aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,257 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '083908f3be'
${ noResults }
Commit Graph

9257 Commits (083908f3be941c8d4588935b046834fda7b60aad)
 

Author SHA1 Message Date
Victor Julien 083908f3be rust/ike2: free destate on tx free 
Bug #2604
 6 years ago
Jason Ish 6f00ba0659 rust: fix (again) out of tree builds 
As the generated Cargo.toml is shipped as part of a release
tarball, build from the source directory but set the cargo
CARGO_TARGET_DIR to the build directory.
 6 years ago
Pascal Delalande 64922a476e doc: remove deprecated force-md5 flag from userguide 6 years ago
Travis Green 576b3b6a81 Added new classifications to classification.conf 
Added classifications from rule-writing community feedback.
 6 years ago
Victor Julien daaa90d515 rust/smb: suppress noisy messages 6 years ago
Victor Julien c4d8508f51 eve/json: introduce community flow id 
Add support for community flow id, meant to give a records a
predictable flow id that can be used to match records to
output of other tools.

Takes a 'seed' that needs to be same across sensors and tools
to make the id less predictable.
 6 years ago
Victor Julien e956b484c5 eve/json: handle common options in central function 6 years ago
Victor Julien df1ec82b55 eve/json: move common settings into it's own struct 6 years ago
Victor Julien 116c03cf17 nfs: use common json output structures 6 years ago
Victor Julien 04edc7cb6c smb: use common json output structures 6 years ago
Victor Julien 8b8270e732 eve/json: add common helper funcs 
Add simple helper funcs for option-less loggers
 6 years ago
Victor Julien f357ad1df2 eve/flow: minor cleanups 6 years ago
Victor Julien 7bf71805b8 hash/sha1: optimize by avoiding mem alloc 
Don't allocate an output buffer for each call. These buffers
would have the exact same size every time.
 6 years ago
Victor Julien c54acd3a6e travis: update rust to 1.29.1, add auto & disabled tests 6 years ago
Victor Julien ed712768d5 rust: enable by default 
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
 6 years ago
Victor Julien 4ece6ba758 configure: fix and cleanup nss and nspr detection 6 years ago
Victor Julien 4d5024255f smb/dcerpc: remove now unused ssn2maxsize_map 6 years ago
Victor Julien 4d044483cf smb/dcerpc: clean up and unify DCERPC probe logic 6 years ago
Victor Julien ac4e888597 smb2/dcerpc: probe if response data is dcerpc 
If we missed the tree connect we can't know for sure if we're
reading from a (DCERPC) PIPE or not. In this case probe the data
to see if it looks like DCERPC.

If the detection succeeds, use a special 'suricata::dcerpc' service
in the TX.

Simplify handling of DCERPC records that cross records

Update logging for the response only TXs.
 6 years ago
Victor Julien 9dd7c38113 smb2: skip rest of READ response if status is not success 6 years ago
jason taylor 7f4e5e6eac userguide: update hyperscan documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien ae10a92bc6 rust/applayer: use correct return type for Parser 
The mismatch between the types would randomly lead to the return code
of the Rust parser to be not correctly handled over the C/Rust
boundary. This would lead to the API considering a parser to be in
error state when it was not.
 6 years ago
Victor Julien efbb5ce0fe afpacket: fix formatting of errors 7 years ago
Victor Julien 8d5da9e00f dns: shrink per flow state by improving layout 7 years ago
Victor Julien 275cf9b029 detect/ttl: major clean up of ttl code 
Redo unittests using FAIL/PASS macros
Switch parsing to pcre_copy_substring.
Misc cleanups.
 7 years ago
Victor Julien 13ea30ef23 spelling: fixing minor spelling mistakes 7 years ago
Victor Julien 8b213e9d63 yaml: fix typo 7 years ago
Hilko Bengen 731c2b2e17 configure: Fixed "no" output for XDP, libnss, libnspr 7 years ago
Danny Browning a307e637c6 suricata: file existence check (bug #2615) 
Files and directories passed via command line option -r should be checked for
existence during command line parsing and not start additional suricata
functionality.
 7 years ago
jason taylor d038c78cd6 config: added ja3 to tls custom logging example 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Mats Klepsland 8c3f1aa7a5 tlslog: don't log as "resumed" without ServerHello 
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.
 7 years ago
Mats Klepsland 814e1624c2 output-json-tls: don't log as "resumed" without ServerHello 
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.
 7 years ago
Mats Klepsland 4470b05ae4 app-layer-ssl: remove unnecessary length check 
We already check that empty extensions are not decoded, so this length
check is not needed.
 7 years ago
Victor Julien 0b5a2ab49b setup-app-layer: support tests in tests/ 7 years ago
Jason Ish 7ec7d85ecc setup-app-layer.py: integrate detect buffer setup 
Add --detect to setup a detect buffer.

Obsoletes setup-app-layer-detect.sh.
 7 years ago
Jason Ish 35fd10bc2e rust: app-layer detect template for rust parsers 7 years ago
Jason Ish 15922dcd8c setup-app-layer.py: attempt to cd into correct directory 
- If in src, cd to ..
- Error out early if the current directory does not look like a
  Suricata source directory.
 7 years ago
Jason Ish 58933bafc1 rust app layer template: functions to get buffers 
Example functions for getting the request and response buffers.
Useful for running detection on the decoded buffers.
 7 years ago
Jason Ish 01f7dcf5fd rust template parser: sample pcap 7 years ago
Jason Ish c3f1a35e28 rust: app-layer template parser and logger 
The protocol is a simple request/reply based protocol that can
be hand driven with netcat.

Request  -> 12:Hello World!
Response -> 3:Byte

Its of the format <length>:<message> where length is the length
of the message, not including the length or the delimiter.
 7 years ago
Jason Ish 7682b1ba74 rustfmt.toml: set to 80 char line width 
The rustfmt default is 100, set to 80 to be more inline with
the Suricata C code.
 7 years ago
Jason Ish 9636b9de32 rust: expose AppLayerParserStateIssetFlag to Rust. 7 years ago
Jason Ish 90dfcf4907 rust/gen-c-headers: don't attempt to split empty lines 7 years ago
Jason Ish ee3aba9008 templates: C stub output for Rust logger 7 years ago
Jason Ish 96dc20abb1 templates: C stub template for Rust parser 7 years ago
Victor Julien 789b1474ed detect/template2: setup script 7 years ago
Victor Julien 486054595a detect/template2: template with prefilter (copy of ttl) 7 years ago
Victor Julien 4d0fc67560 decode/template: minor updates 7 years ago
Victor Julien 5ed7e4fb5f setup-app-layer-detect: update for tests/ dir 7 years ago
Victor Julien 452355bb63 setup-simple-detect: update for new tests location 7 years ago