aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,230 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1345c6d1cb'
${ noResults }
Commit Graph

16230 Commits (1345c6d1cb5a9ac825f4bafc0e2a26d5e4a98e1e)
 

Author SHA1 Message Date
Juliana Fajardini bb45ac71ef dns: allow triggering raw stream reassembly 
For TCP streams, app proto stream reassembly can start earlier, instead
of waiting and queueing up data before doing so.

Task #7018
Related to
Bug #7004
 9 months ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 9 months ago
Philippe Antoine 0d267e29a5 files: remove the need for state in callbacks 
As files now belong to transactions
 9 months ago
Philippe Antoine e8438fdb58 app-layer: remove unused parameters 9 months ago
Philippe Antoine 5167ff6411 smtp/mime: look for urls in base64 message 
Ticket: 5185

Previously, it was looked for message in plain text, and base64
encoding was only handled for attachments.

This commit also fixes the buffering got such base64 data streamed
into urls finding, by buffering a beginning non-empty line,
and by ensuring that we run extraction on the last line,
even if it had no EOL.
 9 months ago
Philippe Antoine 1c0514c16a dpdk: simplify and fix build 9 months ago
Philippe Antoine 441813aa47 fuzz: build with dependencies on rust and c lib 
So that there is no need to remove the final binary, to recompile
it if there has been changes in the code.
 9 months ago
Philippe Antoine 358bc05fa1 ci: fix and test with Wunused-macros 
Ticket: 6937

Completes ce9bfba76a
 9 months ago
Shivani Bhardwaj de1de53e2f eve/stats: add description for flow mgr & recycler 
Ticket 6434
 9 months ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 9 months ago
Juliana Fajardini 0946c213cd pgsql: trigger raw stream reassembly 
Expose the raw stream earlier to the detection engine, as Pgsql can have
multiple messages per transaction and usually will have a message
complete within one TCP packet.

Bug #7000

Related to
Bug #7026
 9 months ago
Juliana Fajardini 69e26de197 pgsql/logger: open json object from logger function 
Before, the JsonBuilder object for the pgsql event was being created
from the C-side function that actually called the Rust logger.

This resulted that if another module - such as the Json Alert called the
PGSQL logger, we wouldn't have the `pgsql` key present in the log output
- only its inner fields.

Bug #6983
 9 months ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 9 months ago
Victor Julien 306fd795c3 smtp/frames: initial frame support 
Adds the following frames:

  command_line
  data
  response_line

The *_line frames are per line, so in multi-line responses each line
will have it's own frame.

Ticket: #4905.
 9 months ago
Victor Julien 2cebc8368c flow-worker: debug output about updates 9 months ago
Victor Julien c17df004ed stream: process ASYNC in packet dir 
There will generally not be an opposing direction to handle
the app update.
 9 months ago
Victor Julien a9dd1572d4 detect/frames: inspect frames only in correct direction 
Inspect frames in the correct direction after they have been created.
 9 months ago
Victor Julien 866c128c43 app-layer: flag flow for next packet in other dir 
Add new flags to trigger FLOW_TS_APP_UPDATED/FLOW_TC_APP_UPDATED flags
to be set for the next packet in the relevant direction.

This allows for app relevant work to be done in the next packet in our
direction.
 9 months ago
Victor Julien 683363b42d detect/frames: avoid IPS rescanning 
Make sure to only scan the data when the app layer has been updated
as well.

Ticket: #6718.
 9 months ago
Victor Julien 2e5e3498a6 app-layer/frames: add by type getter 
AppLayerFrameGetLastOpenByType: Returns the most recent frame with a type
with unknown length (-1).

Check if type is globally enabled first.
 9 months ago
Victor Julien 803e8dd32e frames: add FrameGetLastOpenByType 
Getter for the most recent frame with unknown length (-1).
 9 months ago
Victor Julien c7402d2d01 frames: fix bounds check 9 months ago
Victor Julien 243587805d stream: minor code clarification 
'dir' was too generic, so indicate it's about the app-layer update direction.
 9 months ago
Victor Julien e6c1b9d846 app-layer: minor code clarification 
'dir' was too generic, so indicate it's about the app-layer update direction.
 9 months ago
Philippe Antoine 9332bc2c45 dns: adds missing NS field in json schema 9 months ago
Philippe Antoine 7fb10676e7 dns: remove unneeded mut in logger 9 months ago
Philippe Antoine a10c1f1dde smtp: use rust for mime parsing 
Ticket: #3487
 9 months ago
Philippe Antoine 5f75b9a6e3 http: use rust for mime parsing 
Ticket: #3487
 9 months ago
Philippe Antoine ddb3a0c9de http: multipart unused code removal 9 months ago
Philippe Antoine 8d4699fbba eve/schema: complete and reorder smtp fields 
received and cc were missing
 9 months ago
Philippe Antoine 5555aa6788 mime: improved token parsing 
Accepts escaped quote in escaped string
 9 months ago
Victor Julien 130d75f025 github-action: remove end of life CentOS 8 stream 9 months ago
Victor Julien 1190e426f9 defrag: remove trackers on lookup 
When looking up a tracker, remove any timed out / completed trackers.
 9 months ago
Victor Julien 75b78d7643 defrag: add defrag.memuse counter 
Gives a current snapshot of the memory in use by the defrag engine.
 9 months ago
Victor Julien becc91c306 defrag: timeout check on look up; tag for removal 9 months ago
Victor Julien 83dc703d1f defrag: add various counters 9 months ago
Victor Julien dcaeed7b95 defrag: remove tracker on frag pool issues 
If a frag wasn't inserted due to pool empty or alloc failure, clear and

invalidate the tracker.
 9 months ago
Victor Julien fc05d253d2 defrag: add defrag.mgr.tracker_timeout counter 
Updated by flow manager.
 9 months ago
Victor Julien 39876bf566 defrag: update exception policy counter: ptr can't be NULL 9 months ago
Victor Julien 383892463c defrag: fix test passing NULL pointers 9 months ago
Victor Julien fc93a3875e defrag: turn queue into stack 
Only used by the spare tracker logic, which works better as a stack.
 9 months ago
Victor Julien 475c40f9c2 defrag: minor cleanups; dead code removal 9 months ago
Victor Julien 8b57545540 defrag: turn hash row into single linked list 9 months ago
Victor Julien 26a73503aa defrag: timeout/reuse start of list 9 months ago
Victor Julien 97705c94e4 defrag: simplify lookup/create loops 
Turn into a simpler do { } while loop like in the flow code.
 9 months ago
Victor Julien 76e05c72f6 eve/schema: reformat 9 months ago
dependabot[bot] 4040ae10d1 github-actions: bump codecov/codecov-action from 4.1.1 to 4.4.1 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.4.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4.1.1...125fc84a9a348dbcf27191600683ec096ec9021c)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 9 months ago
dependabot[bot] 1c5661673f github-actions: bump ossf/scorecard-action from 2.3.1 to 2.3.3 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 9 months ago
dependabot[bot] 0b4652f4cc github-actions: bump github/codeql-action from 3.25.3 to 3.25.7 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.3 to 3.25.7.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.25.3...v3.25.7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 9 months ago
Victor Julien 3b1fecbab1 output/streaming: suppress noisy start up message 9 months ago