aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,722 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '15c84bf3c6'
${ noResults }
Commit Graph

11722 Commits (15c84bf3c62b0a96778b061d995adc712a32fac8)
 

Author SHA1 Message Date
Philippe Antoine 65e232669c dnp3: better limit for tests when fuzzing 4 years ago
Philippe Antoine 80dc6c6f1e fuzz: improves detect proto target 
By mimicking assert message so as to clusterfuzz differentiates
between failures
 4 years ago
Victor Julien 4664444067 detect: fix inspection order with stateful rules 
When stateful detection rules, for which detection has already started
for a previous packet, are added to the candidates array, the array
is sorted to mantain the correct inspection order. However, due to a
trivial error in the sort helper the array was sorted in descending
instead of ascending order.
 4 years ago
Victor Julien ba781265a4 dcerpc/udp: fix transaction handling and logging 
Implement missing transaction handling.

Fix logging wrongly casting 'state' to DCERPCState instead of
DCERPCUDPState leading to crashes and malformed output.

Remove unused fields from DCERPCUDPState.
 4 years ago
Victor Julien e7b5201016 detect/mpm: remove usused cleanup function 4 years ago
Victor Julien e799357d9f detect: optimize prefilter result handling 4 years ago
Victor Julien ffb0945b4c detect/prefilter: small cleanup 4 years ago
Jason Ish bb7f80ef6c github-ci: check for duplicate SIDs in rules/ 4 years ago
Jason Ish 8bd68478a4 rules/mqtt: renumber mqtt events to avoid conflict with ssh 
Both SSH and MQTT events were in the 2228000 range. As SSH was
added first, renumber MQTT events into the 2229000 range which is
free.
 4 years ago
Philippe Antoine 8db78208f9 rust: fix warnings found by nightly compiler 
warning: getting the inner pointer of a temporary `CString`
this `CString` is deallocated at the end of the statement,
bind it to a variable to extend its lifetime
 4 years ago
Victor Julien 14aacbd067 decode/null: fix type parsing 4 years ago
Victor Julien 8d0b0e8739 atomics: fix compilation on ppc64 4 years ago
Jason Ish 76e011a5ba dnp3: set byte order when logging dnp3 src and dst 
DNP3 uses little endian on the wire, for the most part this
is handled as the messages are deserialize. However, the link
header is a cast over raw data, so swap these bytes as they
are being logged.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4173
 4 years ago
Victor Julien 75c0f9bd0a github-ci: windows in builds 4 years ago
Victor Julien 7b4ac8dbab doc/userguide: update http keywords 4 years ago
Victor Julien ca47d75c80 doc/userguide: explain --strict-rule-keywords 4 years ago
Philippe Antoine 65711f6bc2 app-layer: do not try to parse gaps during protocol change 
As this will leak the flow alstate because AppLayerParserParse
relies on FlowChangeProto to know if it should allocate a new
alstate
 4 years ago
Philippe Antoine 89ae1a0036 detect: apply transforms to http body 4 years ago
Philippe Antoine dfadd03b6f ci: updates github ci add-path mechanism 4 years ago
Danny Browning ac37fd5e29 tools: bash from env 
Use of hardcoded bash prevents users from using an upgraded bash which may
live in a different location. This behavior is often seen on OSX systems.

Utilize env to find the preferred bash to call for scripts.
 4 years ago
Jason Ish 2f81f3fbe9 rust/log: clarify comment in non-debug mode SCLogDebug 4 years ago
Jason Ish a453d28bc6 rust/log: order log macros in descending order 
Readability cleanup.
- error, notice, ... debug
 4 years ago
Jason Ish 411a5d41c1 rust/log: expand macros after checking log level 
Expand macros in the do_log macro after checking the log level
instead of each log macro (ie: SCLogDebug) expanding the macros
then passing off to do_log to have the log level check.

Will eliminate any expense of expanding macros if this log level
does not permit the given message to be logged.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4114
 4 years ago
Shivani Bhardwaj 269324e84d dcerpc/log: Log fields particular to an RPC version 
Log fields that only are meant to be in a PDU for a particular RPC
version. Since DCERPC/UDP works on RPC version 4 and DCERPC/TCP works on
RPC version 5, there are certain fields that are particular to each
version.
Remove call_id from the logger for UDP.
Add activityuuid and seqnum fields to the logger for UDP.
call_id and (activityuuid + seqnum) fields are used to uniquely pair a
request with response for RPC versions 5 and 4 respectively.
 4 years ago
Ilya Bakhtin 2033f386f9 rust/dcerpc: Remove redundant fields 4 years ago
Ilya Bakhtin 2840a2e064 rust/dcerpc: Make tx_id u64 4 years ago
Ilya Bakhtin 6916b63f09 dcerpc/udp: Fix pairing of request response 
So far, request and response were paired with serial number fields in
the header. This is incorrect. According to
https://pubs.opengroup.org/onlinepubs/9629399/chap12.htm,
"Together, the activity UUID and the sequence number uniquely identify
a remote procedure call."

Hence, add activity uuid and sequence number to the transaction and pair
the request accordingly. Remove incorrect handling of this and fix
tests.
 4 years ago
Ilya Bakhtin e9b21553cc rust/dcerpc: Add UDP flag definitions 4 years ago
Philippe Antoine 6b50a71d1a app-layer: lower limit for protocol detection on protocol change 
So that protocol detection does not run for too long because
TCPProtoDetectCheckBailConditions somehow relies on its TCP stream
to start from zero, which is not the case on protocol change

Adds also debug validation checks, such as
both sides are known on protocol change

And only sets once alproto_orig
 4 years ago
Jeff Lucovsky a18a9d3046 doc: New sticky buffer icmpv4.hdr 4 years ago
Jeff Lucovsky dabd50eeee detect: Register icmpv4 header 4 years ago
Jeff Lucovsky ac8532966b detect: Add icmpv4.hdr sticky buffer 
This commit adds a new sticky buffer to access the ICMPv4 header.
 4 years ago
Jeff Lucovsky 7cbe7c6463 detect: New enum for icmpv4 header keyword 4 years ago
Jeff Lucovsky 988bb26828 decode: Improved handling of ICMPv4 messages 
This commit improves handling of ICMPv4 messages, especially those with
variable sized headers.

This commit also adds a header length variable for use by the new
sticky buffer for the header.
 4 years ago
Victor Julien a9249cb2f6 github-ci: fix debian 10 test using rustup 4 years ago
Jeff Lucovsky 828bf6d1d6 detect: Treat offset as a signed value 
This commit updates the detector to treat 'offset' as a signed value to
be compatible with Snort.
 4 years ago
Phil Young 76de981574 napatech: Added comment indicating that hba will be deprecated 
HBA will be deprecated in Suricata 7
 4 years ago
Phil Young dc5349a30c napatech: Add Deprecation Warning Message for HBA 
Added a message that HBA will be deprecated in the future and removed
hba from default conf file.
 4 years ago
Jason Ish 3030a3da18 doc: provide eve 1 deprecation date 4 years ago
Jason Ish 8dbc774dfa dns: eve 1 deprecation warning 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4137
 4 years ago
Jason Ish d8242c5d07 dns: fix leak in dns v1 logging 
Intermediate JsonBuilder object was not being freed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4086
 4 years ago
Phil Young fa77e02cf1 napatech: Removed restriction on use of inline mode 
Removed the unnecessary restriction on the use of inline mode only when
bypass is enabled.  Now, Inline can be used independent of bypass
functionality.
 4 years ago
Phil Young 789dcbd49d napatech: Fix potential double release of packet 
This addresses readmine issue #4018.  There was the potential for a packet
buffer to be released twice in response to an error condition.  This
addresses this by only calling NT_NetRxRelease() when the p->ReleasePacket
is called.
 4 years ago
Philippe Antoine 7d594d8710 fuzz: better packet recycling in sigpcap target 
need especially to set datalink for every packet
 4 years ago
Philippe Antoine c93cbe66c2 fuzz: applayer target uses yaml config 
so that every app-layer protocol is enabled
 4 years ago
Philippe Antoine f29982c03c ci: adds cifuzz workflow 4 years ago
Philippe Antoine 9cf1d29005 fuzz: adds fuzzing status badge in README 4 years ago
Sascha Steinbiss ea2bc4c962 eve: do not access flow storage in packet context 
We must make sure not to access the flow storage (e.g. keeping a
MacSet) before making sure we have a flow to begin with, We can,
for example, run into an alert without a flow with `ip` rules,
in which case the flow might be NULL. See Redmine issue #4109.
 4 years ago
Jeff Lucovsky d2c8c9f58e github-ci: Improve body parsing 
This commit improves handling of the PR body parsing to eliminate
unneeded characters.
 4 years ago
Jeff Lucovsky 68418a26db detect/file-data: Improved support for share bufs 
This commit improves support for shared buffer usage, i.e., when
multiple rules share the file data (http) buffer and apply different
combinations of transforms and fast_patterns (or none).
 4 years ago