aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,828 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3526569b25'
${ noResults }
Commit Graph

8498 Commits (3526569b25d70936a62b496432a09b9d54b6b7b4)

Author SHA1 Message Date
Victor Julien 3526569b25 ssh: test cleanup 
Remove explicit locks. Set ALPROTO_SSH in all tests.
 6 years ago
Victor Julien 480f497d05 packetpool: move return stack to pool earlier 
If waiting for N packets move the return stack to the main
stack every time we take the return stack lock.

Make sure we consider enough packets when setting the pending pool
flush logic. This should at least make sure to have the 9 packets
the flow manager requires per run.
 6 years ago
jason taylor fa0008dbbe detect/content: clean up logging output 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Jeff Lucovsky 0960ca0d00 detect/analyzer Add missing HTTP values 
This changeset adds recognition of missing HTTP values
- Raw host
- Header names
- Server body
- User agent
 6 years ago
Philippe Antoine a370d2a91d signature: fix memory leak in DetectBytejumpSetup 6 years ago
Philippe Antoine 8a339e73d3 http: adds an event for double encoded uri 6 years ago
Philippe Antoine e5879650bb http: fixes double-encode configuration keywords 6 years ago
Mats Klepsland f634da61c9 ja3s-string: move unittests to tests/ 6 years ago
Mats Klepsland 736d35f36e ja3s-hash: move unittests to tests/ 6 years ago
Mats Klepsland 0b489f329c detect: add (mpm) keyword ja3s.string 
Match on JA3S string using ja3s.string keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.string test";
      ja3s.string; content:"10-11-12"; sid:1;)
 6 years ago
Mats Klepsland 80cee50916 detect: add (mpm) keyword ja3s.hash 
Match on JA3S hash using ja3s.hash keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.hash test";
      ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; sid:1;)
 6 years ago
Mats Klepsland 03e8e658d7 lua: add Ja3SGetString function 
Add Ja3SGetString() to return the content of the JA3S string buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_string = Ja3SGetString()
      if ja3s_string == nil then
          return
      end

      file:write(ja3s_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end
 6 years ago
Mats Klepsland b1d5fe9657 lua: add Ja3SGetHash function 
Add Ja3SGetHash() to return the content of the JA3S hash buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_hash = Ja3SGetHash()
      if ja3s_hash == nil then
          return
      end

      file:write(ja3s_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the example above, each JA3S hash is logged to a log file.
 6 years ago
Mats Klepsland a4eaef25d6 eve: add JA3S field to TLS JSON logger 
Add JA3S object to TLS JSON logger (extended log).
 6 years ago
Mats Klepsland a4471987ba app-layer-ssl: generate JA3S fingerprints 
Generate JA3S fingerprints based on fields in the ServerHello record.
 6 years ago
Alexander Gozman 3a16009966 Bug #2965: fix NFQ arguments parsing 6 years ago
Andreas Herz 8baf64f5e9 af-packet: fix setting block_timeout value through afpconfig 6 years ago
Jeff Lucovsky 462a4e2b5b detect/analyzer: Improve warning message 
This changeset modifies the warning printed when a rule
is determined to detect in both directions.
 6 years ago
Eric Leblond 5d76f0897c af-packet: remove rollover reference 
This patch removes reference to rollover in the configuration file
and add warnings when it is used.
 6 years ago
Philippe Antoine 037d50ef06 signature: fix overflow in parsing 6 years ago
Philippe Antoine 3e12066819 http: adds events for each libhtp log 
Fixes #997
 6 years ago
Mats Klepsland 3c57ac144c detect-ssl-version: move unittests to tests/ 6 years ago
Mats Klepsland 238797cc66 detect-ssl-state: move unittests to tests/ 6 years ago
Mats Klepsland 479e73b98e detect-tls-version: move unittests to tests/ 6 years ago
Mats Klepsland 767bde5e74 detect-tls-cert-validity: move unittests to tests/ 6 years ago
Mats Klepsland a260a57b68 detect-tls-sni: move unittests to tests/ 6 years ago
Mats Klepsland adb4da3975 detect-tls-ja3-string: move unittests to tests/ 6 years ago
Mats Klepsland 74a7b7e3cf detect-tls-ja3-hash: move unittests to tests/ 6 years ago
Mats Klepsland 5d3b94b3e4 detect-tls-cert-subject: move unittests to tests/ 6 years ago
Mats Klepsland 0d728ee4c6 detect-tls-cert-serial: move unittests to tests/ 6 years ago
Mats Klepsland e125e58c97 detect-tls-cert-issuer: move unittests to tests/ 6 years ago
Mats Klepsland 3646234ac5 detect-tls-cert-fingerprint: move unittests to tests/ 6 years ago
Mats Klepsland 12d37b8b2c detect-tls: tidy up unittests 
By doing the following:
- removing unnecessary locks
- moving variable declarations
- removing redundant function 'SigCleanSignatures'
 6 years ago
Mats Klepsland 15012fc908 ja3: check if JA3 is disabled on one line 6 years ago
Mats Klepsland 285855d928 detect-tls: remove NULL settings from keyword registration 6 years ago
Mats Klepsland 008f08c1b3 detect-tls: declare ssl_state as const in GetData() 6 years ago
Mats Klepsland 0f7f35bd85 detect-tls: check return values of functions on setup 
Check the return values of DetectBufferSetActiveList() and
DetectSignatureSetAppProto().
 6 years ago
Mats Klepsland 1c04d7cdae detect-tls: remove confusing underscores from variables 
Remove confusing underscore prefix from variables in GetData() for
all tls keywords.
 6 years ago
Jeff Lucovsky de983fb7c9 app-layer-ftp: Potential memory leak fixed 
Ensure that when handling failures during STOR command
processing, that all memory is freed on the error path.
 6 years ago
Mats Klepsland ba857e9739 detect: add tls.certs keyword 
Add keyword to do "raw" matching on each of the certificates in the
TLS certificate sticky buffer.

Example:
  alert tls any any -> any any (msg:"tls.certs test"; tls.certs; \
          content:"|01 02 03 04|"; sid:1;)
 6 years ago
Victor Julien edae50de94 detect/ssh: fix ssh.protoversion memory leak 6 years ago
Victor Julien 567a7c3cef detect/ssh: mark old ssh keywords as deprecated 6 years ago
Victor Julien d623dc4ac0 detect/parse: add flag to indicate keyword is deprecated 
Issue warning when it is still used.
 6 years ago
Victor Julien b84eba80aa detect/nfs.version: minor cleanups 6 years ago
Victor Julien 2ea11da230 detect/nfs: add nfs.version 6 years ago
Victor Julien 3299f007f8 detect/dcerpc: add dcerpc.iface 
Keep dce_iface as an alias.
 6 years ago
Victor Julien cdff1d50b7 detect/dcerpc.opnum: minor code cleanups 6 years ago
Victor Julien 6840e5c7df detect/dcerpc: add dcerpc.opnum as new name for dce_opnum 6 years ago
Philippe Antoine b6b7778e2d http: adds event for header repetition 6 years ago
Jason Ish 9d8eb7b5f0 filestore: remove jansson ifdefs 
Jansson is now required.
 6 years ago