6224e283fa 
								
							
								 
							
						 
						
							
							
								
								modbus: bump up rust crate version  
							
							... 
							
							
							
							So that probing parser is more strict and does not accept unknown
function code as valid modbus.
Ticket: #5377  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								c8a5207083 
								
							
								 
							
						 
						
							
							
								
								detect: introduce "like" ip-only signature type  
							
							... 
							
							
							
							Rules that look like they should be IP-only but contain a negated rule
address are now marked with an LIKE_IPONLY flag. This is so they are
treated like IPONLY rules with respect to flow action, but don't
interfere with other IPONLY processing like using the radix tree.
Ticket: #5361  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								d5abaf0b38 
								
							
								 
							
						 
						
							
							
								
								decode: fix integer warning  
							
							... 
							
							
							
							Newly introduced warning.
Regular cast as value is checked just before.
Ticket: #4516  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								717e51b7cf 
								
							
								 
							
						 
						
							
							
								
								defrag: fix integer warnings  
							
							... 
							
							
							
							Ticket: #4516  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								2d761810db 
								
							
								 
							
						 
						
							
							
								
								rust: cbindgen first verifies existing bindings  
							
							... 
							
							
							
							So as not to recompile every C file inclusing rust.h 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								ced96a8aad 
								
							
								 
							
						 
						
							
							
								
								detect: parsing avoiding infinite loop  
							
							... 
							
							
							
							by comparing size_t to strlen result
Instead of uint16_t which would loop
Ticket: #5310  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								875eb58fb0 
								
							
								 
							
						 
						
							
							
								
								file: use functions on fd to avoid toctou  
							
							... 
							
							
							
							Ticket: #5308  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								ecb8dd4de0 
								
							
								 
							
						 
						
							
							
								
								util: check for unsigned overflow in rohash  
							
							... 
							
							
							
							To make CodeQL happy 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								adda8801d8 
								
							
								 
							
						 
						
							
							
								
								conf: remove ConfGetValue  
							
							... 
							
							
							
							All uses of ConfGetValue are satisfied by ConfGet 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								5bd19135b0 
								
							
								 
							
						 
						
							
							
								
								util: remove malloc from streaming buffer config  
							
							... 
							
							
							
							as it is unused 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								0dd7c23fa0 
								
							
								 
							
						 
						
							
							
								
								github-actions: bump actions/cache from 3.0.2 to 3.0.3  
							
							... 
							
							
							
							Bumps [actions/cache](https://github.com/actions/cache ) from 3.0.2 to 3.0.3.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](48af2dc4a9...30f413bfed 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								db73a12540 
								
							
								 
							
						 
						
							
							
								
								doc/tls: Add documentation for TLS logging  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								f42bb45ccd 
								
							
								 
							
						 
						
							
							
								
								doc/tls: Remove redundant example  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								e9976a0e14 
								
							
								 
							
						 
						
							
							
								
								suricata.yaml.in: Fix default value of prealloc-sessions  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								324f5ec10c 
								
							
								 
							
						 
						
							
							
								
								doc: Add missing ")" in example  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								32b39d054f 
								
							
								 
							
						 
						
							
							
								
								suricata.yaml.in: Remove duplicate "with" in comment.  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								e4163c4e02 
								
							
								 
							
						 
						
							
							
								
								doc: Fix typos  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								49bd6cfa5d 
								
							
								 
							
						 
						
							
							
								
								doc: Fix broken link  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								284ad462fc 
								
							
								 
							
						 
						
							
							
								
								output: adds schema.json  
							
							... 
							
							
							
							Ticket: #1369  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								ebf0629615 
								
							
								 
							
						 
						
							
							
								
								log-pcap: remove tunnel locks  
							
							... 
							
							
							
							The tunnel lock mutex only "protects" the tunnel synchronization,
not the packet data, length or datalink fields. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								e7ab96c389 
								
							
								 
							
						 
						
							
							
								
								nflog: fix datalink compile issue  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								43d28f251f 
								
							
								 
							
						 
						
							
							
								
								util/action: convert unittests to FAIL/PASS API  
							
							... 
							
							
							
							Task #5371  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								9b9b6aa2ce 
								
							
								 
							
						 
						
							
							
								
								util/action: unittests clean-up (to sv tests)  
							
							... 
							
							
							
							Removing all unittests that work better as suricata-verify tests.
Task #5371  
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								4ed6c928aa 
								
							
								 
							
						 
						
							
							
								
								unittest: minor helper cleanup  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								41b5364511 
								
							
								 
							
						 
						
							
							
								
								detect/parse: cleanup test  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								a437dde739 
								
							
								 
							
						 
						
							
							
								
								detect: parsing test cleanups/improvements  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								e738b10e23 
								
							
								 
							
						 
						
							
							
								
								host-os-info: add test to show mixed ipv4/ipv6  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								f3d887310c 
								
							
								 
							
						 
						
							
							
								
								rule/vars: clean up tests  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								1b65af2867 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: minor code cleanup  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								beecc1890f 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: include postmatch in determination  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								4b097460c2 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: simplify handling of 'any' parsing  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								ffef10c5d7 
								
							
								 
							
						 
						
							
							
								
								detect: address parsing variable rename to match code style  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								51ef6f4e3a 
								
							
								 
							
						 
						
							
							
								
								detect/iponly: remove unused code  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								6ccc01a79c 
								
							
								 
							
						 
						
							
							
								
								rust: fix doc comments that trigger rust warnings  
							
							... 
							
							
							
							Rust generates warnings that are treated as errors for documentation
blocks before `extern` blocks. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								fbbf23b930 
								
							
								 
							
						 
						
							
							
								
								github-actions: bump ossf/scorecard-action from 1.0.4 to 1.1.0  
							
							... 
							
							
							
							Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](c1aec4ac82...5c8bc69dc8 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								f4f63ebff8 
								
							
								 
							
						 
						
							
							
								
								stream: add packet header outside of lock  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								419920288c 
								
							
								 
							
						 
						
							
							
								
								log/pcap: open handles outside of lock  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								c751c45850 
								
							
								 
							
						 
						
							
							
								
								log/pcap: add buffer timeout  
							
							... 
							
							
							
							Set timeout for pcap log so that packets do not sit
in buffer. Set default to one second. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								2bf3172dd1 
								
							
								 
							
						 
						
							
							
								
								stream: memcap tracking for TcpSegment alloc  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								47a5e6356d 
								
							
								 
							
						 
						
							
							
								
								log/pcap: handle case of multiple link types  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								2c2fc6cd91 
								
							
								 
							
						 
						
							
							
								
								flow: set datalink for pseudo packet  
							
							... 
							
							
							
							Set pseudo packet datalink to the global one. This fixes the case
where the pcap handle is open with information coming from a
pseudo packet. Without this, we did end up in most cases with
an Ethernet packet being written in a Raw pcap. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								1c2fba57f8 
								
							
								 
							
						 
						
							
							
								
								suricata: introduce global linktype  
							
							... 
							
							
							
							As Suricata is not supporting pcap-ng we have to stick with one single
datalink type for the capture if ever we want to do pcap logging.
Assuming this, this patch introduces a function to set the link
type globally. This will be used with pcap conditional logging
to get the logging of TCP segments with the correct link type. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								584136ecb7 
								
							
								 
							
						 
						
							
							
								
								log/pcap: log segments for pseudo packets  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								8f0ef48e82 
								
							
								 
							
						 
						
							
							
								
								log/pcap: fix conditional pcap in tag mode  
							
							... 
							
							
							
							We were missing the first packet when using condition pcap logging
in tag mode as it was not tagged. As a result we were not getting
the stream data triggering the alert in the pcap file. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								9f4d59b3f7 
								
							
								 
							
						 
						
							
							
								
								detect/tag: add a tag for first packet  
							
							... 
							
							
							
							We may need to know that a packet has been tagged but is the
first one (and thus is not tagged). 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								6cfc3343e7 
								
							
								 
							
						 
						
							
							
								
								log/pcap: dump segments of both sides of tcp session.  
							
							... 
							
							
							
							This patch updates tcp segment dumping to dump segments
from both sides of the session in order when capturing
alerts and tags. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								6f06f7c22c 
								
							
								 
							
						 
						
							
							
								
								doc: add info about capture_file key  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								faab853685 
								
							
								 
							
						 
						
							
							
								
								log/pcap and eve/alert: get pcap filename to support multi mode  
							
							... 
							
							
							
							This patch adds a function to get the current pcap file name that
will be used to current packet. This patch also  updates EVE
alerts to add pcap output filename when pcap capture is done in
multi or normal mode. 
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								2317fd83ef 
								
							
								 
							
						 
						
							
							
								
								log/pcap: fix typo in error message  
							
							
							
						 
						
							3 years ago  
				
					
						
							
							
								 
						
							
							
								3908166f91 
								
							
								 
							
						 
						
							
							
								
								stream: count realloc in memcap  
							
							... 
							
							
							
							TCP memory cap was not taking into account the memory that can
be used by realloc of Packet headers in TCP segments. 
							
						 
						
							3 years ago