aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,034 Commits
7 Branches
161 Tags
176 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0d4efe0c0f'
${ noResults }
Commit Graph

16034 Commits (0d4efe0c0f184b43eddfe0866a18a8e565161cac)
 

Author SHA1 Message Date
Philippe Antoine 0d4efe0c0f app-layer: fix -Wshorten-64-to-32 warnings 
Ticket: #6186

Warnings about downcast from 64 to 32 bits
 1 year ago
Philippe Antoine 1790aa49a4 util: fix -Wshorten-64-to-32 warnings 
Ticket: 6186

Warnings about downcast from 64 to 32 bits

Generic fixes required to get app-layer clean
 1 year ago
Philippe Antoine dc043d0297 detect: remove unused field 
content_inspect_window is used in app-layer-smtp, but
not directly in detect-file-data
 1 year ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 1 year ago
Victor Julien 869d5492dc eve/schema: update for alpn 1 year ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 1 year ago
Victor Julien 0b37654578 tls: store all ALPN records in the state 
For later logging and detection.
 1 year ago
Victor Julien 7f474af1d0 eve/schema: minor enip reformat 1 year ago
Jason Ish 6256391408 github-ci: run cargo update test on pull requests 
Previously it was run once a week, hiding some issues until
Monday's. Instead run on pull requests, but still not every push.
 1 year ago
Victor Julien e3e917d967 detect/icmp-id: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 8df53d6411 detect/dsize: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 44d2e1aad7 detect/stream_size: allow match on pseudo packets 
Often used with stream content, which can be inspected with pseudo packets.
 1 year ago
Victor Julien 6958efa2dc detect/csum: remove pseudo packet checks 1 year ago
Victor Julien 64f5865efc detect/csum: general code cleanups 1 year ago
Victor Julien 956c8bebd1 detect/prefilter: use sig mask to exclude pkt engines 
Add an argument to the packet prefilter registration function to include
`SignatureMask` flags. This will be used at runtime to only call these
prefilter engines when the mask check passes.
 1 year ago
Victor Julien 4c2960169c detect/prefilter: minor function ptr cleanup 
Use a typedef'd function pointer for packet Prefilter callbacks to make
the code consistent with the other callbacks.
 1 year ago
Victor Julien 2d1ccb76b1 detect: remove pseudo checks from packet keywords 
Keep as debug validation check.
 1 year ago
Victor Julien d03660a646 detect: skip pseudo packets if sig needs real pkt 
If a signature uses a condition that requires a real packet, filter
out pseudo packets as early as possible. To do this, the SignatureMask
logic is used.

This allows for the removal of checks for pseudo packets in individual
keywords `Match` functions, which will be done in a follow up commit.

Update analyzer to output the new flag.

Ticket: #7002.
 1 year ago
Philippe Antoine e3034a6f54 tests: move detect http.uri tests to suricata-verify 
Ticket: 3725
 1 year ago
Philippe Antoine d59c60410f fuzz: adapt target to number of keywords being dynamic 
Ticket: 4683
 1 year ago
Philippe Antoine 5bb5b4f46f rust: remove unnecessary nested unsafe 1 year ago
Philippe Antoine 4ccbcc4684 sip: use right slice to take line from 
We iterate over input, but we are now at start.
Avois quadratic complexity turning to OOM.

Ticket: 7093
 1 year ago
Jason Ish 49ecf37126 rust/ike: prefix never read field names with _ 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
 1 year ago
Jason Ish 29d7ff026a rust: simply matches with unwrap_or_default 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
 1 year ago
Jason Ish ee2175cdb6 rust: fix clippy lint for legacy_numeric_constants 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
 1 year ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features 
"default_features" is being deprecated in Rust 2024.
 1 year ago
Philippe Antoine 4fe3f04fa3 detect/enip: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ce1eea4ad6 detect/websocket: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine 16952d67e7 detect/dhcp: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 1 year ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords 
detect: make number of keywords dynamic

Ticket: 4683
 1 year ago
Philippe Antoine 08c511f1bf enip: remove unnecessary unsafe 
As the function SCEnipRegisterParsers is already marked as unsafe
 1 year ago
Eric Leblond b128a75973 profiling: check packet flag first 
This fixes the state handling and simplify the logic.
 1 year ago
Eric Leblond eecb3440e2 profiling: add option to active rules profiling at start 
When replaying a pcap file, it is not possible to get rules
profiling because it has to be activated from the unix socket.
This patch adds a new option to be able to activate profiling
collection at start so a pcap run can get rules profiling
information.
 1 year ago
Lukas Sismis bd9608771e doc: port user install and build instruction from master-6.0.x 
Ticket: #6686
 1 year ago
Lukas Sismis cd7c35eb5a github-ci: add minimal build for Ubuntu and AlmaLinux 1 year ago
Lukas Sismis 6d663ec885 github-ci: remove gosu from installed packages 1 year ago
Lukas Sismis 521d1cb8e7 doc: update eBPF compilation instructions 
Ticket: #6599
 1 year ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 1 year ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 1 year ago
Victor Julien 37be66eef9 detect/iprep: update function naming 
Bring in line with new Rust code naming for FFI functions.
 1 year ago
Victor Julien 83976a4cd4 detect/iprep: implement isset and isnotset 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

Internally it is implemented outside the uint support.

Ticket: #6857.
 1 year ago
Victor Julien 3e46c51651 reputation: minor cleanup 
No need to init ptrs to NULL after SCCalloc.
 1 year ago
Victor Julien 539ab3a404 detect/iprep: update keyword parser for extendibility 1 year ago
Jason Ish f0dbfe863d misc: prefix functions with SC not Sc 1 year ago
Victor Julien d02054fa31 detect/noalert: point noalert/alert to new doc 1 year ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 1 year ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 1 year ago
Victor Julien d5fb8204b6 detect: implement 'alert' keyword as a companion to 'noalert' 
This can be used to implement alert then pass logic.

Add support for alert-then-pass to alert handling routines.

Ticket: #5466.
 1 year ago
Victor Julien 92581dbc06 detect: set ACTION_ALERT for rules that should alert 
Replaces default "alert" logic and removed SIG_FLAG_NOALERT.

Instead, "noalert" unsets ACTION_ALERT. Same for flowbits:noalert and
friends.

In signature ordering rules w/o action are sorted as if they have 'alert',
which is the same behavior as before, but now implemented explicitly.

Ticket: #5466.
 1 year ago