aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,795 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '836fff3679'
${ noResults }
Commit Graph

14795 Commits (836fff3679e6ea3b2ed75f87931ff3c7ec0ebd33)
 

Author SHA1 Message Date
Sascha Steinbiss 836fff3679 rfb: add myself as contributor 2 years ago
Sascha Steinbiss bd1fbf392e rfb: be more strict parsing the version 2 years ago
Jason Ish dd786cd6e4 eve/alert: warn on obsolete flags 
Log a warning but otherwise ignore obsolete flags under
eve-log.alert. This also prevents accidentially turning off app-layer
logging by attempting to disable a single protocol.

These flags have been deprecated since 5.0, time to stop respecting
them.

Ticket: #6175
 2 years ago
Shivani Bhardwaj aeb408dd9d doc: fix typo encryption-handling 2 years ago
Shivani Bhardwaj 6b3dbaa2f2 suricatasc: Don't process empty cmds 2 years ago
Shivani Bhardwaj 84ffe92873 suricatasc: exit successfully on keyboardinterrupt 2 years ago
Shivani Bhardwaj a512338afd suricatasc: add line numbers in error messages 2 years ago
Shivani Bhardwaj 46ce371d9c suricatasc: handle exceptions in caller 2 years ago
Shivani Bhardwaj b42a584f4d suricatasc: handle exceptions interactive mode 2 years ago
Jason Ish 90bb73046c userguide/security: grammar fixes 
Apply grammer fixes brought up in GitHub review comments by Juliana.
 2 years ago
Philippe Antoine d99cbc5e0b detect/http: request/response header support multi buffer 
Ticket: #6163

That means that we can have rules matching different contents
on different headers.
 2 years ago
Philippe Antoine f31ea90836 http: event on chunk extension 
Chunks extension are defined in rfc2616 section-3.6.1

Ticket: #6159
 2 years ago
Victor Julien 643e674cb2 bpf: remove OpenBSD guards 
libpcap bpf functions are supported now.
 2 years ago
liaozhiyuan a748164d58 dpdk: support multiple same EAL arguments 
DPDK apps can specify multiple arguments of the same
type. YAML format only allows unique keys within a single
node. This commit adds support for multiple EAL arguments
of the same type to be used within suricata.yaml.

Ticket: #5964
 2 years ago
Philippe Antoine e75956717d detect/files: centralize definition of protocols 
Protocols supporting files are only defined in one place, which
gets used by all keywords, which can handle some exceptions
(like HTTP2 not having file names)
 2 years ago
Philippe Antoine 71bab65496 detect/files: reuse AppLayerParserSupportsFiles 
rather than relisting the protocols
 2 years ago
Jason Ish 83afccd932 github-ci: update action: setup-msys2 
Use @v2, hopefully the dependency bot will keep it up to date now.
 2 years ago
Jason Ish 37d68230f8 github-ci: use latest version of actions/upload-artifact 2 years ago
Jason Ish d576be2452 github-ci: update actions/cache to v3.3.1 2 years ago
Jason Ish 3dfd5ddaed github-ci: use same version (3.0.2) for actions/download-artifact 2 years ago
Jason Ish 04ba1a7ef6 github-ci: update actions/checkout to v3.5.3 2 years ago
Juliana Fajardini feb47f9a89 exceptions: fix 'auto' for master switch in IDS 
If the master exception policy was set to 'auto' in IDS mode, instead of
just setting the master switch to the default in this case, which is
'ignore', the engine would switch a warning saying that auto wasn't a
valid config and then set the policy to ignore.

This makes 'auto' work for the master switch in IDS, removes function
for setting IPS option and handles the valid IDS options directly from
the function that parses the master policy, as this was the only place
where the function was still called.

Bug #6149
 2 years ago
Jason Ish 5f598931ac doc/userguide: start on a security chapter 
This is the start of a security consideration chapter, starting with
directions on how to run Suricata as a non-root user.
 2 years ago
Victor Julien ab667d4d19 pcap: fix reopen logic 
Bug: #6081.
 2 years ago
Victor Julien 5f187cba82 pcap/runmodes: silence some info messages 2 years ago
Victor Julien 3049151bc2 pcap: free per thread resources 
Bug: #4750.
 2 years ago
Victor Julien 6c1408c3c2 pcap/file: minor code cleanup 2 years ago
Victor Julien 25396dcd09 threads: cleanup decode_pq handling 2 years ago
Victor Julien 639c5cc4df version: start development towards 7.0.0-rc3 2 years ago
Shivani Bhardwaj da99a69c5b release: 7.0.0-rc2; update changelog 2 years ago
Jason Ish 14daa42e0b doc/userguide: dataset upgrade notes 2 years ago
Jason Ish ed4d27fdc1 config: uncomment datasets configuration 
Uncomment the datasets configuration for easier editing by users.  The
values are left commented out as their defaults.
 2 years ago
Jason Ish 93b64939d1 datasets: flag to disable "write" actions 
Add a new configuration flag, "datasets.rules.allow-write" to control
if rules can contain "save" or "state" rules which allow write access
to the file system.

Ticket: #6123
 2 years ago
Jason Ish f0885a2a2e install: create runtime data directory 
On installation, make sure the data directory is created. This will
usually be /var/lib/suricata/data, but otherwise follows the
autoconf/automake instructions.

This directory is for runtime state information, which for now is
datasets but may be expanded in the future.  Suricata already expects
this directory to exist for "state" and "save" datasets, but it has
been up to the user to create it.
 2 years ago
Jason Ish fd79b337ca datasets: don't allow absolute or paths with directory traversal 
For dataset filenames coming from rules, do not allow filenames that
are absolute or contain a directory traversal with "..". This prevents
datasets from escaping the define data-directory which may allow a bad
rule to overwrite any file that Suricata has permission to write to.

Add a new configuration option,
"datasets.rules.allow-absolute-filenames" to allow absolute filenames
in dataset rules. This will be a way to revert back to the pre 6.0.13
behavior where save/state rules could use any filename.

Ticket: #6118
 2 years ago
Jason Ish 4a97461f9a doc/userguide: notes about Lua rules being disabled by default 2 years ago
Jason Ish f119b29701 lua: disable lua rules by default 
To protect against possible supply chain attacks, disable Lua rules by
default. They can be enabled under the "security" section of
suricata.yaml.

Ticket: #6122
 2 years ago
Philippe Antoine 0d0f6cde6e fuzz: fuzz HTTP1 target 
As we use the name taken from list-app-layer-protos output,
we want http to translate to HTTP1
 2 years ago
Philippe Antoine d40dca5e55 dcerpc: maximum number of live transactions also for UDP 
Ticket: #6129

Avoids that quadratic complexity gets too bad
 2 years ago
Shivani Bhardwaj 3aaf37b749 smtp: handle long lines per direction 
Issue:
Currently, while handling of long lines, if the line exceeded the limit,
we'd set a variable state->discard_till_lf which will be reset in the
later stages based on the data that arrives. However, because there was
one variable per state, this meant that a later stage in the other
direction could also modify it which is incorrect.

Fix:
Use separate variables for each direction.

Bug 6053
 2 years ago
Shivani Bhardwaj 046a192c1f smtp: handle following cmd if LF was found in long line 
If a long line had LF post the limit, it should be considered complete
and not wait for the next line to complete it. However, currently, any
following lines were skipped which could sometimes also be important
commands for the entire transaction.

Fix this by setting a flag in case we're truncating a long line but
after having found the LF character.

Bug 5989
 2 years ago
Shivani Bhardwaj d83a34397b smtp: add function docs 2 years ago
Shivani Bhardwaj 073f616feb smtp: handle DATA mode in middle of input parsing 
Before:
If the input was such that we'd enter DATA mode in the middle, the
entire data would be passed through SMTPGetLine fn and be processed with
line limits etc in place.

After:
Since we don't want any limits to be enforced on DATA, we pass it to
SMTPPreProcessCommands fn to take care of it differently from the
commands.

Bug 5981
 2 years ago
Victor Julien 6b5da30d9d streaming/buffer: set errno in allocators 
Add wrappers for the default allocators to set SC_ENOMEM.

The stream reassembly wrappers can set both SC_ENOMEM (alloc failed)
and SC_ELIMIT (memcap reached).
 2 years ago
Victor Julien 55c6c45ea7 streaming/buffer: turn BUG_ON's into validate checks 2 years ago
Victor Julien db1cb2a032 stream: update insert error checking 2 years ago
Victor Julien 06419cecbc streaming: use error codes to indicate error reason 2 years ago
Victor Julien c3ee3d513f error: SC_ELIMIT for when a limit is reached 2 years ago
Victor Julien 376ebda36c exception/policy: fix midstream default handling 2 years ago
Victor Julien 479fa609fa exception/policy: minor code cleanup 2 years ago