aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,127 Commits
8 Branches
165 Tags
207 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9a7a30f18e'
${ noResults }
Commit Graph

2017 Commits (9a7a30f18e786324534f5711a62815c70390406d)

Author SHA1 Message Date
Philippe Antoine dc7874b2ac rust: bindgen more http range functions used in http2 
Ticket: 7667
 3 weeks ago
Philippe Antoine 842352c190 rust: bindgen SCHttpRangeFreeBlock 
Ticket: 7667
 3 weeks ago
Philippe Antoine 93785ae357 rust: bindgen SCHTTP2MimicHttp1Request 
Ticket: 7667
 3 weeks ago
Philippe Antoine a1613fecb4 detect: tcp.flags rejects non-sensical values 
ignored flags are only meaningful for equal mode
 3 weeks ago
Philippe Antoine 31e9cb55be detect: tcp.flags unit tests improvements 
Tests better the ignored flags functionality.
This functionality is only used at detection for default mode,
it is not used for any, plus or not mode.

So, have unit tests about igored flags with default mode with
both matching and non matching cases
 3 weeks ago
Philippe Antoine d8cb00e795 detect/tcp: make tcp.flags a generic integer with bitflags 
Ticket: 6724

Allows to use numerical values for example

Also fixes some unit tests that were returning 1 after goto error
FlagsTestParse05 especially took this path as
de->ignored_flags != (TH_SYN|TH_RST) was false
we had de->ignored_flags == 0xff ^ (TH_SYN|TH_RST)
And then, we had a match, instead of what the not-run code
was supposing.
 3 weeks ago
Philippe Antoine 1f9236a6d8 detect/ipv4: make fragbits a generic uint16 bitflags keyword 
Ticket: 6724

Allows to use numerical values
 3 weeks ago
Philippe Antoine 633180c93f detect/integers: generalize support for bitflags modifier 
Ticket: 6724

Allows sugar syntax for bitflags keywords.
While the expressivity does not increase, because we could already
use numerial values with all generic integer modes, this modifier
prefix is used with the strings, and follows the syntax
that is already used for fragbits and tcp.flags keyword.
 3 weeks ago
Philippe Antoine f25194480c libhtp: fix newer clippy lints with newer MSRV 3 weeks ago
Jason Ish bc33bd49eb quic/crypto: remove use of GenericArray 
Its not needed, and gets rid of the deprecation warnings.
 3 weeks ago
Jason Ish bdfdf7ff33 rust: update deps with cargo-update 
Suppress deprecation warnings in quick/crypto.rs about GenericArray.
 3 weeks ago
Jason Ish 6fdf0d736b rust: update aes-gcm to 0.10.3 3 weeks ago
Jason Ish b9517de86e rust: update aes to 0.8.4 3 weeks ago
Philippe Antoine 4b69a31dc3 detect/integers: count argument for multi-integers 
Ticket: 7211

Allows to count the number of elements, without matching on
individual elements
 3 weeks ago
Philippe Antoine 3babd68af4 pop3: count retr_data into consumed 
for later AppLayerResult::incomplete

Fixes: acef961645 ("pop3: improve parsing")

https://issues.oss-fuzz.com/u/1/issues/451112373

Ticket: 7994
 4 weeks ago
Philippe Antoine 9a4a29e218 http2: fix parsing of goaway frames 
There was a last stream id before the error code
As per section 6.8 of RFC 7540

Ticket: 7991
 4 weeks ago
Philippe Antoine 7f0087f19a rust/detect: fix correct pointer type in SCDetectU32ArrayFree 4 weeks ago
Philippe Antoine 969739d067 detect: http2.errorcode is now a generic integer 
Ticket: 7889
 4 weeks ago
Philippe Antoine 401b2fcae6 detect: http2.frametype is now a generic integer 
Ticket: 7889
 4 weeks ago
Philippe Antoine 454f73b445 rust: EnumString derive accepts a enum_string_style parameter 
So that http2.frametype and http2.errorcode can use EnumString
without changing the format, as they used UPPERCASE instead of
the default EnumString snake_case
 4 weeks ago
Victor Julien acef961645 pop3: improve parsing 
Improve multiline commands and SASL auth.

Work around missing support in crate for empty server challenge and SASL base64 data.

Ticket: #7709.
 1 month ago
Jason Ish 5e2dc9ace3 ike: don't log empty server objects 1 month ago
Jason Ish 2d86412f46 ike: log attributes as objects 
IKE attributes are an array of TLV style objects, this means there can
be duplicate types seen on the wire. However, Suricata logs these as a
mapping with the type as the key. This can result in the JSON
containing duplicate keys.

To address this, log the attributes as an array of objects, allow
duplicates to exist, for example:

  "client": {
    "proposals": [
      {
        "sa_life_duration": "Unknown",
        "sa_life_duration_raw": 86400,
      }
    }
  }

is now logged as:

  "client": {
    "proposals": [
      {"key": "sa_life_duration", "value": "Unknown", "raw": 86400}
    ]
  }

Also adds `"version": 2` to each IKE record to note the change of
format from previous versions.

Ticket: #7902
 1 month ago
Jason Ish b543e28402 ike/detect: info log message should be debug 1 month ago
Philippe Antoine a393147415 rust: restrict visibility of reexported suricata_sys structs 1 month ago
Philippe Antoine fa322e3dc2 rust: remove unneeded cbindgen exclusions 1 month ago
Philippe Antoine 958344787f rust: bindgen FileAppendData 
Ticket: 7667
 1 month ago
Philippe Antoine 811d28cc6b rust: bindgen util-spm-bs.h 
for SCBasicSearchNocaseIndex

Ticket: 7667
 1 month ago
Jeff Lucovsky 0e547b9519 rust/conf: Accept xiB unit suffixes 
Update the memval to recognize
- kb and kib
- mb and mib
- gb and gib
as equivalent.
 1 month ago
Philippe Antoine 56e08c9134 mime: retain some stateful data for quoted-printable 
In case a sequence like =3D is split over 2 calls to SCSmtpMimeParseLine

Ticket: 7950
 1 month ago
Victor Julien 870b40220c rust: cargo update 1 month ago
Philippe Antoine 096ba42ce9 detect/integers: add some meaningful error messages 
To help rule writers
 1 month ago
Philippe Antoine 4f7fc25a1a detect/dnp3: make dnp3.ind a generic uint16 bitflags keyword 
Ticket: 6724

Allows operations such as negation
 1 month ago
Philippe Antoine c1917dec21 detect/integers: make mqtt use generic detect_parse_uint_bitflags 
Ticket: 6724
 1 month ago
Philippe Antoine 867f5bfa21 detect/integers: generic detect_parse_uint_bitflags 
Ticket: 6724

This will ease other keywords with bitflags, by having a generic
function + an association between flag string and bit value.
 1 month ago
Philippe Antoine 3641b4eda1 detect/nfs: move nfs_procedure to rust 
Make it able to use strings on the way

Ticket: 6723
 2 months ago
Philippe Antoine 9869fb776b detect/snmp: pdu_type keyword now accepts strings 
Ticket: 6723
 2 months ago
Philippe Antoine 0553dfa814 detect/krb5: move krb5_msg_type to rust 
Makes it a generic u32 on the way

Unit tests are covered by SV tests

Ticket: 6723
 2 months ago
Philippe Antoine 24503b0ead rust: move file functions out of SuricataContext 
Ticket: 7667
 2 months ago
Philippe Antoine 1f084f8cb7 rust: move HttpRangeFreeBlock out of SuricataContext 
Ticket: 7667
 2 months ago
Philippe Antoine 828a6bdbf8 rust: bindgen SCLogMessage 
Ticket: 7667
 2 months ago
Philippe Antoine cc845dccdb rust: bindgen GenericVarFree 
Ticket: 7667
 2 months ago
Philippe Antoine b00788af8b rust: bindgen SCAppLayerParserTriggerRawStreamInspection 
Ticket: 7667
 2 months ago
Philippe Antoine c52121586a rust: move AppLayerEvents funcs out of RustContext 
Ticket: 7667

just use it directly, with bindgen, and cfg not test
 2 months ago
Philippe Antoine bf6b8510fe rust: move DetectEngineStateFree out of RustContext 
Ticket: 7667

just use it directly, with bindgen, and cfg not test
 2 months ago
Philippe Antoine 573dd2367e rust: bindgen SCFileFlowFlagsToFlags 
Ticket: 7667
 2 months ago
Philippe Antoine 6fa85d18f0 rust: reenable lint unused_doc_comment 
With just local exceptions
 2 months ago
Philippe Antoine b59086210f rust: bindgen flow ffi API 
Ticket: 7667
 2 months ago
Philippe Antoine bbf1424371 rust: bindgen MpmAddPatternCI 
Ticket: 7667
 2 months ago
Philippe Antoine c391451f19 rust: begin to bindgen app-layer-register.h 
Ticket: 7667
 2 months ago