aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,527 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd143ac6e89'
${ noResults }
Commit Graph

9527 Commits (d143ac6e89b1617b0b8e3ec5116be1949c7499b4)
 

Author SHA1 Message Date
Victor Julien d143ac6e89 windows/syscall: fix unused function warning 6 years ago
Victor Julien 759040a75a windows/syscall: convert file to use unix newlines 
ran: dos2unix src/win32-syscall.[ch]
 6 years ago
Victor Julien bae83e61f8 configure: support msys target 6 years ago
Victor Julien d522746c01 windows: fix sc_log_stream_lock handling 6 years ago
Victor Julien 7811498d49 windows: allow multiple pcap devices on commandline 
Ticket #2774
 6 years ago
Victor Julien 3d4d2ecc0e ips: set host mode only after engine mode 
Make sure it is set after the final engine mode update.
 6 years ago
Victor Julien 0a106fe2ea stream: fix 'stream.inline=auto' for L2 IPS 
Make sure the livedev setup is finalized before initializing the
stream engine.

Bug #2811

Reported-by: Ad Schellevis
 6 years ago
Victor Julien f98b5ecd6a flow: log gap state per direction 6 years ago
Victor Julien 2a3cb32071 stream: no more stream events after known issue 
No longer set stream events after a gap or wrong thread. We know
we lost sync and are now in 'lets make the best of it'-mode. No
point in flooding the system with stream events.

Ticket #2484
 6 years ago
Shivani Bhardwaj b0b12021d3 suricatasc: Fix command failures 
This commit addresses the following three cases:

1. Do not use maxsplit keyword arg
maxsplit argument to the split command was not a part of Python 2
and using it with Python 2 causes the following failure:
```
TypeError: split() takes no keyword arguments
```
Avoid this by eliminating all the named arguments from split.

2. Fix failure on extra arguments
Up until now, suricatasc fails if any command which is not supposed to
take args is given args.
Fix this by ignoring any extra params.
Closes redmine ticket #2813

3. Fix failure on different type of args
If a command was given a string argument where it expected an int, it
would fail and the process would exit.
Fix this by handling the exception caused in such cases.
Closes redmine ticket #2812
 6 years ago
Shivani Bhardwaj 27842c3750 suricatasc: Use better exception message, sort imports 
Up until now, suricatasc gives a message as follows in case a command is
missing arguments:
```
>>> list-hostbit
Arguments to command 'list-hostbit' is missing
```

Fix this up and provide a better message:
```
>>> list-hostbit
Missing arguments: expected 1
>>> pcap-file-continuous
Missing arguments: expected at least 2
```
 6 years ago
Shivani Bhardwaj bf37e3f5da suricatasc: Snug the processing of different commands 
Since all of the commands were following the same procedure, namely,
split the input extract the arguments, throw the error if required
argument is missing else send the command over to suricata, put all of
this in one compact function alongwith a dictionary for specifications
for different commands, the name of the argument, the type and if it is
required or not.
Following fixups come with this commit:
- Code becomes really cozy
- Split errors on a few commands are well handled
- No redundant code
- More readability

References redmine ticket #2793
 6 years ago
Shivani Bhardwaj 57285b54d5 suricatasc: Get rid of issues detected by Pylint 
Pylint is a tool to make sure we do not regress the support for Python
3. The following conventions, warnings, errors, refactors have been
fixed.

C0326: Exactly one space required around assignment
C0326: No space allowed around keyword argument assignment
C0325: Unnecessary parens after 'if' keyword
W0301: Unnecessary semicolon
W0702: No exception type(s) specified
W0231: __init__ method from base class 'Exception' is not called
W0107: Unnecessary pass statement
C0121: Comparison to None should be 'expr is not None'
E0602: Undefined variable 'raw_input'
W0201: Attribute 'socket' defined outside __init__
W0611: Unused import
 6 years ago
Victor Julien 87019ff22b dcerpc/udp: fix int mishandling in opnum parsing 
For Big Endian support in the protocol, the opnum would not be set
correctly.

Found using undefined sanitizer.
 6 years ago
Victor Julien 9aa4e53434 file/swf: fix undefined int behaviour 
Fix warnings by the undefined sanitizer.
 6 years ago
Victor Julien 94191ea960 detect/bytetest: don't print errors at runtime 6 years ago
Victor Julien 25112ee7e3 rust/smb: fix and optimize record search 
Get rid of struct with just a slice reference as well.
 6 years ago
Pierre Chifflier 9e7f261a88 rust: fix cargo tests 6 years ago
Pierre Chifflier f22695130b rust: nom4 requires to add complete!() when using many! combinators 6 years ago
Pierre Chifflier 8c0cde36c6 rust: fix warnings for unused variables (add _) 6 years ago
Pierre Chifflier 13b7399790 rust: upgrade all parsers to nom4 6 years ago
Pierre Chifflier 2f08b3eabd rust/nom4: error_code is superseded by error_position 6 years ago
Pierre Chifflier d3011e3ee8 rust: update dependencies for nom4 transition 6 years ago
Maurizio Abba 6c0ec0b2f3 eve/http: add request/response http headers 
Add a keyword configuration dump-all-headers, with allowed values
{both, request, response}, dumping all HTTP headers in the eve-log http
object. Each header is a single object in the list request_headers
(response_headers) with the following notation:

{
    "name": <header name>,
    "value": <header value>
}

To avoid forged malicious headers, the header name size is capped at 256
bytes, the header value size at 2048.

By default, dump-all-headers is disabled.
 6 years ago
Maurizio Abba 4697351188 smtp: create raw-extraction feature 
Add a raw-extraction option for smtp. When enabled, this feature will
store the raw e-mail inside a file, including headers, e-mail content,
attachments (base64 encoded). This content is stored in a normal File *,
allowing for normal file detection.
It'd also allow for all-emails extraction if a rule has
detect-filename:"rawmsg" matcher (and filestore).
Note that this feature is in contrast with decode-mime.

This feature is disabled by default, and will be disabled automatically
if decode-mime is enabled.
 6 years ago
Alexander Gozman b2a6c60dee source-nfq: increase maximum queues number to 65535 
Previously this was limited to 16, however Netfilter allows
up to 65535 queues. Suricata now is able to create as many
queues as possible, but at the same time warns user if one
specifies more queues than available CPU cores.

This change involves dynamic (de)allocation of NFQ contexts
instead of on-stack arrays to use less memory.
 6 years ago
Alexander Gozman bdd69d13e0 source-nfq: support queue range 
If one needs to use multiple sequential Netfilter queues,
it can be done with a new '-q' option's syntax: "start:end"
(just like it's done with iptables '--queue-balance' option).
 6 years ago
Jason Ish 93c956ebdf issue 2795: python 3 fix in Rust C header gen 
The C header generation script was failing with a unicode error
in Python 3 on FreeBSD.  Fix the reading of files to properly
handle unicode in all Python 3 environments.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2794
 6 years ago
Jason Ish 9bf6f7d5a9 rust/dns: add dns to dns alerts 6 years ago
Fabrice Fontaine d01ce2e58e configure.ac: fix --{disable,enable}-xxx options 
Currently, if the user provides --enable-libmagic or
--disable-libmagic, libmagic will be disabled because $enableval is not
used to know if the user provided --enable or --disable

Most of the options have this issue so fix them all by using $enableval

Fixes:
 - https://redmine.openinfosecfoundation.org/issues/2797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Victor Julien e710b06669 detect: add file.name sticky buffer 6 years ago
Victor Julien ca8471387a detect: add http.response_body sticky buffer 
As a mirror of the http_server_body content modifier.
 6 years ago
Victor Julien 998f32f88c detect/tls: consolidate validity code 6 years ago
Victor Julien ccdafe6697 detect/http-server-body: move tests to tests/ 6 years ago
Victor Julien 2221dd9403 detect: add http.request_body sticky buffer 
Sticky buffer version of the http_client_body content modifier.
 6 years ago
Victor Julien 64987f36fb detect/file-data: move tests into tests/ 6 years ago
Victor Julien 2fa8066f3a detect/file-data: consolidate matching code 6 years ago
Victor Julien 9a8092249e detect/http-client-body: move tests into tests/ 6 years ago
Victor Julien 477e46da78 detect/http-client-body: convert to inspect api v2 6 years ago
Victor Julien ce677abdf0 detect/file-data: minor cleanups 6 years ago
Victor Julien c0767ece9b detect/file-data: minor cleanups and clarifications 6 years ago
Victor Julien 58aa9dca65 detect/http-server-body: code cleanup and test cleanups 6 years ago
Victor Julien 3413757027 detect/http-client-body: code cleanups and test cleanups 6 years ago
Victor Julien 645acb1089 detect: add http.header.raw sticky buffer keyword 
Add parsing tests as well.
 6 years ago
Victor Julien 76fd666cad detect/http_raw_header: move tests into tests/ 6 years ago
Victor Julien 25f974eb29 detect/http_raw_header: use inspect v2 api 6 years ago
Victor Julien c298412947 detect/http_raw_header: minor code cleanups 6 years ago
Victor Julien 85697671b8 detect: add http.header sticky buffer keyword 6 years ago
Victor Julien 31444cd088 detect/http_header: convert parsing tests to use helper 6 years ago
Victor Julien b9bcd4e115 detect/http_header: move tests into tests/ 6 years ago