aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,980 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4d5d7b4bd3'
${ noResults }
Commit Graph

11980 Commits (4d5d7b4bd362e080024ad66ba27a0e2155397762)
 

Author SHA1 Message Date
Jason Ish 4d5d7b4bd3 eve/netflow: use generic json context 4 years ago
Jason Ish a68d50608b eve/flow: use generic json context 4 years ago
Jason Ish 67c4621bdb eve/ftp: use generic json context 
The FTP logger contained no extra data in its context so the
generic json context can be used.
 4 years ago
Jason Ish 2d78afe4b0 eve: refactor CreateEveHeaderWithTx to include common options 4 years ago
Jason Ish 06ba611667 eve cleanup: remove duplicate/redundant code 
The first change was to have CreateEveHeader add the common options
as this was left out in a few loggers. While update all the loggers
that use CreateEveHeader, remove redundant code, in particular
from loggers that don't need to use their own context but
can use the generic one.
 4 years ago
Jason Ish 64330498f8 eve/mqtt: fix mqtt logging with threaded eve 
Mqtt was not setting up a per-thread file context for logging
in threaded mode, leading a crash when used in threaded mode.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4404
 4 years ago
Jeff Lucovsky dd8eeb6353 general: Correct typos 4 years ago
Jeff Lucovsky 11ec61d0b4 thresholds: Improve validation of threshold.config 
This commit improves the handling of threshold.config. When used with
"-T", a non-zero return code occurs when the file cannot be validated.

To maintain legacy behavior, when "-T" is not used and threshold.config
contains one or more invalid lines, Suricata continues execution.
 4 years ago
Jeff Lucovsky cb03455c04 error: Add code for threshold config validation 
This commit adds a new warning code for threshold config file validation
failures.
 4 years ago
Eric Leblond a73b5f0ea5 eve/ike: restore common option logging 4 years ago
Philippe Antoine 2997be6707 sslv2: precise detection pattern with probing parser 4 years ago
Philippe Antoine e8415f249b fuzz: adds structure aware target 
so as not to fuzz libpcap
and generate structure aware signatures
 4 years ago
Philippe Antoine 0105d4f017 rust: bump bitflags dependency version 
So that lexical-core, needed by nom, and using bitflags
is used with version 0.7.5 instead of version 0.7.0
which fixed the fact that BITS is now a reserved keyword
in nightly version
 4 years ago
Philippe Antoine cb150e97d0 kerberos: fix probing parser tag condition 
according to the comment
 4 years ago
Jason Ish abb3cc85d5 install: better warning on install-full and don't fail 
If suricata-update is not available on "make install-full", don't
exit 1, instead give the reason why its not installed, but still
succeed the install.
 4 years ago
Victor Julien ae29804a28 github-ci: add libnet to ubuntu-20-04-cov-sv builder 4 years ago
Victor Julien 398ebf9345 eve/drop: use highest priority drop 
When adding the alert to a drop record make sure the add the highest
priority.

It would until now add all drops from high to low prio, effectively
overwriting the record each time.

Ticket #4397
 4 years ago
Victor Julien 6cf44fc839 detect/alert: apply pd only actions to flow 
Ticket #4394
 4 years ago
Victor Julien 6c594d29db detect/alert: minor code refactor 
Use a simpler reject check and move logic into util func.
 4 years ago
Victor Julien fbcdd2ec26 detect/iponly: don't check & set flow flags twice 
Per flow IP-only flags are checked and set by IP-only engine, so
no need to set/check them per alert.
 4 years ago
Victor Julien 55a0e29c8e eve/ike: gracefully handle renamed output config 4 years ago
frank honza ab59ef0d79 ikev1: add documentation for ikev1 4 years ago
Sascha Steinbiss 37940180a8 ikev1: add metadata to alerts 4 years ago
Sascha Steinbiss e2dbdd7fd5 ikev1: add ikev1 parser 4 years ago
frank honza ecdf9f6b0b ikev1: rename ikev2 to common ike 
Renaming was done with shell commands, git mv for moving the files and content like
find -iname '*.c' | xargs sed -i 's/ikev1/ike/g' respecting the different mixes of upper/lower case.
 4 years ago
frank honza ab6171c429 detect: added support for protocol-aliases 4 years ago
frank honza e9494ddd8f util: add function converting u8-array into a hex-String 4 years ago
frank honza b80cdae1df detect: add comparison-mode LTE/GTE for Detect(U32/u8)Data 4 years ago
Victor Julien c3075cba42 detect/analyzer: fix mpm display on payload only rules 4 years ago
Victor Julien 9dd1444f44 detect: suppress error message for pcre only rules 4 years ago
Victor Julien b55b327db1 detect/analyzer: suggest modern keywords 4 years ago
Victor Julien 57f7612ffd detect/analyzer: fix json output for warnings/notes 4 years ago
Victor Julien 018b9a0a8c detect/asn1: minor cleanups 4 years ago
Victor Julien 8b8cc697d5 detect/http-server-body: clean up test 4 years ago
Victor Julien 68f8b2f40f detect/icmp: reject invalid rules for icode/itype 4 years ago
Victor Julien 7d6835958b detect/prefilter: fix null ptr deref on invalid rule 
A bad rule 'icode:<0; prefilter;' would trigger a null ptr deref
in ApplyToU8Hash.

Bug #4375.
 4 years ago
Victor Julien e964643088 detect/state: fix reset bug 
Fix issue where after a reset the now empty list elements are not
reused and the values may not be valid for the current detect
engine anymore.

Introduce a 'current' (cur) pointer that points to the store element
currently being filled. This way existing stores will be reused.

If 'cur' is NULL and 'head' is not NULL it means we need to use
'tail' to append a new store.
 4 years ago
Victor Julien f766139159 detect/state: test to show reset bug 4 years ago
Victor Julien a808474d38 detect/state: minor code cleanup 4 years ago
Jason Ish 0aed5e188b filestore: fix global counter init in unix socket mode 
Move initialization of filestore global counter to PreRunInit,
so they get registered during program initialization, or as
required in unix-socket mode, initialized for each file run.

Fixes Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4216
 4 years ago
Philippe Antoine 8307010255 smb: relax probing parser to handle first NBSS message 
cf dcerpc-udp S-V test :
First message is Message Type: Session request (0x81)
Second message is SMB
 4 years ago
Philippe Antoine 660e9e489b protodetect: only run ProbingParserTc if STREAM_TOCLIENT 4 years ago
Philippe Antoine 52ea3fc7ac fuzz: more precise assertion for protocol detection 
Only in the cases of stream start is the assertion valable.
Otherwise, it can only be best effort.
 4 years ago
Philippe Antoine 1b6e81cd72 smb: probing parser for start and midstream 
The probing parser is more strict at the start of the stream
 4 years ago
Philippe Antoine 9dc5258a21 smb: split probing function for code style 
Introduces rs_smb_probe_tcp_midstream
 4 years ago
Philippe Antoine 2d765d6c68 detect: fix overflows in SetupU8Hash 
For instance ">255" resulted in overflow
 4 years ago
Philippe Antoine eb460cf78d ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL 
So that we cannot resumt it with corrupted values
 4 years ago
Philippe Antoine 89030d3e59 modbus: stop allocating transactions when flooded 
cf #4224
 4 years ago
Philippe Antoine ddb4d289ae icmpv6: bail out for icmpv6.hdr keyword if not ICMPv6 4 years ago
Jeff Lucovsky 538fc58b37 output/http2: Multi-threaded EVE logging support 
This commit adds multi-threaded EVE logging support to the HTTP/2
logging path.
 4 years ago