aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,137 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7384744c3e'
${ noResults }
Commit Graph

10137 Commits (7384744c3e52977b8db8a451df7f15a06cb8a2b8)
 

Author SHA1 Message Date
Victor Julien 7384744c3e detect: fix FP on ICMP unreachable errors 
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.

The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.

This all would lead to a false positive match.

This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.

Bug #2769.
 5 years ago
Jeff Lucovsky 240520a3cc main: fix typo in output 5 years ago
Jeff Lucovsky ef327ab194 stream/tcp: correct spelling typos 5 years ago
Victor Julien bc2267f131 stream/tcp: support TCP fast open 5 years ago
Victor Julien 8f8581beda decode/tcp: TCP fast open option decoding 
Support both regular TFO and TFO as part of the experimental
options support.
 5 years ago
Philippe Antoine c775a4af43 signature: fixes leak with duplicate signatures 5 years ago
Philippe Antoine 63deb8862f boyermoore: optimization with one alloc less 
Fixes #1220
 5 years ago
Philippe Antoine 5ff50773bd detectproto: adding missing probing parsers 
In direction TO_CLIENT for symetric protocols
 5 years ago
Eric Leblond cf98b0223e detect-geoip: add info for list keywords 5 years ago
Eric Leblond 08397e07f1 doc: fix typos in geoip doc 5 years ago
Eric Leblond 0d5608bab2 doc: fix display of icmp code and type array 5 years ago
Eric Leblond 0c84591afe doc: use a table to list direction filter in geoip 5 years ago
Eric Leblond c01cadbade doc: fix geoip syntax 
Spaces are not allowed before country code.
 5 years ago
Shivani Bhardwaj 9d6f1d318a unix/socket: Add rev date to version info 5 years ago
Vinjar Hillestad 4c18fee3c6 Documenting base64_decode and base64_content 
base64 doc changes based on #4027 pull feedback
 5 years ago
Hilko Bengen 36998ab4cd Add documentation for --with-clang parameter 5 years ago
Hilko Bengen f105bb724a ebpf: Use $(CLANG) to build eBPF programs 
This change makes it possible to generate the eBPF programs even if
Suricata itself is built a different C compiler. It also simplifies
how the correct llc program is detected.

Implements Feature https://redmine.openinfosecfoundation.org/issues/2789
 5 years ago
Hilko Bengen e3f00c3d30 configure: Introduce CLANG variable 5 years ago
Jeff Lucovsky be22b23d2e cleanup: eliminate warnings/errors with debug build on macos 5 years ago
Andreas Herz c0bddff078 userguide: remove old reference to rule-reload option 5 years ago
Shivani Bhardwaj 26bc0d6e1d src/detect: check DetectBufferSetActiveList return code 
Make sure to always check the return codes of DetectBufferSetActiveList.
Also, force this warning on function prototype.

Closes redmine ticket #3005.
 5 years ago
Philippe Antoine 15783fb322 signature: avoids overflow from VariableNameHash 5 years ago
Jeff Lucovsky 140bfd7b0c detect/analyzer: remove HAVE_LIBJANSSON cpp guards 5 years ago
Jeff Lucovsky 87bfce025d spelling: correct spelling typo 5 years ago
Jeff Lucovsky dcf5e247ca detect/analyzer: add support for http_content_type 5 years ago
Shivani Bhardwaj 6d39f6fd7d rust: Fix deprecation warnings 
Fix the following warnings by compiler,
(1) warning: use of deprecated item 'take_until_s': Please use `take_until` instead
(2) warning: `...` range patterns are deprecated

For the second warning, the builtin lint
"ellipsis_inclusive_range_pattern" has been added which causes the
following warning to show up with rustc 1.24.

warning: unknown lint: `ellipsis_inclusive_range_patterns`
  --> /home/travis/build/OISF/suricata/suricata-5.0.0-dev/rust/src/lib.rs:18:10
   |
18 | #![allow(ellipsis_inclusive_range_patterns)]
   |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
   = note: #[warn(unknown_lints)] on by default

Since there is no other way to fix this, the above warning shall stay.
We need to take care of modifying this if and when the support for 1.24
as MSRV is dropped.
 5 years ago
jason taylor da2c4d7382 applayer: fix typo in debug output 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
Andreas Herz 6ebb1b2cc4 rule-reload: enable rule-reload for -s and -S run as well 5 years ago
Victor Julien 3a912446ad pcap: fix breakloop error handling 
Ticket #3004
 5 years ago
Victor Julien 06d3e1d3d8 netmap: suppress format truncation warning 
CC       source-netmap.o
source-netmap.c: In function ‘NetmapOpen’:
source-netmap.c:327:56: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 10 and 57 [-Werror=format-truncation=]
         snprintf(devname, sizeof(devname), "netmap:%s%s%s",
                                                        ^~
                 ns->iface, strlen(optstr) ? "/" : "", optstr);
                                                       ~~~~~~
source-netmap.c:327:9: note: ‘snprintf’ output 8 or more bytes (assuming 70) into a destination of size 64
         snprintf(devname, sizeof(devname), "netmap:%s%s%s",
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 ns->iface, strlen(optstr) ? "/" : "", optstr);
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source-netmap.c:330:59: error: ‘%s’ directive output may be truncated writing up to 15 bytes into a region of size between 8 and 55 [-Werror=format-truncation=]
         snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
                                                           ^~
                 ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
                                                             ~~~~~~
source-netmap.c:330:9: note: ‘snprintf’ output 10 or more bytes (assuming 72) into a destination of size 64
         snprintf(devname, sizeof(devname), "netmap:%s-%d%s%s",
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
source-netmap.c:316:54: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
         snprintf(devname, sizeof(devname), "%s}%d%s%s",
                                                      ^
source-netmap.c:316:9: note: ‘snprintf’ output 3 or more bytes (assuming 65) into a destination of size 64
         snprintf(devname, sizeof(devname), "%s}%d%s%s",
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                 ns->iface, ring, strlen(optstr) ? "/" : "", optstr);
                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors

Gcc 8 with -Wformat-truncation=1
 5 years ago
Victor Julien bdd74d413b detect/mpm: put transform into 'profile name' 
So that profiling gives more info about cost of the mpm
engines when they use transforms.
 5 years ago
Victor Julien 5c735f340f detect/dns: register correct profile name 5 years ago
Victor Julien 8a59ad6096 string: making shortening function global 5 years ago
Victor Julien 26c5249574 device: break string shortening out of device shortening 5 years ago
Victor Julien 7eff6ec500 device: remove duplicate length check 
Shorten code handles all cases correctly.
 5 years ago
Victor Julien 2a136c917f detect: move includes/declarations closer to use 5 years ago
Victor Julien bc866ff2a0 detect: fix inaccurate comments 5 years ago
Max Fillinger 4f3bb48f83 pfring: Fix kernel version in comment 5 years ago
Eric Leblond b37554e0bc af-packet: fix build on recent Linux kernels 5 years ago
Shivani Bhardwaj bbfd706e1f rust: fix compiler warning 
rustc 1.36 introduced:

error: variable does not need to be mutable
   --> src/dhcp/parser.rs:202:17
    |
202 |             let mut malformed_options = false;
    |                 ----^^^^^^^^^^^^^^^^^
    |                 |
    |                 help: remove this `mut`
    |
note: lint level defined here
   --> src/lib.rs:18:38
    |
18  | #![cfg_attr(feature = "strict", deny(warnings))]
    |                                      ^^^^^^^^
    = note: #[deny(unused_mut)] implied by #[deny(warnings)]

error: aborting due to previous error

error: Could not compile `suricata`.

Ticket #3072.
 5 years ago
Philippe Antoine 477328f79b ssl: register probing for port 443 if no config 5 years ago
Shivani Bhardwaj 8c2c78f0b6 configure: Add date with rev information 
Date makes it even clearer that when was the last commit for the build
that one is running. Add this info alongwith rev. Change inspired by
rustc.

Before
```
$ suricata -V
This is Suricata version 5.0.0-dev (rev 2d217e666)
```

After
```
This is Suricata version 5.0.0-dev (2d217e666 2019-07-12)
```

Closes redmine ticket #3092
 5 years ago
Jeff Lucovsky 3d5eccf084 output/json: Refactor output buffer size macro 5 years ago
Jeff Lucovsky 66c565e9e7 eve/json: Break multiline FTP responses into array 
This changeset breaks multi-line FTP responses into separate array
entries. Multi-line responses are those with "text-1\r\ntext-2[...]".
Each of \r\n delimited text segments is reported in the `reply` array;
each text segment _may_ include a completion code; completion codes are
reported in the `completion_code` array.
 5 years ago
Jeff Lucovsky 9cf4e2e432 eve/ftp: Refactor and reduce logging functions 5 years ago
Jeff Lucovsky 911d423a6b ftp: Generalize prelim positive reply 
Extend special case for reply code 150 to handle all preliminary
positive reply -- reply codes with `1xy`.
 5 years ago
Victor Julien 343ba45916 ftp: reply code 150 doesn't end tx 5 years ago
Victor Julien b595da6c51 ftp: fix reply without request 
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
 5 years ago
Victor Julien dc80d520af ftp: implement progress tracking 
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
 5 years ago
Victor Julien 8ae691155d ftp: be more strict with tx type 5 years ago