aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,562 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '839a4f5ab4'
${ noResults }
Commit Graph

13562 Commits (839a4f5ab47350b5c3ef6aed4d9fa3f04911c0c9)
 

Author SHA1 Message Date
Victor Julien 036686e21c etc/schema: clang (re)format 2 years ago
Victor Julien 6e1220700d github-ci: bump cbindgen to 0.24.3 
This addresses issues around the AppLayerTxData type.
 2 years ago
Victor Julien 0e39c92fcf flow-manager: reduce locks at startup 
Effectively busy looping on a mutex to wait for time to be ready.
 2 years ago
Victor Julien 19e94e93fa common: move u8_tolower to common header 2 years ago
Victor Julien 18e63d4ede htp: remove user setup from request line callback 
This used to be the first callback that was called, but its not anymore.

Codecov confirmed that this is no longer used and therefore not useful.
 2 years ago
Victor Julien faca974f32 ipfw: remove unused func prototype 2 years ago
Victor Julien b9ad1d1260 app-layer: fix compiler warning 2 years ago
Victor Julien e250ef6402 debug: remove empty header 2 years ago
Victor Julien c3c5829f96 reputation: add ipv6 cidr test 2 years ago
Victor Julien e9c4b3719e reputation: fix multiline test 2 years ago
Eric Leblond a9a17c8185 landlock: handle filestore case 
If landlock ABI is inferior to 2 (before Linux 5.19) then the
renaming of files is impossible if the protection is enabled. This
patch disables landlock if ABI < 2 and file-store is enabled.

As file store is initialized in output the call to landlock had to
done after the output initialization.
 3 years ago
Eric Leblond 1b24f4d357 doc: document landlock feature 3 years ago
Eric Leblond 485d5a4ea4 landlock: basic implementation 
This patch is adding support for Landlock, a Linux
Security Module available since Linux 5.13.

The concept is to prevent any file operation on directories where
Suricata is not supposed to access.

Landlock support is built by default if the header is present. The
feature is disabled by default and need to be activated in the YAML
to be active.

Landlock documentation: https://docs.kernel.org/userspace-api/landlock.html

Feature: #5479
 3 years ago
Philippe Antoine fe91506320 doc/http2: suricata.yaml max-streams parameter 
Ticket: #4949
 3 years ago
Juliana Fajardini bbd968c738 exceptions: add reject support to exception policy 
This enables the usage of 'reject' as an exception policy. As for both
IPS and IDS modes the intended result of sending a reject packet is to
reject the related flow, this will effectively mean setting the reject
action to the packet that triggered the exception condition, and then
dropping the associated flow.

Task #5503
 3 years ago
Victor Julien f5bd55dac8 decode/tcp: allow 4 byte TFO with 2 byte cookie 3 years ago
Philippe Antoine 5ef259722b dhcp: adds renewal-time keyword 
Ticket: #5507
 3 years ago
Philippe Antoine dc59389087 dhcp: fix license in detect-dhcp-leasetime.c 
from search and replace overkill
 3 years ago
Philippe Antoine 6faf6299e0 dhcp: adds rebinding-time keyword 
Ticket: #5506
 3 years ago
Philippe Antoine 95f0424423 nfs4: fix write record handling 
Ticket: #5280
 3 years ago
Josh Soref c23560ec41 detect: function header return value clarification 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 3 years ago
Philippe Antoine bf43011a43 dcerpc: convert transaction list to vecdeque for UDP 
As was done for TCP in dfe76bb90 and d745d28d4

Ticket: #5518
 3 years ago
Gleb Smirnoff 5dbbc52b06 ipfw: use PF_DIVERT on modern FreeBSD 3 years ago
Victor Julien bb2e11108b packetpool: fix uaf in debug validation check 
Location of the check meant access to freed packet was possible.

Move check and simplify it to just look at the packet at hand.
 3 years ago
Philippe Antoine b0ce55c9df flow: finish to remove obsolete counters 
As was begun in b3599507f4

Ticket: #5317
 3 years ago
Juliana Fajardini ef54f36e34 userguide: briefly introduce exception policy opts 
Added them in the configuration section so folks can be more aware of
them, while a more complete documentation isn't around.

Related to
Task #5475
 3 years ago
Juliana Fajardini 3c74e443bd userguide: update defrag settings options 
We were still mentioning that there were only three options.
 3 years ago
Juliana Fajardini 0cc040cf61 userguide: merge sections about AppLayer Parsers 
We had two sections under the suricata.yaml configuration section
describing settings for application layer parsers. This merges them into
one and also fixes a few subsection title levels.

Task #5364
 3 years ago
Juliana Fajardini aa5bb2c329 stream: add exception policy for midstream flows 
This allows to set a midstream-policy that can:
- fail closed (stream.midstream-policy=drop-flow)
- fail open (stream.midstream-policy=pass-flow)
- bypass stream (stream.midstream-policy=bypass)
- do nothing (default behavior)

Usage and behavior:

If stream.midstream-policy is set then if Suricata identifies a midstream flow
it will apply the corresponding action associated with the policy.

No setting means Suricata will not apply such policies, either inspecting the
flow (if stream.midstream=true) or ignoring it stream.midstream=false.

Task #5468
 3 years ago
Juliana Fajardini 242b8f7d65 exceptions: add callbacks for drop-flow policy 
Make sure that when the policy is to drop the flow, we set no inspection
for payload and packet and disable applayer inspection as well.

Task #5468
 3 years ago
Juliana Fajardini fc81c80c04 suricata.yaml: add exception policy config options 
Related to
Task #5468
 3 years ago
Victor Julien 1bff888947 detect: fix duplicate detect state issue 
For protocols with multi buffer inspection there could be multiple times
the same sid would be queued into the candidates queue. This triggered
a debug validation check.

W/o debug validation this would lead to duplicate work and possibly multiple
alerts where a single one would be appropriate.

Bug: 5419.
 3 years ago
Victor Julien d31beba8d4 detect/frames: fix too strict debug check 
Frame::len is -1 if it is still unknown. Handle that in the debug
check.
 3 years ago
Victor Julien f04b7a1827 stream/ids: make sure we don't slide past last_ack 
Bug: #5401.
 3 years ago
Victor Julien 55b2077fcd stream: minor code cleanup 3 years ago
Shivani Bhardwaj 78045d3bbf tls/sni: remove unused fn declaration 3 years ago
Shivani Bhardwaj a77977ec62 doc: add description for tls.random 3 years ago
Shivani Bhardwaj 42c3f418c6 tls: add tls.random* keywords 
Add tls.random keyword that matches on the 32 bytes of the TLS
random field for client as well as server.
Add tls.random_time keyword that matches on the first 4 bytes of the TLS
random field for client as well as server.
Add tls.random_bytes keyword that matches on the last 28 bytes of the TLS
random field for client as well as server.

All these are sticky buffers.

Feature 5190
 3 years ago
Philippe Antoine e587f6792a detect: support file.data for HTTP1 to server 
That is file sent with POST or PUT

Ticket: #4144
 3 years ago
Victor Julien 50f8779128 flow-manager: reduce burstiness in adaptive timing 
Previous adaptive model would have a large time range when scanning the
hash when not so busy. In the default case it would take up to 4 minutes
for a full hash scan. In case of sudden increase in business, where the
hash would fill up rapidily during a few seconds, the flow manager would
be forced to suddenly consider a much larger slice of the hash leading
to a burst of work. This burst would increase pressure on the rest of the
system leading to packet loss as the worker threads would be overloaded
with flow housekeeping tasks.

This patch reduces the max scan time to 10 seconds, and ramps up quickly
to increase the slice of the hash scanned.
 3 years ago
Juliana Fajardini 58ef3cde7a exceptions: error out when invalid policy is used 
Before, if an invalid value was passed as exception policy, Suricata
would log a warning and set the exception policy to "ignore". This is a
very different result, than, say, dropping or bypassing a midstream flow.

Task #5504
 3 years ago
Philippe Antoine 61b73416e2 detect: transforms check for 0-sized buffer 
So as to avoid undefined behavior with a 0-sized variable length
array

Ticket: #5521
 3 years ago
Eric Leblond 2cc9152fc9 rust/smb: log uuid of interface in dcerpc 
When doing a DCERPC request, we can use the context id to log the
interface that is used. Doing that we can see in one single event
what is the DCERPC interface and opnum that are used. This allows
to have all the information needed to resolve the request to a
function call.

Feature #5413.
 3 years ago
Eric Leblond b6f1cf255c rust/smb/dcerpc: parse context id 
As context id is used to know to which variant of the endpoint the
request is done, it is interesting to parse it.

Feature #5413.
 3 years ago
Philippe Antoine d1ebf320f7 fuzz: disable enip detection based on source port 
So as to avoid fuzzing detecting protocol polyglots with enip
 3 years ago
Philippe Antoine 617c9fb7e5 fuzz: remove check about max transactions 
Suricata can indeed pipeline many HTTP1 transactions
 3 years ago
Victor Julien b01c311c1d profiling: fix implicit-int-float-conversion warnings 3 years ago
Victor Julien aa09d5f556 packetpool: ifdef debug check 3 years ago
Juliana Fajardini e7727c3744 decode: remove unused macros, replace w/ functions 
With the recent changes, these macros weren't being used anymore.

Related to
Bug #5458
 3 years ago
Juliana Fajardini d07a6c6174 stream/tcp: remove repeated header declaration 
StreamTcpRegisterTests was being declared twice.
 3 years ago