aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,322 Commits
8 Branches
163 Tags
182 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f342ae9e8c'
${ noResults }
Commit Graph

1812 Commits (f342ae9e8cc711d558e2b013243535f542dfbadc)

Author SHA1 Message Date
Jason Ish 97eaeef7d8 lua: convert SMTP functions to lib: suricata.smtp 
Ticket: #7606
 6 months ago
Philippe Antoine 06ad72e83e quic: ja3 getter function uses direction 
so that future lua code can specify a direction
 6 months ago
Jason Ish bf427c69cd rust: remaining rs_ to SC conversions 6 months ago
Jason Ish d16c014641 rust/x509: replace rs_ naming with SC 6 months ago
Jason Ish afce53c8b7 rust/websocket: replace rs_ naming with SC 6 months ago
Jason Ish 7321d7c7db rust/applayertemplate: replace rs_ naming with SC 6 months ago
Jason Ish 2c98ee73ce rust/rfb: replace rs_ naming with SC 6 months ago
Jason Ish e74b4177ac rust/nfs: rust format 6 months ago
Jason Ish 8c1bd60ab1 rust/nfs: replace rs_ naming with SC 6 months ago
Jason Ish 01ce0f92e8 rust/modbus: replace rs_ naming to SC 
This was missed in the previous round.
 6 months ago
Jason Ish 4e2f1de308 rust/quic: replace rs_ naming with SC 6 months ago
Jason Ish bfa0acf278 rust/ike: replace rs_ naming with SC 6 months ago
Jason Ish 717e06e351 rust/http2: replace rs_ naming with SC 6 months ago
Jason Ish af15986d41 rust/modbus: replace rs_ naming with SC 6 months ago
Jason Ish c994cfb615 rust/sip: replace rs_ naming with SC 6 months ago
Jason Ish 9b830c92dc rust/tftp: replace rs_ naming with SC 6 months ago
Jason Ish aa24276999 rust/telnet: replace rs_ naming with SC 6 months ago
Jason Ish 1c580f9001 rust/detect: replace rs_ naming with SC 6 months ago
Jason Ish 713034d0dd rust/asn1: replace rs_ naming with SC naming 6 months ago
Jason Ish 90116827fe rust/krb: rust format 6 months ago
Jason Ish 8ba0a5c8ec rust/krb: remove rs_ prefix; visibility fixes 
- remove pub/no_mangle where not needed
- replace rs_ naming with SC naming
 6 months ago
Jason Ish 1f30746e07 rust/dns: rs_ prefix name cleanup 6 months ago
Victor Julien 3c5ce91cbb ftp: per direction tx progress 
For request side, having a tx means the request is done.

For response, wait for tx to be marked complete.

Remove unused states.
 6 months ago
Philippe Antoine 033e0480cf detect/single-buf: helper with more explicit direction 6 months ago
Philippe Antoine dadf9012fc rust: bindgen detect-engine-buffer.h 
Ticket: 7667

And prefix SCDetectBufferSetActiveList to be exported

Allows less use of suricata crate in plugin as we get the functions
prototypes from suricata_sys and they are more correct.
 6 months ago
Philippe Antoine 31e30d4aa1 sdp: use rust join 
It is much faster as it does not do an allocation for each element
 6 months ago
Philippe Antoine 6436a5cebe websocket: limit allocation for small sizes 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")

We do not need to allocate 8kbytes for a small message
 6 months ago
Philippe Antoine 1f2cb21786 ssh: rustfmt 6 months ago
Philippe Antoine fcac063cfe ssh: make hooks available 
Allows signature like `alert ssh:request_banner_done`
 6 months ago
Philippe Antoine bbc007b4d4 rust: derive for AppLayerState 
To enable easily hooks for rust app-layers such as SSH
 6 months ago
Jeff Lucovsky 87b7a0cef6 ftp: Apply rustfmt changes 6 months ago
Jeff Lucovsky 04bf28d6a1 app/ftp: Use common API naming 
Modify the Rust API functions to conform to project naming format:
SCFTP*

Issue: 7504
 6 months ago
Philippe Antoine 808f8a877a detect/multi-buf: helper with more explicit direction 6 months ago
Philippe Antoine 8ecc3efdc8 detect/multi-buf: harmonize wrapper 
Introduce DetectGetMultiData which does the generic wrapping,
including the transforms.

And let each keyword do just the getter.
 6 months ago
Philippe Antoine a6392ac5d4 rust: use pure rust helper for registering sticky buffers 
Mark sdp and sip keywords with flags SIGMATCH_INFO_STICKY_BUFFER
as a side effect.
 6 months ago
Philippe Antoine 833a738dd1 http: fail tx creation if we cannot allocate user data 
So, we always have a libhtp.rs htp_tx_t and a Suricata tx
with its AppLayerTxData

Thus AppLayerParserGetTxData cannot return NULL

Ticket: 5739
 6 months ago
Philippe Antoine 0167001ce8 rust/htp: remove unused code 6 months ago
Philippe Antoine e728aae1e0 websocket: fixes substraction 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")
 6 months ago
Philippe Antoine aa7f926ff4 detect: rust helper to register sticky buffer 6 months ago
Philippe Antoine 96afdce283 detect: rename SCSigTableElmt to SCSigTableAppLiteElmt 6 months ago
Philippe Antoine 8757ad5fd3 detect/dns: support string for dns.rrtype 
Ticket: 6723
 6 months ago
Philippe Antoine 44a6f7f8ca detect/dns: support string for dns.rcode 
Ticket: 6723
 6 months ago
Philippe Antoine 9814b698c8 detect/dns: move keywords to rust 
Ticket: 7529
Ticket: 3725

Adds url for dns.opcode on the way
 6 months ago
Philippe Antoine bb9b8d2460 detect: new helper to register multi-buffer with progress 
This allows to use these engines for hook rules needing exact
progress (checked in SigValidate)
 6 months ago
Philippe Antoine a1ff7424e4 http1: brotli decompression 
Ticket: 5692

http2 already used brotli crate for decompression
 6 months ago
Philippe Antoine 16f74c68aa websocket: use max window bits of 15 
Ticket: 7285

As this is the default for websocket, which is bigger than the
defaut for zlib usage

Also limit the decompressed content to the max-payload-size
configuration parameter also used for non-compressed content.

And also use a stateful decoder to store/remember the compression
state to be able to decompress later messages.
 6 months ago
Philippe Antoine 44c8632284 rust: use flate2 with C zlib 
move flate2.rs to a backend supporting the setting
of window_bits, which is not the case for miniz-oxide.

This will allow WebSocket to use Sec-WebSocket-Extensions
which can set a non-default window_bits
 6 months ago
Philippe Antoine ff57a162d7 websocket: decompress single pdu message 
Ticket: 7285

Previously, only messages over multiple PDUs could get decompressed
 6 months ago
Alice Akaki bda0890834 detect: add email.received keyword 
email.received matches on MIME EMAIL Received
This keyword maps to the EVE field email.received[]
It is a sticky buffer
Supports multiple buffer matching
Supports prefiltering

Ticket: #7599
 6 months ago
Alice Akaki ca429ef5e3 detect: add email.url keyword 
email.url matches on URLs extracted from an email
This keyword maps to the EVE field email.url[]
Supports multiple buffer matching
Supports prefiltering

Ticket: #7597
 6 months ago