aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,761 Commits
11 Branches
163 Tags
192 MiB
dependabot/github_actions/github/codeql-action-4.31.2
dependabot/github_actions/actions/download-artifact-6.0.0
dependabot/github_actions/actions/upload-artifact-5
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '286bd2a7ed'
${ noResults }
Commit Graph

13761 Commits (286bd2a7ed7dc1bd18db40021142714ed371e5d4)
 

Author SHA1 Message Date
Philippe Antoine 286bd2a7ed rust: fix cargo clippy --all-features 3 years ago
Philippe Antoine bc287018e5 rust: cargo clippy --all-features --fix --allow-no-vcs 3 years ago
Philippe Antoine ce66c26afc ci: cargo clippy run option 
As clippy does not recognize git which is above
 3 years ago
Philippe Antoine cd4bf518f3 rust: fix warnings on rustc 1.67.0-nightly 
warning: for loop over an `Option`. This is more readably written
as an `if let` statement
 3 years ago
Daniel Young aeb0c0e71a detect/parse-port: fix whitespaces bug 
Updated by Victor Julien to:
- accept but strip leading whitespaces
- update tests
- cleanup tests
 3 years ago
Eric Leblond ea85e2ccf2 detect/filename: fix buffer description 3 years ago
Shivani Bhardwaj 82dba07579 src: remove unneeded header and refs 3 years ago
Haleema Khan df45fc9e97 detect-l3proto: Convert unittests to new FAIL/PASS API 
Ticket: #4050
 3 years ago
Alice Akaki d46ce170ba detect-icmp-seq: clean-up unittests 
Task: #5597
 3 years ago
Eric Leblond 4e1ff9a7ff flow: fix FlowSwapFileFlags function 
Ticket: #5625
 3 years ago
Haleema Khan 160c778a1f detect-filesize: Convert unittests to new FAIL/PASS API 
Ticket: 4039
 3 years ago
Haleema Khan f25d4cc546 detect-distance: Convert unittests to new FAIL/PASS API 
Ticket : #4020
 3 years ago
Juliana Fajardini a654ef50de pgsql: add test for parameter status parser 
Since we've done some changes to how the parameters are parsed, add one
more test case to check that.

Bug #5579
 3 years ago
Juliana Fajardini c4fbd78770 pgsql: move database into opt parameters list 
For StartupMessages, the database parameter is optional. This moves the
parameter into the optional_parameters list.

Bug #5579
 3 years ago
Juliana Fajardini 84f9ea7254 eve/schema: pgsql - allow flexible parameters list 
Pgsql's parameters - for message types like StartupMessage and
ParameterStatus, for instance, don't have a finite, definitive set, as
per their documentation. Our json schema was allow expecting a fixed set
of parameters, though, resulting in SV tests failing if different, valid
parameters appeared.

Bug #5579
 3 years ago
Philippe Antoine cc68898532 pgsql: support empty parameter values 
Bug #5579
 3 years ago
Philippe Antoine 1e0190bc6b pgsql: support out of order parameters for startup message 
As user can be not the first parameter

Bug #5579
 3 years ago
Alice Akaki f251b6af65 detect-icmp-id: convert unittests to FAIL/PASS APIs 
Task: #4042
 3 years ago
Haleema Khan 1fdd56a61d detect-itype: Convert unittests to new FAIL/PASS API 
Bug: #5589
 3 years ago
dependabot[bot] 6a9b7cf977 github-actions: bump actions/cache from 3.0.10 to 3.0.11 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.10...9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Simeon Miteff 6673846481 profiling: Make rule_perf.log JSON output newline-delimited 
Adding a newline makes the output valid JSON when multiple sortings of
the rules profile object are written to the log.
 3 years ago
Jeff Lucovsky 5a6e68285b doc/netmap: Describe Netmap IPS usage 
Issue: 5512

This commit summarizes Netmap usage with Suricata's IPS mode.
 3 years ago
Jason Ish 9d653512f9 doc/userguide: update bittorrent-dht eve examples 
Update the bittorrent-dht examples using real log records with peers
and nodes broken down into objects.
 3 years ago
Jason Ish e3e7d007b2 eve/schema: bittorrent-dht updates 
Some values that were previously strings are now parsed down into
objects.
 3 years ago
Jason Ish 1f056f9974 bittorrent-dht: parse and log node6 lists 
Node6 lists are just like node lists, but for IPv6 addresses.
 3 years ago
Jason Ish 86d5ab8644 bittorrent-dht: remove tests that are no longer valid 3 years ago
Jason Ish 2f9eb5d1dd bittorrent-dht: fix values decoding, as a list of peers 
The "values" field is not a string, but instead peer information in
compact format. Decode this properly and then properly format in the
log.
 3 years ago
Jason Ish 4a0859beeb jsonbuilder: add append_hex - add hex to array 
New method, append_hex to add a byte array to a JSON array in hex
encoding.
 3 years ago
Jason Ish 4bc9cf3986 bittorrent-dht: parse token and target as byte values 3 years ago
Jason Ish 5a30ee77a1 bittorrent-dht: only attempt to parse dht messages 
The bittorrent flow is shared with transport messages as well as dht
messages. Only attempt to parse dht message as dht, ignore the rest.
 3 years ago
Jason Ish 98a9391210 bittorrent-dht: decode node data structures 
Instead of decoding the nodes field into a blog of bytes, decode it into
an array of node info objects, each with a node id, IP address and port.
 3 years ago
Jason Ish 3cb50592ed bittorrent-dht: convert some fields to byte arrays 
Some fields that were previously strings are not always value UTF-8
data, instead the protocol specification refers to them as strings of
bytes, so in other words byte arrays.

Currently fields converted are:
- client_version
- info_hash
- response.id
- request.id
- nodes
- token
 3 years ago
Jason Ish 065f3ab9f1 doc: rename bittorrent-dht to bittorrent_dht in eve output 3 years ago
Jason Ish 0d3cfbbe3f bittorrent-dht/eve: log as bittorrent_dht 3 years ago
Jason Ish 66fc92276a eve-schema: add bittorrent-dht 3 years ago
Jason Ish 78ba17caa8 bittorrent-dht: register a pattern for protocol detection 
Removes the port based probing which takes a long time to register for
ports 1024-65535 and instead use pattern based protocol detection.
 3 years ago
Jason Ish 350c0723d7 bittorrent-dht: set parser to unidirectional 
This parser does not match up responses with requests so flag it as
unidirectional.
 3 years ago
Jason Ish 0ea9ba66d1 userguide/eve-log: remove mentions of requiring Rust 
Rust is required to build now.
 3 years ago
Jason Ish 06eaec67ac bittorrent: updates for new event handling 
Fixes anomaly events.
 3 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 3 years ago
Aaron Bungay 86037885a9 bittorrent-dht: add bittorrent-dht app layer 
Parses and logs the bittorrent-dht protocol.

Note: Includes some compilation fixups after rebase by Jason Ish.

Feature: #3086
 3 years ago
Jason Ish 27672c950c dnp3: fixups to work with unified json tx logger 
Update DNP3 to work with a single TX logger, and just register one
logger instead of 2.

This primarily creates a TX per message instead of correlating replies
to requests, which fits the DNP3 model better, but we didn't really have
this concept nailed down when DNP3 was written.
 3 years ago
Victor Julien 2f9ca8bb34 dpdk: set new running flag at thread startup 3 years ago
Victor Julien 91b7b63ed2 threads: count thread types after all initialized 
To avoid double counting in case a thread took longer than
expected to start up.
 3 years ago
Alice Akaki 6621b0ec93 detect-icmp-seq: convert unittests to FAIL/PASS APIs 
Task: #4043
 3 years ago
Haleema Khan 8d5c5f24a1 dns/eve: add 'HTTPS' type logging 
Add a new DNS record type to represent HTTPS
Ticket: #4751
 3 years ago
Haleema Khan b1972a5c61 detect-itype: remove unittests 
Ticket: #5590
 3 years ago
Gabriel Lima Luz 4b009eb907 detect-replace: Convert unittests to FAIL/PASS API 
Ticket: 4054
 3 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 3 years ago
Jason Ish 2ab3646fad profiling: sort LoggerId's in same order as defined 
Sort the LoggerId's in the order they are define in suricata-common.h.
 3 years ago