fc7a443c3f 
								
							
								 
							
						 
						
							
							
								
								general: Typo cleanup  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								2c0485ae15 
								
							
								 
							
						 
						
							
							
								
								detect/address: Improve support for large addrs  
							
							... 
							
							
							
							This commit improves support for large address variables. Without this
commit, address size was fixed at 8196 or less. This commit permits
larger sized address variables. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								089972fd31 
								
							
								 
							
						 
						
							
							
								
								applayer: fix test data for a valid DCERPC pkt  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c663ac6ddd 
								
							
								 
							
						 
						
							
							
								
								dcerpc/tcp: improve detection  
							
							... 
							
							
							
							Lately, some of the TLS data was misdetected as DCERPC/TCP because of
the pattern |05 00|. Add more checks in DCERPC probe function to ensure
that it is in fact DCERPC/TCP. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a5f36eccf1 
								
							
								 
							
						 
						
							
							
								
								doc: add documentation for rawbytes keyword  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								d62616f805 
								
							
								 
							
						 
						
							
							
								
								detect-rawbytes: add rawbytes doc help output  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								37789d9189 
								
							
								 
							
						 
						
							
							
								
								detect-rawbytes: update to new clang format  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								06f58650d6 
								
							
								 
							
						 
						
							
							
								
								eve: refactor OutputJsonBuilderBuffer to take context  
							
							... 
							
							
							
							All callers of OutputJsonBuilderBuffer are now calling it
using fields from an OutputJsonThreadCtx, so just pass
a pointer to the thread context now. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								08eee26d27 
								
							
								 
							
						 
						
							
							
								
								eve: convert many loggers to use generate thread context  
							
							... 
							
							
							
							- mqtt
- dnp3
- smtp
- ike
- dns
- alert
- tls
- anomaly
- drop
- file
- http
- http2
- templates
- dhcp
The idea is to factor out the commom code for setting
up the output file objects, which is repetitive, and
often done wrong when it comes to threading. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								013becf569 
								
							
								 
							
						 
						
							
							
								
								eve: reset buffer in OutputJsonBuilderBuffer  
							
							... 
							
							
							
							Reset the buffer here so each caller doesn't need to do it. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c890f9db63 
								
							
								 
							
						 
						
							
							
								
								eve: factor thread context creation/free for reuse  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								702f3b3c73 
								
							
								 
							
						 
						
							
							
								
								eve: remove duplicate call to LogFileEnsureExists  
							
							... 
							
							
							
							Remove duplicate call to LogFileEnsureExists in the generic
eve thread init function. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								23b1607d69 
								
							
								 
							
						 
						
							
							
								
								github-ci: add ebpf build  
							
							... 
							
							
							
							Use Debian 10 to build eBPF. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								d477d3a878 
								
							
								 
							
						 
						
							
							
								
								util/ebpf: fix deprecation warning  
							
							... 
							
							
							
							The function bpf_program__title has been deprecated in favor of
bpf_program__section_name. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b9351339a2 
								
							
								 
							
						 
						
							
							
								
								ebpf: fix gre encapsulation in xdp_lb  
							
							... 
							
							
							
							The xdp_lb was not handling correctly the GRE load balancing
and it was not supporting the GRE + ERSPAN that is used by
some aggregator devices. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								eb4c71fdd6 
								
							
								 
							
						 
						
							
							
								
								ippair/bit: fix formatting  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e7c1c3c374 
								
							
								 
							
						 
						
							
							
								
								ebpf/util: change flow storage to new 'id' type  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								3b1a653467 
								
							
								 
							
						 
						
							
							
								
								device/storage: use dedicated 'id' type  
							
							... 
							
							
							
							- Wrap the id in a new LiveDevStorageId struct, to avoid id
 confusion with other storage API calls.
- Formatting fixes by clang. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								68b8b3d63e 
								
							
								 
							
						 
						
							
							
								
								detect/engine-tag: fix typo  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b807059c34 
								
							
								 
							
						 
						
							
							
								
								host/storage: use dedicated 'id' type  
							
							... 
							
							
							
							- Wrap the id in a HostStorageId struct to avoid id confusion
with other storage API calls.
- Fix formatting with clang script. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								cf516de587 
								
							
								 
							
						 
						
							
							
								
								ippair/storage: use dedicated 'id' type  
							
							... 
							
							
							
							- Wrap the id in a new IPPairStorageId struct, to avoid id
confusion with other storage API calls.
- Formatting fixes by clang. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								aa9ad56a5b 
								
							
								 
							
						 
						
							
							
								
								output/log: Removed pcie (Tilera) log vestiges  
							
							... 
							
							
							
							This commit removes the last remnants of the Tilera log output mechanism
(unsupported since 5.0.x). 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								38ae21a196 
								
							
								 
							
						 
						
							
							
								
								output/log: Ensure files closed in threaded mode  
							
							... 
							
							
							
							This commit ensures that file objects are closed in threaded mode. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								bc667a4a93 
								
							
								 
							
						 
						
							
							
								
								flow/storage: use dedicated 'id' type  
							
							... 
							
							
							
							Wrap the id in a new FlowStorageId struct to avoid id confusion with other
storage API calls. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								d2d0e0adc9 
								
							
								 
							
						 
						
							
							
								
								rust: remove exported unused functions  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4b3be24506 
								
							
								 
							
						 
						
							
							
								
								app-layer/expectation: clean up storage id logic  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								68d6922e3c 
								
							
								 
							
						 
						
							
							
								
								ftp: fixes leak with duplicate expectation  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								cd8c2ef994 
								
							
								 
							
						 
						
							
							
								
								fuzz: use stream.midstream=true  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e9b76a0e66 
								
							
								 
							
						 
						
							
							
								
								fuzz: specify protocol with fuzz target name  
							
							... 
							
							
							
							cf https://redmine.openinfosecfoundation.org/issues/4125 
This allows fuzz_applayerparser_parse to fuzz one specific
app-layer protocol based on the binary name, as is done
with the environment variable FUZZ_APPLAYER
That is if we rename/copy to fuzz_applayerparser_parse_smb,
it will fuzz only SMB protocol
This way, we can easily produce different fuzz targets for
each protocol in oss-fuzz 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6da9a37285 
								
							
								 
							
						 
						
							
							
								
								rdp: correctly returns incomplete in parse_tc  
							
							... 
							
							
							
							Adding the already consumed bytes
In case an incomplete tls handshake is handled with/after
a refular rdp t123_tpkt 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								3de0123ffb 
								
							
								 
							
						 
						
							
							
								
								http2: adds check about dynamic headers table size  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c93073c246 
								
							
								 
							
						 
						
							
							
								
								rules: add newer rule files to makefile for release tarball  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								2893b04ab0 
								
							
								 
							
						 
						
							
							
								
								general: Typo cleanup  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								02ceac8b8d 
								
							
								 
							
						 
						
							
							
								
								detect/threshold: Improve threshold.config perf  
							
							... 
							
							
							
							This commit improves performance when parsing threshold.config by
removing a loop-invariant to create a one-time object with the parsed
address(es).
Then, as needed, copies of this object are made as the suppression
rule(s) are processed. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								e873632a28 
								
							
								 
							
						 
						
							
							
								
								detect/threshold: Function to deep-copy thresh obj  
							
							... 
							
							
							
							This commit adds a function to make a deep copy of a DetectThresholdData
object.
The function is used when parsing threshold.config items to make a
one-time object and then add copies as needed. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								11f9cc6524 
								
							
								 
							
						 
						
							
							
								
								detect/address: Expose DetectAddressCopy function  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								1ca4f041bb 
								
							
								 
							
						 
						
							
							
								
								http2: pass data through when decompression fails  
							
							... 
							
							
							
							as is done for HTTP1 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								ef62761e8c 
								
							
								 
							
						 
						
							
							
								
								threshold-config: Improve support for big IP lists  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								c6a35d09b7 
								
							
								 
							
						 
						
							
							
								
								templates: fix typos  
							
							... 
							
							
							
							- *template*files[ch][rs]: fix typos
- scripts/setup-app-layer: fix typos 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4748826dc7 
								
							
								 
							
						 
						
							
							
								
								scripts/setup-app-layer: fix Makefile.am patch  
							
							... 
							
							
							
							adjust lines for patching /src/Makefile.am, as current generated
Makefile wasn't building Suricata.
Add suggestion to run "./configure" before running "make".
Add --logger and --parser options to examples. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								877e5214b8 
								
							
								 
							
						 
						
							
							
								
								logging: removed unused logger IDs  
							
							... 
							
							
							
							- pre-json dns logger
- unified2
- pre-json drop logger 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								6853bf98fb 
								
							
								 
							
						 
						
							
							
								
								dns: only register a single logger  
							
							... 
							
							
							
							DNS no longer requires a logger to be registered for to-client and
to-server directions. This has not been required with the stateless
design of the Rust DNS parser. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b1fee90392 
								
							
								 
							
						 
						
							
							
								
								output/tx: add warning to avoid future bugs  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								3cc3df2172 
								
							
								 
							
						 
						
							
							
								
								output/tx: move eof checks out of logging loop  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								b05bd058e9 
								
							
								 
							
						 
						
							
							
								
								app-layer: minor code cleanups  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								1098e3b7c6 
								
							
								 
							
						 
						
							
							
								
								app-layer: remove conditional logic around API calls  
							
							... 
							
							
							
							Remove logic that suggested some API calls could be conditional,
even though Suricata wouldn't even start up if they weren't
registered. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								4d5d7b4bd3 
								
							
								 
							
						 
						
							
							
								
								eve/netflow: use generic json context  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								a68d50608b 
								
							
								 
							
						 
						
							
							
								
								eve/flow: use generic json context  
							
							
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								67c4621bdb 
								
							
								 
							
						 
						
							
							
								
								eve/ftp: use generic json context  
							
							... 
							
							
							
							The FTP logger contained no extra data in its context so the
generic json context can be used. 
							
						 
						
							5 years ago  
				
					
						
							
							
								 
						
							
							
								2d78afe4b0 
								
							
								 
							
						 
						
							
							
								
								eve: refactor CreateEveHeaderWithTx to include common options  
							
							
							
						 
						
							5 years ago