aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,839 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd02c57bd1f'
${ noResults }
Commit Graph

15839 Commits (d02c57bd1f21873d8a2a78e14a903f2e6c9771c2)
 

Author SHA1 Message Date
Victor Julien d02c57bd1f hostbits: release use_cnt for unix (add|remove)-hostbit 
Commands would leave use_cnt incremented, never decrementing them. This
would lead to a asserting triggering at shutdown.

Bug: #7020.
 5 months ago
Victor Julien bc2dfe4c17 device: don't crash on unix command 'iface-bypassed-stat' 
In the default config iface bypass support is not enabled,
and storage API not initialized for it. Using it will lead to a crash.

This commit first checks if the device storage API is initialized.

Bug: #7022.
 5 months ago
Philippe Antoine 806052d762 websocket: fix opcodes values for ping/pong 
And also set close

Ticket: 7025
 5 months ago
Philippe Antoine 8b103ae755 dns: set tx id for frames 5 months ago
Philippe Antoine 715bf048ee frames: rust API makes tx_id explicit 
And set it right for SIP and websocket,
so that relevant tx app-layer metadata gets logged.

Ticket: 6973
 5 months ago
Philippe Antoine 9e01956e77 detect: log relevant frames app-layer metadata 
Ticket: 6973

Completes commit 2b4e10224e
 5 months ago
Shivani Bhardwaj 2e6777c8e3 fuzz: add target for DecodeBase64 
Task 6050
 5 months ago
Shivani Bhardwaj 6d92596548 doc: add note about fast_pattern w base64_data 
Bug 5220
 5 months ago
Shivani Bhardwaj 363050616a base64_data: reject fast_pattern use 
If a rule has fast_pattern on base64_data, it is anyway not applied, so,
consider any such rules invalid.

Bug 5220
 5 months ago
Jeff Lucovsky cb56752bf7 config/ja3: Eliminate warnings when JA3 is disabled 
This commit eliminates warnings when either ja3, ja4 or both are
disabled.
 5 months ago
Jason Ish 14ab9aa763 rust: temporary: disable debug assertions 5 months ago
Jason Ish f7eb94a6c0 github: update pull request template 
Update the pull request template to suggest providing a link to the
SV/LIBHTP pull request as this aides in cross linking.

Also change the way to provide the link to the Redmine ticket, as it
often results in linking to our Redmine, and add a checkbox for the
creation of a ticket.
 5 months ago
Jason Ish cec1c9d853 bundle.sh: accept more forms of a branch name 
For GitHub, add the following branch name formats:
- https://github.com/OISF/libhtp/pull/123
- OISF/libhtp#123
 5 months ago
jason taylor abb74245cc doc: update normalization notes 
Ticket: #6781

Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 months ago
jason taylor 5dacf4d92b doc: add http.connection ref and fix location 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 months ago
Shivani Bhardwaj 329ac61961 eve/stats: add description for ips 
Ticket 6434
 5 months ago
Shivani Bhardwaj 861ffff972 eve/stats: add description for transactions 
Ticket 6434
 5 months ago
Philippe Antoine ce4119ae3d snmp: remove community keyword unit test 
Ticket: 3725

This test was moved to suricata-verify snmp-community
 5 months ago
dependabot[bot] 1297d96592 github-actions: bump actions/upload-artifact from 4.3.1 to 4.3.3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.3.1 to 4.3.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](5d5d22a312...65462800fd)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
dependabot[bot] f14a4a1bf8 github-actions: bump github/codeql-action from 3.24.9 to 3.25.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.9 to 3.25.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.24.9...v3.25.3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
dependabot[bot] b9fbc5749d github-actions: bump actions/download-artifact from 4.1.4 to 4.1.7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.1.4 to 4.1.7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](c850b930e6...65a9edc588)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
dependabot[bot] 76314cc00e github-actions: bump codecov/codecov-action from 4.1.1 to 4.3.1 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.1.1 to 4.3.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](c16abc29c9...5ecb98a3c6)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 6 months ago
Victor Julien 2b80689ee4 github-actions: convert dpdk tests to use script 6 months ago
Victor Julien 6edf05cdaa github-actions: add dpdk ids live test script 6 months ago
Victor Julien ed9ad0048d github-ci: add af-packet and dpdk codecov builds 
Adds live tests for DPDK and AF_PACKET, with support for code coverage.
 6 months ago
Shivani Bhardwaj 99eaf3943a util/base64: remove coverity reported dead code 
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)

** CID 1596621:  Control flow issues  (DEADCODE)
/src/util-base64.c: 238 in DecodeBase64RFC4648()

________________________________________________________________________________________________________
*** CID 1596621:  Control flow issues  (DEADCODE)
/src/util-base64.c: 238 in DecodeBase64RFC4648()
232         DEBUG_VALIDATE_BUG_ON(bbidx == B64_BLOCK);
233
234         /* Handle any leftover bytes by adding padding to them as long as they do not
235          * violate the destination buffer size */
236         if (bbidx > 0) {
237             padding = bbidx > 1 ? B64_BLOCK - bbidx : 2;
>>>     CID 1596621:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach the expression "3U" inside this statement: "numDecoded_blk = 3U - ((pad...".
238             uint32_t numDecoded_blk = ASCII_BLOCK - (padding < B64_BLOCK ? padding : ASCII_BLOCK);
239             if (dest_size < *decoded_bytes + numDecoded_blk) {
240                 SCLogDebug("Destination buffer full");
241                 return BASE64_ECODE_BUF;
242             }
243             /* Decode base-64 block into ascii block and move pointer */

Also, add a comment explaining the padding logic for leftover data.

Bug 6985
 6 months ago
Victor Julien fcca5c7514 detect/iprep: update doc about 0 value 
A value of 0 was already allowed by the rule parser, but didn't
actually work.

Bug: #6834.
 6 months ago
Victor Julien 64dc217f9f detect/iprep: allow 0 as a reputation value 
Rules would allow checking against value 0, but internally the value
was used to indicate "no value". To address this, the internals now
return negative values for not found. This way value 0 can be fully
supported.

Bug: #6834.
 6 months ago
Victor Julien 673d27c861 detect/iprep: minor code cleanups 6 months ago
Philippe Antoine c53e9ac0dd sdp: fix logging medias 
As introduced by bff790b6ac

Also handles errors in the caller

Ticket: 6994
 6 months ago
Jason Ish df8568ee30 rust/dns: visibility cleanups 
Remove pub from functions that don't require it.
 6 months ago
Jason Ish 556cfe56bf rust/dns: ffi naming and visibility cleanups 
- Remove no_mangle and pub from FFI functions that are only accessed
  with a function pointer.
- Rename all no_mangle FFI functions to our C naming scheme.
 6 months ago
Jason Ish 4fedba1140 github-ci: remove cocci from fedora 39 build 
Cocci on Fedora 39+ gets stuck for some reason. Cocci has been moved
to a new Ubuntu 24.04 build.
 6 months ago
Jason Ish 1c2402f5e7 github-ci: add ubuntu 24.04 build with cocci 
Rather basic 24.04 build for now, but use Cocci as Cocci is working
properly here, but not working in the latest Fedora releases.
 6 months ago
jason taylor aa919f8081 doc: update flowbits information 
Ticket: #6991

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 months ago
Philippe Antoine 47a1502dbb ci: fix macos build 
use brew instead of pip
limit the number of jobs for make
set a prefix where we can install
use brew flags for library finding
 6 months ago
Victor Julien 86a363b1bc decode/tcp: improve pointer hygene 
Avoid NULL pointer calculations.
 6 months ago
Victor Julien 0dfa5793db decode/icmpv4: rename ICMPV4_GET_EMB_IPV4 to PacketGetICMPv4EmbIPv4 
Follows function nameing style.

Ticket: #5517.
 6 months ago
Victor Julien 6e23419665 decode/icmpv6: store embedded ip6h ptr as offset 
Reduces direct pointer usage and reduces Packet size.

Ticket: #6938.
 6 months ago
Victor Julien f2288ee39b decode/icmpv4: store embedded ip4h ptr as offset 
Reduces direct pointer usage and reduces Packet size.

Ticket: #6938.
 6 months ago
Victor Julien d89d4ceb3c decode/icmpv4: put embedded pointer first 
Reduce gaps in the structure.

Ticket: #6938.
 6 months ago
Victor Julien 13281109e3 decode/tcp: reduce TCPVars by turning bools into bitfields 
To reduce Packet size and make similar fields follow the same pattern.

Ticket: #6938.
 6 months ago
Victor Julien 8698610b4a af-packet: fix eBPF/XDP compilation 6 months ago
Victor Julien 68804b8c4b decode/tcp: move tcph into L4 packet data 
To reduce Packet size.

Ticket: #6938.
 6 months ago
Victor Julien 28ac86096a decode/udp: move udph into L4 packet data 
To recude Packet size.

Ticket: #6938.
 6 months ago
Victor Julien 54362d44db decode/ethernet: move ethh into L2 section 
L2 section similar to L3 and L4 sections.

Ticket: #6938.
 6 months ago
Victor Julien b2f7d3604b decode/pppoe: localize pppoedh pointer 
Remove from Packet struct as there were no users of it.

Ticket: #6938.
 6 months ago
Victor Julien b4ef910aff decode/pppoe: localize pppoesh header pointer 
Remove header pointer from Packet as there were no users of it.

Ticket: #6938.
 6 months ago
Victor Julien 852ff83d70 decode/icmpv4: move icmpv4h into L4 packet data 
To reduce Packet size.

Ticket: #6938.
 6 months ago
Victor Julien b959d1dba8 decode/icmpv6: move icmpv6h into L4 packet data 
Also start vars section in L4 for icmpv6vars.

To reduce Packet size.

Ticket: #6938.
 6 months ago