aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,196 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a272e433a8'
${ noResults }
Commit Graph

10196 Commits (a272e433a8f9a1886db22cf77d2f6a3b2eed2a57)
 

Author SHA1 Message Date
Victor Julien a272e433a8 pd: don't reverse flow if TCP session not midstream 5 years ago
Jason Ish 5f1d21f247 dns: handle mid stream pickup on response packet 
Related Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2146
 5 years ago
Travis Green 3f146cdd7e doc: add endswith keyword docs 5 years ago
Travis Green 9f8dcad287 doc: update of ssh-kewords documentation 
Modifies ssh-keywords.rst to fix syntax error in example rule as well as
update descriptions to indicate older keywords have been deprecated.
 5 years ago
Jason Ish 9488002a0d doc: use describe instead of option for old Sphinx 
Older versions of Sphinx will generate duplicate IDs when you have
options like:

.. option:: some-option

.. option:: some-other-option

The version of Sphinx provided on CentOS 7 has this issue, newer
versions of Sphinx do not.  As CentOS 7 is still a popular
distribution, change ".. option" to ".. describe" which has the
same visual output, but does not generate links.
 5 years ago
Jason Ish 42e5065ab8 rust: update to Rust 2018 with cargo fix 
Migrate to Rust 2018 edition.

Credit to Danny Browning for first demontrating this:
https://github.com/OISF/suricata/pull/3604/commits
 5 years ago
Jeff Lucovsky 79d308db73 detect/analyzer: Add missing http_accept_enc handling 5 years ago
Shivani Bhardwaj 8bebea5d4c rust: Get rid of unneeded macros, fix warnings 5 years ago
Victor Julien a3e5b91668 detect/dataset: fix 'state' path handling 5 years ago
Victor Julien e36a963196 datasets/doc: minor fixes and clarifications 5 years ago
Victor Julien 7ae86a0ae9 datarep: remove notice messages 5 years ago
Victor Julien 8045746bd1 datasets: remove notice messages and improve errors 5 years ago
Victor Julien 0107b9a057 doc/dataset: initial documentation 5 years ago
Victor Julien d5ceafa2e5 suricatasc: add dataset-add command 5 years ago
Victor Julien 1d6a358d8a datasets: unix socket dataset-add command 5 years ago
Victor Julien 317376f59d datasets: match on lists of data 
Datasets are sets/lists of data that can be accessed or added from
the rule language.

This patch implements 3 data types:

1. string (or buffer)
2. md5
3. sha256

The patch also implements 2 new rule keywords:

1. dataset
2. datarep

The dataset keyword allows matching against a list of values to see if
it exists or not. It can also add the value to the set. The set can
optionally be stored to disk on exit.

The datarep support matching/lookups only. With each item in the set a
reputation value is stored and this value can be matched against. The
reputation value is unsigned 16 bit, so values can be between 0 and 65535.

Datasets can be registered in 2 ways:

1. through the yaml
2. through the rules

The goal of this rules based approach is that rule writers can start using
this without the need for config changes.

A dataset is implemented using a thash hash table. Each dataset is its own
separate thash.
 5 years ago
Victor Julien b286c14324 thash: generalize hash table as used in flow 
Thread safe hash table implementation based on the Flow hash, IP Pair
hash and others.

Hash is array of buckets with per bucket locking. Each bucket has a
list of elements which also individually use locking.
 5 years ago
Victor Julien 0b120bbe34 suricata: expose system as global 5 years ago
Victor Julien 5d5612f98e suricata: --data-dir option 5 years ago
Victor Julien f24067f5e5 travis: add liblzma (xz) for osx 5 years ago
Victor Julien 6f80821ff0 configure: bump minimum htp to 0.5.30 5 years ago
Victor Julien dbbdfedb98 lzma: make mandatory 
Libhtp is starting to use it as well, so its safe to make it mandatory
here.

Remove guards for flash file decompression code.
 5 years ago
Philippe Antoine 8d4cbb3f7b http: fixes stream flags for http tests 5 years ago
Philippe Antoine 9665ab0409 http: wait for response line for filename 
See http evader case 481
 5 years ago
Victor Julien 579cc9f02b const: constify decoder, app-layer, detect funcs 5 years ago
Victor Julien 399ab35aa1 afl: fix compile warnings for decoder fuzz funcs 5 years ago
Jason Ish a472dec865 travis-ci: update for minimum Rust version of 1.33. 
Plus:
- Set latest known working stable Rust to 1.37.0.
- Remove test for --disable-rust, as that as option is
  not respected anymore.
- Add test for old/unsupported version of Rust to make
  sure ./configure fails.
- Other minor cleanups.
 5 years ago
Jason Ish 8f66f39b29 rustfmt: use default rustfmt configuration 
Remove our config that limited line length to 80 columns.
 5 years ago
Jason Ish c9d569f410 rust: check for minimum Rust version of 1.33.0. 
Related Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/2629
 5 years ago
Philippe Antoine ecb9e85d69 install: install all files for events rules 
Fixes #2786
 5 years ago
Philippe Antoine aa73d834b5 boyermoore: avoid one tolower call 
Fixes #1218
 5 years ago
Jeff Lucovsky 86deaefe66 ftp: Ensure non-zero command length with MPM init 5 years ago
Jason Ish d14fe372b4 configure.ac: prevent empty if block (llc check) 
As AC_SUBST doesn't expand to anything in the shell script, this
will generate a bad script on older versions of autoconf.

Change the logic to eliminate the possibility of an empty
if or else block.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3124
 5 years ago
Shivani Bhardwaj f750e4ca40 configure: Remove enable-rust-debug 
Get rid of enable-rust-debug flag and use enable-debug for acheiving the
desired functionality. From now, adding `--enable-debug` to `configure`
shall create an [unoptimitized + debuginfo] target. Rest behavior stays
the same.

Closes redmine ticket #3054
 5 years ago
Shivani Bhardwaj 85b56b633e detect: Improve rule keyword alproto registration 
1. Set WARN_UNUSED macro on DetectSignatureSetAppProto.
2. Replace all direct 'sets' of Signature::alproto from keyword registration.

Closes redmine ticket #3006.
 5 years ago
Victor Julien 1bc738fbe4 doc: typo fixes 
By @espritlibre and @Zeal0us
 5 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 5 years ago
Fabrice Fontaine 9b05db7db0 fix build on m68k with uclibc 
uclibc on m68k defines _POSIX_SPIN_LOCKS but does not define
pthread_spin_unlock so check for this function before using
pthread_spin_xxx functions

Fixes:
 - http://autobuild.buildroot.org/results/ed923bcc1454ce90444b8dac7c064b5f4ea4a0a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 5 years ago
Jeff Lucovsky 86fabef093 ftp: address review comments 5 years ago
Jeff Lucovsky f79316d71a ftp: remove RUST guards 5 years ago
Jeff Lucovsky cc5e9ca179 eve/ftp: Modifications for MPM-enabled command descriptor table 5 years ago
Jeff Lucovsky bc68ef4657 app-layer: Invoke FTP parser cleanup function 5 years ago
Jeff Lucovsky 09ab032a8d ftp: Use MPM for command lookup 5 years ago
Jeff Lucovsky 4f2a485c55 ftp: Remove LIBJANSSON guards 5 years ago
Jeff Lucovsky 3df2b3437c eve/ftp: Move "get next line" into app-layer-ftp.c 5 years ago
Victor Julien f43584661c stream: support debug notice message in tfo 5 years ago
Eric Leblond cc28d24e9a doc: install eBPF files in share directory 
Following proposal by Sascha Steinbiss, let's use /usr/share/suricata
to store the eBPF files.
 5 years ago
Eric Leblond 5366f80941 bypass: fix build on Windows 
For the sake of unittests, we need to build capture bypass so we
end up with a Windows build of flow bypass.
 5 years ago
Eric Leblond 3cf49ae868 doc: fix English and some typos 5 years ago
Eric Leblond 4be6701836 doc: pointer to bpfctrl 
As bpfctrl is currently the easiest way to manage pinned maps,
let's point to it. We will switch doc to suricatacl once support
has been added.
 5 years ago