aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,437 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0c1254738e'
${ noResults }
Commit Graph

9437 Commits (0c1254738e17e181870817941bc4c374bbba904f)
 

Author SHA1 Message Date
Jason Ish 0c1254738e rust/dns: add dns to dns alerts 6 years ago
Fabrice Fontaine 7c4ff8325b configure.ac: fix --{disable,enable}-xxx options 
Currently, if the user provides --enable-libmagic or
--disable-libmagic, libmagic will be disabled because $enableval is not
used to know if the user provided --enable or --disable

Most of the options have this issue so fix them all by using $enableval

Fixes:
 - https://redmine.openinfosecfoundation.org/issues/2797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Victor Julien 7f38ffc8bc log/stats: fix formatting of long decoder events 6 years ago
Victor Julien b3c021f8d0 userguide: improve stats logging documentation 6 years ago
Jingyu Yang bb26e6216e source-pcap:set PktAcqBreakLoop as pcap_breakloop 6 years ago
Victor Julien d8634daf74 stream: fix false negative on bad RST 
If a bad RST was received the stream inspection would not happen
for that packet, but it would still move the 'raw progress' tracker
forward. Following good packets would then fail to detect anything
before the 'raw progress' position.

Bug #2770

Reported-by: Alexey Vishnyakov
 6 years ago
Victor Julien fb18a1655c eve.stats: warn that output might miss decoder-events 6 years ago
Victor Julien 0d86263efd eve.stats: make decoder event prefix configurable 6 years ago
Victor Julien 932c2a7ec5 eve: fix missing decoder-events in stats 
In the eve log the decoder events are added as optional counters. This
behaviour is enabled by default. However, lots of the counters are
missing, as the names colide with other counters.

E.g.

decoder.ipv6 counts ipv6 packets
decoder.ipv6.unknown_next_header counts how often an unknown next
    header is encountered.

In this example 'ipv6' would be both a json integer and a json object.
It appears that jansson favours the first that is generated, so the
event counters are mostly missing.

This patch registers them as 'decoder.events.<event>' instead. As
these names are generated on the fly, a hash table to contain the
allocated strings was added as well.
 6 years ago
Victor Julien 0f1fc1f0c8 hash: move string hash funcs into util files 6 years ago
Victor Julien c140505bec decoder: add gre over ipv6 support 6 years ago
Victor Julien 8709a20d94 af-packet: minor code cleanups 6 years ago
Victor Julien c99dc5a7bf af-packet: re-enable sync for tpacket v2 
Synchronize start was disabled for v2 when v3 was introduced, without
a reason being given.

Re-enable as v2 will otherwise also start reading packets before the
other threads are set up. This will lead to hashing issues.

Part of bug #2788.
 6 years ago
Victor Julien cebbe06f70 af-packet: fix sync start for tpacket v3 
The tpacket-v3 implementation of the synchonize start logic would
not correctly consider the timestamp parameter, leading to threads
starting before synchronization between threads was complete.

Bug #2788
 6 years ago
Alexander Gozman 03af3e1ed8 nfqueue: inject fake packet on timeout 
Fixes nfqueue and delayed-detect.

On systems with small amount of traffic (or with no traffic at all)
nfqueue with 'delayed-detect' enabled hanged in 'workers' mode.

Bug #2362.
 6 years ago
Pascal Delalande f2dca46382 doc: fix minor typo 6 years ago
Eric Leblond a51d1f7c46 lua: add lua dir with example to make dist 6 years ago
Eric Leblond 2b72dfaf01 coccinelle: add missing tests to make dist 6 years ago
Eric Leblond 0e3b1eba86 util-binsearch: remove the files 6 years ago
Eric Leblond 7a121d9b4c doc: add _static dir to make dist 6 years ago
Eric Leblond 97da91dc5e ebpf: include files in make dist 6 years ago
Victor Julien b51e4a3959 changelog: update for 4.1.2 release 6 years ago
Victor Julien 8b570c0293 smb: improve request/response mapping 
Only use ssn_id and msg_id for mapping a response to a request.

By not using the tree_id it can always be included in the tx.hdr which
means it can be logged properly in case of IOCTL and DCERPC.
 6 years ago
Travis Green 6f5eb487a1 doc: add missing and fix 404 for --list-keywords 6 years ago
Travis Green c2adb9e669 doc: added tos keyword 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2583
 6 years ago
Philippe Antoine 7fca771ef4 Fixes other affected tests for smtp pipelining 
Either checking state has pipelining
Or removing pipelining from input
 6 years ago
Philippe Antoine 447c1042f4 smtp: improve pipelining support 
Fixes #1863
 6 years ago
Victor Julien 8357ef3f8f proto/detect: workaround dns misdetected as dcerpc 
The DCERPC UDP detection would misfire on DNS with transaction
ID 0x0400. This would happen as the protocol detection engine
gives preference to pattern based detection over probing parsers for
performance reasons.

This hack/workaround fixes this specific case by still running the
probing parser if DCERPC has been detected on UDP. The probing
parser result will take precedence.

Bug #2736.
 6 years ago
Victor Julien 11f3659f64 teredo: be stricter on what to consider valid teredo 
Invalid Teredo can lead to valid DNS traffic (or other UDP traffic)
being misdetected as Teredo. This leads to false negatives in the
UDP payload inspection.

Make the teredo code only consider a packet teredo if the encapsulated
data was decoded without any 'invalid' events being set.

Bug #2736.
 6 years ago
Victor Julien e30212c5d8 detect: fix crash during startup with malformed yaml 
detect-engine:
  custom-values:
    toclient-groups: 200
    toserver-groups: 200

Bug #2745
 6 years ago
Victor Julien 9dd925a46a userguide/install: add rust, python-yaml to ubuntu 6 years ago
Victor Julien 4c8f6b2246 offloading: on bsd, disable rxcsum and v6 variants 6 years ago
Victor Julien fa6b73d1c9 offloading: don't set multiple times per interface 
This could happen with netmap igb0->igb0^ IPS mode.
 6 years ago
Victor Julien d1fa4a35eb changelog: update for 4.1.1 6 years ago
Victor Julien ad1945aae4 detect: fix content inspection flags 
Fix generic inspect function content inspection flags so that
streaming buffers work correctly.
 6 years ago
Victor Julien 394e115036 detect/rawbytes: improve error message plus do minor cleanups 6 years ago
Victor Julien f336ba3217 detect/file-data: fix enabling http body tracking 6 years ago
Pierre Chifflier 3eade88bd8 Krb5: make TCP probing function less strict, messages can be fragmented 6 years ago
Victor Julien 3eec088d31 detect/parse: error out on unused sticky buffers 6 years ago
Victor Julien b36e921cf9 detect/prefilter: add closing debug return statement 6 years ago
Victor Julien 1dd81f7346 yaml: add missing eve pcap-file comment 6 years ago
Victor Julien 3a057c5f54 capture: fix mtu plus sign names for non-netmap 
Bug #2502.
 6 years ago
Victor Julien 31f81429c2 stats: more accurate interval handling 
In the stats loop sleep for a time period more closely matching
the stats.interval setting. Fix an off by one that would make
the loop wake up ~1 second early.

Bug #2716
 6 years ago
Jason Ish c1238af3e0 check-setup: fix script names for .sh to .py 6 years ago
Jason Ish 56af22803b travis: update rust version to 1.24.1 and 1.31.0. 
1.24.1 is now the oldest version we test support for. All major
distributions appear to be at this version or new.

With the release of 1.31.0 just out, test that as the most
recent version.
 6 years ago
Jason Ish d03a5be118 dns json v2 (C) - log rrtype in response 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2723
 6 years ago
Jason Ish b7083bc3a8 rust/dns/v2 - log rrtype in response 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2723
 6 years ago
Jason Ish b7a58680db dns/rust - if let Some over options instead of loop. 
Except in one case where the loop makes more sense for easy break
out.

Also remove one line of non-conforming debug logging.
 6 years ago
Jason Ish 4163d5c360 rust/dns/lua - fix call convention to match C. 
Also, when requesting the query, if the request doesn't exist,
return the query from the response. This makes it behave
more like C implementation.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2730
 6 years ago
Jason Ish 87250da0fc rust/dns: add v1 dns logging 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2704
 6 years ago