aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,372 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4c7f55e636'
${ noResults }
Commit Graph

11372 Commits (4c7f55e636e2c08f8d96c5e02b1a1f5c4045fd8f)
 

Author SHA1 Message Date
Emmanuel Thompson 627e90a4bd detect/asn1: Log out errors 
- Failure to parse asn1-max-frames
- Failure on asn1 detection checks
 5 years ago
Emmanuel Thompson 88601b1993 detect/asn1: Update relative_offset keyword 
- To be consistent with recent C version changes
- Add checks for over/underflows
 5 years ago
Emmanuel Thompson 275f6ae96f detect/asn1: Remove asn1 C parser 
- In favor of rust parser
 5 years ago
Emmanuel Thompson 7af6cdb7ec detect/asn1: Update asn1 C files to use rust code 
Mark rust extern "C" functions as pub in asn1 module to expose via cbindgen
Update detect-asn1.c/h to use rust functions
 5 years ago
Emmanuel Thompson 63704fdf13 rust/asn1: Introduce ASN1 rust module 
This module uses the `der-parser` crate to parse ASN1 objects in order to replace src/util-decode-asn1.c
It also handles the parsing of the asn1 keyword rules and detection checks performed in src/detect-asn1.c
 5 years ago
Emmanuel Thompson 6b8517dc12 rust: Update der, kerberos and snmp parser dependencies 
- The update to der-parser allows us to use the latest API changes
 5 years ago
Jeff Lucovsky dfcc8a88f6 util/proto: Convert validation routine to bool 
This commit changes the signature of the protocol validation code to
bool and simplifies the validation steps.
 5 years ago
Jeff Lucovsky 1e8d4af29a output/json: Improve protocol output handling 
Improve protocol label handling by eliminating an unneeded copy.

Additionally, unknown protocol values are no longer zero-padded.
 5 years ago
Jeff Lucovsky a06a706078 output/flow: Improve protocol output handling 
This commit improves handling of the protocol label by removing an
unnecessary copy.

Additionally, unknown protocol values are no longer zero-padded.
 5 years ago
Jeff Lucovsky 5776a98f67 log/syslog: Improve protocol output handling 
Move protocol handling outside of the packet alert loop.
 5 years ago
Jeff Lucovsky 0a1c36759a log: Use updated SCProtoNameValid signature 5 years ago
Jeff Lucovsky a843b36c97 output/lua: Remove unused proto code 
This commit removes unused protocol string handling logic.
 5 years ago
Jason Ish 43b9bfaed4 applayer template (rust): convert to JsonBuilder 5 years ago
Jason Ish d71fc50212 applayer template (C): convert to JsonBuilder 5 years ago
Shivani Bhardwaj 0ebeaf4fe4 modbus: align comments properly 5 years ago
Shivani Bhardwaj d5a672fbcf modbus: make subfunction uint16_t 5 years ago
Shivani Bhardwaj dfd872c1a7 enip: remove unnecessarry definition 5 years ago
Shivani Bhardwaj 0dac699197 src: remove multiple uses of atoi 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* functions.

Closes redmine ticket 3053.
 5 years ago
Victor Julien a98a209732 fuzz/sigpcap: make sure hassh is enabled 5 years ago
Vadym Malakhatko a80f705d4b userguide: add documentation for Hassh usage 
1. Rules keywords
2. Json keywords
3. Usage in lua
4. Enabling in configuration file
 5 years ago
Vadym Malakhatko 8a8212d0f6 lua: add functions to get hassh parameters 5 years ago
Vadym Malakhatko 126597144c eve: add Hassh fields to SSH JSON logger and add ssh log condition 5 years ago
Vadym Malakhatko 216a75c522 detect: add (mpm) hassh keywords 
Match on Hassh using ssh.hassh, ssh.hassh.server, ssh.hassh.string, ssh.hassh.server.string keywords, e.g:

alert ssh any any -> any any (msg:"match SSH hash"; ssh.hassh; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:1000010;)
alert ssh any any -> any any (msg:"match SSH hash-server"; ssh.hassh.server; content:"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; sid:1000020;)
alert ssh any any -> any any (msg:"match SSH hash-string"; ssh.hassh.string; content:"none,zlib@openssh.com,zlib"; sid:1000030;)
alert ssh any any -> any any (msg:"match SSH hash-server-string"; ssh.hassh.server.string; content:"umac-64-etm@openssh.com,umac-128-etm@openssh.com,"; sid:1000040;)
 5 years ago
Vadym Malakhatko 536cee3ba9 rust/ssh: add hassh generation 
Add generation of hassh fingerprints based on fields in the kexinit record
 5 years ago
Jeff Lucovsky f7a47a4477 detect/bsize: Use U16 bit macros 
This commit changes the flag bit values to be expressed using the
BIT_U16 macro instead with hex values.
 5 years ago
Jeff Lucovsky 39105917ce detect/bsize: Use SCLogDebug instead of printf 
This commit updates debug "printf" message to use SCLogDebug
 5 years ago
Jeff Lucovsky 620659b5f3 detect: Increase flag size for byte_jump 5 years ago
Jeff Lucovsky 23a65b5824 general: Fix typo in detect-bytejump.c 5 years ago
Jeff Lucovsky 0701d82890 detect/bytejump: Add "from_end" support 
This commit adds support for the byte jump "from_end" keyword and
unittests.
 5 years ago
Jeff Lucovsky d5bb41011c output/ikev2: Convert to JsonBuilder 
Convert the IKEV2 Json logging to use JsonBuilder.
 5 years ago
Philippe Antoine 1e8ac7dadb dnp3: adds unit test against previous bug 5 years ago
Philippe Antoine d465bb8686 dnp3: fix buffer over read in responses parsing 5 years ago
Philippe Antoine 629a16e373 dnp3: probing parser fixes direction based on dnp3 header 5 years ago
Philippe Antoine a90b1c1bcb fuzz: disable DNP3 checksums while fuzzing 5 years ago
Philippe Antoine 00509da286 fuzz: improves fuzz target applayerparserparse 
Does not proceed final chunk if we got an error previously
Flips the direction for last chunk as usual
 5 years ago
Victor Julien b440d0b13e flow: use stream state to string util func 5 years ago
Victor Julien 1b0319ea98 stream: add state to string funcs 5 years ago
Victor Julien 6608b9a5f3 app-layer: set EOF flag in case of unsupported GAP 
If GAP is not supported set EOF flags in the parser.
 5 years ago
Victor Julien 54d2f2c300 flow: improve 'under stress' behavior 
When under stress, the packet threads ultimately fall back
to walking the hash table until they find a flow they can
safely evict and reuse. This could lead to all threads
fighting over the FlowBucket locks.

Fix by adding a limit to the number of hash rows that are
checked for a new flow. If the limit is reached, simply fail
to get a flow.
 5 years ago
Victor Julien c50ef8cc21 flow: fix TCP closed default initialization 
TCP closed state was initialized to 0 by default.

Clean up 'closed' value setting for other protocols and the common
default.
 5 years ago
Victor Julien 3bba671273 flow: remove unused function declaration 5 years ago
Victor Julien cba8efff2a flow: remove unused sctp enum member 
This caused some arrays to be larger than needed.
 5 years ago
Victor Julien c2561b2655 flow: cleanup validation check 5 years ago
Victor Julien 65e9a7c31c smb: fix 'dangling' files in lossy sessions 
In case of lossy connections the SMB state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.

This would lead these files staying in the SMB's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.

This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.
 5 years ago
Victor Julien 25f2efe977 smb: check post-gap timeouts once a second at most 5 years ago
Victor Julien 8aa380600d smb: update ts only if it changed 5 years ago
Jeff Lucovsky 8c5c949cfa output/tftp: Convert to JsonBuilder 
This commit converts the TFTP logging mechanisms to JsonBuilder.
 5 years ago
Philippe Antoine 5ac8e41a13 signature: fix linked list for bidirectional signatures 
Bidirectional signatures are really two signatures with one id
This needs to be handled with care when changing a linked list
 5 years ago
Philippe Antoine ac76ff9e47 detect: fail properly on invalid transform pcrexform 5 years ago
Antti Tönkyrä 57d0f4bb6f detect/flowbits: fix stack overflow in analyzer 
Fix stack overflow in DetectFlowbitsAnalyze.

Use dynamically allocated array instead of stack and free
it after it is no longer needed.
 5 years ago