aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,819 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a5f1f19b27'
${ noResults }
Commit Graph

9819 Commits (a5f1f19b275bd7c09b4f4cf934d47e476bdddf7d)
 

Author SHA1 Message Date
Philippe Antoine a1c6e091ac http: new event for auth unrecognized 
activates libhtp auth parsing
Fixes #984
 6 years ago
Jeff Lucovsky 7d6875fb68 documentation: Correct rst for ssh-keywords 
This changeset corrects an error in the ssh-keywords
where 3 "`" characters were used instead of 2 "`" characters.
 6 years ago
Jeff Lucovsky 97fc7c1e1a documentation: sticky buffer updates 
This changeset updates the userguide for the TLS and JA3
keywords that have been renamed from <id>_<name> to <id.name>
 6 years ago
Jeff Lucovsky 7f102d95b6 detect: Modernize TLS keywords 
This changeset adds keywords for "tls.<name>" and moves the existing
value of "tls_<name>" to an alias.
 6 years ago
Alexander Bluhm 36796de731 init: pledge(2) needs "fattr" during suricata reload. 
When killed with SIGHUP, suricata reopens the log files.  If filemode
is set in the config, it needs pledge promise "fattr" to allow the
chmod(2) on OpenBSD.
 6 years ago
Giuseppe Longo 76357350fd doc: update http.protocol description 6 years ago
Giuseppe Longo af9399f2ac detect-http-protocol: use v2 inspect/mpm engines 
This updates inspect/mpm engines to v2.
 6 years ago
Shivani Bhardwaj 4705314fd2 doc: Add manpages for suricatasc and suricatactl 
Add the missing manpages and the corresponding Sphinx configuration
for the command line tools `suricatasc` and `suricatactl`.

Closes redmine ticket #884.
 6 years ago
Victor Julien a6a0b0aa4a detect/files: fix file sigs state handling 
Make sure all file sig mismatches indicate this in their return
code, not just the ones with filestore enabled. This is needed
to tell the stateful detect engine that it is dealing with a file
sig, so it can make sure these are inspected correctly even if
there are possibly multiple files per tx.
 6 years ago
Victor Julien 225cdf996e eve/alert: take vlan from packet, not flow 
Flow is not guaranteed to exist.
 6 years ago
Eric Leblond 360a6ace43 doc: add info about buffer usage in lua 6 years ago
Eric Leblond 497f35164b detect-filename: avoid multiple inspections of buf 
If the filename inspection function is returning nomatch this will
trigger iterative inspections with same content (aka filename) being
inspected. To avoid this we change the return as the buffer inspection
has not to be inspected anymore.
 6 years ago
Eric Leblond 63f2032ed6 doc: fix way to build URL 6 years ago
Eric Leblond f48ac1860a detect-lua: implement sticky buffer 
This patch implement an option named 'buffer' that can be used in the
init function of a lua signature:

 function init (args)
     local needs = {}
     needs["buffer"] = tostring(true)
     return needs
 end

With this, the lua script will get access to the sticky buffer
content.
 6 years ago
Eric Leblond 62a11dd3ed detect-lua: fix DNP3 value 6 years ago
Mark Janssen 600f2ab391 eve/json: always output vlan field as array 6 years ago
Mark Janssen 0cc3c2cc6c eve/flow: add in_iface field 
Fixes #2057
 6 years ago
Mark Janssen fed9b7a180 eve/flow: add vlan field 6 years ago
Bendik Hagen f558ef2c55 Flow/Stream: set psuedopacket iface/vlan from flow 
This fixes redmine bug #2057 by setting pseudopacket iface and vlan from
flow values, solving the problem of missing vlan/iface when psuedopacket
gets logged/alerted on.
 6 years ago
Bendik Hagen b7b40393dc Flow: Set flow iface and vlan_idx 
Setting flow iface and vlan_idx from packet, making it possible to log
iface and vlan on psuedopackets and in flow-logs.
 6 years ago
Bendik Hagen ec0dd0209a Flow: Adding livedev and vlan_idx on flow 
Adding livedev and vlan_idx on flow, making it possible to use it for
logging in_iface on flow-logs and fix in_iface on psuedopackets.
 6 years ago
Philippe Antoine bef190f767 http: logs content range 
Fixes #2485
 6 years ago
Philippe Antoine 43e205fc32 smtp: rset command resets bdat chunks length 
Fixes #1860
 6 years ago
Philippe Antoine ff52bb14b7 ssh : code style consistency 
Adds SSH_FLAG_VERSION_PARSED to flags before each return
This way, we are sure SSHParseBanner does not get called again
And proto_version does not get leaked
 6 years ago
Jeff Lucovsky 4f33b8c18d decode: Improved FTP active mode handling 
This changeset addresses 2 issues:
- 2459
- 2527
and improves handling for FTP active mode over IPv4 and IPv6.

Active mode is triggered when the FTP client conveys the port
that should be used for a data connection (PORT, EPRT).

When this occurs, the FTP state is marked as "active".
 6 years ago
Jason Ish 164fb71898 mpls: fix misaligned read 
Instead of casting the packet buffer to a uint32, memcpy it to
avoid misaligned read error, as caught by the undefined behavior
detector (ubsan).

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2903
 6 years ago
jason taylor a4ec133a88 ci: updated travis and appveyor for nss/nspr 
* added nss and nspr requirements for appveyor build
* added nss and nspr requirements for travis builds
* added travis build without nss and nspr

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor dd2063a75e configure: fix nss check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor 7ea269a212 configure: fix nspr check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien f7d8401c2e eve/smb: minor cleanup now Rust is mandatory 6 years ago
Victor Julien c2cb155ebb rust/smb: rename files and code from RustSMB to SMB 6 years ago
Victor Julien e572324c5a detect/dcerpc: cleanup now Rust is mandatory 6 years ago
Victor Julien 50709144f9 detect/app-layer-event: cleanup test 6 years ago
Victor Julien f30c05e684 smb: remove C implementation 
Now that Rust is mandatory it is obsolete.

Ticket: #2849
 6 years ago
Victor Julien 8a2b94c6f4 openbsd: fix rust linking 6 years ago
Jason Ish 67b2692d34 dns: remove as much C DNS code as possible 
As some of the C code is still used it can't all be removed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2850
 6 years ago
Jason Ish 355d125c4f userguide: remove dns-log 6 years ago
Jason Ish 78b82ce6a5 dns-log: remove, not supported now that Rust is required 
The non-json line based DNS log is not supported with Rust only
builds and has been scheduled for removal in Suricata 5.0.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2297
 6 years ago
Jason Ish 75a018ead2 doc: remove autoconf replacement var for Rust 
Set to yes as Rust is always enabled now.
 6 years ago
Jason Ish fc3191dc2d config: enable all things requiring Rust 
Instead of only enabling them if Rust is enabled, as Rust is
always enabled now.
 6 years ago
Jason Ish b2fedc9ed2 travis-ci: enable Rust for all builds 6 years ago
Jason Ish 75429bbe3e autoconf: make Rust required in configure 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2507
 6 years ago
Jason Ish 832270c1d3 travis-ci: test that configure fails without jansson 
Update the no-jansson test to fail out if configure
passes.

The script needed to be converted into a single list item
for the early exit to work on Travis.
 6 years ago
Jason Ish e49c40428e autoconf: jansson is now required 
Jansson is required by the Suricata Rust support which
will also be mandatory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1970
 6 years ago
Phil Young 6cfc39d7c9 napatech: auto-config documentation update 
Added documentation describing how to configure suricata to automaticly
configure sreams and host buffers without using NTPL.  I.e. from
suricata.yaml.
 6 years ago
Phil Young 05271bfbe5 napatech: simplify integration with Napatech cards 
- There is now an option to automatically create streams on the
  correct NUMA node when using cpu affinity.

- When not using cpu affinity the user can specify streams to be
  created in the suricata.yaml file.  It is no longer required to
  use NTPL to create streams before running suricata.

- The legacy usage model of running NTPL to create streams is still
  available. This can be used for legacy configurations and complex
  configurations that cannot be satisfied by the auto-config option.
 6 years ago
Victor Julien fd9f64d00f byte: suppress errors in byte extraction utils 6 years ago
Victor Julien a496c8be0c detect/bytejump: suppress runtime error messages 6 years ago
Victor Julien 5703ce371e detect/byteextract: suppress runtime error messages 6 years ago
jason taylor 7f63ec185a pfring: update PfringThreadVars_ for gcc 4.x 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago