configuration files into the configuration specified in the main
suricata.yaml.  It can be provided multiple times and the files will be
included in the order they appear on the command line.

Ticket: 3912
 2 years ago
Jason Ish cb1ae92a1b yaml-loader: add test for fully qualified override 
Also set the parent node for regular nodes on creation as this is
useful in unit-tests to verify the parent of a node.
 2 years ago
Jason Ish fbb0d2b0f4 config: allow fully qualified overrides 
Allow configuration parameters to be overrided usually a fully
qualified name such as:

vars.address-groups.HOME_NET: "7.1.2.0/24"

In configuration files (including "include" files).  This allows the
overriding of a specific value deeply nested in the configuration
without having to redefine the complete top-layer object.

Ticket: 4783
 2 years ago
Philippe Antoine 9cb0bc3332 util/landlock: check return values for ConfGet 
CID 1514671
CID 1514669
 2 years ago
Philippe Antoine b52293b609 dcerpc: config limit maximum number of live transactions 
As is done for other protocols

Ticket: #5779
 2 years ago
Shivani Bhardwaj b5b05b8fce rules/decoder: add udp.len_invalid rule 2 years ago
Shivani Bhardwaj 8e3acf1695 eve/schema: add udp.len_invalid 2 years ago
Shivani Bhardwaj f941ceae2b decode/udp: fix payload_len calculation 
Fix payload_len calculation post removal of the condition that returned
error code if the length to the decode fn did not match the length of
header from the UDP packet.

Bug 5379
 2 years ago
Shivani Bhardwaj eebdfe9a3e decode/events: add event type UDP_LEN_INVALID 2 years ago
Lukas Sismis d18e52ed93 decode-udp: Allow shorter UDP packets than the remaining payload length 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid.

Redmine ticket: #5693
 2 years ago
Philippe Antoine ba99241957 http2: fix leak with range files 
Ticket: #5808

May have been introduced by a24d7dc45c

Function http2_range_open expects to be called only when
tx.file_range is nil. One condition to ensure this is to check
that we are beginning the files contents. The filetracker field
file_open is not fit for this, as it may be reset to false.
 2 years ago
Jason Ish a0fc00bb48 log-pcap: fix inverse logic error 
We shouldn't early initialize when *offline*.  Instead this accidentally
delayed initializing when if an online mode, however its likely not to
have been noticed as delaying initializing in online mode is supported
as well.
 2 years ago
Philippe Antoine e07556b961 runmodes: fix memory leak 
By using constant for string instead of allocating and leaking it

CID: 1520497
CID: 1520500
 2 years ago
Philippe Antoine b281199e9a test: do not output non ascii character 
The unit test for content |aa bz| transforms in place the string
str to replace the 2 characters aa by one character 0xaa
Then, when z is not recognized as a valid hexadeicmal character,
the whole modified string is printed out, inclusing the non-ascii
0xaa

Ticket: #5558
 2 years ago
Victor Julien 7a47eabf82 streaming: fix possible use after free 
Don't use ptr after freeing it. Reported by Coverity Scan.
 2 years ago