aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,780 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5499a6f7cd'
${ noResults }
Commit Graph

11780 Commits (5499a6f7cd2265072945dbb3b5a61e2a5e1f7ad1)
 

Author SHA1 Message Date
Victor Julien f21a4bc40e datasets: remove experimental warning 4 years ago
Shivani Bhardwaj 87617b200c doc/datasets: add info about memcap and hashsize 4 years ago
Shivani Bhardwaj 1286b0a8f1 datasets: parse defaults section from yaml 
Datasets can now have a global defaults setting in suricata.yaml. In
case the settings for memcap and hashsize are not find in the yaml or
rule, this shall be the fallback.

Example:

datasets:
  defaults:
    memcap: 100mb
    hashsize: 2048
  ua-seen:
    type: string
    load: datasets.csv
 4 years ago
Shivani Bhardwaj 5ac94fc407 datasets: allow memcap, hashsize be set via yaml or rule 
It is now possible to set the memcap and hashsize via suricata.yaml and
rules.

Rule example:

alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 100mb,hashsize 2048; sid:1;)

suricata.yaml example:

datasets:
  ua-seen:
    type: string
    load: datasets.csv
    memcap: 20mb
    hashsize: 2048
 4 years ago
Shivani Bhardwaj b2482d6c60 datasets: allow max possible memcap while loading 
While using the "load" option of datasets, it should be possible to load
any file from the disk, so set the limit to highest possible.
 4 years ago
Jason Ish 2b1bbd08a3 rules/tls: sync with changes to the TLS events 
Sync rules with event changes in commit
01aef49cbd.
 4 years ago
Jeff Lucovsky ce603d662f log/eve: Ensure eve logs have sequential suffixes 
This commit ensures that the eve logs have sequential suffixes without
gaps.
 4 years ago
Jeff Lucovsky ad2e18be3e atomics: Add "decl and init with value" function 
This commit adds an interface to declare and initialize an atomic with a
specific value. This can help with situations where there's no defined
initialization path to set things up.
 4 years ago
Jeff Lucovsky 8395a9201e log: Ensure threaded eve honors SIGHUP 
This commit ensures that all logging contexts register for the file
rotation mechanism (SIGHUP and configured).
 4 years ago
Jason Ish 7d44e80a50 doc: document removal of unified2 
And suggest an alternate tool, Meer if compatibility with
Barnyard2 style databases is required.

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3497
 4 years ago
Jason Ish e71f2b22fa doc: add removal of individual json loggers 
Add link to multiple eve instances as a replacement for this
feature.
 4 years ago
Philippe Antoine 9b5c923327 http: disables lzma by default for HTTP 4 years ago
Philippe Antoine 6694737fcf http2: settings from http1 upgrade 4 years ago
Philippe Antoine 7011bddf84 http2: mimic HTTP1 request from upgrade 4 years ago
Philippe Antoine 9d1b030ff0 http2: first connection upgrade from http1 4 years ago
Philippe Antoine 9185a90fc9 dnp3: fix unit tests when fuzzing 4 years ago
Philippe Antoine 82f1758573 applayer: keep running detection on protocol change 
ie do not stop on first try if we do not have enough data
 4 years ago
Philippe Antoine 21e741795d applayer: on protocol change, use previous state 4 years ago
Philippe Antoine 828ff2dc3c http: removal of connect unit tests 
moved to suricata-verify
 4 years ago
Philippe Antoine 547d6c2d78 applayer: pass parameter to StateAlloc 
This parameter is NULL or the pointer to the previous state
for the previous protocol in the case of a protocol change,
for instance from HTTP1 to HTTP2

This way, the new protocol can use the old protocol context.
For instance, HTTP2 mimicks the HTTP1 request, to have a HTTP2
transaction with both request and response
 4 years ago
Sascha Steinbiss ed9fed4958 mqtt: add some extra tests for varint parsing 4 years ago
Philippe Antoine 1a88df7e88 http2: handles incomplete frames after banner 
To signal incomplete data, we must return the number of
consumed bytes. When we get a banner and some records, we have
to take into account the number of bytes already consumed by
the banner parsing before reaching an incomplete record.
 4 years ago
Philippe Antoine 7ab9a01db2 mqtt: limit size of variable integer 4 years ago
Jason Ish c4d0a61eca datasets: fix dataset load path construction 
Test the full path instead of just the filename provided in the
rule to see if it exists.

Fixes the case where a rule file is loaded from a directory
other than the default-rule-directory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3916
 4 years ago
Philippe Antoine e3b28bcf2a http2: returns error in case of index 0 
As is documented in RFC 7541, section 6.1
The index value of 0 is not used.  It MUST be treated as a decoding
error if found in an indexed header field representation.
 4 years ago
Philippe Antoine 9788b2ec8d signature: frees transform options in SigMatchPrepare 4 years ago
Philippe Antoine 1674239442 detect: checks for overflow when comparing signatures priorities 4 years ago
Victor Julien abca451901 flow: suppress Coverity FP 4 years ago
Victor Julien 204302cbac flow: minor code cleanup 4 years ago
Victor Julien 42ce297e0e flow: turn BUG_ON into debug check 4 years ago
Eric Leblond 6494abc6b1 ebpf: fix invalid description in doc string 4 years ago
Victor Julien e1ecb7dc41 doc/datasets: explain reloads, general improvements 4 years ago
Victor Julien 6492fe0841 detect/app-layer-events: improve warnings/errors 
Improve handling of outdated events that are no longer supported by the engine.
 4 years ago
Eric Leblond 48c30efd34 prscript: port to python 3 4 years ago
Victor Julien 8cd82486e2 flow/bypass: don't bypass on flow timeout pseudo packets 4 years ago
Jason Ish cc2c7b731a rule parsing: valid that input rule string is UTF8 
Before parsing a rule string, validate that it is UTF-8 first.

Related Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3850
 4 years ago
Jason Ish e9fec043b5 rust/util: expose function to test strings for valid UTF-8 
rs_check_utf8 will check that the provided string is valid
UTF-8 by converting it to a Rust string and returning true
or false.
 4 years ago
Jason Ish 583593aa1b http/eve: use set_string_from_bytes where appropriate 
The JsonBuilder set_string_from_bytes will escape unprintable
characters in the output stream. Using BytesToStringBuffer
can generate invalid UTF-8 which prevents the conversion from
a C string to a Rust string.
 4 years ago
Victor Julien d6cf4b3335 detect/dataset: error if set couldn't be fully loaded 4 years ago
Victor Julien 017c038bcb datasets: free old data when reusing a hash container 4 years ago
Jeff Lucovsky 00f77f9643 log: Log errors while writing log info 
This commit adds logic to log errors during output. Errors are logged
once and the number of errors is maintained.
 4 years ago
Jeff Lucovsky b9458adf8a log: Add log output error code 4 years ago
Jeff Lucovsky 6cdd87f5ad log: Use unlocked variants of stdio functions 
This commit uses the unlocked variants of additional stdio functions
 4 years ago
Jeff Lucovsky 3c91e14352 log: Add more stdio_unlocked macros 
This commit adds additional macros for interfaces in stdio_unlocked
according to their local availability.
 4 years ago
Victor Julien fa0b91b18f error: reformat enum 4 years ago
Victor Julien fbdc776525 app-layer: handle parser return code issues more gracefully 4 years ago
Victor Julien 5155982ba5 pcap: fix minor scan-build warnings 4 years ago
Victor Julien aac2b9dbb9 commandline: add static analyzer hint for -r parsing 4 years ago
Victor Julien 71297f575f commandline: minor formatting fixes 4 years ago
Jeff Lucovsky 9efb936697 general: Improve grammar in error messages 
This commit corrects a minor grammar issue in address/port error
messages.
 4 years ago