aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,866 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a2a920afb0'
${ noResults }
Commit Graph

13866 Commits (a2a920afb00adf714213d19d719ddd801193afd2)
 

Author SHA1 Message Date
Jason Ish a2a920afb0 github-ci: verify generated rust code is rustfmt and clippy clean 2 years ago
Jason Ish 0bb4546af4 setup-app-layer: rustfmt new rust files 2 years ago
Jason Ish cf20fa1e67 template: import c_void, c_char, c_int 
These are ffi types that are commonly used, import them so they can be
used by their short names instead of a fully qualified name.
 2 years ago
Jason Ish 4220f18258 template: remove no_mangle and pub where not needed 
Extern functions that are only used as a function pointer do not
require "pub" or "no_mangle".
 2 years ago
Jason Ish 0b2d0324e5 setup-app-layer: set copyright year to current year 
Ticket: 4939
 2 years ago
Jason Ish 4a7567b3f0 template: rename template-rust to template 
Remove the distinction between the C template protocol "template" and
the Rust template protocol "template-rust" and make the Rust parser
simply template now that we no longer have support to generate a C
protocol template.
 2 years ago
Jason Ish 8683154115 templates: remove C app-layer templates 2 years ago
Jason Ish 05e16820de templates: clang format cleanups 
Cleanup the trivial clang-formatting issues in templates.  Length of
protocol names may require clang-format after new protocol generation.
 2 years ago
Jason Ish 712d80107f setup-app-layer: remove generator for C parsers 
Ticket: 4939
 2 years ago
Jason Ish 38321a213f rust/app-layer-template: rustfmt 2 years ago
Jason Ish 50a787a9a3 app-layer-template-rust: remove C app-layer stub 
Remove the app-layer-PROTO stub for Rust based parsers.  It is no longer
needed as Rust parsers now contain the registration function in Rust.

Ticket: 4939
 2 years ago
Jason Ish baa7021ee6 rust/conf: add fn conf_get_node 
A wrapper around ConfGetNode to get a configuration node by name.
 2 years ago
Jason Ish 986212c19d github-ci: add app-layer-template builder 
Creates a protocol parser and logger and builds.
 2 years ago
Jason Ish 23424821be github-ci: rename alma to almalinux; 8.4 to 8 2 years ago
Victor Julien 64c0459d2d rust/lzma: clippy fixup 2 years ago
Victor Julien 7bfb63210e mime/base64: unify space handling 2 years ago
Philippe Antoine 0e054af1ac mime: do not skip empty lines for quoted-printable 
As these lines are in the file...

Ticket: #5725
 2 years ago
Jason Ish aa36e9e37f github-ci: enable lua on Fedora 36 build 
Not many of the jobs that run S-V enable Lua, enable Lua for Fedora 36
which also runs S-V.
 2 years ago
Jason Ish 35f99d1af7 rust/http2: fix clippy lint for is_empty() 
This snuck through as "cargo clippy" check wasn't finding lints that
were fixed by the previous test for fixable lints.
 2 years ago
Jason Ish 01badea65c github-ci: fail if cargo clippy --fix creates a changes 
Previously this was doing fixups and only warning, not erroring. Which
could made the following clippy command pass.
 2 years ago
Philippe Antoine 04fd2ae78e dns: do not oputput empty array for query 2 years ago
Philippe Antoine 37af957d83 eve/schema: check that each array has at least one element 
Ticket: #5167
 2 years ago
Richard McConnell b39a4c63fe doc: document AF_XDP feature 2 years ago
Richard McConnell 9b43481680 af-xdp: Configure build with AF_XDP support 2 years ago
Richard McConnell 6e128f48a2 af-xdp: Add AF_XDP socket support 
AF_XDP support is a recent technology introduced that aims at improving
capture performance. With this update, Suricata now provides a new
capture source 'af-xdp' that attaches an eBPF program to the network
interface card. Packets received in the NIC queue are forwarded to
a RX ring in user-space, bypassing the Linux network stack.

Note, there is a configuration option (force-xdp-mode) that forces the
packet through the normal Linux network stack.

libxdp and libbpf is required for this feature and is compile time
configured.

This capture source operates on single and multi-queue NIC's via
suricata.yaml. Here, various features can be enabled, disabled
or edited as required by the use case.

This feature currently only supports receiving packets via AF_XDP,
no TX support has been developed.

Ticket: https://redmine.openinfosecfoundation.org/issues/3306

Additional reading:
https://www.kernel.org/doc/html/latest/networking/af_xdp.html
 2 years ago
Todd Mortimer 7d1a8cc335 file/swf: Use lzma-rs decompression instead of libhtp. 
Use the lzma-rs crate for decompressing swf/lzma files instead of
the lzma decompressor in libhtp. This decouples suricata from libhtp
except for actual http parsing, and means libhtp no longer has to
export a lzma decompression interface.

Ticket: #5638
 2 years ago
Victor Julien 45eb038e63 smb: fix file reopening issue 
Fuzzing highlighted an issue where a command sequence on the same file
id triggered a logging issue:

file data for id N
close id N
file data for id N

If this happened in a single blob of data passed to the parser, the
existing file tx would be reused, the file "reopened", confusing the
file logging logic. This would trigger a debug assert.

This patch makes sure a new file tx is created for the file data
coming in after the first file tx is closed.

Bug: #5567.
 2 years ago
Victor Julien 9ed65907a7 fuzz/sigpcap: set pkt_src 2 years ago
Victor Julien f848e34bcc stream: stricter check inserting segments 
In lossy streams, esp where TcpSession::lossy_be_liberal it is possible
to end up inserting a segment that is out of the expected sequence
number bounds.
 2 years ago
Victor Julien addc9b301d version: require libhtp 0.5.42 2 years ago
Victor Julien 5b6193f4c4 flow: cleanup and clarify ancient debug messages 2 years ago
Victor Julien 03d049dadc decode: enforce layer limit through tunnel layers 
Bug: #5686.
 2 years ago
Philippe Antoine 29f40c9e07 dcerpc: fix integer underflow 
as input.len() can be 65536, it cannot be directly cast to u16

Ticket: #5557
 2 years ago
Shivani Bhardwaj f80c999db3 util/base64: fix heap buffer overflow 
While updating the destination pointer, we were also adding the padded
bytes which are not a part of the decoded bytes. This led to running out
of space on the destination buffer.
Fix it by only incrementing destination buffer ptr by the number of
actual bytes that were decoded.

Ticket 5623
 2 years ago
Victor Julien c56fa0a805 version: development towards 7.0.0-rc1 2 years ago
Jason Ish 64fab3be04 github-ci: non-root builder 
All the GitHub CI jobs run as root inside a container. This means the
testing is done in a different environment than a developer typically
uses, running as a user.

Add a job that does the build as a non-root user.
 2 years ago
Jason Ish 91617f479a rust: sha-1 is now sha1 
This is the same crate, but renamed to be more consistent with the
RustCrypto project naming. Some recent discussion is available here:

    https://github.com/RustCrypto/hashes/issues/438
 2 years ago
Philippe Antoine af44504550 smb: do not use tree id to match request and response 
Completes commit e94920b49f

This must be true for access to state ssn2vecoffset_map

Ticket: #5161
 2 years ago
Jason Ish 18b468742a readthedocs: enable all formats 
Ticket: #5654
 2 years ago
Victor Julien 9f4dd4fc56 smtp/files: don't modify prev file on open failure 2 years ago
Victor Julien e601ebdfd8 files: always initialize inspect_window and min_inspect_depth 
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.
 2 years ago
Victor Julien cade6046c5 rust/files: open file without trackid as pointer 2 years ago
Victor Julien ad869e1c52 rust/filecontainer: remove unused declaration 2 years ago
Victor Julien df7d8d96c9 streaming/buffer: set hard limit on buffer size 
Don't allow the buffer to grow beyond 1GiB. Add a once per thread
warning if it does reach it.

Bug: #5703.
 2 years ago
Jason Ish bf1c185c03 github-ci/centos:7: cache yum RPMs 2 years ago
Jason Ish 1c13efb8d4 github-ci/windows: cache cargo artifacts 2 years ago
Jason Ish 6da066cc53 github-ci/macos: don't force cbindgen 
We want to use binary from the cache if available.
 2 years ago
Jason Ish 0dddfbc8e6 github-ci: cache RPMs on dnf distros 2 years ago
Jason Ish 814a76a217 github-ci: better .cargo caching 2 years ago
Philippe Antoine 086b28da3d http2: fix decompression buffering 
It was not enough to set Cursor position to 0,
also its inner Vec should be cleared.

This way, a new input gets written at the beginning of the
Cursor and its inner Vec...

Ticket: #5691
 2 years ago