aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,382 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '11eb1d7c1d'
${ noResults }
Commit Graph

6382 Commits (11eb1d7c1d2b77d0706d7fd1632d9deeb7937a04)
 

Author SHA1 Message Date
Victor Julien fe445367bd icmpv4: improve dest unreachable logic 
When a ICMPv4 destination unreachable packet contains an embedded packet
this packet is parsed. When it's found to be invalid, the whole ICMP
packet is tagged as invalid.

In some cases the unreachable packet would still be used.

This patch fixes this by checking the packet is invalid flag as well
in the ICMPV4_DEST_UNREACH_IS_VALID macro.
 9 years ago
Victor Julien 2fbfd6efcc DER decoder: don't use strlcpy on non-strings 9 years ago
Victor Julien fae2836039 http: more sane body inspection/tracking defaults 9 years ago
Victor Julien efdd9e08f2 http: improve body pruning 
In case the body wasn't inspected the body_inspected variable wouldn't
get updated leading to the body not getting pruned at all.

This patch adds support for this case.
 9 years ago
Victor Julien 64017cd29b ips/drop-log: fix crash on logging drops 
When logging drops for fragmented UDP packets, triggered by detection
in the reassembled packet, a missing check could lead to access of the
packets UDP header pointer when it was NULL.
 9 years ago
Victor Julien 136c6440c8 http file: fix txid type 9 years ago
Victor Julien 006cd5ae36 file: sync file and tx id types 9 years ago
Victor Julien a74a8c874f smtp: reset inspection buffers 9 years ago
Victor Julien 2582e61af7 http: fix body prune check 9 years ago
Victor Julien e94bf9726d Update Changelog for 3.0RC2 9 years ago
Victor Julien b333e5feae dns: reject bad response data 9 years ago
Victor Julien 260841827f smtp: improve handling of bad traffic 
No longer fail tracking the SMTP stream when a unexpected reply is
encountered.

Do not store the unexpected reply.
 9 years ago
Victor Julien 4b69e1aec1 stream-tcp: bail early on segments before base_seq 
In cases where base_seq has moved beyond last_ack, bail early.
 9 years ago
Victor Julien 8cdd96d7a4 tls: suppress warnings on alloc failure 9 years ago
Victor Julien b4dad91e26 unified2: disable by default 9 years ago
Victor Julien 36fde7df42 stats log: suppress 0 counters by default 9 years ago
Victor Julien 86a3f06410 afpacket: suppress output 9 years ago
Victor Julien bed1867830 afpacket: move zero copy setup to config parsing 
This way it's run and logged per device, instead of per thread.
 9 years ago
Victor Julien 9d882116e2 afpacket: indent fixup 9 years ago
Victor Julien cf2588acc4 offloading: compress printing of iface offloading 9 years ago
Victor Julien f89a421990 afpacket: on missing cluster settings, set defaults 9 years ago
Victor Julien 49dbb455b5 afpacket: add null decoder, put ethernet first 9 years ago
Victor Julien 7b45a8a2a9 device: constify string args 9 years ago
Jason Ish d87a60f3cc modbus: disable by default 9 years ago
Eric Leblond 538f37bd38 output-json: add app_proto key in root 
By adding the key in the root of *flow and fileinfo  events it
will be possible to get all events for one application layer by
using a 'event_type:proto OR app_proto:proto' filter. This will
permit to the analyst to get a good view of events related to
one protocol.

This patch also fixes a regression in file logging where app_proto
was available before 94dbd303e4 create
the regression.
 9 years ago
Alexander Gozman 8ac48872a5 Feature 1605: more descriptive error messages when checking MTU, etc 9 years ago
Victor Julien 019f856442 profiling: fix lock profile compilation 9 years ago
Victor Julien ac476de5ed json: small improvement to log message wording 9 years ago
Eric Leblond 9930f447d2 output-json: fix regression on log prefix handling 
The log prefix option was not anymore honored due to a regression
caused by some recent code.
 9 years ago
Maurizio Abba 1291250c0f app-layer-smtp: support for multiline response 
Multiline response support is provided but not enforced. This patch
allow parsing multiline response when a reply is processed
 9 years ago
Victor Julien 737c99dd30 Update changelog for 3.0RC1 9 years ago
Victor Julien 84c4566a14 Update dev version to reflect we're doing 3.0 now 9 years ago
Victor Julien d77e403024 rule vars: fix compiler warning 9 years ago
Victor Julien a7f54d63b7 tls: fix compiler warnings 9 years ago
Victor Julien a1075ee2f2 http: add test for plain http over connect 9 years ago
Victor Julien cd81af0bc9 http: don't run unittests twice 9 years ago
Victor Julien e86e27bab7 http: test cleanups 9 years ago
Aaron Campbell 50f4fb2a72 Fix out-of-bounds memory access in DNS TXT record parser. 
The datalen variable is declared unsigned.  If txtlen and datalen are equal,
datalen will first be reduced to 0, and then the datalen-- line will cause its
value to wrap to 65535.  This will cause the loop to continue much longer than
intended, and eventually may crash on an out-of-bounds *tdata dereference.

Signed-off-by: Aaron Campbell <aaron@monkey.org>
 9 years ago
Victor Julien 4dfbc0effa multi-detect: fix and simplify config 
instead

mappings:
  - vlan:
    vlan-id: 1
    tenant-id: 2

we'll now use:

mappings:
  - vlan-id: 1
    tenant-id: 2

For YAML it pretty much means the same thing.

Ticket: 1517
 9 years ago
Victor Julien 07d8617b3e multi-detect: improve error handling 9 years ago
Victor Julien 906b95eed3 multi-detect: handle missing mappings 
Notify/warn user about missing mappings depending on other settings
like unix socket and init errors fatal.
 9 years ago
Victor Julien 27783f4c66 multi-detect: consider vlan tracking 
Refuse to use vlan selector if vlan tracking is disabled.
 9 years ago
Victor Julien 04889f154d multi-detect: validate vlan_id 9 years ago
Victor Julien d7d76e7b27 multi-detect: use default tenant 
The default detect engine can be used as 'default tenant'.
 9 years ago
Victor Julien dc3c1ef01e multi-detect: clean up output 9 years ago
Victor Julien adecf41720 base64: code style fixups 9 years ago
Jason Ish 6b15686fd1 base64_decode, base64_data: decode and match base64 9 years ago
Jason Ish 9375e8fb3c util-base64: strict mode - all characters must be valid 
Introduce a strict mode to base64 decode. If strict,
the function will fail when invalid input data is seen.
If not strict, what has been decoded will be returned.

This is in support of adding a Snort compatible base64_decode
rule option that uses whatever data can be decoded as a length
of data to decode is optional.
 9 years ago
Mats Klepsland 7281f6aaf3 lua: added function TlsGetSNI() 
Added function to get server name from TLS SNI extension.
 9 years ago
Mats Klepsland f363d11afe log-tls: added SNI field to extended output 
Added SNI field to extended tls log output.
 9 years ago