aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,209 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f10298990'
${ noResults }
Commit Graph

10209 Commits (0f102989902f6b45fd942f2b74ab832fea132c90)
 

Author SHA1 Message Date
Jason Ish 0f10298990 rdp: address comments in pull request 
Pull request:
https://github.com/OISF/suricata/pull/4174

- fix commit: range -> set
- OUTPUT_BUFFER_SIZE -> JSON_OUTPUT_BUFFER_SIZE
- output: check for initdata first
 6 years ago
Zach Kelly caef8b5b38 protocol parser: rdp 
Initial implementation of feature 2314:
1. Add protocol parser for RDP
2. Add transactions for RDP negotiation
3. Add eve logging of transactions
 6 years ago
Shivani Bhardwaj 59da7ae302 counters: Add new default for decoder events 
Set the new default for decoder events to `decoder.event` instead of the
previously used `decoder`. Remove the corresponding warning for 5.0.
 6 years ago
Andreas Herz d657fd9bf0 doc: add quickstart guide 6 years ago
Victor Julien 7cabb025ea ips: fix wrong thread for bridge ips modes 6 years ago
Victor Julien d5009c5d8c doc/stream: briefly explain bypass 6 years ago
Phil Young 8aeff8f973 stream: fix bypass callback for stream.depth 
Fix bug with bypass callback when called with stream depth threshold.
bug report: https://redmine.openinfosecfoundation.org/issues/2986
 6 years ago
Shivani Bhardwaj ba6b73cd10 ctl/filestore: Add check for filestore directory 
Up until now, suricatactl would delete any directory that is provided as
an argument on command line. This patch adds a basic test for the
directories `tmp`, `00` and `ff` in order to justify that the provided
directory is actually a filestore directory.

Additionally, some code has been broken up and made more readable and
pythonic.

Closes redmine ticket #2843
 6 years ago
Jason Ish 52187d8548 ftp: removing uninitialized variable warning 
output-json-ftp.c: In function ‘JsonFTPLogger’:
output-json-ftp.c:129:9: warning: ‘js_respcode_list’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  129 |         json_object_set_new(cjs, "completion_code", js_respcode_list);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
output-json-ftp.c:74:13: note: ‘js_respcode_list’ was declared here
   74 |     json_t *js_respcode_list;
      |             ^~~~~~~~~~~~~~~~
output-json-ftp.c:128:9: warning: ‘js_resplist’ may be used uninitialized in this function [-Wmaybe-uninitialized]
  128 |         json_object_set_new(cjs, "reply", js_resplist);
      |         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
output-json-ftp.c:73:13: note: ‘js_resplist’ was declared here
   73 |     json_t *js_resplist;
      |             ^~~~~~~~~~~
 6 years ago
Jason Ish 0bb07b550c userguide: remove section on using Oinkmaster 
Users should be using Suricata-Update now.
 6 years ago
Jason Ish 55852d0de3 rules: remove configuration for legacy rule handling 
Removes the autoconf, and suricata.yaml sections for using
the legacy style of rule management.
 6 years ago
Jason Ish 3c11665317 rules: no longer install rules to /etc/suricata/rules 
Stop falling back to the old method of installing rules into
/etc/suricata/rules if Suricata-Update is not available.

The goal here is to move away from the behaviour of installing
rules to /etc/suricata/rules as part of the default install
process. The engine provided rules are already installed to
/usr/share/suricata/rules, which can then be used as input
to rule management tools such as Suricata-Update.

This does not change the behaviour for Suricata release users
with the bundled Suricata-Update.

Also removes Oinkmaster and PulledPork suggestion for rule
management.
 6 years ago
Jason Ish e3cfc9fc4b rules: install dhcp-events.rules; order alphabetically 
Add dhcp-events.rules to Makefile.am so it gets installed.

Also order the rule files alphabetically for easier review.
 6 years ago
Victor Julien a272e433a8 pd: don't reverse flow if TCP session not midstream 6 years ago
Jason Ish 5f1d21f247 dns: handle mid stream pickup on response packet 
Related Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2146
 6 years ago
Travis Green 3f146cdd7e doc: add endswith keyword docs 6 years ago
Travis Green 9f8dcad287 doc: update of ssh-kewords documentation 
Modifies ssh-keywords.rst to fix syntax error in example rule as well as
update descriptions to indicate older keywords have been deprecated.
 6 years ago
Jason Ish 9488002a0d doc: use describe instead of option for old Sphinx 
Older versions of Sphinx will generate duplicate IDs when you have
options like:

.. option:: some-option

.. option:: some-other-option

The version of Sphinx provided on CentOS 7 has this issue, newer
versions of Sphinx do not.  As CentOS 7 is still a popular
distribution, change ".. option" to ".. describe" which has the
same visual output, but does not generate links.
 6 years ago
Jason Ish 42e5065ab8 rust: update to Rust 2018 with cargo fix 
Migrate to Rust 2018 edition.

Credit to Danny Browning for first demontrating this:
https://github.com/OISF/suricata/pull/3604/commits
 6 years ago
Jeff Lucovsky 79d308db73 detect/analyzer: Add missing http_accept_enc handling 6 years ago
Shivani Bhardwaj 8bebea5d4c rust: Get rid of unneeded macros, fix warnings 6 years ago
Victor Julien a3e5b91668 detect/dataset: fix 'state' path handling 6 years ago
Victor Julien e36a963196 datasets/doc: minor fixes and clarifications 6 years ago
Victor Julien 7ae86a0ae9 datarep: remove notice messages 6 years ago
Victor Julien 8045746bd1 datasets: remove notice messages and improve errors 6 years ago
Victor Julien 0107b9a057 doc/dataset: initial documentation 6 years ago
Victor Julien d5ceafa2e5 suricatasc: add dataset-add command 6 years ago
Victor Julien 1d6a358d8a datasets: unix socket dataset-add command 6 years ago
Victor Julien 317376f59d datasets: match on lists of data 
Datasets are sets/lists of data that can be accessed or added from
the rule language.

This patch implements 3 data types:

1. string (or buffer)
2. md5
3. sha256

The patch also implements 2 new rule keywords:

1. dataset
2. datarep

The dataset keyword allows matching against a list of values to see if
it exists or not. It can also add the value to the set. The set can
optionally be stored to disk on exit.

The datarep support matching/lookups only. With each item in the set a
reputation value is stored and this value can be matched against. The
reputation value is unsigned 16 bit, so values can be between 0 and 65535.

Datasets can be registered in 2 ways:

1. through the yaml
2. through the rules

The goal of this rules based approach is that rule writers can start using
this without the need for config changes.

A dataset is implemented using a thash hash table. Each dataset is its own
separate thash.
 6 years ago
Victor Julien b286c14324 thash: generalize hash table as used in flow 
Thread safe hash table implementation based on the Flow hash, IP Pair
hash and others.

Hash is array of buckets with per bucket locking. Each bucket has a
list of elements which also individually use locking.
 6 years ago
Victor Julien 0b120bbe34 suricata: expose system as global 6 years ago
Victor Julien 5d5612f98e suricata: --data-dir option 6 years ago
Victor Julien f24067f5e5 travis: add liblzma (xz) for osx 6 years ago
Victor Julien 6f80821ff0 configure: bump minimum htp to 0.5.30 6 years ago
Victor Julien dbbdfedb98 lzma: make mandatory 
Libhtp is starting to use it as well, so its safe to make it mandatory
here.

Remove guards for flash file decompression code.
 6 years ago
Philippe Antoine 8d4cbb3f7b http: fixes stream flags for http tests 6 years ago
Philippe Antoine 9665ab0409 http: wait for response line for filename 
See http evader case 481
 6 years ago
Victor Julien 579cc9f02b const: constify decoder, app-layer, detect funcs 6 years ago
Victor Julien 399ab35aa1 afl: fix compile warnings for decoder fuzz funcs 6 years ago
Jason Ish a472dec865 travis-ci: update for minimum Rust version of 1.33. 
Plus:
- Set latest known working stable Rust to 1.37.0.
- Remove test for --disable-rust, as that as option is
  not respected anymore.
- Add test for old/unsupported version of Rust to make
  sure ./configure fails.
- Other minor cleanups.
 6 years ago
Jason Ish 8f66f39b29 rustfmt: use default rustfmt configuration 
Remove our config that limited line length to 80 columns.
 6 years ago
Jason Ish c9d569f410 rust: check for minimum Rust version of 1.33.0. 
Related Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2629
 6 years ago
Philippe Antoine ecb9e85d69 install: install all files for events rules 
Fixes #2786
 6 years ago
Philippe Antoine aa73d834b5 boyermoore: avoid one tolower call 
Fixes #1218
 6 years ago
Jeff Lucovsky 86deaefe66 ftp: Ensure non-zero command length with MPM init 6 years ago
Jason Ish d14fe372b4 configure.ac: prevent empty if block (llc check) 
As AC_SUBST doesn't expand to anything in the shell script, this
will generate a bad script on older versions of autoconf.

Change the logic to eliminate the possibility of an empty
if or else block.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3124
 6 years ago
Shivani Bhardwaj f750e4ca40 configure: Remove enable-rust-debug 
Get rid of enable-rust-debug flag and use enable-debug for acheiving the
desired functionality. From now, adding `--enable-debug` to `configure`
shall create an [unoptimitized + debuginfo] target. Rest behavior stays
the same.

Closes redmine ticket #3054
 6 years ago
Shivani Bhardwaj 85b56b633e detect: Improve rule keyword alproto registration 
1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.
 6 years ago
Victor Julien 1bc738fbe4 doc: typo fixes 
By @espritlibre and @Zeal0us
 6 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 6 years ago