aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,099 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f1ba406d39'
${ noResults }
Commit Graph

8099 Commits (f1ba406d39e4b18a0128f28203449124e10329d0)
 

Author SHA1 Message Date
Jason Ish f1ba406d39 travis: add rust 1.7.0 build 
One build with Rust 1.7.0, our oldest that we'll support as its
whats bundled with Ubuntu 16.04. Create another build that will use
the latest stable.
 7 years ago
Jason Ish 4bdb722371 rust/dns: fix unit tests on Rust 1.7.0 7 years ago
Jason Ish 2aebfbce94 rust/dns: support txt records 7 years ago
Jason Ish 26914cd59a rust/dns: copy over dns unit tests 
Only the tests that make sense were copied over, those testing
correlation of responses to requests were not.

Also, remove compiler warning when not built with
unit tests.
 7 years ago
Jason Ish fafa75035f rust: don't fail distcheck if cargo-vendor not found 
Allow distcheck to pass if cargo vendor is not found by not
failing out. It is not required to successfully build a dist
tarball, the Rust sources will just not be vendored in.

Also don't fail out make dist if Python is not installed. A build
will still be successful is Python is available on the end
build system.
 7 years ago
Eric Leblond 5be44eb500 output-json-alert: don't decref used object 
In the unlikely case of a allocation error we will still use the
existing object so it should not be decref and freed.
 7 years ago
Eric Leblond f4374ffd0b doc: some more info about alert format 7 years ago
Eric Leblond f5ad6a2095 doc: document target keyword 7 years ago
Eric Leblond 0c3a3101b1 alert-prelude: correctly set Source and Target 
IDMEF alert contains two entities named Source and Target that are
defined using common language:
* "The Source class contains information about the possible source(s) of
   the event(s) that generated an alert."
* "The Target class contains information about the possible target(s) of
   the event(s) that generated an alert."

Previous alerts event were not following that so we can updated the code
when we know the direction thanks to the metadata field.
 7 years ago
Eric Leblond f0e8062b2b alert-prelude: fix warnings on callback type 7 years ago
Eric Leblond 6af529d0c6 output-json-alert: output source and target 
Use metadata provided information to output the Source and Target
in the definition of IDMEF.

The output is now the following:

  "alert": {
    "action": "allowed",
    "gid": 1,
    "signature_id": 1,
    "rev": 1,
    "signature": "connection to home",
    "category": "",
    "severity": 3,
    "source": {
      "ip": "2001:31d0:000a:f68a:0000:0000:0000:0001",
      "port": 80
    },
    "target": {
      "ip": "2a01:0e34:ee97:b130:c685:08ff:dab3:c9c8",
      "port": 48390
    }
 7 years ago
Eric Leblond 97b89c0a54 detect-target: introduce new keyword 
The target keyword allows rules writer to specify information about
target of the attack. Using this keyword in a signature causes
some fields to be added in the EVE output. It also fixes ambiguity
in the Prelude output.
 7 years ago
Victor Julien 43db4697a3 github: add pull request template 7 years ago
Victor Julien e91473b151 github: add contributing doc 7 years ago
Victor Julien 8ea9a5a7d6 common: sync PROG_VER version with configure.ac 7 years ago
Victor Julien b970e1b89b changelog: update for 4.0.0-beta1 7 years ago
Jason Ish 33e09a0002 rust dns: fixup for nom 3.0 7 years ago
Jason Ish ee83f7a0db rust: build fixes and nom update 
Update nom to ~3.0.

Prefix dependencies with ~, which will allow for newer patch
versions only. Minor version updates should get a test before
using.

Remove Cargo.lock from the repo, but still generate as part
of the vendoring process for release builds. This will ensure
that all users of a particular distribution tarball will be
linking against the same Rust dependencies.
 7 years ago
Victor Julien 889a6de926 rust: add to features 7 years ago
Victor Julien d00b914ddb rust: make clear it's experimental 7 years ago
Victor Julien efdbc91687 log: fix mem leak in error path (CID1404888) 7 years ago
Eric Leblond a3f07ec02e doc: document drop-invalid option. 7 years ago
Eric Leblond 91d2809bca qa: update struct-flags coccinelle test 7 years ago
Eric Leblond 7a17b4acf5 stream-tcp: use flags field to store inline info 7 years ago
Eric Leblond 85dab65414 stream-tcp: use flags field to store bypass info 7 years ago
Eric Leblond 050d8f788b af-packet: warn when tpacket_v3 is used in IPS 
Update yaml and add an error message.
 7 years ago
Eric Leblond ea9b9b5063 stream-tcp: add option to accept invalid packets 
Suricata was inconditionaly dropping packets that are invalid with
respect to the streaming engine. In some corner case like asymetric
trafic capture, this was leading to dropping some legitimate trafic.

The async-oneside option did help but this was not perfect in some
real life case. So this patch introduces an option that allow the
user to tell Suricata not to drop packet that are invalid with
respect to streaming.
 7 years ago
Eric Leblond e933eb849a doc: document filestore update 7 years ago
Eric Leblond 775e67459c filestore: avoid open write close sequence 
Current file storing approach is using a open file, write data,
close file logic. If this technic is fixing the problem of getting
too much open files in Suricata it is not optimal.

Test on a loop shows that open, write, close on a single file is
two time slower than a single open, loop of write, close.

This patch updates the logic by storing the fd in the File structure.
This is done for a certain number of files. If this amount is exceeded
then the previous logic is used.

This patch also adds two counters. First is the number of
currently open files. The second one is the number of time
the open, write, close sequence has been used due to too much
open files.

In EVE, the entries are:
 stats {file_store: {"open_files_max_hit":0,"open_files":5}}
 7 years ago
Eric Leblond 54718b306e filestore: add option to disable meta file writing 
As the fileinfo entry is containing the file_id it is enough to
have this entry to link the extracted file with metadata.
 7 years ago
Victor Julien 098aced714 rust/nfs/files: no longer Option/Box 7 years ago
Victor Julien 75a6a13790 rust/nfs: move files into tx type data 7 years ago
Victor Julien de7e0614fa rust/nfs: add more record types 7 years ago
Victor Julien d6592211d0 rust/nfs: NFSv3 parser, logger and detection 7 years ago
Victor Julien 69bf219b39 rust: bindings: improve generator script 7 years ago
Victor Julien 71ddc43d49 rust/core: add file tx API call 7 years ago
Victor Julien 9a1fa5f1f4 rust: filetracker API 
Initial version of a filetracker API that depends on the filecontainer
and wraps around the Suricata File API in C.

The API expects chunk based transfers where chunks can be out of order.
 7 years ago
Victor Julien a809f090d3 rust: filecontainer API 
Wrapper around Suricata's File and FileContainer API. Built around
assumption that a rust owned structure will have a
'SuricataFileContainer' member that is managed by the C-side of
things.
 7 years ago
Victor Julien f47fd2c243 rust/json: expose json_boolean 7 years ago
Jason Ish ba1a67e2cb rust: dns: add log filtering on rrtype 
While the filtering is still configured in C, the filtering
flags are passed into Rust so it can determine if a record
should be logged or not.
 7 years ago
Jason Ish c54fc7f98f rust: use LoggerFlags type to track logged state 7 years ago
Jason Ish b588b49779 rust: lua support for DNS based Rust 
Uses Rust wrappers around Lua to populate Lua
data structures.
 7 years ago
Jason Ish 9d687025e2 rust: lua wrapper 
Rust wrapper for working with lua state.
 7 years ago
Jason Ish 73388042b2 rust: DNS app-layer. 
A DNS application layer in Rust. This is different than the
C based one, as it is partially stateless by not matching
up responses to replies.
 7 years ago
Jason Ish 9449739dd5 rust: dns: nom DNS parsers 7 years ago
Jason Ish 94032d3ada rust: wrapper around C logging, and "context" 
Where the context is a struct passed from C with pointers
to all the functions that may be called.

Instead of referencing C functions directly, wrap them
in function pointers so pure Rust unit tests can still run.
 7 years ago
Jason Ish 9231b0ae92 rust: generate headers as part of build 7 years ago
Jason Ish d0880d75ff rust: c header generator 7 years ago
Jason Ish e739fa1477 rust: add libjansson wrapper for rust 7 years ago
Jason Ish f6f126d53d rust: example of how an app-layer may be initialized 
Also shows basic usage of the configuration API from Rust.
 7 years ago