aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,421 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '61b73416e2'
${ noResults }
Commit Graph

13421 Commits (61b73416e27a07cab50743d69c1cf5cd7f07b45d)
 

Author SHA1 Message Date
Eric Leblond 9f4d59b3f7 detect/tag: add a tag for first packet 
We may need to know that a packet has been tagged but is the
first one (and thus is not tagged).
 3 years ago
Scott Jordan 6cfc3343e7 log/pcap: dump segments of both sides of tcp session. 
This patch updates tcp segment dumping to dump segments
from both sides of the session in order when capturing
alerts and tags.
 3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago
Eric Leblond faab853685 log/pcap and eve/alert: get pcap filename to support multi mode 
This patch adds a function to get the current pcap file name that
will be used to current packet. This patch also  updates EVE
alerts to add pcap output filename when pcap capture is done in
multi or normal mode.
 3 years ago
Eric Leblond 2317fd83ef log/pcap: fix typo in error message 3 years ago
Eric Leblond 3908166f91 stream: count realloc in memcap 
TCP memory cap was not taking into account the memory that can
be used by realloc of Packet headers in TCP segments.
 3 years ago
Eric Leblond 0f14c55e52 log/pcap: update copyright date 3 years ago
Eric Leblond 0c7e4c13a1 doc: add conditional pcap logging info 3 years ago
Eric Leblond 58ef7bcdee log/pcap: introduce tag as logging condition 
This patch adds the tag as logging condition. If this option is
used all tagged packets are written to the pcap.
 3 years ago
Eric Leblond 626fce0712 log/pcap: fix some indentation and white spaces 3 years ago
Eric Leblond cc04eef007 log/pcap: add support for tunnel logging 
In alert mode, we need to write the root packet to the pcap
file instead of the packet that did trigger the alert.
 3 years ago
Eric Leblond e7b1c52c1c log/pcap: add existing stream logging 
This patch update the alert mode of pcap logging.

It uses the packet header data added to the TCP segments
to build packets corresponding to the acked data that did trigger
the alert. It then write it to the pcap file before starting to
dump all packet for the flow that did alert.
 3 years ago
Eric Leblond b416a4455c stream: conditionally add packet header to segment 
This patch optionally adds packet header to the TCP segment
and update the for each segment function by changing the
callback.

This patch is based on the work by Scott Jordan <scottfgjordan@gmail.com>
 3 years ago
Eric Leblond 435557ee7f detect: add flag when packet is first with alert 
We add a flag to packet to be able to know if this packet was the
first one to get alerts on the flow.
 3 years ago
Eric Leblond 412ca5d64c log/pcap: add PcapWrite function 
It will be used later when multiple writing operations will be
necessary.
 3 years ago
Eric Leblond 4cab5e5262 log/pcap: conditional logging 
Add an option to only write to pcap packets with alerts and flow
that have alerted.
 3 years ago
Jason Ish 0b51022337 github-ci: remove fedora 34 build 
Fedora 34 goes EOL in early June. The checks in this build are already
covered by the 35 and 36 builds.
 3 years ago
Jason Ish 49647ad120 github-ci: bump fedora versions 
35 -> 36
34 -> 35
33 -> 34
 3 years ago
Jason Ish 3ea6572e22 rules: use primary default-rule-path if set on command line 
When reloading rules, respect `--set default-rule-path=...` from the
command line if set.

Previously the rule reload would always take the default-rule-path from
the configuration file, even if overrided on the command line.

Issue: #1911
 3 years ago
Juliana Fajardini 28ac75b505 detect/alert: directly increment alerts.discarded 
In the unlikely case of AlertQueueExpand failure, we were incrementing
the discarded alerts stats in AlertQueueAppend via the Packet member in the
DetectEngineThreadCtx, which may not be initialized yet.

Bug #5353
 3 years ago
Philippe Antoine d745d28d4a dcerpc: use vecdeque tx iterator 
Ticket: #5321
 3 years ago
dependabot[bot] 477a6f3dd2 github-actions: bump github/codeql-action from 2.1.9 to 2.1.11 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7502d6e991...a3a6c128d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
dependabot[bot] 90573dc9d4 github-actions: bump actions/upload-artifact from 3.0.0 to 3.1.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](6673cd052c...3cea537223)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Philippe Antoine 3051f7f23f protodetect: use both directions over UDP 
As is already done for TCP

Ticket: #2757
 3 years ago
Philippe Antoine edd163252d protodetect: be more tolerant 
Do not mask protocols on both directions with only first packet

For instance :
When the first packet is no valid DNS but on port 53 (a junk request)
second packet (error response from server) does not get checked for DNS
as first packet bit masked away DNS for both directions

Ticket: #2757
 3 years ago
Arne Welzel b6407c4253 stacktrace-on-signal: Use kill(getpid(), sig_num) 
kill(0, ...) re-raises the signal to every processes in the process
group which may impact unrelated processes.

Concretely, in our CI pipeline, a segfaulting Suricata process killed
the test driver.
 4 years ago
Jason Ish b5d1a80002 suricata.yaml: include version that generated this file 
Add a line to the configuration that says which version generated the
configuration file.  For example:

    # This configuration generated by:
    #     Suricata 7.0.0-dev

Issue: #4784
 4 years ago
Victor Julien 91b54f180d stream/segtree: improve docs, error handling 4 years ago
Victor Julien 5c76f787f9 streaming/buffer: add debug validation for 'impossible' condition 4 years ago
Victor Julien 79f0f2fde4 app-layer: make registration structure more compact 4 years ago
Victor Julien a57010d72d htp: minor format string fixes 4 years ago
Victor Julien 24d231315b datasets: constify some function args 4 years ago
Victor Julien 3444aec724 time: reduce scope of static string 4 years ago
Victor Julien 80124152c6 threshold: constify detect engine arg 4 years ago
Victor Julien 18e4e032db thash: reduce scope for var; suggested by cppcheck 4 years ago
Victor Julien 55de18c675 spm: constify badchars; suggested by cppcheck 4 years ago
Victor Julien 99f212bc8c radix: small cppcheck suggested cleanup 4 years ago
Victor Julien 750fed2101 packetpool: minor cleanup 4 years ago
Victor Julien 7b592076ff stream: minor code cleanups suggested by cppcheck 4 years ago
Victor Julien 65f54024d3 defrag: minor code cleanups suggested by cppcheck 4 years ago
Victor Julien 404face284 output/flow: no double var init 4 years ago
Victor Julien f9a5ceb0d8 smtp: minor code cleanup 4 years ago
Victor Julien a5df176956 app-layer: minor code cleanups suggested by cppcheck 4 years ago
Victor Julien 4403e7fe8e app-layer/expectation: reduce scope and init vars 4 years ago
Victor Julien 6c3222dee6 ftp: code clarifications 
src/app-layer-ftp.c:945:49: style: Parameter 'ftp_state' can be declared with const [constParameter]
static FTPTransaction *FTPGetOldestTx(FtpState *ftp_state, FTPTransaction *starttx)
                                                ^
 4 years ago
Victor Julien d484d0b45b util/byte: minor cleanup 4 years ago
Victor Julien 1957c46efc threads: remove usused code; wrap in guards 4 years ago
Victor Julien e593dda356 threads: remove unused function 4 years ago
Victor Julien b55c8909c3 unittests: wrap unittest registration in guards 4 years ago
Victor Julien 905050a053 app-layer/profiling: hide profiling code behind guards 4 years ago