aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,230 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1345c6d1cb'
${ noResults }
Commit Graph

16230 Commits (1345c6d1cb5a9ac825f4bafc0e2a26d5e4a98e1e)
 

Author SHA1 Message Date
Shivani Bhardwaj 1345c6d1cb doc/file-extraction: fix highlight syntax 6 months ago
Juliana Fajardini 682b199ea0 userguide: expand documentation for rule profiling 
The page about performance and rule profiling showed the table generated
by rules profiling but didn't inform how to achieve nor find it.

Task #4359
 6 months ago
Jason Ish 15fe844ae7 syslog: deprecate 
The standalone syslog output is now deprecated for Suricata 8. Display
a warning on use and add notes to the userguide.

Ticket: #6544
 6 months ago
Jason Ish 5853fb922d tls-log: deprecate 
tls-log is now deprecated and will be removed in Suricata 9.0. Display
a deprecation notice on use, and add notes to the user guide.

Ticket: #6542
 6 months ago
Jason Ish ab26323a96 http-log: deprecate 
http-log is now deprecated and will be removed in Suricata
9.0. Display a deprecation notice on use, and add notes to the
userguide.

Issue: #6543
 6 months ago
Jason Ish d7e33a51bc arp: profiling logger id must come before LOGGER_SIZE 
Also added comment to make this more clear.
 6 months ago
Philippe Antoine 629873c2bc datasets: test unix socket ipv6 operations 
Ticket: 6969
 6 months ago
Eric Leblond 4668c95513 datasets: fix parsing of ip4 in ip6 
The lookup function was not taking into account that we can have
an IPv4 or an IPv6 address as parameters and that this addresses
need to be converted to Suricata internal storage.
By using the already defined dedicated parsing function, we are
fixing the issue.

Issue: #6969
 6 months ago
Lukas Sismis a32b68985f profiling: use correct conditional on packet profiling data dump 
Ticket: #7218
 6 months ago
Victor Julien cff82f16b3 pcap-file: limit setvbuf to linux 
As it fails to work correctly on FreeBSD and OpenBSD.

On FreeBSD, these are the errors:

Info: pcap: Pcap-file will use 4096 buffer size [PcapFileGlobalInit:source-pcap-file.c:159]
Error: pcap: failed to get first packet timestamp. pcap_next_ex(): -2 [PeekFirstPacketTimestamp:source-pcap-file-helper.c:186]
Warning: pcap: Failed to init pcap file input.pcap, skipping [ReceivePcapFileThreadInit:source-pcap-file.c:299]
Error: pcap: pcap file reader thread failed to initialize [ReceivePcapFileLoop:source-pcap-file.c:185]
 6 months ago
Victor Julien 688bd538cf pcap: implement pcap-file-buffer-size option 
Allows easy specification of buffer size on the commandline.

Ticket: #7155.
 6 months ago
Victor Julien 7b730c2e68 pcap-file: improve setvbuf implementation 
Make optional through `pcap-file.buffer-size` config option.

Make sure to check through configure.

Ticket: #7155.
 6 months ago
Jason Ish 5f2aef7777 pcap-file: use larger buffer for reading pcap files 
Inspired by a recent Zeek blog post, this could speed up PCAP
processing by a few percent.

Ticket: #7155.
 6 months ago
Victor Julien 96a0ffadde packetpool: allow larger max-pending-packets 
Original limit was due to a specific data structure.
 6 months ago
Philippe Antoine 304271e63a rust: compatibility with cbindgen 0.27 
Ticket: 7206

Cbindgen 0.27 now handles extern blocks as extern "C" blocks.
The way to differentiate them is to use a special comment
before the block.
 7 months ago
Giuseppe Longo 564a6c9a20 rust/ldap: handle GAPs 
Following the same logic as for PGSQL, if there is a gap in an LDAP request or
response, the parser tries to sync up again by checking if the message can be
parsed and effectively parses it on the next call.

Ticket #7176
 7 months ago
Giuseppe Longo 6a606ff21e rust/ldap: add pdu frames 
This adds a pdu frame for both request and response, and removes invalid
returns in SCLdapParseRequest and SCLdapParseResponse.

Ticket #7202
 7 months ago
Giuseppe Longo edf70276d6 rust/ldap: enable parser for udp 
This introduces a new parser registration function for LDAP/UDP, and update
ldap configuration in order to be able to enable/disable a single parser
independently (such as dns).
Also, GAPs are accepted only for TCP parser and not for UDP.

Ticket #7203
 7 months ago
Juliana Fajardini 246acc7140 userguide: clarify flow:stateless explanation 
While not incorrect, the previous wording made the sentence almost
paradoxical. While at it, also highlight a side effect that might not be
so clear to users.

Related to
Bug #6976
 7 months ago
Philippe Antoine ede77bc4db rfb: move app-layer registration code to rust 
Ticket: 7178
 7 months ago
Philippe Antoine 62a186ceef detect/rfb: move keywords to rust 
Ticket: 7178

On the way, convert rfb.secresult to a generic integer with enumeration
cf ticket 6723
 7 months ago
Philippe Antoine a673e1913b ssh/frames: avoid unsigned integer overflow 
Fixes: 0b2ed97f36 ("ssh: frames support")
 7 months ago
dependabot[bot] 6d8fbf364a github-actions: bump ossf/scorecard-action from 2.3.3 to 2.4.0 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 7 months ago
dependabot[bot] 9436631f33 github-actions: bump github/codeql-action from 3.25.11 to 3.25.15 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.25.11...v3.25.15)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 7 months ago
Philippe Antoine 61cb14d272 detect: make events prefilterable 
Ticket: 6728
 7 months ago
Philippe Antoine bd23185f7d detect: minor optimization for tx 
do not bother to clean the buffers, if we did not run detection
for this transaction.
 7 months ago
Philippe Antoine 3ad15f5c37 detect/tx: avoid a call to memset 
just initialize the small struct to zero
 7 months ago
Victor Julien fa9cae3899 doc/userguide: document logging changes from 6 to 7 
Minor other logging related improvements like clarifying language and
improving formatting for pdf output.
 7 months ago
Philippe Antoine 42e5e556e5 rust/ike: fix collapsible_match clippy warning 
warning: this `match` can be collapsed into the outer `match`
help: the outer pattern can be modified to include the inner pattern
 7 months ago
Philippe Antoine 564f685eea rust: fix byte_char_slices clippy warnings 
warning: can be more succinctly written as a byte str
   --> src/mime/smtp.rs:762:37
    |
762 |     mime_smtp_find_url_strings(ctx, &[b'\n']);
    |                                     ^^^^^^^^ help: try: `b"\n"`
    |
    = help: for further information visit https://rust-lang.github.io/rust-clippy/master/index.html#byte_char_slices
    = note: `#[warn(clippy::byte_char_slices)]` on by default
 7 months ago
Philippe Antoine 3f8251bd47 fuzz: make confyaml.c an explicit source 
Ticket: 7181

Allows confyaml.c to be in the release archive
 7 months ago
Philippe Antoine f96994fb3b source: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 7 months ago
Philippe Antoine 4ae5799720 log: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 7 months ago
Philippe Antoine 87eb4b5077 output/tx: use dynamic number of app-layer protos 
Ticket: 5053
 7 months ago
Philippe Antoine 323610c1e8 output: use dynamic number of app-layer protos 
Ticket: 5053
 7 months ago
Philippe Antoine dacb965fb8 runmodes: use dynamic number of app-layer protos 
Ticket: 5053
 7 months ago
Philippe Antoine 089d2b11fd frames: remove unneeded comments 
Used by documentation with the SIP frames only
 7 months ago
Philippe Antoine ef42f835eb ssh: avoid panic in packet path 
use debug_validate_bug_on instead
 7 months ago
Philippe Antoine 6ae294c770 detect: run frames on pseudo flush packets 
for SSH packets that mark the end of plaintext
 7 months ago
Philippe Antoine 0b2ed97f36 ssh: frames support 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
 7 months ago
Victor Julien da1645b3e1 rust: bump time to most recent 
Fixes build on rustc 1.80.

Bumps the MSRV to 1.67.1.

Bug: #7130.
 7 months ago
Victor Julien 058ad87089 rust: set MSRV to 1.67.1 
This is needed for updating the ``time`` crate.
 7 months ago
Victor Julien e480938724 github-actions: switch dist builders to ubuntu 22.04 
Part of bumping MSRV.

22.04 is the first Ubuntu release to ship a new enough Sphinx.
 7 months ago
Victor Julien f94988d050 github-actions: update for MSRV 1.67.1 7 months ago
Victor Julien a0bf282963 rust: address clippy errors 7 months ago
Victor Julien 5bda7b5017 ssh/hassh: fix clippy warning 7 months ago
Shivani Bhardwaj 638b5c4da7 eve/stats: add description for flow stats 
Ticket 6434
 7 months ago
Philippe Antoine 7617fe5ab0 ldap: reset tx_index_completed on tx removal 
So, that this index does not overflow
 7 months ago
Philippe Antoine 7f6c963ac4 doh2: log like dns v3 7 months ago
Philippe Antoine 8aa2964e73 doh: move fields into dedicated Optional struct 
So as to consume less memory for HTTP2Transaction
 7 months ago