aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,377 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c7b5c5fb5'
${ noResults }
Commit Graph

13377 Commits (5c7b5c5fb5f3e8afe6aeafca27b7ab7f88aef232)
 

Author SHA1 Message Date
Philippe Antoine 5c7b5c5fb5 krb: detection for ticket encryption 
As is done for logging.

Ticket: #5442
 3 years ago
Philippe Antoine 64b2385c64 krb: log for ticket encryption 
Also logs if the ticket encryption is weak.
It is different from the encryption used for the rest of the
packet, and this allows to detect kerberoasting attack.

Ticket: #5442
 3 years ago
Philippe Antoine 7fcc6696cb krb: rustfmt kerberos.rs 3 years ago
Philippe Antoine 675de33405 krb: bump up crate version 
kerberos parser crate is also used by other procotols : nfs and
smb. These protocols use an older der_parser crate version.
Upgrading der_parser will simplify the code further.
 3 years ago
Philippe Antoine 783dff2c38 krb: rustfmt detect.rs 3 years ago
Victor Julien 5fec07b87d flow: minor compiler warnings 
flow-util.c: In function 'FlowEndCountersRegister':
flow-util.c:294:34: warning: 'name' may be used uninitialized in this function [-Wmaybe-uninitialized]
  294 |         fec->flow_tcp_state[i] = StatsRegisterCounter(name, t);
      |                                  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 3 years ago
Jeff Lucovsky 4aa4ad3f74 stream/rules: add example rule for reassembly depth 
Issue: 3512
 3 years ago
Jeff Lucovsky e133ab029e stream/event: Trigger stream reassembly event 
Issue: 3512

This commit triggers the stream reassembly depth reached event.
 3 years ago
Jeff Lucovsky 1d8cc7791d general: Typo fixup 3 years ago
Jeff Lucovsky 6a039ab316 stream/event: New reassembly depth event 
Issue: 3512

This commit adds a stream event triggered when the stream assembly depth
is reached.
 3 years ago
Philippe Antoine e1e03c25c9 ci: update to macos latest 3 years ago
Jason Ish f3d3274e92 github-ci: enable nfqueue on fedora 36 build 3 years ago
Jason Ish c862e84c01 rust/frames: cleanups 
- Implement the Display trait on Direction to print "toserver" or
  "toclient" which used in a format string.

- Use Direction struct inside Frame instead of a u32.  Requires a helper
  method as there are two representation in C for direction, and the C
  methods for frames don't use the internal representation of the
  Direction enum (some sweeping changes could help here)
 3 years ago
Jason Ish f92708b8ca rust/frames: derive direction from StreamSlice 
On the Rust side, a Frame requires a StreamSlice to be created. We can
derive the direction from the StreamSlice removing the need for callers
to provide the direction when operating on the frame.
 3 years ago
Jason Ish b39d7f46e7 dns/tests: fix StreamSlice to satisfy debug validation 3 years ago
Philippe Antoine f3b6fd3329 quic: update to nom7 3 years ago
Philippe Antoine 95125811b8 quic: reassemble crypto frames and parse it 3 years ago
Philippe Antoine 301ab96a71 ci: have one github workflow with MSRV 3 years ago
Philippe Antoine 896f0d91ce quic: complete schema.json 
adding ja3 and extension fields
 3 years ago
Philippe Antoine f242fb7f22 quic: events and rules on them 3 years ago
Philippe Antoine b9c1d9e86b quic: parse gquic version Q039 
Ticket: #5166
 3 years ago
Philippe Antoine 018fef5ef8 quic: ja3 computation and logging and detection 
Logging as is done in TLS.

Detection using the generic generic ja3.string keyword

Ticket: #5143
 3 years ago
Philippe Antoine c6cf61a39b quic: complete parsing of initial for non gquic 
The format of initial packet for quic ietf, ie quic v1,
is described in rfc 9000, section 17.2.2

Parse more frames and logs interesting extensions from crypto frame

Do not try to parse encrypted data, ie after we have seen
a crypto frame in each direction.

Use sni from crypto frame with tls for detection already implemented

Ticket: #4967
 3 years ago
Philippe Antoine 7044131c39 quic: rustfmt 3 years ago
Philippe Antoine 0c346af4a9 rust: bump up digest crates 
so that we can use hkdf crate for quic
 3 years ago
Philippe Antoine 2294e9cdbc rdp: bump up tls-parser crate version 
so that we can use new functions in quic parser
 3 years ago
Juliana Fajardini 5f4bcfe313 detect/engine: fix typos in assorted files 3 years ago
Juliana Fajardini 58928b249d commandline: add alert-queue expand failure option 
For testing purposes. Meant to simulate a reallocation failure when
dynamically growing the alert queue in DetectEngineThreadCtx, so we can
check that Suri's behavior doesn't break under such circumstances.

Task #5319
 3 years ago
Victor Julien ebc2714e07 nflog: fix missing util-time include; cleanups 3 years ago
Victor Julien 09c0128138 nflog: update copyright years 3 years ago
Jeff Lucovsky e566563875 classification/config: Propagate validation errors 
Issue: #4554

This commit modifies the workflow to propagate classification parsing
errors when in test mode.

When not in test mode, errors continue to be displayed but they do not
halt Suricata execution.
 3 years ago
Jeff Lucovsky 2621c90ea1 classification/config: Raise error on validation errors 
This commit adds logic which raises an error if parse errors occur while
loading classification.config

Issue: 4554
 3 years ago
Jufajardini Reichow 61f9f0df55 userguide/rules/meta: minor formatting adjustments 3 years ago
Jufajardini Reichow 45f14bb97c userguide/rules: explain sid uniqueness within gid 
While Suri will throw an error if two signatures have the same `sid`
and no `gid`, or same `sid` and same `gid`, it will just accept same
`sid` for different `gid`s.

Related to

Task #5441
 3 years ago
Philippe Antoine 83a8cd80b2 detect: remove wrappers around DetectEngineInspectGenericList 3 years ago
Scott Jordan 7eaf1688b5 stream: fix StreamTcpSegmentForSession missing segments 
Bugfix, segment traversal was being initialized at root node, but
should have been started at the min node. Bug resulted in captures
missing segments left of root node.
 3 years ago
jason taylor 87990b138c doc: update priority wording userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor a7d739a05b doc: update to 80 char formatting userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 9bd55ff81b doc: metadata information update userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 563dc66837 doc: update priority information userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor f73a60eb89 doc: update reference section in userguide meta 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor e611ef5ccb doc: update userguide meta classtype information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 39bc56ec97 doc: update rev and gid userguide meta wording 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor b9cb66c58f doc: add clarity around userguide meta information 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 790ef9a53f doc: add sid reserved range reference 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 38a179d89d doc: add clarity to rule msg tips 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 299a931e49 doc: update example rule list 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor 98c29da6ec doc: add clarity to role wording 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor c0bdb6cc10 doc: meta keyword doc example rule update 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
jason taylor ca9e9009ba doc: add bsize keyword examples 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago