aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,825 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '401d895b1d'
${ noResults }
Commit Graph

14825 Commits (401d895b1dd59417a32836c622663f7e35031879)
 

Author SHA1 Message Date
Philippe Antoine 4c466ec5f4 rust/pgsql: remove unused/unconstructed enum variants 1 year ago
Philippe Antoine 0392762daa rust: remove duplicate constants definitions in C 1 year ago
Philippe Antoine f2a18e91c4 rust: define AppLayerEventType only in rust 
And detect.h does no longer depend on app-layer-events.h
 1 year ago
Philippe Antoine 668501c225 rust: remove unused 1 year ago
Jeff Lucovsky 4edd516250 stream/reassemble: Include pool item count msg 
Issue: 5563

This commit adds the segment pool item count in the summary DEBUG
message.
 1 year ago
Jeff Lucovsky f8c9390ca3 stream/cache: Return sessions to correct pool 
Issue: 5563

This commit fixes the release of TCP resources. The sessions were being
returned to the segment thread pool instead of the sessions pool.
 1 year ago
Jeff Lucovsky 0d0c9ea07b pool: Use bool return type 
Issue: 5563

This commit changes PoolDataPreAllocated to return a bool instead of an
int.
 1 year ago
Jason Ish 6d7923c80b github-ci: check for suricata-update example configuration files 
Check that the Suricata-Update example configuration files are
installed.
 1 year ago
Jason Ish b8071a9eb0 suricata-update: install sample configuration files 
With the move to installing Suricata-Update files from Suricata
Makefile's, the sample configuration files were forgotten.

Ticket: #6132
 1 year ago
Philippe Antoine e30f4943ae doc: GitHub PRs workflow 1 year ago
Jeremy MountainJohnson 435d74d744 userguide/install: add info on arch-based installs 
Add Arch AUR information for installation on Arch-based distros.
 1 year ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers 
Ticket: #5320
 1 year ago
Juliana Fajardini f83c67bbb5 doc: add missing rule to engine-analysis section 
The first report didn't have an example rule to go with.
 1 year ago
Long Doan 6dc486af50 source-pcap-file: include unlink error in warning message 1 year ago
Philippe Antoine 7ca43e7e1f output/snmp: log version from tx 
and not the one from state

If a SNMP flow starts with a V2 version transaction,
then there is a V3i version transaction,
we will now log V3 for the second transaction
 1 year ago
Juliana Fajardini 8f324e3b3d exception: in ids mode, only REJECT the packet 
In case of 'EXCEPTION_POLICY_REJECT', we were applying the same behavior
regardless of being in IDS or IPS mode.
This meant that (at least) the 'flow.action' was changed to drop when we
hit an exception policy in IDS mode.

Bug #6109
 1 year ago
Cole Dishington 531d99f4cf decode-ipv6: Set IPv6 proto incase of ext header parsing error 
Set the IPv6 packet proto before parsing the ext headers, similar to
decode-ipv4, incase of an ext header parsing error. Otherwise
rule decode-events are not triggered for packets encapsulated in IPv6.

Bug: #6086.
 1 year ago
Shivani Bhardwaj cb1e7a9fab ftp: remove unnecessary code 1 year ago
Shivani Bhardwaj c229621be4 ftp: mark LF found per line 
Currently, there is no way to mark if LF was found and then the line was
truncated. It becomes difficult to spot in the callers whether the line
was truncated despite LF being found or not. So, label it clearly with a
variable.
 1 year ago
Shivani Bhardwaj aee7838ce1 ftp: separate truncated line markers 
So far, we store one variable in state to hold whether we want to
discard a long line till LF irrespective of direction. This means that a
long command to the client followed by a regular command w LF can be
considered as one long line which is incorrect.

Bug 6054
 1 year ago
Jason Ish 03442a36ef windows: add -lntdll to Windows builds 
Rust 1.70 has introduced some possible issues between LLVM and gcc
causing link errors that are fixed by explicitly adding -lntdll.

Thanks to https://github.com/extendr/rextendr/pull/285 for the fix.
 1 year ago
Victor Julien de2c836363 streaming/buffer: handle and document slide errors 
Slide error may happen if the region we're sliding starts to overlap
with the next region. If we can't temporary grow the current region
to merge with the next region, keep the regions separate.
 1 year ago
Victor Julien 9e0017a073 streaming/buffer: minor debug fixup 1 year ago
Victor Julien f06a0ee836 streaming/buffer: fix buf_offset getting out of sync 
During consolidation of regions, buf_offset could get out of sync if
the region was grown on the left side.

To fix, reset it and let "sbb slide" logic correct it.

Bug: #6117.
 1 year ago
Victor Julien e69583da54 streaming/buffer: fix sliding region into next 
When sliding a region it could start to overlap with the next region.
This case wasn't handled, causing validation checks to trigger.

This patch adds support for this, where largest region will be expanded
to fit both region and both regions will be consolidated into it.

Bug: #6066.
 1 year ago
Victor Julien 1dcfc174b0 streaming/buffer: move util code for reusability 1 year ago
Philippe Antoine 0ec0d8de67 output/rfb: remove unused function parameters 1 year ago
Philippe Antoine 24c2702a05 output/mqtt: remove unused function parameters 1 year ago
Philippe Antoine 09d364b32f output/krb5: remove unused function parameters 1 year ago
Philippe Antoine 210ca32905 output/ftp: remove unused function parameters 1 year ago
Philippe Antoine 0fb75f081f output/dns: remove unused function parameters 1 year ago
Philippe Antoine 9afb16b134 output/smtp: remove unused function parameters 1 year ago
Philippe Antoine 82803d1b0e http: complete multipart data on open 
Take as much as we can when opening, by making sure that the
boundary is not present
 1 year ago
Lancer Cheng abc76e27de smb: fix data padding logic in writeAndX parser 
Bug: #6008
 1 year ago
Lancer Cheng 000eb91078 smb: fix wrong data offset when wct = 12 
Bug: #6008
 1 year ago
Philippe Antoine 7e725c650d flow: optionally use livedev for hash 
So that in a setup with different interfaces capturing different
networks, flows do not get mixed up

Ticket: #5270
 1 year ago
Philippe Antoine cc305da476 flow: make FlowGetExistingFlowFromHash static 
For easier reasoning about the code
 1 year ago
Philippe Antoine 92884b9f43 device: limit device id to uint16_t 
Meaning that we support 65535 live devices at the most
 1 year ago
Jeff Lucovsky a4ade056cc general/typo: Correct misc. typos 1 year ago
Jeff Lucovsky 0ff403fb60 decode/vlan: Remove unused macros/functions 
This commit removes unused functions and macros related to fetching VLAN
values.
 1 year ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 1 year ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 1 year ago
Philippe Antoine 6350736882 http2: avoid quadratic complexity in headers 
When adding an element to the dynamic headers table, the oldest
ones may get evicted. When multiple elements get evicted, they
should get evicted all at once with drain, instead of one by one
as there will be a massive move each time.

Ticket: #6103
 1 year ago
Philippe Antoine f346b3fc30 debug: fix list-x command line options with debug 
Debug validation checks that engine is either IPS or IDS.
But listing keywords does not care.
So, setting ids mode

Ticket: #6089
 1 year ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs 
Ticket: #6099
 1 year ago
Lukas Sismis c4b0c2888d dpdk: add support for DPDK Bond PMD 
Ticket: #6099
 1 year ago
Lukas Sismis fee79ff3c4 dpdk: add linker flag for DPDK Bond library 
Header checking (AC_CHECK_HEADER) did not work as
DPDK 19.11 included rte_eth_bond.h file even if net/bonding
driver was disabled. However, it was still not available in
ldconfig configuration. For this reason Bond PMD is checked with
ldconfig tool.
However when installing the DPDK library manually, the user needs to
update the entries in ldconfig to be able to find the Bond PMD.

Ticket: #6099
 1 year ago
Lukas Sismis bb2760d221 dpdk: add device name querying function 1 year ago
Lukas Sismis 2feece601a dpdk: add debug dump of RX offload capabilities 1 year ago
Lukas Sismis 540df3befe dpdk: separate i40e prestop actions from DPKD 19.11 
In DPDK 19.11 Suricata does not setup RSS on i40e driver
with rte_flow. As a result, it should not be deinitializing
RSS configuration with rte_flow as well.
 1 year ago