aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,047 Commits
8 Branches
165 Tags
219 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eb95d2bf66'
${ noResults }
Commit Graph

16047 Commits (eb95d2bf662c38cecb56956573f46dba4ebb01d0)
 

Author SHA1 Message Date
Jo Johnson 712496bb3f lua: Remove luajit support 
lua 5.4 support is not available in luajit

Ticket: #4776
 2 years ago
Jo Johnson 586c92d9d5 lua: require lua 5.4 
github-ci: Disable lua on debian 10 as it doesn't have Lua 5.4.

Ticket: #4776
 2 years ago
Victor Julien e0411878fc github-actions: bump scan-build to Ubuntu 24.04 / clang 18 2 years ago
Jason Ish 6e2a1ec5d6 misc: move prototypes to correct header 
Move prototypes for functions that exist in util-port-interval-tree.c
from detect-engine-port.h to util-port-interval-tree.h.

Fix header guard names while there.
 2 years ago
jason taylor 47d6c3a3ab doc: add source verification docs 
Ticket: #6908

Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Philippe Antoine b91e7fe2ae detect/http-server-body: clean up tests 
Ticket: 4083
 2 years ago
Philippe Antoine ce16a56a1f detect: unify functions for multi-buffer 
Ticket: 6575

Multi buffers keywords now use a single registration function
DetectAppLayerMultiRegister with a GetBuffer argument.

This GetBuffer function pointer is similar to the ones used by
single-buffer keyword, except that it takes an additional
parameter which is the index of the buffer to get.
Under the hood, an anonymous union between these 2 functions
pointers types is used.

In the end, this deduplicates code, especially the calls to
DetectEngineContentInspection
 2 years ago
Philippe Antoine 55bc5f2290 detect/template: make template use DetectEngineInspectBufferGeneric 2 years ago
Philippe Antoine ce9bfba76a ci: fix and test with Wunused-macros 
Ticket: 6937
 2 years ago
Philippe Antoine b3eb1c4f81 clean: remove unused struct definitions 
Found with
git grep "typedef struct" src/ | awk '{print $3}' | sort |
uniq | sed 's/_$//' | while read i; do
echo -n $i; git grep $i | wc -l; done | awk '$2 < 3'

Ticket: 4083
 2 years ago
Richard McConnell fc2e49f84a app-layer: Set sc_errno upon error return 
Bug: https://redmine.openinfosecfoundation.org/issues/6782

Callers to these allocators often use ``sc_errno`` to provide context of
the error. And in the case of the above bug, they return ``sc_errno``,
but as it has not been set ``sc_errno = 0; == SC_OK``.

This patch simply sets this variable to ensure there is context provided
upon error.
 2 years ago
Victor Julien 52a008e358 detect/http-host: clean up tests 2 years ago
Victor Julien 6c937a9243 pcap-log: use correct pkthdr size for limit enforcement 
The on-disk pcap pkthdr is 16 bytes. This was calculated using
`sizeof(struct pcap_pkthdr)`, which is 24 bytes on 64 bit Linux. On
Macos, it's even worse, as a comment field grows the struct to 280
bytes.

Address this by hardcoding the value of 16.

Bug: #7037.
 2 years ago
Victor Julien 9b980b18a8 pcap-log: minor cleanups 2 years ago
Victor Julien ea8c283dc7 pcap-log: minor cleanup 
Use same pointer to one location consistently.
 2 years ago
Victor Julien 8c4b96129f pcap-log: always pass 'comp' to PcapWrite 
The variable is always available.
 2 years ago
Victor Julien 5aa00aae0a pcap-log: rename connp to comp 
Matches other variable names for the compression settings.
 2 years ago
Victor Julien 3eb74c9992 pcap-log: don't check variable that is never set 
`rotate` was never modified.
 2 years ago
Victor Julien 5455799795 time: only consider packet threads 
In offline mode, a timestamp is kept per thread, and the lowest
timestamp of the active threads is used. This was also considering the
non-packet threads, which could lead to the used timestamp being further
behind that needed. This would happen at the start of the program, as
the non-packet threads were set up the same way as the packet threads.

This patch both no longer sets up the timestamp for non-packet threads
as well as not considering non-packet threads during timestamp
retrieval.

Fixes: 6f560144c1 ("time: improve offline time handling")

Bug: #7034.
 2 years ago
Shivani Bhardwaj 0aaec69303 flow: use debug validate macro 2 years ago
Shivani Bhardwaj d6b63b38ca flow: add defensive check on memuse 2 years ago
Shivani Bhardwaj 7144b9421d tcp: use bool wherever possible 2 years ago
Shivani Bhardwaj f4b8f706fa flow: use bool wherever possible 2 years ago
Shivani Bhardwaj 2c751dba73 flow: remove unneeded else 2 years ago
Shivani Bhardwaj 7bd9f88ecd flow: minor loop cleanups 2 years ago
Philippe Antoine fd262df457 http: fix nul deref on memcap reached 
HttpRangeOpenFileAux may return NULL in different cases, including
when memcap is reached.
But is only caller did not check it before calling HttpRangeAppendData
which would dereference the NULL value.

Ticket: 7029
 2 years ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 2 years ago
Shivani Bhardwaj 232c44eb4a output/json: log tls subjectaltname 
Feature 5234
 2 years ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 2 years ago
Shivani Bhardwaj 83af42cc03 detect/tls-subjectaltname: add sticky buffer 
Add TLS SubjectAltName sticky buffer. It is implemented as multi-buffer.

Feature 5234
 2 years ago
Shivani Bhardwaj 3a1c12414a tls: store list of subject alternative names 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
 2 years ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml 
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
 2 years ago
Jason Ish 6d2d8c26d3 detect-lua: small cleanups 
- remove unused headers
- cleanup/rename flags
 2 years ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 2 years ago
Philippe Antoine f2c39fc87b ftp: protocol detection avoiding FP on POP3 2 years ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 2 years ago
Philippe Antoine ed895c04ff smtp: exit data mode if data command was rejected 
And the server was advertising pipelining.

Ticket: 6906
 2 years ago
Philippe Antoine dfdf2e2d1a detect: checks for space in http.protcol keyword 2 years ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 2 years ago
Giuseppe Longo b728916ca6 decode/gre: decode arp packets 2 years ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 2 years ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 2 years ago
Giuseppe Longo a1c6328156 output/json: check 5-tuple values prior to logging 
This commit enhances the JSON output by introducing a feature for conditional port logging.
Now, port logging is dependent on the underlying protocol
(such as TCP, UDP, or SCTP), where port information is pertinent, while it
avoids unnecessary logging for protocols where a port is not utilized (e.g. ARP).

Furthermore, this update ensures that IP addresses and the protocol have
meaningful values set, rather than being logged as empty strings.

These changes will make each log entry more precise, eliminating cases where
5-tuple fields are empty or set to zero, indicating the absence of a field.
 2 years ago
Giuseppe Longo 987a27923d output/json: make JSONFormatAndAddMACAddr public 
This change exposes 'JSONFormatAndAddMACAddr' as a public function,
allowing it to be reused across modules, such as the ARP logger, for logging
MAC addresses extracted from ARP packets.
 2 years ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 2 years ago
Shivani Bhardwaj 12d027f6a2 base64: re-add the check for destination space 
Cover all the calls to DecodeBase64Block with the check for enough
space. Found by the recently introduced fuzz target.

Bug 7028

Fixes: c0bc43c393 ("util/base64: use decoder fns per RFC")
 2 years ago
Victor Julien d401082bba github-actions: set bpf to icmp for af-packet 2 years ago
Victor Julien 1240bdd914 github-actions: add pcap live test script and jobs 
Asan and coverage jobs.
 2 years ago
Victor Julien 27b6a31a0c github-actions: unix pcap coverage run 
To increase code coverage.
 2 years ago
Victor Julien ea95aac022 github-actions: add unix socket runmode script and job 
Runs with ASAN.
 2 years ago