aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,780 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5499a6f7cd'
${ noResults }
Commit Graph

11780 Commits (5499a6f7cd2265072945dbb3b5a61e2a5e1f7ad1)
 

Author SHA1 Message Date
Jason Ish ff674d0cd0 mqtt: set unidirection transaction flag 4 years ago
Jason Ish 54d5f336d4 sip: set unidirection transaction flag 4 years ago
Jason Ish 1d40d0c5f9 rdp: set unidirection transaction flag 4 years ago
Jason Ish f7dee602e9 krb5: set unidirection transaction flag 4 years ago
Jason Ish 984d3c7f20 ntp: set unidirection transaction flag 4 years ago
Jason Ish fc7d59d92f snmp: set unidirectional transaction flag 4 years ago
Jason Ish 60ebc27c4e app-layer: handle unidirectional transactions 4 years ago
Philippe Antoine 2eacc6a9a8 ssl: adds safety checks 
Ensure the client version is valid by checking hello flags

Ensure no integer underflow occurs in SSLv3ParseHandshakeType
 4 years ago
Jeff Lucovsky 4624e66cdd detect/transform: Validator for compress-ws 
This commit adds a buffer validator for compress whitespace. Buffers
containing two or more consecutive whitespace characters are invalid
with this transform.
 4 years ago
Jeff Lucovsky 30b1d7a9c1 detect: Correct typo 4 years ago
Jeff Lucovsky 7ab986250a detect/file-data: Apply transforms on file_data 
This commit cause transforms to be applied on the sticky buffer.
 4 years ago
Victor Julien e07a4393a9 http: error check htp_list_size 
This avoids a potential casting to uint64_t of -1, leading to a very
high upper bound of the tx loop.
 4 years ago
Jeff Lucovsky 6f9b7e052a doc/eve: Update threaded filename examples 4 years ago
Jeff Lucovsky 8f009cf9b5 output/json: Update threaded filename example 4 years ago
Jeff Lucovsky a75e9667ce log/eve: Threaded filename change: eve.N.json 
This commit changes the name of the file used with threaded eve logging
to better support log rotation

Instead of using "eve.json.N" and creating potential issues with log
rotation (which also uses a ".N" suffix), the eve logs will be named
"eve.N.json" when threaded.
 4 years ago
Jeff Lucovsky 73567272cd path: SCBasename - function to return basename 
This commit returns the basename of a file, if it exists
in the same way that `basename(1)` works.
 4 years ago
Jeff Lucovsky db9776af64 detect/rules: Fix copy/paste error 
This commit corrects a copy/paste error handling the `include-mpm-stats`
configuration setting.
 4 years ago
Jeff Lucovsky 41967a53ec detect: Apply clang-format updates 4 years ago
Jeff Lucovsky d911fb87b8 detect/rules: Increase array size to remove SEGV 
This commit changes the size of reporting variables to be dynamic based
on the buffer ids in use instead of a fixed value to address a SEGV when
the fixed value was less than the max buffer/type id in use.
 4 years ago
Jason Ish 13049ae09d scripts/setup-app-layer: fix rust generation 
Fix Rust app-layer generation. Main parser file was being named
gopher.rs instead of the name of the protocol.
 4 years ago
Philippe Antoine 64fcba228b http2: complete parsing of priority frames 4 years ago
Philippe Antoine c300a859a0 http2: keep track of dynamic headers table size 
And evict entries accordingly to maximum size
 4 years ago
Philippe Antoine 1a21eea0e9 http2: variable size integers decoded everywhere 4 years ago
Philippe Antoine b21acfbf21 http2: StreamIdReuse frame types exceptions 
Also handles better the state so as not to revert from
HTTP2StateHalfClosedClient to HTTP2StateDataServer and not
go to final HTTP2StateClosed
 4 years ago
Philippe Antoine 89573060d9 http2: use variable integer for headers lengths 4 years ago
Philippe Antoine d57275fa64 protodetect: rerun probing parser if pattern matched 
If a pattern matches in the other direction, after
probing parser finished without finding a protocol,
we will rerun the probing parser, which will include
the newly protocol found by its pattern
 4 years ago
Philippe Antoine 5f348e9907 protodetect: runs probing parser on protocol found 
It a protocol is found in a first direction, we should run the
probing parser, even if it is not in the known ports.

That can happen for HTTP2, where client magic is detected,
then server probe can be run
 4 years ago
Philippe Antoine 518e0e66cb applayer: fix a leak in protocol change 
TCPProtoDetect can either set f->alproto, change f->alstate
and return error.

When the original alstate gets freed, we shall set the pointer
to NULL, as it can get reused.
 4 years ago
Shivani Bhardwaj 97c67cd5ce dcerpc: fix gap handling 
This patch addresses issues discovered by redmine ticket 3896. With the
approach of finding latest record, there was a chance that no record was
found at all and consumed + needed became input length.

e.g.
input_len = 1000
input = 01 05 00 02 00 03 a5 56 00 00 .....

There exists no |05 00| identifier in the rest of the record. After
having parsed |05 00|, there was a search for another record with the
leftover data. Current data length at this point would be 997. Since the
identifier was not found in the data, we calculate the consumed bytes at
this point i.e. consumed = current_data.len() - 1 which would be 996.
Needed bytes still stay at a constant of 2. So, consumed + needed = 996
+ 2 = 998 which is lesser than initial input length of 1000 and hence
the assertion fails.

There could be two fixes to this problem.
1. Finding the latest record but making use of the last found record in
   case no new record was found.
2. Always use the earliest record.

This patch takes the approach (2). It also makes sure that the gap and
current direction are the same.
 4 years ago
Philippe Antoine 4f963717f8 fuzz: better configure checks for MSAN building 
More compatible check for rust nightly
Checks for CARGO_BUILD_TARGET
Builds release or debug mode independently
 4 years ago
Jeff Lucovsky bb71eac9f9 log/anomaly: Move metadata out of anomaly section 
This commit moves the metadata from the anomaly object where it was
incorrectly located.
 4 years ago
Jason Ish f70e1f571e doc/userguide: add info about --set and lists 4 years ago
Victor Julien daffcc6e53 app-layer: improve depth handling 
Consider txs inspected and done for a direction after depth is reached for
that direction.
 4 years ago
Victor Julien a5a46795bd stream: make sure to call app-layer in case of depth reached 4 years ago
Victor Julien 5d985c4271 dcerpc: implement tx free function 4 years ago
Victor Julien 8b2886635f dcerpc/tcp: implement trunc logic 
When one side of the connection reaches the STREAM_DEPTH condition the
parser should be aware of this. Otherwise transactions will forever be
waiting for data in that direction.
 4 years ago
Victor Julien 4da0d9bdea applayer/rust: expose truncate callback 4 years ago
Victor Julien 2cfa35ccc9 app-layer: don't check tx detect flags if detect is disabled 4 years ago
Victor Julien 34e83b8acf stream: remove GAP flag from stream 
This flag was checked in many places, but never set expect in 2 unittests.
 4 years ago
Jeff Lucovsky c5ace81a27 log/eve: Rename fileinfo alert object to files 
This commit changes the name of the "fileinfo" array in the alert object
to "files" to better support legacy use of "fileinfo" in reporting and
elsewhere.

The "fileinfo" event type is not an array while the alert "fileinfo"
member was.
 4 years ago
Jason Ish 69fffb2dc4 doc/userguide: include man page even when not including pdf 
Fix a mistake in Makefile.am where the man page was only being
added to the distribution if the PDF was also created. It should
be included even if the PDF cannot be included.
 4 years ago
Shivani Bhardwaj 301454e9e4 dcerpc: fix datatypes while handling stub data 4 years ago
Shivani Bhardwaj 3fd9a3d420 dcerpc: fix datatype for stub data len 4 years ago
Philippe Antoine 222b386102 rust: rebuilds std when building fuzzers 
so as to have MSAN working
 4 years ago
Victor Julien 2bef41a630 version: continue 6 development 4 years ago
Victor Julien 914391697a version: update to 6.0.0-rc1 4 years ago
Victor Julien 990dfdac6b changelog: update for 6.0.0-rc1 4 years ago
Philippe Antoine 15447cc672 dceprc: signature rust check with is_char_boundary 
before calling split_at which would panic
 4 years ago
Shivani Bhardwaj 98285177ba datasets: use default memcap 4 years ago
Philippe Antoine 872de829ea detect: initialize pointer before calling pcre_study 
So as not to check an uninitialized value
Found by MSAN
 4 years ago