aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,994 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-7.0.1'
${ noResults }
Commit Graph

14994 Commits (suricata-7.0.1)
 

Author SHA1 Message Date
Alice Akaki f251b6af65 detect-icmp-id: convert unittests to FAIL/PASS APIs 
Task: #4042
 3 years ago
Haleema Khan 1fdd56a61d detect-itype: Convert unittests to new FAIL/PASS API 
Bug: #5589
 3 years ago
dependabot[bot] 6a9b7cf977 github-actions: bump actions/cache from 3.0.10 to 3.0.11 
Bumps [actions/cache](https://github.com/actions/cache) from 3.0.10 to 3.0.11.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3.0.10...9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Simeon Miteff 6673846481 profiling: Make rule_perf.log JSON output newline-delimited 
Adding a newline makes the output valid JSON when multiple sortings of
the rules profile object are written to the log.
 3 years ago
Jeff Lucovsky 5a6e68285b doc/netmap: Describe Netmap IPS usage 
Issue: 5512

This commit summarizes Netmap usage with Suricata's IPS mode.
 3 years ago
Jason Ish 9d653512f9 doc/userguide: update bittorrent-dht eve examples 
Update the bittorrent-dht examples using real log records with peers
and nodes broken down into objects.
 3 years ago
Jason Ish e3e7d007b2 eve/schema: bittorrent-dht updates 
Some values that were previously strings are now parsed down into
objects.
 3 years ago
Jason Ish 1f056f9974 bittorrent-dht: parse and log node6 lists 
Node6 lists are just like node lists, but for IPv6 addresses.
 3 years ago
Jason Ish 86d5ab8644 bittorrent-dht: remove tests that are no longer valid 3 years ago
Jason Ish 2f9eb5d1dd bittorrent-dht: fix values decoding, as a list of peers 
The "values" field is not a string, but instead peer information in
compact format. Decode this properly and then properly format in the
log.
 3 years ago
Jason Ish 4a0859beeb jsonbuilder: add append_hex - add hex to array 
New method, append_hex to add a byte array to a JSON array in hex
encoding.
 3 years ago
Jason Ish 4bc9cf3986 bittorrent-dht: parse token and target as byte values 3 years ago
Jason Ish 5a30ee77a1 bittorrent-dht: only attempt to parse dht messages 
The bittorrent flow is shared with transport messages as well as dht
messages. Only attempt to parse dht message as dht, ignore the rest.
 3 years ago
Jason Ish 98a9391210 bittorrent-dht: decode node data structures 
Instead of decoding the nodes field into a blog of bytes, decode it into
an array of node info objects, each with a node id, IP address and port.
 3 years ago
Jason Ish 3cb50592ed bittorrent-dht: convert some fields to byte arrays 
Some fields that were previously strings are not always value UTF-8
data, instead the protocol specification refers to them as strings of
bytes, so in other words byte arrays.

Currently fields converted are:
- client_version
- info_hash
- response.id
- request.id
- nodes
- token
 3 years ago
Jason Ish 065f3ab9f1 doc: rename bittorrent-dht to bittorrent_dht in eve output 3 years ago
Jason Ish 0d3cfbbe3f bittorrent-dht/eve: log as bittorrent_dht 3 years ago
Jason Ish 66fc92276a eve-schema: add bittorrent-dht 3 years ago
Jason Ish 78ba17caa8 bittorrent-dht: register a pattern for protocol detection 
Removes the port based probing which takes a long time to register for
ports 1024-65535 and instead use pattern based protocol detection.
 3 years ago
Jason Ish 350c0723d7 bittorrent-dht: set parser to unidirectional 
This parser does not match up responses with requests so flag it as
unidirectional.
 3 years ago
Jason Ish 0ea9ba66d1 userguide/eve-log: remove mentions of requiring Rust 
Rust is required to build now.
 3 years ago
Jason Ish 06eaec67ac bittorrent: updates for new event handling 
Fixes anomaly events.
 3 years ago
Aaron Bungay d166c48d28 docs: update for bittorrent-dht app-layer 3 years ago
Aaron Bungay 86037885a9 bittorrent-dht: add bittorrent-dht app layer 
Parses and logs the bittorrent-dht protocol.

Note: Includes some compilation fixups after rebase by Jason Ish.

Feature: #3086
 3 years ago
Jason Ish 27672c950c dnp3: fixups to work with unified json tx logger 
Update DNP3 to work with a single TX logger, and just register one
logger instead of 2.

This primarily creates a TX per message instead of correlating replies
to requests, which fits the DNP3 model better, but we didn't really have
this concept nailed down when DNP3 was written.
 3 years ago
Victor Julien 2f9ca8bb34 dpdk: set new running flag at thread startup 3 years ago
Victor Julien 91b7b63ed2 threads: count thread types after all initialized 
To avoid double counting in case a thread took longer than
expected to start up.
 3 years ago
Alice Akaki 6621b0ec93 detect-icmp-seq: convert unittests to FAIL/PASS APIs 
Task: #4043
 3 years ago
Haleema Khan 8d5c5f24a1 dns/eve: add 'HTTPS' type logging 
Add a new DNS record type to represent HTTPS
Ticket: #4751
 3 years ago
Haleema Khan b1972a5c61 detect-itype: remove unittests 
Ticket: #5590
 3 years ago
Gabriel Lima Luz 4b009eb907 detect-replace: Convert unittests to FAIL/PASS API 
Ticket: 4054
 3 years ago
Philippe Antoine a003640ecf security: prevents process creation 
with setrlimit NPROC.

So that, if Suricata wants to execve or such to create a new process
the OS will forbid it so that RCE exploits are more painful to write.

Ticket: #5373
 3 years ago
Jason Ish 2ab3646fad profiling: sort LoggerId's in same order as defined 
Sort the LoggerId's in the order they are define in suricata-common.h.
 3 years ago
Jason Ish 99cb8c666a loggers: all json tx loggers can share the same loggerid 
This is to avoid the tx logging code that doesn't support LoggerId
values over 31 at this time. The simplest fix for now is to just have
all JSON (eve) loggers use the same ID.

DNP3 is left as-is for now as it needs some extra support in the parser.
 3 years ago
Richard McConnell 9c2939fb33 workflow: add systemd integration and check 
Intergration of systemd is a feature that enables notification of
a running service to the service manager. The workflow now ensures
compilation with systemd and checks the binary has been built against
libsystemd.
 3 years ago
Richard McConnell 7f4c1d5e2f doc/systemd: add documentation for sd_notify 3 years ago
Richard McConnell 88b98a54df suricata: add sd_notify support 
Upon all threads reaching a running state the system generates
a notification for systems running and configured for systemd

Implements feature 5384
(https://redmine.openinfosecfoundation.org/issues/5384)
 3 years ago
Richard McConnell 13beba141c source: add THV_RUNNING flag to notify of running state 
Each module (thread) updates its status to indicate running.
Main thread awaits for all threads to be in a running state
before continuing the initialisation process

Implements feature 5384
(https://redmine.openinfosecfoundation.org/issues/5384)
 3 years ago
Eric Leblond 9fb0137d9d doc: add reference to ipaddr in IP matching 3 years ago
Eric Leblond 94664ef565 datasets: don't exit on invalid data 3 years ago
Eric Leblond 3bd48d9336 detect: doc link for ip.src and ip.dst 3 years ago
Eric Leblond da8b16eaeb doc: add ip.dst and ip.src doc 3 years ago
Eric Leblond 3599cbf1c4 doc: document new dataset types 
Feature: #5383
 3 years ago
Eric Leblond 7518204ad4 datasets: introduce new IPv6 type 
This patch also simplifies IPv6 parsing.

Feature: #5383
 3 years ago
Eric Leblond 6fe9d510cf detect: add ip.dst keyword as sticky buffer 
Feature: #5383
 3 years ago
Eric Leblond 7e516aad94 detect: add ip.src keyword 
It is a sticky buffer matching on src_ip.

Feature: #5383
 3 years ago
Eric Leblond b2cdc6c899 datasets: introduce ipv4 type 
This patch introduce the IPv4 type for dataset so Suricata commandmatch
on a set of IPv4 addresses. This is meant to complement iprep feature
for people that needs more flexibility such as settings the IP on
the packet path.

Feature: #5383
 3 years ago
Eric Leblond a9c05c7d96 datasets: factorize serialised operations 
Ticket: #5184
 3 years ago
Eric Leblond a1a22cccd2 doc: document dataset-lookup 
Ticket: #5184
 3 years ago
Eric Leblond 537fd76787 suricatasc: add dataset-lookup command 
Ticket: #5184
 3 years ago