aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,825 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '401d895b1d'
${ noResults }
Commit Graph

14825 Commits (401d895b1dd59417a32836c622663f7e35031879)
 

Author SHA1 Message Date
Jason Ish 401d895b1d configure: set minimum rust version to 1.63.0 
Ticket: #4163
 1 year ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 1 year ago
Philippe Antoine 4f4651e360 output/file: http2 metdata is logged in http object 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: #6165
 1 year ago
Victor Julien 9b09b29350 detect/fileext: reimplement based on file.name 
Ticket: #6194.
 1 year ago
Victor Julien 74f095c915 detect/filename: switch to file.name implementation 
Ticket: #6194.
 1 year ago
Victor Julien 1f22b51848 detect/filemagic: switch to file.magic implementation 
Replace implementation of the legacy `filemagic` keyword by the
implementation for the `file.magic` variant. This leads to better
performance and hooks the rules into the detection engine better.

Remove unittests that depended on the old logic.

Ticket: #6194.
 1 year ago
Victor Julien ee68947460 detect/tls: minor fingerprint cleanup 1 year ago
Victor Julien c4ed599f9b detect/content: minor cleanup 1 year ago
Jeff Lucovsky b05375f22e config/af-packet: Warn/replace rollover usage 
Issue: 6128

No longer permit rollover/cluster_rollover to be used. Usage will
generate a warning message and cluster_flow will be used instead.
 1 year ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 1 year ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 1 year ago
Jeff Lucovsky cb30b7185f detect/stat: Display 0 instead of nan 
This commit updates the summary message when Suricata terminates.
Without this commit, "nan" was displayed if there were no drops/packets
 1 year ago
Jason Ish ebdf482580 github-ci: add CentOS Stream builders 
Builders for CentOS Stream 8 and 9.
 1 year ago
Jason Ish ca68b6b994 github-ci: replace dist builder with Debian 12 
Add new dist builder job based on Debian 12. Debian 12 gives us news
Sphinx that AlmaLinux 8, plus avoids any potential disruption in the
RHEL rebuild ecosystem.

Also make dist building its own job so it finishes quicker, allowing
other jobs to proceed.  The new non-dist building Debian 12 job will
still do a complete distcheck, as do other jobs.
 1 year ago
Jason Ish 96dd6a7ca0 github-ci: add Debian 12 builder 1 year ago
Juliana Fajardini e306bc6ecc exception: fix use of master switch with default 
If an exception policy wasn't set up individually, use the GetDefault
function to pick one. This will check for the master switch option and
handle 'auto' cases.

Instead of deciding what the auto value should be when we are parsing
the master switch, leave that for when some of the other policies is to
be set via the master switch, when since this can change for specific
exception policies - like for midstream, for instance.

Update exceptions policies documentation to clarify that the default
configuration in IPS when midstream is enabled is `ignore`, not
`drop-flow`.

Bug #6169
 1 year ago
Sascha Steinbiss 1521b77edd rfb: also set unimplemented auth types 1 year ago
Sascha Steinbiss 1606aca881 rfb: ensure logging of incompletely parsed txs 1 year ago
Philippe Antoine a3168fda78 mime: compute full body md5 
Previously, the problem was that nested headers/boundaries were not
used to compute the hash

Solution is to move up the call to the hash computation from
ProcessMimeBody to its caller ProcessMimeEntity, and add a set of
conditions to ensure that we are not in the principal headers.

Ticket: #6185
 1 year ago
Philippe Antoine 2a768dfa95 smtp: avoid counting last eol in file 
As it is part of the boundary

Ticket: #6023

On the way, look for urls even on incomplete lines
 1 year ago
Shivani Bhardwaj 157af18d60 python: remove futile exec perm from files 1 year ago
Shivani Bhardwaj 18947c01e0 suricatasc: update running instructions 1 year ago
Shivani Bhardwaj 4ece79b6de python: remove unneeded setup.py 
We no longer use this script or upload packages to PyPi.
 1 year ago
Shivani Bhardwaj ad03b5ce8b suricatasc: remove unneeded shebang 
The caller for suricatasc is in python/bin. The script is never executed
directly and doesn't need the shebang.
 1 year ago
Jason Ish f870dcd4cc github-ci: allow pull request URL in SV_BRANCH 
Allow the SV_BRANCH variable to contain the full link to an
OISF/suricata-verify pull request. This will cause GitHub to create a
cross-link for us.
 1 year ago
Jason Ish 8511ef5e2d pcap-log: close pcap_dead_handle on close 
Fixes leaked handle on exit.
 1 year ago
Jason Ish d2a5a55e0a log-pcap: one time errors on file open 
If compression was not enabled, the open error was actually suppressed
by default by only being logged at info level, however with
compression it was logged as an error. As opening is retried as long
as it fails to open, make both log as error but wrap in a flag so the
error is logged once until success.
 1 year ago
Jason Ish bf589f0812 log-pcap: only open dumper after successful file open (lz4) 
When LZ4 compression is enabled, open the dumper after successful open
of the file. The dump handle is what forms the check if opening the
file needs to be retried.

Ticket: #5022
 1 year ago
Jeff Lucovsky d822ba58e1 doc/multi-tenant: Clarify live traffic support 
Issue: 5930

This commit clarifies the live traffic support for multi-tenancy.
 1 year ago
Sascha Steinbiss 1f8a5874fb rfb: never return error on unknown traffic 
We only try to parse a small subset of what is possible in
RFB. Currently we only understand some standard auth schemes
and stop parsing when the server-client handshake is complete.
Since in IPS mode returning an error from the parser causes
drops that are likely uncalled for, we do not want to return
errors when we simply do not understand what happens in the
traffic. This addresses Redmine #5912.

Bug: #5912.
 1 year ago
Sascha Steinbiss 836fff3679 rfb: add myself as contributor 1 year ago
Sascha Steinbiss bd1fbf392e rfb: be more strict parsing the version 1 year ago
Jason Ish dd786cd6e4 eve/alert: warn on obsolete flags 
Log a warning but otherwise ignore obsolete flags under
eve-log.alert. This also prevents accidentially turning off app-layer
logging by attempting to disable a single protocol.

These flags have been deprecated since 5.0, time to stop respecting
them.

Ticket: #6175
 1 year ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 1 year ago
Shivani Bhardwaj 6b3dbaa2f2 suricatasc: Don't process empty cmds 1 year ago
Shivani Bhardwaj 84ffe92873 suricatasc: exit successfully on keyboardinterrupt 1 year ago
Shivani Bhardwaj a512338afd suricatasc: add line numbers in error messages 1 year ago
Shivani Bhardwaj 46ce371d9c suricatasc: handle exceptions in caller 1 year ago
Shivani Bhardwaj b42a584f4d suricatasc: handle exceptions interactive mode 1 year ago
Jason Ish 90bb73046c userguide/security: grammar fixes 
Apply grammer fixes brought up in GitHub review comments by Juliana.
 1 year ago
Philippe Antoine d99cbc5e0b detect/http: request/response header support multi buffer 
Ticket: #6163

That means that we can have rules matching different contents
on different headers.
 1 year ago
Philippe Antoine f31ea90836 http: event on chunk extension 
Chunks extension are defined in rfc2616 section-3.6.1

Ticket: #6159
 1 year ago
Victor Julien 643e674cb2 bpf: remove OpenBSD guards 
libpcap bpf functions are supported now.
 1 year ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments 
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
 1 year ago
Philippe Antoine e75956717d detect/files: centralize definition of protocols 
Protocols supporting files are only defined in one place, which
gets used by all keywords, which can handle some exceptions
(like HTTP2 not having file names)
 1 year ago
Philippe Antoine 71bab65496 detect/files: reuse AppLayerParserSupportsFiles 
rather than relisting the protocols
 1 year ago
Jason Ish 83afccd932 github-ci: update action: setup-msys2 
Use @v2, hopefully the dependency bot will keep it up to date now.
 1 year ago
Jason Ish 37d68230f8 github-ci: use latest version of actions/upload-artifact 1 year ago
Jason Ish d576be2452 github-ci: update actions/cache to v3.3.1 1 year ago
Jason Ish 3dfd5ddaed github-ci: use same version (3.0.2) for actions/download-artifact 1 year ago