aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,381 Commits
8 Branches
169 Tags
187 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '926ef4c49a'
${ noResults }
Commit Graph

18381 Commits (926ef4c49a5a482b3b56b87e534e2b42db8964e7)
 

Author SHA1 Message Date
Shivani Bhardwaj 926ef4c49a detect/xbits: parse keywords w strtok_r 
Ticket: 4820

Forward ported by Victor Julien from
2c5eead479 ("detect/xbits: parse keywords w strtok_r")
 4 months ago
Victor Julien 7ac5d7428e frames: add --list-app-layer-frames option 
Lists frames per ip proto and app-layer proto.

Ticket: #8174.
 4 months ago
Philippe Antoine df812b7a90 detect: do not exit on allocation failure during rule (re)load 
Ticket: 6187
 4 months ago
dependabot[bot] a0c91aa9f0 github-actions: bump actions/upload-artifact from 5.0.0 to 6.0.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 4 months ago
dependabot[bot] 2deb1d25c4 github-actions: bump actions/cache from 4 to 5 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 4 months ago
dependabot[bot] 03ee55c99f github-actions: bump actions/checkout from 6.0.0 to 6.0.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 4 months ago
dependabot[bot] 1f28880ba1 github-actions: bump codecov/codecov-action from 5.5.1 to 5.5.2 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.1 to 5.5.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](5a1091511a...671740ac38)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 4 months ago
dependabot[bot] b4ed2da8ff github-actions: bump actions/download-artifact from 6.0.0 to 7.0.0 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 6.0.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](018cc2cf5b...37930b1c2a)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 4 months ago
Lukas Sismis b596073a79 src: doc: remove double-space typos 4 months ago
Victor Julien 66e595fb10 detect/ssl_state: minor code cleanups 4 months ago
Victor Julien 5b790f607f detect/ssl_version: minor code cleanups 4 months ago
Victor Julien f17254ab8f detect/tls.version: minor code cleanups 4 months ago
Giuseppe Longo f1b9669ed5 flow: swap MACs when flow direction is swapped 
When FlowSwap() reverses the direction of a flow, the MAC address sets
stored in the flow also need to be swapped to maintain consistency with
the new direction. Previously, MAC addresses were not swapped along with
other flow properties like packet/byte counters.

Ticket #8172
 4 months ago
Giuseppe Longo 8050738fea util/macset: fix code style 
Code style fixed using clang-format.

Ticket #8172
 4 months ago
Victor Julien da87bd61d0 detect/luaxform: fix allowed lua rules check 
Meant to be enabled by default, but wasn't.
 4 months ago
Victor Julien d7866495c2 detect/lua: exclude script setup from the max-bytes limit 
Make sure the script can use all bytes configured. So exclude setup like
input buffers that are put on the lua state before script is executed.

Bug #8173.
 4 months ago
Victor Julien 1f58bc1a07 detect/luaxform: disable bytes limit during setup 
During per inspection setup the buffer could already use up all the budget.

Bug #8173.
 4 months ago
Victor Julien 7bc4b7d713 lua/sandbox: allow disabling the bytes limit 
Meant for setting up from C, where we may use more bytes than expected.

Bug: #8173.
 4 months ago
Shivani Bhardwaj 30bdaa44e1 doc: add elephant.flow usage section 4 months ago
Shivani Bhardwaj 33a3448f45 detect/flow: add support for elephant flow detection 
Expose elephant flow flags on a flow via rule language. The rule keyword
is defined as "flow.elephant: <dir>;" where the <dir> can expand to:
- toserver
- toclient
- either
- both

Feature 8117
 4 months ago
Shivani Bhardwaj 0f92583702 flow: split elephant flow detection per dir 
The tracking for elephant flow is done per direction however, the flag
was set on the flow whenever either of the directions crossed the
rate-limit defined in the settings. Given that the tracking was already
split, it makes sense to split the detection tracking per direction as
well and allow user to have a better control via rule language.
 4 months ago
Shivani Bhardwaj 06eafb79d6 detect/flow-pkts: check for both dir 
The functionality of "both" can already be easily achieved by using both
"toclient" and "toserver" in a rule. This just adds the ease of
expression in rule. As it is added now, check the direction for the
pre-existing users of direction as well.
 4 months ago
Shivani Bhardwaj 77abcde9ee rust/flow: add public wrapper for dir 
in order to be able to use it on the C side for elephant flow detection.
 4 months ago
Victor Julien cc2287beb4 tcp/tfo: set PKT_STREAM_EST flag 
Detection and logging skip a lot of work if PKT_STREAM_EST is not set. When
a TFO packet with data comes in the TCP state is not yet established, but
the data still needs to be considered.

So for this case set the PKT_STREAM_EST flag.

Bug #6744.
 4 months ago
Victor Julien 8247ec65b5 features: use strcmp instead of memcmp 4 months ago
Victor Julien 4a58c84862 string-hash: use strcmp instead of memcmp 4 months ago
Victor Julien c226626a7f counters: use strcmp instead of memcmp 4 months ago
Victor Julien 7a794945c6 proto: use strcmp instead of memcmp 4 months ago
Victor Julien 8f655c7d8d reference: use strcmp instead of memcmp 4 months ago
Victor Julien 3fbce40def classification: use strcmp instead of memcmp 4 months ago
Victor Julien 5a12096dd9 spm: minor unittest cleanup 4 months ago
Victor Julien a16c6ff6a5 memcpy: rename memcpy_tolower 
Rename to match coding style. Update callers.

Minor loop cleanup.
 4 months ago
Ali Saidi c4360cd515 util: add timing assembly for arm64 4 months ago
Jason Ish b3d45e5507 profiling: log rule profiling as json by default 
We've been forcing JSON logging in our default configuration for some
time now, just make it the actual default.
 4 months ago
Jason Ish d89b35db56 conf: add SCConfNodeChildValueIsFalse to check for false value 
New function to check is a value is actually set to a false value.
 4 months ago
Jason Ish 6eda4b9f59 configure: remove @e_enable_evelog@ 
Jansson/JSON has been mandatory for a long time now, so this value has
evaluated to yes for many years now.
 4 months ago
Jason Ish e895cbbf58 profiling: don't enable rule profiling by default 
Update the suricata.yaml rule profiling section to not turn on rule
profiling by default, as its not on by default when commented out.

Also update the comments.
 4 months ago
Jason Ish aa7091f927 ebpf: ignore *.bpf 
Add the compiled .bpf programs to .gitignore.
 4 months ago
Philippe Antoine af246ae7ab http: do not use a loop to find the tx count 
As we want the last tx

Ticket: 8156

The generic function AppLayerParserGetTxCnt calls for HTTP1
Transactions.size()

This function has some specific code, as we may have pre-created
a tx that we do not want to count.
This used to get the last tx by iterating over all the transactions
waiting to find the one with max index.
So, instead of using the Transactions.get function, we get the last
tx out of the VecDeque and check its index.
 4 months ago
Jeff Lucovsky 5c0f95faec gen: Fix typos 4 months ago
Jeff Lucovsky 9c81f817e8 rust: bindgen update 
Issue: 7389

Update bindgen with `make update-bindgen`
 4 months ago
Jeff Lucovsky e80e881335 main/options: display level name, not numeric 
Issue: 7389

Follow-up change for verbose handling. Instead of displaying the numeric
verbose level, display the level name.

I.e., instead of 4, display Debug
 4 months ago
Shivani Bhardwaj a53ba4af94 detect: use PrefilterIsPrefilterableById where possible 
cocci script used:

@@
identifier s, sm, DETECT_TYPE;
@@

- for (sm = s->init_data->smlists[DETECT_SM_LIST_MATCH] ; sm != NULL; sm = sm->next) {
-     switch (sm->type) {
-         case DETECT_TYPE:
-             return true;
-     }
- }
- return false;
+ return PrefilterIsPrefilterableById(s, DETECT_TYPE);

followed by some basic cmdline manipulations to get rid of extras left.
 5 months ago
Philippe Antoine 726139a539 fuzz: really restrict path for nalloc 
Ticket: 4125
 5 months ago
Philippe Antoine e305c6c9df conf: do not exit on alloc failure 
Ticket: 6188

Just return an error
 5 months ago
Philippe Antoine 6882159692 fuzz: set engine stage for conf yaml target 
Ticket: 6188

Allows allocations failures not to be fatal as in init
 5 months ago
Jason Ish 50224f2ee5 rust: fix clippy warning for unused import 
While debug_validate_bug_on is still used, it does not need to be
imported directly, as that macro is marked with `macro_export`, making
it globally available to the crate.
 5 months ago
Philippe Antoine 24405a7b76 doc: http fields in json schema 
Ticket: 6075
 5 months ago
Philippe Antoine 2f39c8c099 jsonschema: remove obsolete http fields 
These were moved to array request_headers/response_headers

Ticket: 6075
 5 months ago
Juliana Fajardini 0ca874b678 userguide: highlight exceptions interactions 
In corner cases, we assume that a midstream exception policy could be
triggered by a prior exception policy in effect. Explain this in the
docs.

Task #5830
 5 months ago