aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,046 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '73ed780095'
${ noResults }
Commit Graph

13046 Commits (73ed780095deff40dd625412ac706337be54dc88)
 

Author SHA1 Message Date
Victor Julien 54d34c96f5 files: open/log debug validation bugon 
Meant to find more cases where there is a mismatch.
 3 years ago
Juliana Fajardini 55843aee8e devguide: update readme 
Use it to explain how to go about the sequence diagram images
(generation, updating, what is mscgen etc).

Also remove portion that referred to Sphinx builds, as these don't make
sense now.
 3 years ago
Juliana Fajardini e0c8dba7ac userguide: dynamically determine copyright date 
This uses the date of doc generation to determine the copyright date
for the trailing date. Based on Jeff Lucovsky solution.
 3 years ago
Juliana Fajardini 67af1504b3 devguide: drop use of mscgen script in builds/make 
Currently, it seems easier to upload the diagram images to git than to
try to make the image generation script work with out of the tree builds
and other corner cases.

This means, however, that one must activelly remember to update msc
diagram files, run the script and re-add new png files, if those ever
need to be updated. To raise awareness to that, a watermark was added
to the diagram images.

Also removed configuration steps that added mscgen as dependency
(locally and for workflow builds and readthedocs).
 3 years ago
Juliana Fajardini 5d63613c4b devguide: add watermark to sequence diagrams 
Make it more evident that the sequence diagrams in the transactions
page are generated with Mscgen
 3 years ago
Juliana Fajardini 6f77c722a2 devguide: move into userguide as last chapter 
Moved devguide dir into userguide dir.
Since the devguide is now incorporated as the last chapter of the
userguide, removed build and configuration files from the devguide
dir, as these are no longer needed.

Task #4909
 3 years ago
Juliana Fajardini 69c6657127 devguide: clarify cargo test usage for modules 
The documentation was showing an invalid path for running single tests.
 3 years ago
Philippe Antoine cfcade58ad http: move xff logging to alert object 
Ticket: 4860

instead of root field
 3 years ago
Philippe Antoine 862e84877f ssl: first pass limit when allocating buffer for certificates 
With this check, on the first packet of a certificate presenting
a length of 16Mbytes, we only allocate up to 65Kb

When we get to the point where need more than 65Kb, we realloc
to the true size.

With this check, it makes it more expensive for an attacket to use
this allocation as a way to trigger ressource exhaustion...
 3 years ago
Philippe Antoine 99b3443369 smtp: check if there is a transaction to close 
Ticket: 4948

When parsing the response for starttls
 3 years ago
Philippe Antoine 68fa080069 tmqh: fix possible null dereference 
Coverity ID: 1502953

As we check just on the next line my_pool against NULL, we should
not dereference it, even for debug validation
 3 years ago
Philippe Antoine 568ab841d8 detect: remove dead code about xbits keyword 3 years ago
Philippe Antoine 4640b15d8c log: prevents use of uninitialized variable 
Even if the code seems unreachable for now
 3 years ago
Jason Ish 8d1e4a1d0b detect-content: error on single char hex pairs 
Fix parsing of content like "|aa b cc|" which was parsed as "|aa bc|"
without error or warning. This will now fail out, requiring all hex
values to be 2 chars.

Ticket #5201
 3 years ago
Victor Julien 6e90bf4739 streaming: remove unused 'auto slide' support 
Add debug validation checks for "impossible" conditions.
 3 years ago
Philippe Antoine 00da0d3420 detect: makes config keyword really require a flow 
Ticket: 4972

Completes commit c3a220647

DETECT_CONFIG is added as DETECT_SM_LIST_POSTMATCH and not
as DETECT_SM_LIST_MATCH as other keywords handled in SignatureCreateMask
 3 years ago
Modupe Falodun 54bc43d3ed detect-pcre: remove unittests 
These tests are reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Sam Muhammed 3a490fb16c nfs: Implement frames 
Feature #4872

Frames:
  - RPC Frames: Generic over TCP/UDP
     - rpc.pdu
     - rpc.hdr
     - rpc.data
     - rpc.creds -- for rpc calls

  - NFSv2, NFSv3
     - nfs.pdu
     - nfs.status -- for nfs responses

  - NFSv4 Only Frames
     - nfs4.pdu
     - nfs4.hdr
     - nfs4.ops -- for compound request/response operations
     - nfs4.status -- for nfs4 responses

RPC tcp/udp frames created with separate registeration functions e.g:
add_rpc_tcp_tc_frames()
add_rpc_udp_tc_frames()
 3 years ago
Sam Muhammed d090dcbce9 rpc: Improve rpc_record struct 
Add creds_len field to rpc_record
needed for rpc.creds frame length calculation
 3 years ago
Sam Muhammed 8064a5348d rust/nfs4: Add NFSPROC4_DESTROY_CLIENTID op parsers 3 years ago
Sam Muhammed 9d1fad28a7 rust/nfs4: Add NFSPROC4_DESTROY_SESSION op parsers 
Also add respective request unittest
test_nfs4_request_destroy_session()
 3 years ago
Sam Muhammed ff81cad4f1 rust/nfs4: Add NFSPROC4_LAYOUTRETURN op parsers 
Also add respective request unittest
test_nfs4_request_layoutreturn()
 3 years ago
Sam Muhammed 073244a0b8 rust/nfs4: Add NFSPROC4_GETDEVINFO op parsers 
Also add respective response/request unittests
test_nfs4_response_getdevinfo()
test_nfs4_request_getdevinfo()
 3 years ago
Sam Muhammed ff54a6d9d5 rust/nfs4: Add NFSPROC4_LAYOUTGET op parsers 
Also add respective response/request unittests
test_nfs4_response_layoutget()
test_nfs4_request_layoutget()
 3 years ago
Sam Muhammed 3d542fcc67 rust/nfs4: Add NFSPROC4_SECINFO_NO_NAME op parsers 3 years ago
Sam Muhammed b35d635ac7 rust/nfs4: Add NFSPROC4_RECLAIM_COMPLETE op parsers 3 years ago
Sam Muhammed 2a41b46eca rust/nfs4: Add NFSPROC4_CREATE_SESSION op parsers 
Also add respective response/request unittests
test_nfs4_request_create_session()
test_nfs4_response_create_session()
 3 years ago
Sam Muhammed 0a69c66153 rust/nfs4: Add NFSPROC4_EXCHANGEID response parser 
Also add test_nfs4_response_exchangeid() unittest
 3 years ago
Sam Muhammed fe7a49b737 rust/nfs4: improve NFSPROC4_OPEN op parser 
Improve nfs4_res_open() parser to reflect other file-delegation types
Reflect the changes on test_nfs4_response_open() unittest
 3 years ago
Philippe Antoine df83f7899d fuzz: fix integer warnings 
Ticket: 4516
 3 years ago
Philippe Antoine 5790280c95 utils: fix integer warnings in r files 
Ticket: 4516
 3 years ago
Philippe Antoine dca76a45a8 stream-tcp: fix integer warnings 
Ticket: 4516
 3 years ago
Philippe Antoine 068fb700df util: fix int warnings in tm threads 
Ticket: 4516
 3 years ago
Philippe Antoine 1bb51d114c util: fix int warnings in unit tests 
Ticket: 4516
 3 years ago
Philippe Antoine b3ab126394 util: fix int warnings 
Ticket: 4516
 3 years ago
Jason Ish 1e65324940 smb: rules for messages in the wrong direction 3 years ago
Jason Ish 2341f47755 smb: handle records in the wrong direction 
If an SMB record is seen in the wrong direction, set an event on the PDU
frame and don't process the record in the state.

No error is returned, so the next record will be processed.
 3 years ago
Jason Ish 09e2d3b216 smb: expose smb1 request/reply flags with a method 
Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
 3 years ago
Jason Ish 7b659489c8 smb: fix smb2 header flag parsing 
The bits were being parsed in the order they're displayed in Wireshark,
rather than the order they were being seen on the wire, resulting in
direction and async being 0 more often than they should be.

Instead of bits, take the 4 bytes as an le_u32 and just use bit masks to
extract what we need into a struct, I think its easier to reason about
this way when comparing to the Microsoft documentation.
 3 years ago
Philippe Antoine c3a220647b detect: only apply ConfigApplyTx with app-layers 
Ticket: 4972

Otherwise, it makes no sense to look for a tx...
 3 years ago
Juliana Fajardini e5838b8193 applayer/frame: remove output from GetFrame funcs 
As these functions can be probed, having output there results in
misleading output.
 3 years ago
Modupe Falodun 44208010db detect-dce-iface: remove unittests 
These tests are reimplemented in Suricata Verify

Task: 4911
 3 years ago
Victor Julien 935ea745f5 detect/iponly: add tests for 5168 3 years ago
Victor Julien 053b2b3b5b detect/address: minor unittest cleanup 3 years ago
Victor Julien 79b7b7a0dd detect/iponly: validate netmask 
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
 3 years ago
Victor Julien 259bd8aa92 detect/address: validate netmasks 
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
 3 years ago
Victor Julien 4020e2faa7 detect/iponly: break out range insert code 
So we can reuse it.
 3 years ago
Victor Julien a67b97e14c util/cidr: add util to convert netmask to cidr 3 years ago
Philippe Antoine eb189e805a src: use u8_tolower everywhere 
Ticket: 4516

Instead of basic to_lower to get the cast to avoid warning
about integer

Sames goes for u8_toupper
 3 years ago
Philippe Antoine 3fd8e908f8 range: better closing for out of order ranges 
Ticket: 5132

In case of a duplicate range, we can return early, because
there is no new data to process.

More importantly, this commit adds a check about wether the file
got closed meanwhile, so that this just completed out of order
range, even if it brings new data, is now irrelevant.
This can happen for instance if there was a gap...
 3 years ago