aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,047 Commits
8 Branches
165 Tags
219 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eb95d2bf66'
${ noResults }
Commit Graph

16047 Commits (eb95d2bf662c38cecb56956573f46dba4ebb01d0)
 

Author SHA1 Message Date
Shivani Bhardwaj eb95d2bf66 flow/timeout: cleanup fn names and comments 1 year ago
Shivani Bhardwaj 8818b9cbe0 flow: remove unneeded args to fn 1 year ago
Shivani Bhardwaj f97b4ec1e8 flow/manager: add fn docs 1 year ago
Shivani Bhardwaj 14cd594d3c flow: add defensive check 1 year ago
Shivani Bhardwaj a87c8eb46f packetpool: use DEBUG_VALIDATE statement 1 year ago
Shivani Bhardwaj 87fa7f10ef flow: use bool wherever possible 1 year ago
Philippe Antoine 8b831e6751 detect/icmp: require real packet in signature 
Fixes: 956c8bebd1 ("detect/prefilter: use sig mask to exclude pkt engines")
 1 year ago
Philippe Antoine 0a953fe1ce detect: add to signature mask for decode events 
Ticket: 6291
 1 year ago
Philippe Antoine 4e584ed201 detect: fix check for app_layer events 
Ticket: 7106
 1 year ago
Jeff Lucovsky 834cd6fbdb af-packet: Remove unused preprocessor define 
Remove unused preprocessor value; exposed by compilation warning
 1 year ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 1 year ago
Philippe Antoine a21232828e dcerpc: add app-layer metadata in alerts 
Ticket: 6090
 1 year ago
Philippe Antoine 5f35035928 filestore: do not try to store a file set to nostore 
Ticket: 6390

This can happen with keyword filestore:both,flow
If one direction does not have a signature group with a filestore,
the file is set to nostore on opening, until a signature in
the other direction tries to set it to store.
Subsequent files will be stored in both directions as flow flags
are now set.
 1 year ago
Philippe Antoine 0d4efe0c0f app-layer: fix -Wshorten-64-to-32 warnings 
Ticket: #6186

Warnings about downcast from 64 to 32 bits
 1 year ago
Philippe Antoine 1790aa49a4 util: fix -Wshorten-64-to-32 warnings 
Ticket: 6186

Warnings about downcast from 64 to 32 bits

Generic fixes required to get app-layer clean
 1 year ago
Philippe Antoine dc043d0297 detect: remove unused field 
content_inspect_window is used in app-layer-smtp, but
not directly in detect-file-data
 1 year ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 1 year ago
Victor Julien 869d5492dc eve/schema: update for alpn 1 year ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 1 year ago
Victor Julien 0b37654578 tls: store all ALPN records in the state 
For later logging and detection.
 1 year ago
Victor Julien 7f474af1d0 eve/schema: minor enip reformat 1 year ago
Jason Ish 6256391408 github-ci: run cargo update test on pull requests 
Previously it was run once a week, hiding some issues until
Monday's. Instead run on pull requests, but still not every push.
 1 year ago
Victor Julien e3e917d967 detect/icmp-id: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 8df53d6411 detect/dsize: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 44d2e1aad7 detect/stream_size: allow match on pseudo packets 
Often used with stream content, which can be inspected with pseudo packets.
 1 year ago
Victor Julien 6958efa2dc detect/csum: remove pseudo packet checks 1 year ago
Victor Julien 64f5865efc detect/csum: general code cleanups 1 year ago
Victor Julien 956c8bebd1 detect/prefilter: use sig mask to exclude pkt engines 
Add an argument to the packet prefilter registration function to include
`SignatureMask` flags. This will be used at runtime to only call these
prefilter engines when the mask check passes.
 1 year ago
Victor Julien 4c2960169c detect/prefilter: minor function ptr cleanup 
Use a typedef'd function pointer for packet Prefilter callbacks to make
the code consistent with the other callbacks.
 1 year ago
Victor Julien 2d1ccb76b1 detect: remove pseudo checks from packet keywords 
Keep as debug validation check.
 1 year ago
Victor Julien d03660a646 detect: skip pseudo packets if sig needs real pkt 
If a signature uses a condition that requires a real packet, filter
out pseudo packets as early as possible. To do this, the SignatureMask
logic is used.

This allows for the removal of checks for pseudo packets in individual
keywords `Match` functions, which will be done in a follow up commit.

Update analyzer to output the new flag.

Ticket: #7002.
 1 year ago
Philippe Antoine e3034a6f54 tests: move detect http.uri tests to suricata-verify 
Ticket: 3725
 1 year ago
Philippe Antoine d59c60410f fuzz: adapt target to number of keywords being dynamic 
Ticket: 4683
 1 year ago
Philippe Antoine 5bb5b4f46f rust: remove unnecessary nested unsafe 1 year ago
Philippe Antoine 4ccbcc4684 sip: use right slice to take line from 
We iterate over input, but we are now at start.
Avois quadratic complexity turning to OOM.

Ticket: 7093
 1 year ago
Jason Ish 49ecf37126 rust/ike: prefix never read field names with _ 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
 1 year ago
Jason Ish 29d7ff026a rust: simply matches with unwrap_or_default 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
 1 year ago
Jason Ish ee2175cdb6 rust: fix clippy lint for legacy_numeric_constants 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
 1 year ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features 
"default_features" is being deprecated in Rust 2024.
 1 year ago
Philippe Antoine 4fe3f04fa3 detect/enip: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ce1eea4ad6 detect/websocket: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine 16952d67e7 detect/dhcp: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 1 year ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords 
detect: make number of keywords dynamic

Ticket: 4683
 1 year ago
Philippe Antoine 08c511f1bf enip: remove unnecessary unsafe 
As the function SCEnipRegisterParsers is already marked as unsafe
 1 year ago
Eric Leblond b128a75973 profiling: check packet flag first 
This fixes the state handling and simplify the logic.
 1 year ago
Eric Leblond eecb3440e2 profiling: add option to active rules profiling at start 
When replaying a pcap file, it is not possible to get rules
profiling because it has to be activated from the unix socket.
This patch adds a new option to be able to activate profiling
collection at start so a pcap run can get rules profiling
information.
 1 year ago
Lukas Sismis bd9608771e doc: port user install and build instruction from master-6.0.x 
Ticket: #6686
 1 year ago
Lukas Sismis cd7c35eb5a github-ci: add minimal build for Ubuntu and AlmaLinux 1 year ago
Lukas Sismis 6d663ec885 github-ci: remove gosu from installed packages 1 year ago