aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,275 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fc2acf8cb0'
${ noResults }
Commit Graph

15275 Commits (fc2acf8cb06a665d04db243e829f6ee3f3cc3114)
 

Author SHA1 Message Date
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 1 year ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 1 year ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 1 year ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 1 year ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 1 year ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 1 year ago
Jeff Lucovsky f12e026696 mqtt: Move conf code to rust 
Issue: 6387

This commit moves the configuration logic to Rust.
 1 year ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 1 year ago
Jason Ish 5cc872fa1a rust.h: don't include util-file.h, not needed 1 year ago
Jason Ish 71bbba9248 detect-parse: parse sid in pre-scan 
During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.
 1 year ago
Jason Ish 435c03172e requires: pre-scan rule for requires expressions 
Add a "pre-scan" rule parse that will check for requires statement. It
will return a special error code (-4) if the requires fails due to
missing requirements.

Syntactic errors will also abort parsing here.

Feature: #5972
 1 year ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 1 year ago
Jason Ish 15ed51f9b8 feature: provide a Rust binding to the feature API 
As the feature module is not available for Rust unit tests, a mock
version is also provided.
 1 year ago
Juliana Fajardini 1afb485dfa pgsql: remove unused msg field 
The `ConsolidatedDataRow` struct had a `length` field that wasn't truly
used.

Related to
Bug #6389
 1 year ago
Philippe Antoine 3103505cb0 stats: incr app-proto flow counter for detection-only 
Ticket: 6633
 1 year ago
Philippe Antoine f714678d72 schema: adds missing modbus field 
./stats/app_layer/error/modbus
 1 year ago
Philippe Antoine 4bcdc79ed8 stats: always use tcp/udp prefix 
Even when on detection-only mode.
So that we always have enip_tcp and enip_udp in stats
and never just `enip`.

Ticket: 6304
 1 year ago
Juliana Fajardini 467c3f2c64 schema: apply clang formatting changes 1 year ago
Juliana Fajardini bba3d4fc63 userguide/eve: explain pgsql requests & responses 
Add a more visible explanation of that requests, responses, frontend and
and backend are, in Pgsql context, to avoid having to repeat that over
different portions of the docs.
 1 year ago
Juliana Fajardini 30ac77ce65 pgsql: add cancel request message 
A CanceldRequest can occur after any query request, and is sent over a
new connection, leading to a new flow. It won't take any reply, but, if
processed by the backend, will lead to an ErrorResponse.

Task #6577
 1 year ago
Juliana Fajardini 7dcc2e7a71 doc/eve-format: break pgsql section to char limit 1 year ago
Juliana Fajardini 7fa8bbfe43 pgsql: extract length validation into function 
This is called so many times that it seems to make sense that we use a
function for this.
 1 year ago
Victor Julien 3ba8e2d3ea detect/byte: remove unneeded SIG_FLAG_APPLAYER sets 
Flag will be set during list(s) setup if needed.
 1 year ago
Victor Julien 804a40e036 detect/byte_extract: modernize tests 1 year ago
Victor Julien 83ed2c3b97 detect/bytemath: bump length to uint32_t 
This puts the logic in line with the other payload inspection
functions.
 1 year ago
Victor Julien fb497bfa7e detect/bytejump: test cleanup 
Just one used during debugging.
 1 year ago
Victor Julien 101452056d detect/bytejump: don't reuse content flag 
To avoid future problems with overlapping flag values, give bytejump
its own DETECT_BYTEJUMP_OFFSET_VAR flag.

The values are currently not overlapping, so this patch should have
no side effects.
 1 year ago
Victor Julien de5b8ae0b4 detect/analyzer: print int keyword values correctly 
To avoid negative values to be misrepresented.

Bug: #6615.
 1 year ago
Victor Julien b8440a0917 jsonbuilder: add set_int for signed ints 
Bug: #6615
 1 year ago
Victor Julien 0ab32be355 eve/stream: add sb main region size; segment count 
Gives more detail about memory use.
 1 year ago
Jason Ish 7d95c4c017 output-json-dns: remove un-needed includes 1 year ago
Jason Ish 97744b7ea7 output-json-alert: remove un-needed includes 1 year ago
Jason Ish c1a8dbcb72 doc/userguide: document dns.query.name, dns.answer.name 
With some other minor cleanups in the DNS keyword section.
 1 year ago
Jason Ish f91122e0e8 dns: replace usage of rs_dns_tx_get_query_name with SCDnsTxGetQueryName 
SCDnsTxGetQueryName was introduced to allow for getting the query name
in responses as well as requests, so covers the functionality of
rs_dns_tx_get_query_name.
 1 year ago
Jason Ish 482325e28b dns: add dns.query.name sticky buffer 
This buffer is much like dns.query_name but allows for detection in both
directions.

Feature: #6497
 1 year ago
Jason Ish 5f99abb0cb dns: add dns.answer.name keyword 
This sticky buffer will allow content matching on the answer names.
While ansers typically only occur in DNS responses, we allow the buffer
to be used in request context as well as the request message format
allows it.

Feature: #6496
 1 year ago
Jason Ish 9464d0b14a dns: consolidate DNSRequest and DNSResponse to DNSMessage 
DNS request and response messages follow the same format so there is
no reason not to use the same data structure for each. While its
unlikely to see fields like answers in a request, the message format
does not disallow them, so it might be interesting data to have the
ability to log.
 1 year ago
Jason Ish e2d7a7f877 dns: rustfmt with latest stable 1 year ago
Jason Ish 4620776a30 rustfmt: replace deprecated fn_args_layout with fn_params_layout 1 year ago
Jason Ish 66ff23f9bf detect: rename InspectEngineFuncPtr2 to InspectEngineFuncPtr 
Version 1 of the API no longer exists.
 1 year ago
Jason Ish b11bb1c412 detect: rename DetectAppLayerInspectEngineRegister2 
Rename DetectAppLayerInspectEngineRegister2 to
DetectAppLayerInspectEngineRegister as there is no other variant of
this function, and the versioning with lack of supporting
documentation can lead to confusion.
 1 year ago
Jason Ish 50be098839 detect: rename DetectAppLayerMpmRegister2 to DetectAppLayerMpmRegister 
The old DetectAppLayerMpmRegister has not been around since 4.1.x.
Rename the v2 of this function to a versionless function as there is no
documentation referring to what the 2 means.
 1 year ago
Hadiqa Alamdar Bukhari 774f05d83d detect/analyzer: add details to flowbits keyword 
Task #6309
 1 year ago
Stephen Donnelly 879db3dbc3 endace: Fix source-dag timestamps 
Bug: #6618.

Fix Endace ERF to SCTime_t timestamp conversion

Fix typo preventing compilation with --enable-dag
 1 year ago
Victor Julien 3456dea276 doc/userguide: update guidance on 5 to 6 upgrading 
TCP memory use can be higher than expected in certain configs.

Ticket: #6552.
 1 year ago
Jason Ish 93071501b5 github-ci/formatting: update to Ubuntu 22.04 
Update the formatting CI job to Ubuntu 22.04 to get a newer version of
clang-format, in this case clang-format-14.
 1 year ago
Jason Ish 5ebae1e8ed clang-format.sh: prefer clang-format-14 
Add clang-format-14 as the preferred version, this is the default on
Ubuntu 22.04.
 1 year ago
Jeff Lucovsky 40e3514e7a cppcheck: Address cpcheck report of an FP 
Issue: 6527

Address the FP raised by cppcheck -- note that although the code
corectly checks to ensure that `to_shift != &sb->reqion`, the logic was
detected as a FP. Rework the code to eliminate the FP.
 1 year ago
Jeff Lucovsky 8b2fd434fc cppcheck/detect: Address cppcheck memory leak 
Issue: 6527

Ensure that the `map->string` memory isn't leaked following an error
return from `HashListTableAdd`
 1 year ago
Philippe Antoine 1b5e04bee3 http2: do not have leading space for response line 
Ticket: 6547
 1 year ago