aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,698 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8c4e53e803'
${ noResults }
Commit Graph

11698 Commits (8c4e53e80322d17cdf49e90df4a868d3b8427759)
 

Author SHA1 Message Date
Victor Julien daffcc6e53 app-layer: improve depth handling 
Consider txs inspected and done for a direction after depth is reached for
that direction.
 5 years ago
Victor Julien a5a46795bd stream: make sure to call app-layer in case of depth reached 5 years ago
Victor Julien 5d985c4271 dcerpc: implement tx free function 5 years ago
Victor Julien 8b2886635f dcerpc/tcp: implement trunc logic 
When one side of the connection reaches the STREAM_DEPTH condition the
parser should be aware of this. Otherwise transactions will forever be
waiting for data in that direction.
 5 years ago
Victor Julien 4da0d9bdea applayer/rust: expose truncate callback 5 years ago
Victor Julien 2cfa35ccc9 app-layer: don't check tx detect flags if detect is disabled 5 years ago
Victor Julien 34e83b8acf stream: remove GAP flag from stream 
This flag was checked in many places, but never set expect in 2 unittests.
 5 years ago
Jeff Lucovsky c5ace81a27 log/eve: Rename fileinfo alert object to files 
This commit changes the name of the "fileinfo" array in the alert object
to "files" to better support legacy use of "fileinfo" in reporting and
elsewhere.

The "fileinfo" event type is not an array while the alert "fileinfo"
member was.
 5 years ago
Jason Ish 69fffb2dc4 doc/userguide: include man page even when not including pdf 
Fix a mistake in Makefile.am where the man page was only being
added to the distribution if the PDF was also created. It should
be included even if the PDF cannot be included.
 5 years ago
Shivani Bhardwaj 301454e9e4 dcerpc: fix datatypes while handling stub data 5 years ago
Shivani Bhardwaj 3fd9a3d420 dcerpc: fix datatype for stub data len 5 years ago
Philippe Antoine 222b386102 rust: rebuilds std when building fuzzers 
so as to have MSAN working
 5 years ago
Victor Julien 2bef41a630 version: continue 6 development 5 years ago
Victor Julien 914391697a version: update to 6.0.0-rc1 5 years ago
Victor Julien 990dfdac6b changelog: update for 6.0.0-rc1 5 years ago
Philippe Antoine 15447cc672 dceprc: signature rust check with is_char_boundary 
before calling split_at which would panic
 5 years ago
Shivani Bhardwaj 98285177ba datasets: use default memcap 5 years ago
Philippe Antoine 872de829ea detect: initialize pointer before calling pcre_study 
So as not to check an uninitialized value
Found by MSAN
 5 years ago
Victor Julien f21a4bc40e datasets: remove experimental warning 5 years ago
Shivani Bhardwaj 87617b200c doc/datasets: add info about memcap and hashsize 5 years ago
Shivani Bhardwaj 1286b0a8f1 datasets: parse defaults section from yaml 
Datasets can now have a global defaults setting in suricata.yaml. In
case the settings for memcap and hashsize are not find in the yaml or
rule, this shall be the fallback.

Example:

datasets:
  defaults:
    memcap: 100mb
    hashsize: 2048
  ua-seen:
    type: string
    load: datasets.csv
 5 years ago
Shivani Bhardwaj 5ac94fc407 datasets: allow memcap, hashsize be set via yaml or rule 
It is now possible to set the memcap and hashsize via suricata.yaml and
rules.

Rule example:

alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 100mb,hashsize 2048; sid:1;)

suricata.yaml example:

datasets:
  ua-seen:
    type: string
    load: datasets.csv
    memcap: 20mb
    hashsize: 2048
 5 years ago
Shivani Bhardwaj b2482d6c60 datasets: allow max possible memcap while loading 
While using the "load" option of datasets, it should be possible to load
any file from the disk, so set the limit to highest possible.
 5 years ago
Jason Ish 2b1bbd08a3 rules/tls: sync with changes to the TLS events 
Sync rules with event changes in commit
01aef49cbd.
 5 years ago
Jeff Lucovsky ce603d662f log/eve: Ensure eve logs have sequential suffixes 
This commit ensures that the eve logs have sequential suffixes without
gaps.
 5 years ago
Jeff Lucovsky ad2e18be3e atomics: Add "decl and init with value" function 
This commit adds an interface to declare and initialize an atomic with a
specific value. This can help with situations where there's no defined
initialization path to set things up.
 5 years ago
Jeff Lucovsky 8395a9201e log: Ensure threaded eve honors SIGHUP 
This commit ensures that all logging contexts register for the file
rotation mechanism (SIGHUP and configured).
 5 years ago
Jason Ish 7d44e80a50 doc: document removal of unified2 
And suggest an alternate tool, Meer if compatibility with
Barnyard2 style databases is required.

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3497
 5 years ago
Jason Ish e71f2b22fa doc: add removal of individual json loggers 
Add link to multiple eve instances as a replacement for this
feature.
 5 years ago
Philippe Antoine 9b5c923327 http: disables lzma by default for HTTP 5 years ago
Philippe Antoine 6694737fcf http2: settings from http1 upgrade 5 years ago
Philippe Antoine 7011bddf84 http2: mimic HTTP1 request from upgrade 5 years ago
Philippe Antoine 9d1b030ff0 http2: first connection upgrade from http1 5 years ago
Philippe Antoine 9185a90fc9 dnp3: fix unit tests when fuzzing 5 years ago
Philippe Antoine 82f1758573 applayer: keep running detection on protocol change 
ie do not stop on first try if we do not have enough data
 5 years ago
Philippe Antoine 21e741795d applayer: on protocol change, use previous state 5 years ago
Philippe Antoine 828ff2dc3c http: removal of connect unit tests 
moved to suricata-verify
 5 years ago
Philippe Antoine 547d6c2d78 applayer: pass parameter to StateAlloc 
This parameter is NULL or the pointer to the previous state
for the previous protocol in the case of a protocol change,
for instance from HTTP1 to HTTP2

This way, the new protocol can use the old protocol context.
For instance, HTTP2 mimicks the HTTP1 request, to have a HTTP2
transaction with both request and response
 5 years ago
Sascha Steinbiss ed9fed4958 mqtt: add some extra tests for varint parsing 5 years ago
Philippe Antoine 1a88df7e88 http2: handles incomplete frames after banner 
To signal incomplete data, we must return the number of
consumed bytes. When we get a banner and some records, we have
to take into account the number of bytes already consumed by
the banner parsing before reaching an incomplete record.
 5 years ago
Philippe Antoine 7ab9a01db2 mqtt: limit size of variable integer 5 years ago
Jason Ish c4d0a61eca datasets: fix dataset load path construction 
Test the full path instead of just the filename provided in the
rule to see if it exists.

Fixes the case where a rule file is loaded from a directory
other than the default-rule-directory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3916
 5 years ago
Philippe Antoine e3b28bcf2a http2: returns error in case of index 0 
As is documented in RFC 7541, section 6.1
The index value of 0 is not used.  It MUST be treated as a decoding
error if found in an indexed header field representation.
 5 years ago
Philippe Antoine 9788b2ec8d signature: frees transform options in SigMatchPrepare 5 years ago
Philippe Antoine 1674239442 detect: checks for overflow when comparing signatures priorities 5 years ago
Victor Julien abca451901 flow: suppress Coverity FP 5 years ago
Victor Julien 204302cbac flow: minor code cleanup 5 years ago
Victor Julien 42ce297e0e flow: turn BUG_ON into debug check 5 years ago
Eric Leblond 6494abc6b1 ebpf: fix invalid description in doc string 5 years ago
Victor Julien e1ecb7dc41 doc/datasets: explain reloads, general improvements 5 years ago