aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,258 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.1.0-rc2'
${ noResults }
Commit Graph

9258 Commits (suricata-4.1.0-rc2)
 

Author SHA1 Message Date
Mats Klepsland 21078521f8 app-layer-ssl: remove possibility to overflow HAS_SPACE macro 7 years ago
Mats Klepsland 598ef96b7b app-layer-ssl: really fix CID 1433623 7 years ago
Victor Julien 67e81a9555 doc: initial smb eve documentation 7 years ago
Victor Julien 78437375c4 doc: add by_either to suppress explanation 7 years ago
Victor Julien 2c259f2239 doc: add smb section to yaml 7 years ago
Victor Julien 13bdcd5249 doc: minor fix 7 years ago
Mats Klepsland 900c27e235 app-layer-ssl: fix use-after-free (CID 1433623) 
Ja3BufferAddValue frees the buffer on error, so there is no point
in doing it twice (use-after-free).
 8 years ago
Mats Klepsland fc0e339467 app-layer-ssl: fix use-after-free (CID 14336229) 
Nullify JA3 buffer on free to avoid use-after-free vulnerability.
 8 years ago
Victor Julien 3b474ac599 tls: work around coverity warnings 8 years ago
Victor Julien 1edd9d19fc doc: add SMB to file extraction. Minor improvements. 8 years ago
Victor Julien b4771150b8 doc: update suricata-update screenshot 8 years ago
Victor Julien b531e7725d doc: improve suricata-update docs now that its bundled 8 years ago
Victor Julien ac1ed24cb4 doc: improve making sense of alerts 8 years ago
Victor Julien ccde621ceb doc: add suricata-update to intro for rules 8 years ago
Alexander Gozman 5c1a2b53f9 Bug #2466: map SC_LOG_CONFIG level to syslogs LOG_DEBUG 8 years ago
Jason Ish 43617dc11f suricatasc: move lib to suricata.sc 
Pull the sc python package under the suricata top level
package. A suricatasc package still exists for compatibility
that pulls in suricata.sc.
 8 years ago
Jason Ish 4a115f4d56 suricatasc: allow to run from non-standard python locations 
When we install to a non-standard prefix, the Python modules
are not in the standard location requiring the PYTHONPATH
to be fixed up.

This wa a pre-existing issue with suricatasc, and not due to
the move into the python directory.
 8 years ago
Jason Ish a7d90162d1 suricatasc: move into python/ 
Will be built and installed as part of the Python code used
for suricatactl, which is intended to be the generic place
for all Python utility code that gets installed with Suricata.

No change to suricatasc code.
 8 years ago
Mats Klepsland 7f0cfc0717 app-layer-ssl: use BIT_U32 for flags 8 years ago
Mats Klepsland 3e597512ea app-layer-tls-handshake: remove since it is no longer needed 
Remove this file and all its content, since the functionality
was reimplemented in app-layer-ssl.
 8 years ago
Mats Klepsland e93fef5c44 app-layer-ssl: reimplement function for decoding certificates 
Do a complete rewrite of the function for decoding the SSL/TLS
certificate from the handshake.
 8 years ago
Mats Klepsland d9ddae4592 tls: replace variable in header file with TAILQ_EMPTY() 
Use TAILQ_EMPTY to check if a certificate exists instead of
setting two variables in the app-layer-ssl header file for
that purpose only.
 8 years ago
Victor Julien f40fc0293b smb: minor optimizations 8 years ago
Victor Julien f201a3761f rust: remove multi level 'experimental' 
Don't treat 'external' parsers as more experimental. All parsers
depend on crates to some extend, and all have C glue code. So the
distinction doesn't really make sense.
 8 years ago
Pierre Chifflier d222b9ae6c IKEv2: Use JSON arrays instead of comma-separated values 8 years ago
Pierre Chifflier bf66948ad7 IKEv2: suppress some debug output 8 years ago
Pierre Chifflier 3fbfb22204 IKEv2: remove events counter 8 years ago
Pierre Chifflier 6eb48e1e93 Add ikev2 to userguide 8 years ago
Pierre Chifflier 4e4cf00c07 Remove the 'experimental' mark for IKEv2 8 years ago
Pierre Chifflier f65fafa34b IKEv2 logger: use Debug trait for IkePayloadType 8 years ago
Pierre Chifflier d94346282c Add logger for IKEv2 8 years ago
Pierre Chifflier d16397ce61 Add rules for IKEv2 events 8 years ago
Pierre Chifflier c99b9462d7 Add new parser: IKEv2 
Add a new parser for Internet Key Exchange version (IKEv2), defined in
RFC 7296.
The IKEv2 parser itself is external. The embedded code includes the
parser state and associated variables, the state machine, and the
detection code.

The parser looks the first two messages of a connection, and analyzes
the client and server proposals to check the cryptographic parameters.
 8 years ago
Pierre Chifflier b810275b16 Rust: fix prototype of parsing function (make pstate mutable) 8 years ago
Pierre Chifflier 8e8f0db192 Rust: expose function AppLayerParserStateSetFlag 8 years ago
Renato Botelho 8f926fb75a configure: allow to disable libnss and libnspr 
Let user chose to disable libnss and libnspr support even if these
libraries are installed in the system. Default remains to enable when
libraries are found and disable parameter were not used
 8 years ago
Victor Julien 91307dafd9 nfs/rpc: fix reponse parsing 8 years ago
Victor Julien b1e2783788 auth/krb5: move kerberos5 wrapper to rust root 
Make it available outside of just the SMB parser.
 8 years ago
Victor Julien 4d58aaae90 smb: clean up partial read/write record handling 8 years ago
Victor Julien aa8d64c2b8 smb: improve skip handling 
When skipping records the skip tracker could underflow if the record
parsing had more data than expected.

Enforce the calculation by moving it into a method and make the actual
fields private.
 8 years ago
Victor Julien eac7a92200 smb2: improve read/write record parsing 
parse_smb2_response_read()/parse_smb2_response_write() can be called on
incomplete data, so they didn't use the read/write length field to grab
the data field. Instead it just used rest(). However in some cases
SMB2 records have trailing data, which would be included in the
READ/WRITE data.

This patch addresses this by using the length field if enough data is
available.
 8 years ago
Victor Julien 97c224d193 changelog: update for 4.1.0-beta1 8 years ago
Victor Julien 26e807ca34 doc: fix http_header_names example 8 years ago
Victor Julien 1e56cfe08e threshold: don't touch globals after init 
Don't free/reinit pcre globals per tenant. Others may be using them
at the same time, or try to free/reinit them at the same time.
 8 years ago
Mats Klepsland efdc592172 detect-tls-sni: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_sni' detection
keyword.
 8 years ago
Mats Klepsland b479d1d47c detect-tls-cert-serial: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_serial'
detection keyword.
 8 years ago
Mats Klepsland 5c96e1df95 detect-tls-cert-subject: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_subject'
detection keyword.
 8 years ago
Mats Klepsland b1dd41c9cd detect-tls-cert-issuer: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_issuer'
detection keyword.
 8 years ago
Mats Klepsland c3a329d6e9 detect-tls-cert-fingerprint: use *_Register2 API functions 
Use *_Register2 API functions when registering 'tls_cert_fingerprint'
detection keyword.
 8 years ago
Victor Julien 53f63f7498 nfs/rpc: improve RPCv2 parser, add GssApi 
Improve RPCv2 credentials parsing. Add GssApi and turn creds into
an enum.

Minor cleanups and optimizations.
 8 years ago