aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,134 Commits
8 Branches
171 Tags
221 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.5
suricata-7.0.16
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '80159eb519'
${ noResults }
Commit Graph

114 Commits (80159eb519371cdfe6706f91df0127b975dbbb7a)

Author SHA1 Message Date
Jason Ish df656324ba dns: new v3 style logging for alerts 
V3 style DNS logging fixes the discrepancies between request and
response logging better dns records and alert records.

The main change is that queries and answers are always logged as
arrays, and header fields are not logged in array items.

For alerts this means that answers are now logged as arrays, queries
already were.

DNS records will get this new format as well, but with a configuration
parameter.

Bug: #6281
 2 years ago
Nathan Scrivens 9ecc3573a7 dns: parse and populate OPT rdata struct 
Feature: 7017
Add DNSRDataOPT struct and DNSRData enum type OPT.
Add OPT parsing function and test function.
Add DNSRData OPT type to lua.rs match.
Log OPT rdata.
 2 years ago
Nathan Scrivens 4598ca164d dns log: add additional section 
Feature: 7011
dns_log_json_answer: log additional section records.
update schema.json with new "additionals" section.
 2 years ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 2 years ago
Victor Julien 869d5492dc eve/schema: update for alpn 2 years ago
Victor Julien 7f474af1d0 eve/schema: minor enip reformat 2 years ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 2 years ago
Shivani Bhardwaj de1de53e2f eve/stats: add description for flow mgr & recycler 
Ticket 6434
 2 years ago
Philippe Antoine 9332bc2c45 dns: adds missing NS field in json schema 2 years ago
Philippe Antoine 8d4699fbba eve/schema: complete and reorder smtp fields 
received and cc were missing
 2 years ago
Victor Julien 1190e426f9 defrag: remove trackers on lookup 
When looking up a tracker, remove any timed out / completed trackers.
 2 years ago
Victor Julien 75b78d7643 defrag: add defrag.memuse counter 
Gives a current snapshot of the memory in use by the defrag engine.
 2 years ago
Victor Julien 83dc703d1f defrag: add various counters 2 years ago
Victor Julien fc05d253d2 defrag: add defrag.mgr.tracker_timeout counter 
Updated by flow manager.
 2 years ago
Victor Julien 76e05c72f6 eve/schema: reformat 2 years ago
Jason Ish 10e6028175 lua: track memory limit exceede errors 
Update the Lua allocated to set a code on memory allocation limit
exceeded errors so an appropriate error message can be logged and a
state incremented.

Fixes the tracking of the allocated size by using the difference
between original size, and new size and toss in some debug
validations.
 2 years ago
Jason Ish 5a1cba72f0 lua: add logging and counter for instruction limit being exceeded 2 years ago
Jason Ish c8fa454cb2 lua: add blocked functions as a special log type plus stat 
Distinguish between a generic Lua script error and an error created by a
function being blocked, so each is logged once respective of each other.

Also add a stat that is incremented when a script fails due to a
blocked function.

NOTE: This does not catch calls to functions that are blocked by not
having the library loaded, such as "io.open", as they are blocked by
not even loading the "io" library.
 2 years ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 2 years ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 2 years ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 2 years ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 2 years ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 2 years ago
Shivani Bhardwaj 329ac61961 eve/stats: add description for ips 
Ticket 6434
 2 years ago
Shivani Bhardwaj 861ffff972 eve/stats: add description for transactions 
Ticket 6434
 2 years ago
Giuseppe Longo bff790b6ac rust/sdp: implement logger 
This implements a logger for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627
 2 years ago
Philippe Antoine 0291d37009 websocket: configurable logging of payload in alerts 2 years ago
Philippe Antoine 44b6aa5e4b app-layer: websockets protocol support 
Ticket: 2695
 2 years ago
Sascha Steinbiss 120313f4da ja4: implement for TLS and QUIC 
Ticket: OISF#6379
 2 years ago
Jeff Lucovsky 2dfa4cecb5 stats: Memcap pressure max relocation 
This commit moves the memcap pressure/pressure_max stats from the global
stats namespace into the memcap namespace.

With per-thread stats, they will be within the flow-manager's values.

Issue: 6398
 2 years ago
Juliana Fajardini caf590d51f stream/midstream: add counter for exception policy 
Add stats counters for when there is an exception policy applied in case
of a session picked up midstream.

Task #5816
 2 years ago
Juliana Fajardini fd9a20ffcf stream/reassemble: add exception policy counters 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task #5816
 2 years ago
Juliana Fajardini 2dee3772bf stream/tcp: add ssnmemcap exception policy counter 
Add stats counters for exception policies applied in case a stream
session memcap is hit.

Task #5816
 2 years ago
Juliana Fajardini a71ace8575 applayer: add stats counters for exception errors 
Add stats counters for exception policy are applied for app-layer errors

Part of
Task #5816
 2 years ago
Juliana Fajardini 485c0e1d9a defrag: add exception policy memcap stats counters 
Add defrag memcap stats counter.

Task #5816
 2 years ago
Juliana Fajardini 657419b53e decode/flow: add exception policy stats counters 
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.

Task #5816
 2 years ago
Juliana Fajardini ce001d8eae schema: apply clang formatting changes 2 years ago
Arne Welzel f9cf87a003 schema: Add stats.capture and in_iface properties 
New suricata-verify test listens on loopback interface, resulting
in the capture and in_iface fields in the stats and event objects.
 2 years ago
Jason Ish c2ecae9b82 schema: add flow.wrong_thread 2 years ago
Giuseppe Longo c9d309219e rust/sip: register parser for tcp 
This patch lets the parser to work over tcp protocol, taking care of handling
data before calling the request/response parsers.

Ticket #3351.
 2 years ago
Hadiqa Alamdar Bukhari 6c193b1a3d dns: add missing dns keywords to schema.json 
Found and added missing dns fields in schema.json after manual code review.
Added description to these newly added dns fields.
Feature #5642
 2 years ago
Shivani Bhardwaj 487ba82fb9 eve/stats: add description for applayer flows 
Ticket 6434
 2 years ago
Shivani Bhardwaj 8817514bea eve/stats: add description for expectations 
Ticket 6434
 2 years ago
Shivani Bhardwaj 1816e98ef0 eve/stats: add description for applayer errors 
Ticket 6434
 2 years ago
Shivani Bhardwaj 5a1a32ba5b eve/stats: add description for common fields 
Ticket 6434
 2 years ago
Jason Ish 90ae3a223f eve/schema: allow authorities in dns.answers in alert 
Factor out dns.authorities to a definition.
 2 years ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 3 years ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 3 years ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 3 years ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 3 years ago