aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,451 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b24f4d357'
${ noResults }
Commit Graph

13451 Commits (1b24f4d357fd922a5c3202fce2904da29a04ed12)
 

Author SHA1 Message Date
Philippe Antoine 461725a9bf dhcp: adds leasetime keyword 
As it is logged

Ticket: #5435
 2 years ago
Jason Ish f1f43cba5e app-layer: don't wrap around on port 65535 
A port value of 65535 caused the port value to wrap-around to 0
resulting in an infinite loop.

Fixes: 53fc70a9a7 ("protodetect: fix int warnings")
 2 years ago
dependabot[bot] c8cf25a21a github-actions: bump actions/cache from 3.0.6 to 3.0.7 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.6 to 3.0.7.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.6...a7c34adf76222e77931dedbf4a45b2e4648ced19)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Victor Julien 3eb4fee040 rust: set MSRV to 1.58.1 
Ticket: #4163.
 2 years ago
Juliana Fajardini c81b78fd1c detect/parse: test sig parsing for more actions 
Our unittests were only covering sig parsing for alert actions. As in
environments without LibNet the reject action will not work, we must
ensure that our parser properly fails in such cases, instead of silently
accepting an unsupported action.

Added tests for the reject and drop action.

Task #5496
 2 years ago
Shivani Bhardwaj 2c4d6b33ae doc/conf: fix sphinx language setting 
sphinx-build 5.1.1 and above throws a warning which is treated as an
error while building.

Invalid configuration value found: 'language = None'. Update your configuration to a valid language code. Falling back to 'en' (English).
 2 years ago
Philippe Antoine 9b4a133777 http2: remove to_vec for comparisons 
Ticket: #5454
 2 years ago
Philippe Antoine d011b468da http2: fix clippy warning about &Vec<u8> 
Using &[u8] instead in function prototype
 2 years ago
Shivani Bhardwaj 14561ffe72 eve/schema: add smtp url bool fields 2 years ago
Eric Leblond 954e3e1f3f smtp/mime: fix url extraction when no config is set 2 years ago
Eric Leblond ad6c2f1411 eve/email: log existing url type 
MIME parsing was setting flag on URL to indicate their
estimated type. This patch attach the information to
the email object so the user can extract interesting
email directly:

```
  "email": {
    "status": "PARSE_DONE",
    "from": "Eric Leblond <regit@regit.org>",
    "to": [
      "eric@regit.org"
    ],
    "has_ipv6_url": false,
    "has_ipv4_url": false,
    "has_exe_url": true,
    "url": [
      "http://www.toto.com",
      "http://perdu.com.",
      "https://hacke.me/pown.exe"
    ]
  }
```
 2 years ago
Eric Leblond 767d2cc9ba util/mime: add some extensions to exe list 2 years ago
Benjamin Wilkins 3b1b9a32fb doc: Document SCByteVarGet lua function 
Add documentation for accessing results from byte_extract and byte_math
in lua match functions

Issue: 2871
 2 years ago
Benjamin Wilkins 57ef80f5ec lua: Expose byte extract to lua match scripts 
Allow lua match scripts to access variables defined in rule by
byte_extract or byte_math

Issue: 2871
 2 years ago
Philippe Antoine 3de735ae70 ike: log ikev1 tx fields instead of state ones 
As state fields can grow abitrarily, and this can lead to DOS
by quadratic complexity (CPU time and disk space)

Adds a direction field to retain all the information in the
transaction.

Also checks array vendor_ids had at least one element before
logging it.

Ticket: #5455
 2 years ago
Philippe Antoine d0171d7418 ike: rustfmt 2 years ago
Jason Ish 2b83cc799d github-ci: add AlmaLinux 9 build 2 years ago
Jason Ish d9b6e1d967 github-ci: test execution of suricatasc and suricata-update 2 years ago
Jason Ish 9a1d6af858 python: install without distutils 
Instead of using distutils/setuptools for installing the Python code,
just install it into our own Python directory.

Distutils is being removed from Python, and setuptools doesn't work well
when trying to install into your own location. For our usage its just
simpler to install with make.

In addition to removing the configure check for distutils, also remove
the check for pyyaml. This lets the user install pyyaml after Suricata
is installed, and Suricata-Update does handle this case gracefully.

Issue: #5313
 2 years ago
Eric Leblond debdff0375 detect/tls: fix descriptions 
Most keywords were presented as content modifiers when they
were in fact sticky buffers.
 2 years ago
Victor Julien 5fbec8ca67 netmap: fix includes 2 years ago
dependabot[bot] 8bf45c5f74 github-actions: bump actions/cache from 3.0.5 to 3.0.6 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.5 to 3.0.6.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](0865c47f36...f4278025ab)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Jason Ish a5d66a7452 bundle.sh: comment line fixup 
Accept lines that start with a hash, but not immediately followed by a
space as a comment as well.
 2 years ago
Philippe Antoine 489ac003b2 detect/krb: no more wrapper around DetectEngineInspectGenericList 2 years ago
Philippe Antoine 5c7b5c5fb5 krb: detection for ticket encryption 
As is done for logging.

Ticket: #5442
 2 years ago
Philippe Antoine 64b2385c64 krb: log for ticket encryption 
Also logs if the ticket encryption is weak.
It is different from the encryption used for the rest of the
packet, and this allows to detect kerberoasting attack.

Ticket: #5442
 2 years ago
Philippe Antoine 7fcc6696cb krb: rustfmt kerberos.rs 2 years ago
Philippe Antoine 675de33405 krb: bump up crate version 
kerberos parser crate is also used by other procotols : nfs and
smb. These protocols use an older der_parser crate version.
Upgrading der_parser will simplify the code further.
 2 years ago
Philippe Antoine 783dff2c38 krb: rustfmt detect.rs 2 years ago
Victor Julien 5fec07b87d flow: minor compiler warnings 
flow-util.c: In function 'FlowEndCountersRegister':
flow-util.c:294:34: warning: 'name' may be used uninitialized in this function [-Wmaybe-uninitialized]
  294 |         fec->flow_tcp_state[i] = StatsRegisterCounter(name, t);
      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2 years ago
Jeff Lucovsky 4aa4ad3f74 stream/rules: add example rule for reassembly depth 
Issue: 3512
 2 years ago
Jeff Lucovsky e133ab029e stream/event: Trigger stream reassembly event 
Issue: 3512

This commit triggers the stream reassembly depth reached event.
 2 years ago
Jeff Lucovsky 1d8cc7791d general: Typo fixup 2 years ago
Jeff Lucovsky 6a039ab316 stream/event: New reassembly depth event 
Issue: 3512

This commit adds a stream event triggered when the stream assembly depth
is reached.
 2 years ago
Philippe Antoine e1e03c25c9 ci: update to macos latest 2 years ago
Jason Ish f3d3274e92 github-ci: enable nfqueue on fedora 36 build 2 years ago
Jason Ish c862e84c01 rust/frames: cleanups 
- Implement the Display trait on Direction to print "toserver" or
  "toclient" which used in a format string.

- Use Direction struct inside Frame instead of a u32.  Requires a helper
  method as there are two representation in C for direction, and the C
  methods for frames don't use the internal representation of the
  Direction enum (some sweeping changes could help here)
 2 years ago
Jason Ish f92708b8ca rust/frames: derive direction from StreamSlice 
On the Rust side, a Frame requires a StreamSlice to be created. We can
derive the direction from the StreamSlice removing the need for callers
to provide the direction when operating on the frame.
 2 years ago
Jason Ish b39d7f46e7 dns/tests: fix StreamSlice to satisfy debug validation 2 years ago
Philippe Antoine f3b6fd3329 quic: update to nom7 2 years ago
Philippe Antoine 95125811b8 quic: reassemble crypto frames and parse it 2 years ago
Philippe Antoine 301ab96a71 ci: have one github workflow with MSRV 2 years ago
Philippe Antoine 896f0d91ce quic: complete schema.json 
adding ja3 and extension fields
 2 years ago
Philippe Antoine f242fb7f22 quic: events and rules on them 2 years ago
Philippe Antoine b9c1d9e86b quic: parse gquic version Q039 
Ticket: #5166
 2 years ago
Philippe Antoine 018fef5ef8 quic: ja3 computation and logging and detection 
Logging as is done in TLS.

Detection using the generic generic ja3.string keyword

Ticket: #5143
 2 years ago
Philippe Antoine c6cf61a39b quic: complete parsing of initial for non gquic 
The format of initial packet for quic ietf, ie quic v1,
is described in rfc 9000, section 17.2.2

Parse more frames and logs interesting extensions from crypto frame

Do not try to parse encrypted data, ie after we have seen
a crypto frame in each direction.

Use sni from crypto frame with tls for detection already implemented

Ticket: #4967
 2 years ago
Philippe Antoine 7044131c39 quic: rustfmt 2 years ago
Philippe Antoine 0c346af4a9 rust: bump up digest crates 
so that we can use hkdf crate for quic
 2 years ago
Philippe Antoine 2294e9cdbc rdp: bump up tls-parser crate version 
so that we can use new functions in quic parser
 2 years ago