aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,467 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3887f8d1f3'
${ noResults }
Commit Graph

10467 Commits (3887f8d1f3d2816b3f46fb48560f9de57ae66314)
 

Author SHA1 Message Date
Philippe Antoine ecb9e85d69 install: install all files for events rules 
Fixes #2786
 6 years ago
Philippe Antoine aa73d834b5 boyermoore: avoid one tolower call 
Fixes #1218
 6 years ago
Jeff Lucovsky 86deaefe66 ftp: Ensure non-zero command length with MPM init 6 years ago
Jason Ish d14fe372b4 configure.ac: prevent empty if block (llc check) 
As AC_SUBST doesn't expand to anything in the shell script, this
will generate a bad script on older versions of autoconf.

Change the logic to eliminate the possibility of an empty
if or else block.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3124
 6 years ago
Shivani Bhardwaj f750e4ca40 configure: Remove enable-rust-debug 
Get rid of enable-rust-debug flag and use enable-debug for acheiving the
desired functionality. From now, adding `--enable-debug` to `configure`
shall create an [unoptimitized + debuginfo] target. Rest behavior stays
the same.

Closes redmine ticket #3054
 6 years ago
Shivani Bhardwaj 85b56b633e detect: Improve rule keyword alproto registration 
1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.
 6 years ago
Victor Julien 1bc738fbe4 doc: typo fixes 
By @espritlibre and @Zeal0us
 6 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 6 years ago
Fabrice Fontaine 9b05db7db0 fix build on m68k with uclibc 
uclibc on m68k defines _POSIX_SPIN_LOCKS but does not define
pthread_spin_unlock so check for this function before using
pthread_spin_xxx functions

Fixes:
 - http://autobuild.buildroot.org/results/ed923bcc1454ce90444b8dac7c064b5f4ea4a0a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Jeff Lucovsky 86fabef093 ftp: address review comments 6 years ago
Jeff Lucovsky f79316d71a ftp: remove RUST guards 6 years ago
Jeff Lucovsky cc5e9ca179 eve/ftp: Modifications for MPM-enabled command descriptor table 6 years ago
Jeff Lucovsky bc68ef4657 app-layer: Invoke FTP parser cleanup function 6 years ago
Jeff Lucovsky 09ab032a8d ftp: Use MPM for command lookup 6 years ago
Jeff Lucovsky 4f2a485c55 ftp: Remove LIBJANSSON guards 6 years ago
Jeff Lucovsky 3df2b3437c eve/ftp: Move "get next line" into app-layer-ftp.c 6 years ago
Victor Julien f43584661c stream: support debug notice message in tfo 6 years ago
Eric Leblond cc28d24e9a doc: install eBPF files in share directory 
Following proposal by Sascha Steinbiss, let's use /usr/share/suricata
to store the eBPF files.
 6 years ago
Eric Leblond 5366f80941 bypass: fix build on Windows 
For the sake of unittests, we need to build capture bypass so we
end up with a Windows build of flow bypass.
 6 years ago
Eric Leblond 3cf49ae868 doc: fix English and some typos 6 years ago
Eric Leblond 4be6701836 doc: pointer to bpfctrl 
As bpfctrl is currently the easiest way to manage pinned maps,
let's point to it. We will switch doc to suricatacl once support
has been added.
 6 years ago
Eric Leblond 8f1a7de791 doc: improve doc on compiling with eBPF support 6 years ago
Eric Leblond f1ab27b7cb doc: improve XDP cpu redirect documentation 6 years ago
Eric Leblond e0e3cc7cc2 ebpf: add tunnel aware load balancing 
This patch decapsulates GRE tunnel in xdp_lb
 6 years ago
Eric Leblond a536852526 ebpf: add XDP load balancing code 
This patch uses CPU redirect map to do load balancing. This is a
simplified version of xdp_filter that includes code for bypass.
 6 years ago
Eric Leblond 6d9ac64f7b doc: only balance by ip pair 
As there is some issue with defrag, let's recommend to only do
IP pair load-balacing for RSS
 6 years ago
Eric Leblond a1d3835b86 doc: document filter.bpf changes 
Also adds some info to explain maps.
 6 years ago
Eric Leblond 53a62953e9 bypass: introduce CAPTURE_OFFLOAD 
This define is used to remove reference to capture bypass in case
no capture method implementing this is active.

This patch also introduces CAPTURE_OFFLOAD_MANAGER that is defined
if we need the flow bypass manager code.
 6 years ago
Eric Leblond 094d28d40e flow-hash: generalize function 
THis patch generalizes the function to get a flow by its flowkey
by removing the call setting it to capture bypassed state.
 6 years ago
Eric Leblond 9f016f8ba1 ebpf: improve parsing in filter.bpf 
Parse VLAN and only filter on IPv4. This patch also change the type
of the counter to get a per CPU hash.
 6 years ago
Victor Julien 7384744c3e detect: fix FP on ICMP unreachable errors 
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.

The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.

This all would lead to a false positive match.

This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.

Bug #2769.
 6 years ago
Jeff Lucovsky 240520a3cc main: fix typo in output 6 years ago
Jeff Lucovsky ef327ab194 stream/tcp: correct spelling typos 6 years ago
Victor Julien bc2267f131 stream/tcp: support TCP fast open 6 years ago
Victor Julien 8f8581beda decode/tcp: TCP fast open option decoding 
Support both regular TFO and TFO as part of the experimental
options support.
 6 years ago
Philippe Antoine c775a4af43 signature: fixes leak with duplicate signatures 6 years ago
Philippe Antoine 63deb8862f boyermoore: optimization with one alloc less 
Fixes #1220
 6 years ago
Philippe Antoine 5ff50773bd detectproto: adding missing probing parsers 
In direction TO_CLIENT for symetric protocols
 6 years ago
Eric Leblond cf98b0223e detect-geoip: add info for list keywords 6 years ago
Eric Leblond 08397e07f1 doc: fix typos in geoip doc 6 years ago
Eric Leblond 0d5608bab2 doc: fix display of icmp code and type array 6 years ago
Eric Leblond 0c84591afe doc: use a table to list direction filter in geoip 6 years ago
Eric Leblond c01cadbade doc: fix geoip syntax 
Spaces are not allowed before country code.
 6 years ago
Shivani Bhardwaj 9d6f1d318a unix/socket: Add rev date to version info 6 years ago
Vinjar Hillestad 4c18fee3c6 Documenting base64_decode and base64_content 
base64 doc changes based on #4027 pull feedback
 6 years ago
Hilko Bengen 36998ab4cd Add documentation for --with-clang parameter 6 years ago
Hilko Bengen f105bb724a ebpf: Use $(CLANG) to build eBPF programs 
This change makes it possible to generate the eBPF programs even if
Suricata itself is built a different C compiler. It also simplifies
how the correct llc program is detected.

Implements Feature https://redmine.openinfosecfoundation.org/issues/2789
 6 years ago
Hilko Bengen e3f00c3d30 configure: Introduce CLANG variable 6 years ago
Jeff Lucovsky be22b23d2e cleanup: eliminate warnings/errors with debug build on macos 6 years ago
Andreas Herz c0bddff078 userguide: remove old reference to rule-reload option 6 years ago