aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,084 Commits
8 Branches
169 Tags
241 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1110a86cb9'
${ noResults }
Commit Graph

15084 Commits (1110a86cb9bc3815aec2db1b5cc3253d63db53f5)
 

Author SHA1 Message Date
Jeff Lucovsky 1110a86cb9 detect/transform: Register case-change transforms 
Issue: 6439
 2 years ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 2 years ago
Jeff Lucovsky e5c2f9a56d detect/transform: Add case changing transforms 
This commit adds the implementation for the case changing transforms:
to_lowercase and to_uppercase

Issue: 6439
 2 years ago
Jeff Lucovsky ffd559cd8e detect/transform: Add case-change transform constants 
Add the constants for the to_lowercase and to_uppercase transforms

Issue: 6439
 2 years ago
Jeff Lucovsky 6a41843035 detect/tenants: Add tenant context to rule loads 
Issue: 1520

This commit adds the tenant id for context to rule and .config file
loads.
 2 years ago
Jeff Lucovsky 9d8eec453a general: Remove vi formatting directives 2 years ago
Jeff Lucovsky ad96382cf2 output/null: Add the null output device 
This commit adds the null output device; to use, set the filetype
to "nullsink" for each output that should discard and never persist
logs/alerts/etc.

This is implemented as an "internal eve output plugin" just like the
syslog eve output type.
 2 years ago
Ralph Eastwood 9865164e75 napatech: update docs to remove hba reference 2 years ago
Ralph Eastwood 7b0a5dae60 napatech: remove deprecated hba support 2 years ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 2 years ago
Philippe Antoine 8c5310aefd doc: quic in eve/schema 
Ticket: #6076
 2 years ago
Victor Julien 2f4027c117 version: start work on 8.0.0 2 years ago
Victor Julien 6bb882c4c0 macset: remove dead flow init/cleanup code 
FlowInit() will only be called on a newly allocated, or a fully cleaned
up flow, so no existing storage will exist.

The only caller of `FLOW_RECYCLE` first calls `FlowFreeStorage()`, so
the reset logic in `FLOW_RECYCLE` can never trigger.

Remove now unused MacSetReset logic.
 2 years ago
daniel zhao de14e3d0b5 detect/flow: fix DETECT_FLOW_FLAG_ESTABLISHED check 
Ticket: #6448
 2 years ago
Victor Julien 741ba51c1e github-ci: Fedora 37 to 39; use packaged cbindgen 2 years ago
Jason Ish 327c629253 outputs: call plugin ThreadDeinit, not Deinit 
With the change to the hash table for tracking threaded loggers, this
call is now called once per thread, so should be changed to the
ThreadDeinit, as that is not longer being called.

Then call Deinit for the primary logger. In threaded mode this would be
the parent, its just the logger in non-threaded mode.

Bug: #6438
 2 years ago
Jason Ish f2b47bb0dc eve: remove some dead code 2 years ago
Philippe Antoine 6249722589 http2: normalize host when there is user info 
Ticket: 6479
 2 years ago
Philippe Antoine b6cd66f41d http2: update brotli crate 
Fixes debug assertion found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63144
 2 years ago
Philippe Antoine 46a46e5b1f http2: event on mismatch between authority and host 
Ticket: #6425
 2 years ago
Philippe Antoine ae72ce77fa detect: parse units for integers 
Ticket: #6423

Especially for filesize, instead of just a number, a signature
can use a number and a unit such as kb, mb or Gb
 2 years ago
Kirjan Kohuladas c8a7204b15 doc/rule-profiling: fix suricatasc typo 3 years ago
Lukas Sismis 5300cb625e privs: refactor SCGetUser/GroupID to void functions 
SCGetUserID/SCGetGroupID either FatalErrored out or
returned zero. As a result, the functions got refactored
into non-returning void functions.
 3 years ago
Lukas Sismis 5b4ba0fe46 privs: hint the user of unset user/group name 
Ticket: #6278
 3 years ago
Victor Julien dc40a139ac packetpool: signal waiter within lock 
Needed for predictable scheduling. From pthread_cond_signal man page:

"The pthread_cond_signal() or pthread_cond_broadcast() functions may
 be called by a thread whether or not it currently owns the mutex that
 threads calling pthread_cond_wait() or pthread_cond_timedwait() have
 associated with the condition variable during their waits; however, if
 predictable scheduling behaviour is required, then that mutex is locked
 by the thread calling pthread_cond_signal() or pthread_cond_broadcast()."
 3 years ago
Victor Julien 087ca49e39 packetpool: return one packet as well on sync now 
If a thread is hitting the packet pool return on a 'sync_now' return
the packet also if it is the first packet since the last flush.

Bug: #6435.
 3 years ago
Victor Julien 6ae37b06f1 packetpool: remove WaitForN logic as it is unused 3 years ago
Victor Julien 0dda7f535c flow/timeout: no need to wait for packetpool 
The timeout logic no longer passes packets around, so don't depend
on the packet pool.

Bug: #6292.
 3 years ago
Victor Julien 6307a4d4b9 host/iprep: run all timeout logic 
Run all timeout logic if iprep is in use as well.

Minor code cleanups.

Bug: #6436.
 3 years ago
Victor Julien 80f13b93aa detect/urilen: fix discontinue matching logic 
Actually discontinue matching.

Fixes: 21f9cc3a39 ("discontinue matching on buffer if urilen returns a match failure.")
 3 years ago
Daniel Olatunji 3a40ed5641 detect/bytetest: convert unittests to FAIL/PASS 
Issue: #6332
 3 years ago
Jason Ish 7d60bb7139 dns/eve: make removed v1 style a warning, not an error 
We don't error out in this case, but instead default to v2. So use a
warning instead of an error.
 3 years ago
Jason Ish a240a93b69 dns/eve: use default formats if formats is empty 
If the configuration field "formats" is empty, DNS response records do
not have any relevant information other than that there was a
response, but not much about the response.

I'm pretty sure the intention here was to log the response details if
no formats were provided, which is what happens when the field is
commented out.

So if no formats are specified, use the default of all.

Bug: #6420
 3 years ago
Daniel Olatunji d4e4bdac90 detect/bytejump: convert unittests to FAIL/PASS 
Issue: #6328
 3 years ago
Jason Ish 804c5b737b runmodes: remove obsolete references to pcap auto modes 
These auto modes were remove many years ago. Also cleanup the wording
a little.

Task: #6427
 3 years ago
Jeff Lucovsky f363b99fd7 detect/bytejump: Improve end-of-buffer handling 
Issue: 4623

This commit addresses the issues reported in issue 4623 when the jump
value points at the last byte in the buffer.
 3 years ago
Jeff Lucovsky ffd769d178 detect/bytejump: Remove unused "Match" function 
Issue: 4623

DetectBytejumpMatch is no longer used -- it's counterpart --
DetectByteJumpDoMatch is and will remain.
 3 years ago
Lukas Sismis 292fda88b4 unix-manager: prioritize the shutdown check 
Make sure Suricata is in the running state before
you attempt to execute commands on the Unix sockets.
UnixMain is being called in an infinite loop where
TmThreadsCheckFlag(th_v, THV_KILL) is checked for the
deinit phase. However, it may take some time between
the start of Suricata's deinitialization and
the receipt of THV_KILL flag in the Unix thread.

In between this time period, the Unix manager can still
perform select() operation on the Unix socket while
the socket being already deinitialized.

Likely with a longer time span between the initial shutdown
command and actual closing of Unix sockets resulted in
an error of invalid file descriptors.

Ticket: #6272
 3 years ago
Juliana Fajardini a9851430e2 github: improve template CLA request info 
Indicate that the CLA only has to be signed once, as we have had
contributors think that was required for each new PR.
 3 years ago
Juliana Fajardini 54d8f45afc userguide: add proper label to RPM install section 
Use a reference label that is stable, instead of one that could change
in case a new section is added above it.
 3 years ago
Hadiqa Alamdar Bukhari 68d3c0c388 detect-tcp-window: Convert unittests to new FAIL/PASS API 
Task #6339
 3 years ago
Hadiqa Alamdar Bukhari 4ff52f26d7 flow-bit: Convert unittests to new FAIL/PASS API 
Task #6329
 3 years ago
Hadiqa Alamdar Bukhari 47a11c7ea4 util-misc: Convert unittests to new FAIL/PASS API 
Task #6345
 3 years ago
Liza Opar 3b1558946d misc: improve code documentation 
Task #6383
 3 years ago
Daniel Olatunji 54de0450f4 rust: remove cbindgen:ignore on frames module 
This directive is no longer required, and does
mess up the rustdoc description of the module.
 3 years ago
Daniel Olatunji 5c0af0b203 rust/doc: add docstring to rust module files. 
Issue: #4584
 3 years ago
Daniel Olatunji 0e5fdbb8fb doc: be consistent with the use of "sudo" 
Issue: #5720
 3 years ago
Victor Julien 2fe2d82506 version: start development towards 7.0.3 3 years ago
Shivani Bhardwaj d07e20c0a3 release: 7.0.2; update changelog 3 years ago
Philippe Antoine 737bc4f219 mime: avoid quadratic complexity in MimeDecAddEntity 
Ticket: #6306

Keep a reference to last child, consume a bit more RAM to save CPU
 3 years ago