aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,400 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2a1a70b308'
${ noResults }
Commit Graph

15400 Commits (2a1a70b3089751b30f623871063ce155451d4cbc)
 

Author SHA1 Message Date
Victor Julien 88cc999184 detect/bsize: constify keyword args during size check 1 year ago
Victor Julien e06d2c402a detect/content: limits prop comment cleanup 1 year ago
Victor Julien 4f0f7b1969 detect/dsize: minor code cleanup 1 year ago
Victor Julien 2b3ec34de8 detect: use do { } while loop for app engine loop 1 year ago
Victor Julien 2911656d6c detect/content: fix offset for negative distance 
Fix offset calculation on sigs with negative distance. Can lead to FN
in certain cases.

Bug: #6661.
 1 year ago
Victor Julien 18eafb622f detect/content-inspect: add more tests 1 year ago
Victor Julien 0172c01dc2 spm/bm: minor code cleanups; constification 1 year ago
Victor Julien 4a6a3dc296 mpm: UNITTESTS guard for RegisterUnittests func 1 year ago
Victor Julien ea5cf44fc2 mpm: remove unused flags field 1 year ago
Victor Julien 4558c5c515 detect/http_server_body: modernize test 1 year ago
Victor Julien bd66504a43 detect: implement --qa-skip-prefilter 
Option meant for testing performance of rule engine w/o prefilter
optimizations.
 1 year ago
Victor Julien 222dcf776e detect/content-inspect: add negation tests 
Test mixing of negation, endswith and depth.
 1 year ago
Victor Julien fd75aca1a1 detect/bytetest: remove unused Match function 
All matching is done as part of content inspection.
 1 year ago
Victor Julien f2e9c258c4 detect/pcre: remove unused match member 
pcre2_match_data is created per thread when needed.
 1 year ago
Victor Julien 3e8db97687 detect/bytemath: fix u32 buffer size logic 
Remove u16 cast. Remove debug assert for u16 size.

In 83ed2c3b97 the input was changed to
u32
 1 year ago
Victor Julien eca6639a82 detect/pcre: localize match limit option parsing 
No need to put it into a per ctx flag.
 1 year ago
Victor Julien 18dfa69364 detect/pcre: remove unused opts field 1 year ago
Victor Julien 9dc35fbd00 detect/pcre: put commonly used members on first cache line 1 year ago
Victor Julien e3f2b3418a detect/content-inspect: use of replace keyword is rare 
Hint compiler about this.
 1 year ago
Victor Julien bcb2b50cfc detect/profiling: improve pcap reading performance 
When reading a pcap, packet time can move much faster than wall
clock time. This would trigger many more profile syncs than before.

As the sync is using a lock to synchronize with other threads, this
is an expensive operation.

Bug: #6619.

Fixes: b591813b86 ("profiling/rules: reduce sync logic scope")
 1 year ago
Juliana Fajardini 8d3de85edd pgsql: fix u16 overflow in query data_row 
Found by oss-fuzz with quadfuzz.

Cf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63113

According to PostgreSQL documentation the maximum number of rows can be
the maximum of tuples that can fit onto max u32 pages - 4,294,967,295 (cf
https://www.postgresql.org/docs/current/limits.html). Some rough
calculations for that indicate that this could go over max u32, so
updating the data_row data type to u64.

Bug #6389
 1 year ago
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 1 year ago
Juliana Fajardini a37fa62710 devguide: explain example-rule container usage 
Have these options documented, so that whoever writes rule-related
documentation can easily know what they could use to make the doc look
better.
 1 year ago
Philippe Antoine d3218385e9 detect: case-insensitive comparison for requires 
Ticket: 6656
 1 year ago
Philippe Antoine 673d13d445 rust: allow clippy::items_after_test_module 
As clippy began to complain about jsonbuilder.rs
 1 year ago
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 1 year ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 1 year ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 1 year ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 1 year ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 1 year ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 1 year ago
Jeff Lucovsky f12e026696 mqtt: Move conf code to rust 
Issue: 6387

This commit moves the configuration logic to Rust.
 1 year ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 1 year ago
Jason Ish 5cc872fa1a rust.h: don't include util-file.h, not needed 1 year ago
Jason Ish 71bbba9248 detect-parse: parse sid in pre-scan 
During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.
 1 year ago
Jason Ish 435c03172e requires: pre-scan rule for requires expressions 
Add a "pre-scan" rule parse that will check for requires statement. It
will return a special error code (-4) if the requires fails due to
missing requirements.

Syntactic errors will also abort parsing here.

Feature: #5972
 1 year ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 1 year ago
Jason Ish 15ed51f9b8 feature: provide a Rust binding to the feature API 
As the feature module is not available for Rust unit tests, a mock
version is also provided.
 1 year ago
Juliana Fajardini 1afb485dfa pgsql: remove unused msg field 
The `ConsolidatedDataRow` struct had a `length` field that wasn't truly
used.

Related to
Bug #6389
 1 year ago
Philippe Antoine 3103505cb0 stats: incr app-proto flow counter for detection-only 
Ticket: 6633
 1 year ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 1 year ago
Philippe Antoine 4bcdc79ed8 stats: always use tcp/udp prefix 
Even when on detection-only mode.
So that we always have enip_tcp and enip_udp in stats
and never just `enip`.

Ticket: 6304
 1 year ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 1 year ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 1 year ago
Juliana Fajardini 7fa8bbfe43 pgsql: extract length validation into function 
This is called so many times that it seems to make sense that we use a
function for this.
 1 year ago
Victor Julien 3ba8e2d3ea detect/byte: remove unneeded SIG_FLAG_APPLAYER sets 
Flag will be set during list(s) setup if needed.
 1 year ago
Victor Julien 804a40e036 detect/byte_extract: modernize tests 1 year ago
Victor Julien 83ed2c3b97 detect/bytemath: bump length to uint32_t 
This puts the logic in line with the other payload inspection
functions.
 1 year ago