aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,861 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4a7567b3f0'
${ noResults }
Commit Graph

150 Commits (4a7567b3f04075f02543762717dbff9dd5b5c1f3)

Author SHA1 Message Date
Victor Julien 2bc5c46158 stream/rules: disable depth rule by default 2 years ago
Philippe Antoine 11f849c3ee protocol-change: sets event in case of failure 
Protocol change can fail if one protocol change is already
occuring.

Ticket: #5509
 3 years ago
Jeff Lucovsky 4aa4ad3f74 stream/rules: add example rule for reassembly depth 
Issue: 3512
 3 years ago
Philippe Antoine f242fb7f22 quic: events and rules on them 3 years ago
Victor Julien d8edea904c stream/rules: add example rule for pkt_spurious_retransmission 3 years ago
Victor Julien dc57460427 smb: fix event types for limit exceeded rules 3 years ago
Victor Julien b0354437d5 smb/rules: add rules for new events 3 years ago
Sascha Steinbiss 1ba62993d5 mqtt: raise event on parse error 3 years ago
Philippe Antoine acbe6a33a2 ssh: install app-layer events rules 3 years ago
Jason Ish 1e65324940 smb: rules for messages in the wrong direction 3 years ago
Philippe Antoine 8adf172ab8 nfs: limits the number of active transactions per flow 
Ticket: 4530
 3 years ago
Philippe Antoine a8079dc978 mqtt: limits the number of active transactions per flow 
Ticket: 4530

So, that we do not get DOS by quadratic complexity, while
looking for a new pkt_id over the ever growing list
of active transactions
 3 years ago
Philippe Antoine 5475212f21 http2: limits the number of active transactions per flow 
Ticket: 4530

So, that we do not get DOS by quadratic complexity, while
looking for a new stream id over the ever growing list
of active streams
 3 years ago
Philippe Antoine df2cbd6517 http2: event for variable-length integer overflow 
http2_parse_var_uint can overflow the variable-length
integer it is decoding. In this case, it now returns an error
of kind LengthValue.

The new function http2_parse_headers_blocks, which factorizes
the code loop for headers, push promise, and continuation, will
check for this specific error, and instead of erroring itself,
will return the list of so far parsed headers, plus another one
with HTTP2HeaderDecodeStatus::HTTP2HeaderDecodeIntegerOverflow

This status is then checked by process_headers to create an
app-layer event.
 3 years ago
Philippe Antoine 334b1382e0 http: : fix int warnings 
Explicitly truncate file names to UINT16_MAX

Before, they got implicitly truncated, meaning a UINT16_MAX + 1
file name, went to 0 file name (because of modulo 65536)
 3 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 3 years ago
Philippe Antoine 6cb6225b28 tcp: rejects FIN+SYN packets as invalid 
Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.
 3 years ago
Philippe Antoine 98f84d5a9b http2: follow range requests 
Move the content-range parsing code to rust
 3 years ago
Philippe Antoine e82416a415 http/range: reassemble files from different flows with range 
adds a container, ie a thread safe hash table whose
key is the filename

keep a tree of unordered ranges, up to a memcap limit

adds HTPFileOpenWithRange to handle like HTPFileOpen
if there is a range : open 2 files, one for the whole reassembled,
and one only for the current range
 3 years ago
Philippe Antoine ca760e305c ipv6: decoder event on invalid length 
From RFC 2460, section 4.5,
each fragment, except the last one, must have a length
which is a multiple of 8
 4 years ago
frank honza f83d51d0cb ike: set event for multiple server proposals 4 years ago
Jeff Lucovsky 1ddad0a0d6 decode/events: VNTAG decoder events 4 years ago
Andreas Herz c93073c246 rules: add newer rule files to makefile for release tarball 4 years ago
frank honza ecdf9f6b0b ikev1: rename ikev2 to common ike 
Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.
 4 years ago
Philippe Antoine 7500c29300 decode: limits the number of decoded layers 
so as to avoid overrecursion leading to stack exhaustion
 4 years ago
Philippe Antoine d861228214 http2: decompression for files 
gzip and brotli decompression for files
 4 years ago
Jason Ish 8bd68478a4 rules/mqtt: renumber mqtt events to avoid conflict with ssh 
Both SSH and MQTT events were in the 2228000 range. As SSH was
added first, renumber MQTT events into the 2229000 range which is
free.
 4 years ago
Philippe Antoine caa7946888 smb: adds file overlap event against evasions 
Evasion scenario is
- a first dummy write of one byte at offset 0 is done
- the second full write of EICAR at offset 0 is then done
and does not trigger detection

The last write had the final value, and as we cannot "cancel"
the previous write, we set an event which is then transformed into
an app-layer decoder alert
 4 years ago
Jason Ish 2b1bbd08a3 rules/tls: sync with changes to the TLS events 
Sync rules with event changes in commit
01aef49cbd.
 5 years ago
Philippe Antoine 6694737fcf http2: settings from http1 upgrade 5 years ago
Philippe Antoine 1422b18a99 http2: initial support 5 years ago
Sascha Steinbiss c31360070b rust/mqtt: add MQTT parser 5 years ago
Philippe Antoine 5a98035bac rules: add SSH decoder events rules 5 years ago
Philippe Antoine 053c728871 http: adds debug check against too many warnings 5 years ago
Victor Julien 328a94206e decode/hdlc: initial support 5 years ago
Jason Ish ca5a3f0f04 dns: cleanup: remove unused events 
Removed events that are no longer used since the Rust
implementation of DNS:
- UnsolicitedResponse
- StateMemCapReached
- Flooded
 5 years ago
Jeff Lucovsky 130b8d26e7 smtp/mime: Set event when name exceeds limit 5 years ago
William Stearns 7e47fc58af rules: fix files.rules typo 5 years ago
Philippe Antoine af4f816204 http: sets compression bomb limit 6 years ago
Philippe Antoine 9cbf9ef7a4 HTTP new parser warning for Ambiguous C-L 6 years ago
Victor Julien c9c23d5cda htp: set lzma memlimit from config 6 years ago
Jason Ish e3cfc9fc4b rules: install dhcp-events.rules; order alphabetically 
Add dhcp-events.rules to Makefile.am so it gets installed.

Also order the rule files alphabetically for easier review.
 6 years ago
Philippe Antoine b5f3e03209 New app layer event for invalid http request line 
Handles logs from libhtp even if case of error
 6 years ago
Philippe Antoine 8a339e73d3 http: adds an event for double encoded uri 6 years ago
Philippe Antoine 3e12066819 http: adds events for each libhtp log 
Fixes #997
 6 years ago
Philippe Antoine b6b7778e2d http: adds event for header repetition 6 years ago
Jason Ish 275e8f280d rules: add mpls packet too small decoder rule 6 years ago
Philippe Antoine a1c6e091ac http: new event for auth unrecognized 
activates libhtp auth parsing
Fixes #984
 6 years ago
Pierre Chifflier 27b0775d27 rules: fix event names for ikev2 (weak authentication and DH parameters) 6 years ago
Victor Julien fa2ce043cf ipv6: disable zero len padN rule by default 6 years ago