aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,672 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dba7103a96'
${ noResults }
Commit Graph

13672 Commits (dba7103a968a9ebd1c139cc32c9b5299a70e7527)
 

Author SHA1 Message Date
Victor Julien 5d6212183b eve/alert: minor cleanups 2 years ago
Victor Julien 34ee53e5ec cocci: remove action check as we no longer use macros 2 years ago
Victor Julien 6c200c7793 detect: issue drop to root packet in all cases 
Update DROP action handling in tunnel packets. DROP/REJECT action is set
to outer (root) and inner packet.

Check action flags both against outer (root) and inner packet.

Remove PACKET_SET_ACTION macro. Replace with RESET for the one reset usecase.
The reason to remove is to make the logic easier to understand.

Reduce scope of RESET macros.

Rename PacketTestAction to PacketCheckAction except in unittests. Keep
PacketTestAction as a wrapper around PacketCheckAction. This makes it
easier to trace the action handling in the real code.

Fix rate_filter setting actions directly.

General code cleanups.

Bug: #5571.
 2 years ago
Victor Julien 79fc8e74cb packetpool: debug message to assist drop checks 2 years ago
Victor Julien d1009e295c packetpool: remove debug validation check 
Current packet might be the root or a child. Root would have set
drop action set, but Packet::pkt_src might be set in either.
 2 years ago
Victor Julien fe5a8beb50 decode: minor code cleanup 2 years ago
Victor Julien ba3e0b3155 nfq: set drop reason on verdict error 2 years ago
Victor Julien a7333a3ea5 napatech: reduce size of Packet structure 
Put napatech packet vars in the union that is meant for this type of
data.
 2 years ago
Juliana Fajardini e4b46e0763 doc/acknowledgements: add a few more names 
Added some names of known contributors to the documentation
 2 years ago
Juliana Fajardini 3c25185e0b devguide: add section about stale tickets policy 
Just to set the right expectations, and to have it registered for us,
too.
 2 years ago
Haleema Khan b31a286952 detect-fileext: convert unittests to FAIL/PASS APIs 
Fixes Bug: #4033
 2 years ago
Haleema Khan 6c922e0b98 rust: fix lint warning for clippy::enum's name 
Ticket: #4597
 2 years ago
Lukas Sismis 5365fdccf7 dpdk: fix mempool cache error message 2 years ago
Shivani Bhardwaj 2a0cb1f3da doc: update base64_decode notes 2 years ago
Shivani Bhardwaj 7005443b8b base64: add and clean tests 2 years ago
Shivani Bhardwaj dad52f133d base64: add new mode as per RFC 4648 
As per RFC 4648,
Implementations MUST reject the encoded data if it contains characters
outside the base alphabet when interpreting base-encoded data, unless
the specification referring to this document explicitly states
otherwise.

Add a new mode BASE64_MODE_RFC4648, and handle input strictly as per the
specification.

Bug 5223
 2 years ago
Lukas Sismis e101384e7b transversal: remove suricata-ids.org references 2 years ago
dependabot[bot] 2158dbf3ba github-actions: bump actions/checkout from 2 to 3.1.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.1.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3.1.0)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
dependabot[bot] 2681d21c11 github-actions: bump actions/cache from 3.0.8 to 3.0.10 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.8 to 3.0.10.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](fd5de65bc8...56461b9eb0)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2 years ago
Jason Ish 05900b99cd github-ci: add workflow for rust clippy 2 years ago
Jason Ish 2a42386c28 rust: fix clippy lint for null comparison 
Use .is_null() instead of checking for equality against
std::ptr::null().
 2 years ago
Jason Ish 45dfea2497 rust/modbus: derive default instead of manual impl 
Cleans up a clippy lint for a trivial default impl that can be derived.
 2 years ago
Jason Ish 9218da0eb8 rust/frames: cleanup clippy lint for unsafe 
Where possible mark the relevant functions unsafe.  Otherwise suppress
the warning for now as this pattern is supposed to be a safe API around
an unsafe one. Might need some further investigation, but in general the
"guarantee" here is provided from the C side.
 2 years ago
Jason Ish 105d9a5f02 rust: fix clippy lint for unnecessary_unwrap 
Avoid check if not none followed by unwrap.
 2 years ago
Jason Ish 85cfa7254b rust: fix clippy lint for single_char_add_str 
Idiomatic cleanup and a fix automatically done by `cargo clippy --fix`.
 2 years ago
Jason Ish f3e4bcfe23 rust: fix clippy lint for bool_assert_comparison 
Checking for is_empty is faster than checking for equality.
 2 years ago
Jason Ish f60e1b30f6 rust: fix clippy lint for partialeq_to_none 
Use .is_some() and .is_none() instead of comparing against None.
Comparing against None requires a value to impl PartialEq, is_none() and
is_some() do not and are more idiomatic.
 2 years ago
Jason Ish 7d623f0854 rust: fix clippy lint for explicit_auto_deref 
This adds unnecessary complexity to code.
 2 years ago
Jason Ish c503ca62e2 rust: fix clippy lint for needless_late_init 2 years ago
Jason Ish 94dd85baed rust: fix clippy lint for borrow_deref_ref 
This type of borrow then reference has no effect.
 2 years ago
Jason Ish e9597f3d0c rust: fix clippy lint for redundant_closure 
Removes a closure where the function can be directly provided.
 2 years ago
Jason Ish c5b26e2043 rust: fix clippy ling for needless borrows 
Cleanup needless borrows found by clippy. This fix done automatically by
`cargo clippy --fix`.
 2 years ago
Jason Ish 63b3d73ccc rust: allow some more clippy lints 
Allow these lints for now until some more investigation can be done, as
--fix attempts to fix these.
 2 years ago
Victor Julien afe4bdca6f rust: compile check rewording 2 years ago
Victor Julien 2bc5c46158 stream/rules: disable depth rule by default 2 years ago
Lukas Sismis aeb690317a dpdk: allow specifying RSS hash function flags in the config 
Ticket: #5400
 2 years ago
Lukas Sismis a4a69c3e71 doc/dpdk: add IPS setup docs for DPDK mode 
Ticket: #5511
 2 years ago
Eric Leblond e46a0bd46a eve: explicit default when setting port 2 years ago
Eric Leblond 00c419a6f8 eve: micro simplification 2 years ago
Eric Leblond 27cdfec28a eve/schema: update following flow changes 2 years ago
Eric Leblond a0065f4368 eve/alert: add direction field to log data way 
Add a key in the event to specify if the data that did
trigger the alert are in to_client or to_server direction.
 2 years ago
Eric Leblond f1300e68c9 eve/alert: add src and dest info to flow in alert 
When looking at an alert event, it was impossible to determine which
side from src or dest IP in the alert was the client and wich side
was the server with regards to the underlying flow. This was a problem
when you try to known who belongs a metadata property such as a HTTP
hostname or a TLS JA3.

This patch updates the code to add src and dest IP in the flow
subobject as well as src and dst port. This way, we can now which
side is the client and which side is the server.

The result is looking like:

{
  "event_type": "alert",
  "src_ip": "22.47.184.196",
  "src_port": 81,
  "dest_ip": "192.168.1.47",
  "dest_port": 1063,
  "proto": "TCP",
  "tx_id": 0,
  "alert": {
    "signature_id": 2018959,
    "rev": 3,
  },
  "app_proto": "http",
  "flow": {
    "pkts_toserver": 22,
    "pkts_toclient": 35,
    "bytes_toserver": 1370,
    "bytes_toclient": 48852,
    "start": "2009-10-28T10:01:46.755232+0100",
    "src_ip": "192.168.1.47",
    "dest_ip": "22.47.184.196",
    "src_port": 1063,
    "dest_port": 81
  }
}
 2 years ago
Eric Leblond bb93d67ddd unix-socket: add command to get flow stats 
Add a command to extract the accounting data from a live
flow using the unix socket. It takes the flow_id as param
and return the volume of data seen on the flow as well as
its age.
 2 years ago
Eric Leblond 19400a7d69 flow: add function to get flow using flow_id 2 years ago
Eric Leblond 06756314d6 flow: change flow id computation method 
Previous method was truncating the flow hash value when building
the flow_id. It is interesting not to loose the flow hash value
as it can be used in other tools or to interact with a flow that
is still active.
 2 years ago
Eric Leblond 06b6f85c1f json/flow: log if flow had gap in TCP 2 years ago
Eric Leblond f9faff5c4c flow: add function to say if there is gap 2 years ago
Eric Leblond e6768118da stream: flag TCP streams with gap 2 years ago
Eric Leblond a9519778de rust/smb: avoid allocation in smb status function 
Avoid an allocation by returning a static string.
 2 years ago
Eric Leblond 9cb06d4376 detect/smb: add smb.ntlmssp_domain keyword 
Feature #5411.
 2 years ago