aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,565 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'bc38cd5932'
${ noResults }
Commit Graph

7565 Commits (bc38cd593224405c1bb55284524533200b6a944f)
 

Author SHA1 Message Date
Victor Julien 76b55214f0 doc: rules-meta small cleanup 9 years ago
Victor Julien 3cf1b12061 doc: http sticky vs modifier 9 years ago
Victor Julien 0d15593258 doc: move urilen to other uri keywords 9 years ago
Victor Julien 34bfacdee0 doc: add minimal http request/response line sections 9 years ago
Victor Julien adb6c75e2e doc: only make sphinx warnings fatal on html/pdf 9 years ago
Jason Ish 82a6bfd599 doc: manpage: add bugs and notes section 9 years ago
Jason Ish a4450b768e doc: manpage: add signals section 9 years ago
Jason Ish 5c78fdbc9c doc: break out command line options into a common doc 
The command line options can now be consumed by the man page
and the user guide.

Some attempt was made to order the options from common/basic
progressing to advanced with some notion of options
grouped together.
 9 years ago
Jason Ish cd4c9e73f8 doc: fix sphinx warnings 
This involved removing documents that were intentionally
not referenced as they are not good candidates for the
user guide.
 9 years ago
Jason Ish 3df7f97a33 doc: fail on sphinx warnings 9 years ago
Jason Ish 79d21e9eee docs: include userguide.pdf in dist 9 years ago
Victor Julien 790ac8d417 changelog: update for 3.2beta1 9 years ago
Victor Julien d4c7c2c2c7 cygwin: leave magic-file commented out in yaml 9 years ago
Jason Ish 09c3e1dd8a pcap-log: cleanup allocations at exit 
Particularly in multi-mode, allocations made for each thread were
not being cleaned.

ASAN reports no leaks now on exit.
 9 years ago
Jason Ish a6854147be pcap-log config: sguil-base-dir -> dir and update comment 
The code already looks for "dir" first instead of
"squil-base-dir", and already respects this configuration
parameter in other modes than the "sguil" mode.

Coda will still access "sguil-base-dir".
 9 years ago
Jason Ish 214e97814c doc: bring in unix socket interaction from wiki 9 years ago
Jason Ish bec128bbf9 doc: attempt to parse version if not in environment 
Should fix the version displayed on readthedocs.
 9 years ago
Victor Julien f80ce51ddf unix-socket: don't try to change permissions on BSD 
On BSD using fchmod on a socket is not supported and will result
in EINVAL.
 9 years ago
Victor Julien 96c28b2995 bug 1353: don't cut off last char of unix path 9 years ago
Victor Julien 4a190e07a6 pcre: disable JIT if RWX pages not supported 9 years ago
Victor Julien 46f5f4cff8 util: add facility to check for RWX page support 
Some code won't work well when the OS doesn't allow RWX pages. This
page introduces a check for runtime evaluation of the OS' policy on
this.

Thanks to Shawn Webb from HardenedBSD for suggesting this solution.
 9 years ago
Victor Julien a3a1757472 flow-mgr: fix bypass counter registration 9 years ago
Victor Julien 595c20ddf4 der: fix asan/valgrind errors in time parsing 9 years ago
Victor Julien 7e4df3a1d1 tls-validity: fix memory handling 9 years ago
Mats Klepsland 10d827639e detect-tls-cert-validity: clean up unit tests 
Remove locks, unnecessary function calls and conditional statements.
 9 years ago
Mats Klepsland 1fea52dd8a detect: add keyword tls_cert_valid 
Add keyword to check if TLS certificate is valid.
 9 years ago
Mats Klepsland f7e0083269 detect-cert-validity: fix typos 9 years ago
Mats Klepsland f22c9d9781 detect: add keyword tls_cert_expired 
Add keyword to check if TLS certificate is expired.
 9 years ago
Mats Klepsland 07d2312d96 detect-tls-validity: use flags for modes 
Use flags for modes to support using multiple modes at the same time.
 9 years ago
Victor Julien e6cf7ae8fa yaml: improve stream-depth comments 9 years ago
Giuseppe Longo 3f214b506a file-store: add depth setting 
When a rules match and fired filestore we may want
to increase the stream reassembly depth for this specific.

This add the 'depth' setting in file-store config,
which permits to specify how much data we want to reassemble
into a stream.
 9 years ago
Giuseppe Longo 4751677e24 app-layer: use StreamTcpSetReassemblyDepth 
This calls StreamTcpSetReassemblyDepth to set the stream depth
specified for the protocol.
 9 years ago
Giuseppe Longo 9ab1194f68 modbus: set stream depth 
Some protocol like modbus requires
a infinite stream depth because session
are kept open and we want to analyze everything.

Since we have a stream reassembly depth per stream,
we can also set a stream reassembly depth per proto.
 9 years ago
Giuseppe Longo b160c49e9e app-layer-parser: add stream depth 
This permits to set a stream depth value for each
app-layer.

By default, the stream depth specified for tcp is set,
then it's possible to specify a own value into the app-layer
module with a proper API.
 9 years ago
Eric Leblond a63c6b320e stream: per TcpStream reassembly depth 9 years ago
Victor Julien 960ebb2822 enip: fix scan-build warnings 
detect-cipservice.c:161:29: warning: Assigned value is garbage or undefined
    cipserviced->cipservice = input[0];
                            ^ ~~~~~~~~
detect-cipservice.c:162:27: warning: Assigned value is garbage or undefined
    cipserviced->cipclass = input[1];
                          ^ ~~~~~~~~
detect-cipservice.c:163:31: warning: Assigned value is garbage or undefined
    cipserviced->cipattribute = input[2];
                              ^ ~~~~~~~~
3 warnings generated.
 9 years ago
Victor Julien 80c3aedbfc enip: parsing and tests cleanup 9 years ago
Victor Julien 72b5da4313 enip/cip: improve output & style 
Remove printf, remove \n from SCLogDebug. Add SCLogError for
rule parsing issues.

Fix various style issues
 9 years ago
Victor Julien 92b393ee9a doc: include enip page 9 years ago
Victor Julien a2d8cfb5d3 doc: reorder rule docs 9 years ago
Victor Julien 050f36eaa5 enip: improve yaml 9 years ago
Victor Julien 6b1c21b115 enip/cip: register inspect engines 9 years ago
kwong a3ffebd835 Adding SCADA EtherNet/IP and CIP protocol support 
Add support for the ENIP/CIP Industrial protocol

This is an app layer implementation which uses the "enip" protocol
and "cip_service" and "enip_command" keywords

Implements AFL entry points
 9 years ago
Victor Julien 5bd906ae9f doc: prefilter keyword and config 9 years ago
Victor Julien d9811e58b6 http_header: don't separately inspect trailer yet 
Currently the regular 'Header' inspection code will run each time
after the HTTP progress moved beyond 'headers'. This will include
the trailers if there are any.

Leave the code in place as this model will change in the not too
distant future.
 9 years ago
Victor Julien 358eacf14f http_header: only run trailer mpm if we have trailers 9 years ago
Victor Julien 44022743f2 http: track if request/response have trailers 9 years ago
Victor Julien 798ba010ca prefilter: use array of engines per sgh 
Instead of the linked list of engines setup an array
with the engines. This should provide better locality.

Also shrink the engine structure so that we can fit
2 on a cacheline.

Remove the FreeFunc from the runtime engines. Engines
now have a 'gid' (global id) that can be used to look
up the registered Free function.
 9 years ago
Victor Julien 8321f04ef3 prefilter: clean up setup code 9 years ago
Victor Julien d36c0c15ea detect: reshuffle keyword registration order 
The order of keyword registration currently affects inspect engine
registration order and ultimately the order of inspect engines per
rule. Which in turn affects state keeping.

This patch makes sure the ordering is the same as with older
releases.
 9 years ago