aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,149 Commits
8 Branches
165 Tags
212 MiB
main-8.0.x
main-7.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4b09622ebc'
${ noResults }
Commit Graph

18149 Commits (4b09622ebc60d4aeabcf8d96b310dc8f668ee406)
 

Author SHA1 Message Date
Jason Ish 4b09622ebc rust/dhcp: convert to nom 8 
Ticket: #8036
 2 weeks ago
Philippe Antoine 854201703e util/var: add NULL check in VarNameStoreRegister 
And check return value in entropy keyword setup
 2 weeks ago
Philippe Antoine 6d703af505 detect: fix null deref with entropy keyword 
Ticket: 7959

Usage of entropy with base64_data led to NULL dereference
 2 weeks ago
Jason Ish 65e7e93f88 detect/http2: call correct free function on errors 
Fix cases where the wrong free function was being called in error
handlers.

DetectHTTP2sizeUpdateSetup was calling DetectHTTP2settingsFree instead
of DetectHTTP2sizeUpdateFree in error case.

Moving http2.priority and http2.window to multi-integers, instead
of basic integers only modified the Free callback, but the
Setup function was still using the direct call to old obsolete free
function.
Using the callback Free abstration in Setup, allows to be
consistent and have less code to change.
 2 weeks ago
Amir Boussejra 56c8db6cb6 flow-timeout: Use yaml config value for CAPTURE_BYPASSED flow 
Instead of non configurable constant FLOW_BYPASSED_TIMEOUT

Ticket: #8014
 2 weeks ago
Philippe Antoine 772bd9ca53 rust: reduce visibility of detect_parse_uint_notending 
It is meant as an internal function

Also document the function
 2 weeks ago
Philippe Antoine b636dffd5b detect: urilen keyword fails on trailing junk 
Fails especailly on 1<>2 which looks like a range, but is invalid
as too small, and ended up being accepted as =1

Ticket: 8028
 2 weeks ago
Philippe Antoine 2e9027fd5a plugins: update SC_API_VERSION to 9 
So that plugins built for 8 will fail to load with 9 as there
were already breaking changes in the structures and functions
prototypes
 2 weeks ago
Jhonny Sousa 9935af67d6 detect/filestore: Convert unittest to new FAIL/PASS API 
Ticket: #6317
 2 weeks ago
Jason Ish 16d313cb8b rust/applayertemplate: convert to nom 8 
Ticket: #8027
 2 weeks ago
Jason Ish f0f4d88119 rust/sip+sdp: update to nom 8 
Done together as there is a dependence of SDP by SIP.

Ticket: #8025
 2 weeks ago
Jason Ish 58564a4b0e rust/ftp: update to nom 8 
Ticket: #8026
 2 weeks ago
Jason Ish 54cc97b78e rust/dns: convert to nom 8.0 
Ticket: #8024
 2 weeks ago
Jason Ish 16c42da57e rust: add nom8 as a dependency 
For the update from nom 7 to nom 8.
 2 weeks ago
Jeff Lucovsky 7e0d6f4a1e detect/ip.src: Allow use with transforms 
This commit registers ip.src/ip.dst properly so they can be used with
transforms.

Issue: 8015
 2 weeks ago
Olusegun Fajobi 7455a2c6d7 detect/analyzer: added more details for the ttl keyword 
Ticket: #6310
 2 weeks ago
Olusegun Fajobi a16e87beeb detect-urilen: convert unittests to FAIL/PASS APIs 
Ticket: #6325
 3 weeks ago
Jhonny Sousa bdf292b816 rule/vars: convert unittests to new FAIL/PASS API 
Ticket: #6333
 3 weeks ago
Olusegun Fajobi 52715a00a0 threads: convert unittests for FAIL/PASS APIs 
Ticket: #6327
 3 weeks ago
Victor Julien 232f0572e0 detect: address intermittent UT crash on OpenBSD 
Add missing flow memset in test SCSigOrderingTest12 to avoid the crash.

Test SCSigOrderingTest12                                          : Info: unittest-helper: Sid 1 matched 1 times, as expected [UTHCheckPacketMatchResults:util-unittest-helper.c:638]
Info: unittest-helper: Sid 2 matched 1 times, as expected [UTHCheckPacketMatchResults:util-unittest-helper.c:638]
bash: line 144: 88567 Segmentation fault      (core dumped) ./src/suricata -u -l /tmp/

Bug: #8008.
 3 weeks ago
Olusegun Fajobi 66d4595349 ippair-storage: convert unittests to FAIL/PASS APIs 
Ticket: #6315
 3 weeks ago
Jason Ish 0990c9dbf6 rust: pin indexmap 
Newer indexmap, pulled in by serde_json requires Rust 1.82, so pin
pack to 2.11.4 which still works with Rust 1.75.
 4 weeks ago
Jeff Lucovsky 9a7a30f18e detect/dbv: Assert MT lock held 
Add a DBV assert to validate that the master->lock is held.

Suppress missing master->lock warning

Issue: 7819
 4 weeks ago
Jeff Lucovsky 46a53aee73 engine/mt: Ensure master lock held for reload 
Issue: 7819

DetectEngineReload must hold the `master->lock`; recent changes changed
the locking usages to avoid deadlock when registering/handling tenants.
These changes added the presumption that the master lock is held at a
higher level. Coverity highlighted that the lock is not held
consistently.
 4 weeks ago
David Wharton 9d2d1c4f8f doc: minor verbiage tweaks and reST fix 4 weeks ago
Philippe Antoine dc7874b2ac rust: bindgen more http range functions used in http2 
Ticket: 7667
 4 weeks ago
Philippe Antoine 842352c190 rust: bindgen SCHttpRangeFreeBlock 
Ticket: 7667
 4 weeks ago
Philippe Antoine 93785ae357 rust: bindgen SCHTTP2MimicHttp1Request 
Ticket: 7667
 4 weeks ago
Philippe Antoine a1613fecb4 detect: tcp.flags rejects non-sensical values 
ignored flags are only meaningful for equal mode
 4 weeks ago
Philippe Antoine 31e9cb55be detect: tcp.flags unit tests improvements 
Tests better the ignored flags functionality.
This functionality is only used at detection for default mode,
it is not used for any, plus or not mode.

So, have unit tests about igored flags with default mode with
both matching and non matching cases
 4 weeks ago
Philippe Antoine d8cb00e795 detect/tcp: make tcp.flags a generic integer with bitflags 
Ticket: 6724

Allows to use numerical values for example

Also fixes some unit tests that were returning 1 after goto error
FlagsTestParse05 especially took this path as
de->ignored_flags != (TH_SYN|TH_RST) was false
we had de->ignored_flags == 0xff ^ (TH_SYN|TH_RST)
And then, we had a match, instead of what the not-run code
was supposing.
 4 weeks ago
Philippe Antoine 1f9236a6d8 detect/ipv4: make fragbits a generic uint16 bitflags keyword 
Ticket: 6724

Allows to use numerical values
 4 weeks ago
Philippe Antoine 633180c93f detect/integers: generalize support for bitflags modifier 
Ticket: 6724

Allows sugar syntax for bitflags keywords.
While the expressivity does not increase, because we could already
use numerial values with all generic integer modes, this modifier
prefix is used with the strings, and follows the syntax
that is already used for fragbits and tcp.flags keyword.
 4 weeks ago
Olusegun Fajobi 2db1b93332 ippair-bit: Convert unittests to FAIL/PASS APIs 
Ticket: #6323
 4 weeks ago
Shivani Bhardwaj b090fc61fd applayer/tls: do not free SAN for decoding error 
SSL connp maintains all the state and certificate data that was
parsed/decoded successfully and it must retain that for later usage.
There should be just one place to free this object which is SSLStateFree
for both the directions. By freeing the connp data during parsing error,
there is room for memory errors.
This works so far because the field parsed after this cannot error out so
if there's an error parsing this, it anyway does not exist. However, this
is incorrect and leaves scope for mistakes.

Remove this extra free and treat SAN like all other TLS keywords.

Bug 7996
 4 weeks ago
Victor Julien 2f633be1a9 pcap-log: fix bpf-filter not set for multi mode 
Bug: #8002.
 4 weeks ago
Philippe Antoine f25194480c libhtp: fix newer clippy lints with newer MSRV 4 weeks ago
Jason Ish bc33bd49eb quic/crypto: remove use of GenericArray 
Its not needed, and gets rid of the deprecation warnings.
 4 weeks ago
Jason Ish bdfdf7ff33 rust: update deps with cargo-update 
Suppress deprecation warnings in quick/crypto.rs about GenericArray.
 4 weeks ago
Jason Ish 6fdf0d736b rust: update aes-gcm to 0.10.3 4 weeks ago
Jason Ish b9517de86e rust: update aes to 0.8.4 4 weeks ago
Philippe Antoine 4b69a31dc3 detect/integers: count argument for multi-integers 
Ticket: 7211

Allows to count the number of elements, without matching on
individual elements
 4 weeks ago
Philippe Antoine 047f1c5080 doc: fix enip_command name in json schema 
enip.command is not a keyword nor an alias
 4 weeks ago
Victor Julien 93c0409292 unittests: move http.cookie tests to FAIL/PASS API 1 month ago
Victor Julien 4af5520496 unittests: move http.stat_code tests to FAIL/PASS API 1 month ago
Victor Julien 8fe931e5ff unittests: convert http_raw_header tests to FAIL/PASS api 1 month ago
Victor Julien eb104389b1 unittests: move http.stat_msg tests to FAIL/PASS API 1 month ago
Victor Julien 5e14e4e58c unittests: move http.server_body tests to FAIL/PASS API 1 month ago
Victor Julien e1d3993659 unittests: clean up memory for host storage tests 1 month ago
Victor Julien 4c126a9d6c unittests: clean up memory for ippair storage tests 1 month ago