aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,633 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8614bff017'
${ noResults }
Commit Graph

13633 Commits (8614bff0178659bcd2c94e49d3aba50a30fe7844)
 

Author SHA1 Message Date
Philippe Antoine eb155639c6 ci: build with -Wimplicit-int-conversion 
Seems to have got lost on the way in CFLAGS
 3 years ago
Philippe Antoine ae6abd8ca3 ssl: fix compiler warning 
implicit conversion loses integer precision: 'int' to 'uint16_t'
because C shifts << translates automatically to signed integers
 3 years ago
Victor Julien 879a46f085 rust: lock to time 0.3.13 to avoid MSRV bump to 1.59 
Indirect dependency through x509-parser.
 3 years ago
Pierre Chifflier 16db04c1a7 rust: remove nom 5 dependency 3 years ago
Pierre Chifflier 0acf75bff7 rust/applayertemplate: convert to nom7 3 years ago
Pierre Chifflier 378e915846 rust/asn1: convert parsers to nom7 3 years ago
Pierre Chifflier 0ba0572c4a rust/x509: finish transition to nom7 3 years ago
Pierre Chifflier 3ef5121ab0 rust/telnet: convert parsers to nom7 3 years ago
Pierre Chifflier d98b386f36 rust/conf: convert parser to nom7 3 years ago
Pierre Chifflier db9a1e17b6 rust/ssh: finish transition to nom7 3 years ago
Pierre Chifflier b31c72c06a rust/rdp: convert parsers to nom7 3 years ago
Pierre Chifflier 49520b2143 rust/rdp: upgrade dependency on tls-parser 3 years ago
Pierre Chifflier beadd090b8 rust: upgrade versions of BER/DER, Kerberos and SNMP parsers 3 years ago
Jason Ish baab1de735 rust: update x509-parser to 0.14.0 
Resolves RustSec issues in time and chrono:
- https://rustsec.org/advisories/RUSTSEC-2020-0071
- https://rustsec.org/advisories/RUSTSEC-2020-0159

Ticket: #5259.

Ammended by Victor Julien to bump to 0.14 instead of 0.13.
 3 years ago
Pierre Chifflier 3aace49649 rust/x509: update dependency on x509-parser 3 years ago
Victor Julien b06c0579f5 stream: fix reachable assertion 
Fix `Flow::thread_id` not always getting properly set up, leading to
a reachable assertion.

Bug #4582.
 3 years ago
Juliana Fajardini 7b0008d4f0 userguide: add section about exception policies 
This describes briefly what the exception policies are, what is the
engine's behavior, what options are available and to which parts are
they implemented.

Task #5475
Task #5515
 3 years ago
Juliana Fajardini 6f294f2f2d userguide: minor rewording and typo fixes 
Some of these were recently introduced, some were highlited after the
applayer sections got merged. Some paragraphs seem to have been changed
due to trying to respect character limits for lines. Also includes a
typo pointed out by one of our community members via Discord.
 3 years ago
Juliana Fajardini 9d9bc04886 stream/tcp: typo fix 3 years ago
jason taylor 489af24132 detect: update ttl debug log messages 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 3 years ago
Jeff Lucovsky ab4d0f7f4a detect/stream_size: Rename detect.rs to stream_size.rs 
This commit renames detect.rs to stream_size.rs to reflect its content.
 3 years ago
Jeff Lucovsky 2386f2614f detect/iprep: Move iprep logic into a separate module 3 years ago
Jeff Lucovsky c957882d1c detect/uri: Move uri logic into a separate module 3 years ago
Jeff Lucovsky 484c34bc60 detect/uint: Move uint logic into a separate module 
This commit moves the uint logic into its own module.
 3 years ago
Jeff Lucovsky 33c424f9ed doc/byte_math: Add byte_math differences with snort 
Issue: 5077
 3 years ago
Jeff Lucovsky 192a31c74e doc: Fixup byte* entries to display tables properly 3 years ago
Jeff Lucovsky 8bfe427a74 rust/detect: Create detect module for rule parsing 
This commit creates a module named "detect" for rule parsing logic. As
part of this commit, detect.rs is moved from its toplevel position into
the new module. Thus, use crate::detect::detect to refer to items within
detect.rs (instead of create::detect).

Ticket: 5077
 3 years ago
Jeff Lucovsky ccd1063e43 detect/bytemath: convert parser to Rust 
Issue: 5077

This commit
- Converts the PCRE based parser to Rust.
- Adds unit tests to the new Rust modules
- Removes the PCRE parser from detect-bytemath.c
- Adjusts the C source modules to refer to the Rust definitions
- Includes the multiply operator (missing from the C parser)
 3 years ago
Philippe Antoine c6d8daecd3 log: fix coverity warning 
CID 1515529

Checks ftell return value for negative/error
 3 years ago
Victor Julien ad6bea5108 github-ci/codecov: add rust coverage support 
Based on Rust 1.63 and LLVM 14. Update the jobs to meet those requirements.

Includes the bundled libhtp coverage now, including libhtp tests.

Ticket: #4278.
 3 years ago
Victor Julien 1701a6b14c tls: handle incomplete header sooner 
Make sure to exit the parser early on incomplete header data.

Additionally, make sure to not create duplicated tls frames in this
case.

Add a debug validation check for the header parser parsing too much
data, which should never happen.
 3 years ago
Victor Julien 9053c49178 ssl: add debug validation check for incomplete api 3 years ago
Victor Julien 0ec136621d debug: add bool string print helper macro 3 years ago
Victor Julien 69be41b241 tls: improve record checks 
Improve unknown record handling. Inspired by Wireshark 'unknown record'
handling, we take a best effort approach for records with unknown content
types in TLS versions 1.0, 1.1 and 1.2.

Improve record length check and set 'invalid_record_length' event instead
of 'invalid_tls_header'.
 3 years ago
Victor Julien c028800ae1 tls: improve versions extension logic 
Skip over unusable versions like GREASE.
 3 years ago
Victor Julien 599791fa33 tls: make version and size checks stricter 
This way bad records won't buffer lots of stream data.
 3 years ago
Victor Julien 308fe31cb5 eve/schema: add tls client logging 3 years ago
Victor Julien c73d812026 tls: store cert data in heap buffer 
Cert chain is a list of pointers into this buffer, so can't use a
stream slice approach.
 3 years ago
Victor Julien 4a283d480d eve/tls: implement client cert logging 
Enable client logging in extended mode.

Add "client", "client_certificate" and "client_chain", where the latter two
depend on "client".
 3 years ago
Victor Julien e817a8f968 tls: parse client certificates 
Parse client cerificates and store them in the state similar to how
this is done for server certificates.

Update "progress" handling to not consider the TLS handshake complete
if the server indicated a client cert was needed.
 3 years ago
Victor Julien 10f5e6cb66 tls: prepare for client cert parsing 3 years ago
Victor Julien 6d4cc39c02 eve/tls: prepare for client cert logging 
Code cleanups that work on per direction "connp" instead of hard coding
to the server side.
 3 years ago
Victor Julien 14b2e04b58 tls: make cert handling more generic 
In preparation for client cert handling.
 3 years ago
Victor Julien cf4c201acb tls: avoid tls.invalid_handshake_message FP 
Don't set TLS_DECODER_EVENT_INVALID_HANDSHAKE_MESSAGE event on encrypted
handshake messages.
 3 years ago
Victor Julien e9d63f3355 tls: don't set 2 events for a single exception 
Keep the more specific ones.
 3 years ago
Victor Julien 214e466b29 tls: remove incomplete tests 
These tests are incompatible with the incomplete API usage and should
have been pcap based tests in the first place.
 3 years ago
Victor Julien 82e03bd8fc tls: set event if record size exceeds limit 3 years ago
Victor Julien e857c864ca tls: support server hello done message 3 years ago
Victor Julien 4bab6e24e5 tls: support handshake fragmentation 
Implement TLS record defrag for handshake messages.

Ticket: #5183.
 3 years ago
Victor Julien bcaf0f6f7d tls: remove certificate buffering code 
TCP Buffering is now done in the app-layer using the incomplete API, on
the SSL/TLS record level. TLS level fragmentation will be implemented
separately.
 3 years ago