aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,942 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a808474d38'
${ noResults }
Commit Graph

11942 Commits (a808474d38afa7555dcc10690d2a184ada6d7990)
 

Author SHA1 Message Date
Victor Julien a808474d38 detect/state: minor code cleanup 4 years ago
Jason Ish 0aed5e188b filestore: fix global counter init in unix socket mode 
Move initialization of filestore global counter to PreRunInit,
so they get registered during program initialization, or as
required in unix-socket mode, initialized for each file run.

Fixes Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4216
 4 years ago
Philippe Antoine 8307010255 smb: relax probing parser to handle first NBSS message 
cf dcerpc-udp S-V test :
First message is Message Type: Session request (0x81)
Second message is SMB
 4 years ago
Philippe Antoine 660e9e489b protodetect: only run ProbingParserTc if STREAM_TOCLIENT 4 years ago
Philippe Antoine 52ea3fc7ac fuzz: more precise assertion for protocol detection 
Only in the cases of stream start is the assertion valable.
Otherwise, it can only be best effort.
 4 years ago
Philippe Antoine 1b6e81cd72 smb: probing parser for start and midstream 
The probing parser is more strict at the start of the stream
 4 years ago
Philippe Antoine 9dc5258a21 smb: split probing function for code style 
Introduces rs_smb_probe_tcp_midstream
 4 years ago
Philippe Antoine 2d765d6c68 detect: fix overflows in SetupU8Hash 
For instance ">255" resulted in overflow
 4 years ago
Philippe Antoine eb460cf78d ssl: reset state when breaking out of SSLV3_HANDSHAKE_PROTOCOL 
So that we cannot resumt it with corrupted values
 4 years ago
Philippe Antoine 89030d3e59 modbus: stop allocating transactions when flooded 
cf #4224
 4 years ago
Philippe Antoine ddb4d289ae icmpv6: bail out for icmpv6.hdr keyword if not ICMPv6 4 years ago
Jeff Lucovsky 538fc58b37 output/http2: Multi-threaded EVE logging support 
This commit adds multi-threaded EVE logging support to the HTTP/2
logging path.
 4 years ago
Philippe Antoine 35f6c80bbf eve: fix memory leak in metadata 
Fixes #4205
 4 years ago
Shivani Bhardwaj d708744f2b doc: fix ubuntu pkg name for tcmalloc 4 years ago
Philippe Antoine 7500c29300 decode: limits the number of decoded layers 
so as to avoid overrecursion leading to stack exhaustion
 4 years ago
Victor Julien af13d4de18 detect: set HTTP SWF decompress limits 4 years ago
Victor Julien 4a1482a1cf detect/http.request_body: fix tracking with xforms 
Fix handling of file progress tracking for regular http.request_body
along with transform combinations.

This is done by implementing the 'base id' logic.

Related tickets: #4361 #4199 #3616
 4 years ago
Victor Julien ea3fb4a465 detect/file.data: fix mixing transforms (http) 
Fix handling of file progress tracking for regular file.data along
with transform combinations for the part of the implementation that
uses the HTTP inspection logic.

This is done by implementing the 'base id' logic.

Related tickets: #4361 #4199 #3616
 4 years ago
Victor Julien 54ad7de9ce detect/file.data: fix mixing transforms (file api) 
Fix handling of file progress tracking for regular file.data along
with transform combinations for the part of the implementation that
uses the File API.

This is done by implementing the 'base id' logic.

Related tickets: #4361 #4199 #3616
 4 years ago
Victor Julien 975062cf40 detect: track base id for xform buffers 
Buffers with transforms are based on the non-transformed "base"
buffer, with a new ID assigned and the transform callbacks added.

This patch stores the id of the original buffer in the new buffer
inspect and prefilter structures. This way the buffers with and
without transforms can share some of the logic are progression
of file and body inspection trackers.

Related tickets: #4361 #4199 #3616
 4 years ago
Victor Julien 52692da7cf detect/analyzer: fix pkt engine display 4 years ago
Victor Julien f037f6f4ff classification: sync and update 
Sync to latest ET open and introduce inappropriate as a classification
to replace something some find inappropriate.
 4 years ago
Shivani Bhardwaj 0ac5c5376a dcerpc: trigger raw assembly on record completion 4 years ago
Shivani Bhardwaj c77c8e7005 rust/context: add AppLayerParserTriggerRawStreamReassembly 4 years ago
Philippe Antoine 2d14606224 smb: andx support 
Add AndX support for SMB1. Finishes #3475.

[Updated by Victor Julien to split functions]
 4 years ago
Ilya Bakhtin 1ecea0f44c stream/tcp: fix stream side after direction change 4 years ago
Jason Ish 560974b2db doc/quickstart: use new test url that works 
Replace http://testmyids.org with http://testmynids.org/uid/index.html,
as testmyids.org now always redirects to https.
 4 years ago
Josh Stroschein 7ece0ac31f doc: update installation documentation for CentOS and Fedora 4 years ago
Philippe Antoine a04b5566a6 http: makes decompression time limit configurable 4 years ago
Eric Leblond 6ef28d0a70 util/thash: fix memcap consolidate function 
The function THashConsolidateMemcap is used to allow to load a
dataset even when the memcap is not set. But the implementation
was in fact resetting the memcap value to the max of memory
usaga after loading and default memcap. As a result, the
function was resetting memcap to the default memcap even if
a huge memcap was set in the dataset definition. In the case
of dataset where we add to the set it was leading to memcap
limit hitting despite the settings of memcap by the user.

This patch udpates the code to set the final memcap value to
the max of memory usage after loading and set memcap.
 4 years ago
Ilya Bakhtin b3b64803e5 stream: TcpStreamCnf.midstream type changed to bool 4 years ago
Ilya Bakhtin 5285163d8f protodetect: improve midstream handling 
Set "done flag" only if parsers for both directions are not found in a
case of midstream parsers from other direction are tried if nothing is found
for the initial one. "done flag" must be set if nothing is found in both
directions. Otherwise processing of incomplete data is terminated at the very
first try.
 4 years ago
Shivani Bhardwaj f967a49104 dcerpc/udp: improve detection 
Lately, Wireguard proto starting w pattern |04 00| is misdetected as
DCERPC/UDP which also starts with the same pattern, add more checks
to make sure that it is the best guess for packet to be dcerpc/udp.
 4 years ago
Shivani Bhardwaj 3641f1b522 dcerpc: add probe function 4 years ago
Shivani Bhardwaj d7a3523b12 rust/applayer: split EOF flag per direction 4 years ago
Shivani Bhardwaj 0ca8591994 dcerpc/udp: remove transmute 
The book defines transmute as "This is really, truly, the most horribly unsafe
thing you can do in Rust. The guardrails here are dental floss."
Transmute can result into mind boggling undefined behaviors. Get rid of
it wherever possible.
 4 years ago
Philippe Antoine c6aadf0dfa protodetect: rename direction to flags 
And use whole flags in AppLayerProtoDetectPPGetProto
 4 years ago
Philippe Antoine 7264f58f2c tcp: remove debug asserts about large windows 
Completes 00d7c9034b
 4 years ago
Victor Julien 0dd5921bc9 detect/prefilter: fix handling of prefilter as fast_pattern alias 4 years ago
Philippe Antoine b7fd01c86e detect: forbids unsupported prefilters 4 years ago
Victor Julien e374d5ac15 detect/fast_pattern: add prefilter test 4 years ago
Philippe Antoine 18fcbb20e2 fuzz: fix typo in comment 4 years ago
Philippe Antoine 5465e0b154 http2: http.stat_msg keyword now works for HTTP2 4 years ago
Philippe Antoine 5d676c5998 http2: http.uri.raw keyword now works for HTTP2 4 years ago
Philippe Antoine 47928babfc http2: http.user_agent keyword now works for HTTP2 4 years ago
Philippe Antoine a98d0fe6ed http2: http.uri keyword now works for HTTP2 
cf #4067
 4 years ago
Philippe Antoine 707f027231 protos: renaming ALPROTO_HTTP* constants 
Having now ALPROTO_HTTP1, ALPROTO_HTTP2 and ALPROTO_HTTP

Run with 3 sed commands
git grep ALPROTO_HTTP | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP/ALPROTO_HTTP1/g'
git grep ALPROTO_HTTP12 | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP12/ALPROTO_HTTP2/g'
git grep ALPROTO_HTTP1_ANY | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP1_ANY/ALPROTO_HTTP/g'

and then running clang-format
 4 years ago
Philippe Antoine 93e6401ce0 http: introduces ALPROTO_HTTP_ANY 
For any versions of HTTP, both ALPROTO_HTTP and ALPROTO_HTTP2
 4 years ago
Philippe Antoine c8dbe24fb6 proto: introduce signature protocol, as extension to flow protocol 
AppProtoEquals function allows to check if a flow protocol
matches a signature protocol
 4 years ago
Jason Ish 93ce39d450 github-ci: test install of library 
Add library install test to Fedora 33 build. In this case the
shared library is disable so the test makes sure it is not
installed.

Also make sure the library and headers are not installed until
explicitly installed.

Add similar to test to an Ubuntu 24.04 build without disable-shared
and check that the shared library is installed.
 4 years ago