aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,142 Commits
8 Branches
165 Tags
208 MiB
main-8.0.x
main-7.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e9027fd5a'
${ noResults }
Commit Graph

1204 Commits (2e9027fd5a9b7de6e009f5ba65cfbe90d1d111f4)

Author SHA1 Message Date
David Wharton 9d2d1c4f8f doc: minor verbiage tweaks and reST fix 3 weeks ago
Philippe Antoine d8cb00e795 detect/tcp: make tcp.flags a generic integer with bitflags 
Ticket: 6724

Allows to use numerical values for example

Also fixes some unit tests that were returning 1 after goto error
FlagsTestParse05 especially took this path as
de->ignored_flags != (TH_SYN|TH_RST) was false
we had de->ignored_flags == 0xff ^ (TH_SYN|TH_RST)
And then, we had a match, instead of what the not-run code
was supposing.
 4 weeks ago
Philippe Antoine 1f9236a6d8 detect/ipv4: make fragbits a generic uint16 bitflags keyword 
Ticket: 6724

Allows to use numerical values
 4 weeks ago
Philippe Antoine 633180c93f detect/integers: generalize support for bitflags modifier 
Ticket: 6724

Allows sugar syntax for bitflags keywords.
While the expressivity does not increase, because we could already
use numerial values with all generic integer modes, this modifier
prefix is used with the strings, and follows the syntax
that is already used for fragbits and tcp.flags keyword.
 4 weeks ago
Philippe Antoine 4b69a31dc3 detect/integers: count argument for multi-integers 
Ticket: 7211

Allows to count the number of elements, without matching on
individual elements
 4 weeks ago
Philippe Antoine 969739d067 detect: http2.errorcode is now a generic integer 
Ticket: 7889
 4 weeks ago
Philippe Antoine 401b2fcae6 detect: http2.frametype is now a generic integer 
Ticket: 7889
 4 weeks ago
Jeff Lucovsky 16d124cfda doc/output: Highlight ethertype value change 
Issue: 7855

Highlight the change to how ether_type values are displayed. Previously,
they were displayed in network order as a decimal value.

They are now displayed in host order as a decimal value.
 1 month ago
Jason Ish ced0c2c466 doc: upgrade notes for changes to ike output 1 month ago
Victor Julien 48972d544c doc/userguide: link to protocol details from transactional rules 2 months ago
Victor Julien 480e664b4c doc/userguide: add xbits tx scope support 
Ticket #7680.
 2 months ago
Victor Julien a1c4167d94 doc/userguide: add initial protocols overview 
Explain per protocol mechanics for rule matching.
 2 months ago
Victor Julien 7034a17d1d doc/devguide: remove WIP mention of files in txs 
Work has been completed, so comment is no longer accurate.
 2 months ago
Victor Julien e2a5bc058c doc/userguide: fix DCERPC headings 2 months ago
Victor Julien be5c83ed53 doc/userguide: add rule hooks to protocol doc 
Ticket #7662.
 2 months ago
Victor Julien 91f258e2bc doc/userguide: add missing app-layer protocols 2 months ago
Victor Julien 2623e67a80 doc/userguide: add missing rule protocols 2 months ago
Philippe Antoine 3641b4eda1 detect/nfs: move nfs_procedure to rust 
Make it able to use strings on the way

Ticket: 6723
 2 months ago
Philippe Antoine 9869fb776b detect/snmp: pdu_type keyword now accepts strings 
Ticket: 6723
 2 months ago
Philippe Antoine 0553dfa814 detect/krb5: move krb5_msg_type to rust 
Makes it a generic u32 on the way

Unit tests are covered by SV tests

Ticket: 6723
 2 months ago
Philippe Antoine da486af881 detect: list-keywords cli shows integers 
Ticket: 7875
 2 months ago
Philippe Antoine b298bce0e7 detect: list-keywords cli shows multi-buffers 
Ticket: 7571
 2 months ago
Andreas Dolp 375b5dd306 doc: fix typo /var/run/suricata in file permissions docs. 2 months ago
Andreas Dolp cc590b54c7 doc: fix typo and missing newline in rules/ssh_keywords. 2 months ago
Andreas Dolp 228abb7da0 doc: fix doc syntax error in rate_filter example. 2 months ago
Juliana Fajardini 21b27597d6 doc/rules/internals: minor fixes 
Fix typo and add a reference about the classtype keyword effect.

Related to
Task #5449
 2 months ago
Fupeng Zhao e79d735374 decode/etag: ETag 802.1BR decoder 
Ticket: #3953.
 2 months ago
Philippe Antoine cb9ab951b9 detect/integers: subslice for multi-integers 2 months ago
Philippe Antoine 82f0e725a2 detect/integers: index or_absent and or_oob 
To match if array is empty, or index is out of bounds
 2 months ago
Philippe Antoine 1480cf47ab detect/integers: nb index to match a specific number of times 
For example
dns.rrtype: !A,nb>3
will match if we have more than 3 dns records which are not A
 2 months ago
Philippe Antoine 6f848eeaaf detect/integers: all1 index to match only on non-empty arrays 2 months ago
Philippe Antoine 5add185f22 http2/detect: http2.window can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine 83868778b9 http2/detect: http2.priority can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine 9fc407fd75 mqtt/detect: mqtt.type can now use index 
Ticket: 7480
 2 months ago
Philippe Antoine dad424d74a doc: multi-integers section for rules 
Ticket: 7480

Describing the usage of index
 2 months ago
Fupeng Zhao 4f68cb026f decoder/vxlan: add configurable reserved bits validation for VXLAN 
Add support for two VXLAN reserved bits check modes:
- strict: validate all reserved bits for standard VXLAN format
- permissive: skip all reserved bits validation (allows extensions)

Configuration added to suricata.yaml.in with 'strict' as default.
Includes comprehensive unit tests and documentation updates.

Ticket: 7753
 2 months ago
Alice Akaki 8e0b0ef35f detect: add email.body_md5 keyword 
email.body_md5 matches on md5 hash generated from email body
This keyword maps to the EVE field email.body_md5
It is a sticky buffer
Supports prefiltering

Ticket: #7587
 2 months ago
Victor Julien 46203de0e9 doc: adjust for master to main rename 2 months ago
Victor Julien e62eb00459 doc/userguide: add ips chapter; add concept 
Move setup guides into the new chapter as well.

Explain `stream.inline` logic.

Ticket: #5513.
Ticket: #6284.
 2 months ago
Philippe Antoine 9146fc8957 doc: upgrade note about keyword tls.cert_subject 
Following commit 5379b52af2
rules that use multiple times the keyword tls.cert_subject
will result in

Warning: detect: duplicate instance for tls.cert_subject

These rules likely meant to use a multi-buffer which is not the
case for tls.cert_subject (even if it was documented so).

Ticket: 7890

This is put in a new section of upgrade notes for
upgrading to 8.0.1
 2 months ago
Juliana Fajardini 27e165f760 doc/rules/index: keep rule types doc near the end 
As this chapter is more meta than about rule keywords, keep it by the
end of the index, to have some semantic separation from the other
sections.
 2 months ago
Juliana Fajardini d5810a42e1 userguide: document how suricata processes rules 
Added a page that explains how rules are prioritized by Suri, as well
as what main different types of inspection happen and what elements are
involved when ordering rules.

Task #5449
 2 months ago
Shivani Bhardwaj b21f737aee doc: add doc on internals of inspection of raw data 
Explain briefly the internals of inspection of raw data in the following order:
- Stream Engine
- Stream reassembly
- Role of Detection Engine and Applayer Parsers
- High level communication between Stream and Detection Engine
- Relevant suricata.yaml settings

alongwith some diagrams.

Ticket 4351
 2 months ago
Shivani Bhardwaj 9ed5ac7669 doc: make firewall table names consistent 2 months ago
Shivani Bhardwaj 7fec1883cd doc: add more info to firewall design 
Add information about:
- available tables, default policies and rule ordering
- Packet layer and applayer tables and hooks
- engine analysis output
- commandline options available
- how to load firewall rules

Also, reorganize sections and content to assist the definitions.
 2 months ago
Jeff Lucovsky 17e7387ff4 doc/fileinfo: Document fileinfo context/usage 
Issue: 6498
 2 months ago
Thomas Winter 0b2dfa2b68 doc: Add upgrade note for ppp changes 2 months ago
Philippe Antoine 0026019dcf doc: complete list of multi-buffers 
Ticket: 7867
 2 months ago
Philippe Antoine 646c78269a doc/devguide: section with conceptualized steps for adding app-layer 
Ticket: 6840
 2 months ago
Tommy Wang fc6b96fb85 doc/lualib: fix wrong tuple section markdown in flowlib 
Sections had wrong levels due to wrong markdown.
 2 months ago