aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,507 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0ffe123330'
${ noResults }
Commit Graph

12507 Commits (0ffe12333028894b6999a7e65b565a2782e90b53)
 

Author SHA1 Message Date
Pierre Chifflier 0ffe123330 rust/nfs: convert parser to nom7 functions (NFS v3 and v4 records) 3 years ago
Modupe Falodun c33cfed704 detect-fragoffset: convert unittests to FAIL/PASS APIs 
Bug: #4040
 3 years ago
Corey Thomas 7be793f7b4 ci: add fedora 35 to builds 3 years ago
Jason Ish 52b9c12f41 smtp: log transaction even if no email present 
The SMTP transaction logger was not writing the log if the email
portion of the logger failed, such as in the case of STARTTLS
where this is no email decoded.

Ticket #4817
 3 years ago
Sam Muhammed fcf399b02c detect/proto: convert unittests to FAIL/PASS APIs 
Task #4027
 3 years ago
Modupe Falodun 2a800d572c detect-icode: convert unittests to FAIL/PASS APIs 
Bug: #4045
 3 years ago
Modupe Falodun 97801c795b detect-id: convert unittests to FAIL/PASS APIs 
Bug: #4046
 3 years ago
Sam Muhammed 4076c8b762 detect/siggroup: convert unittests to FAIL/PASS APIs 
Task #4028
 3 years ago
Benjamin Wilkins e21a50fee6 lua: Fix SCRule functions for match scripts 
Save Signature structure to lua register so SCRule functions can work
in match scripts, where no PacketAlert is present

Resolves Feature #2450
 3 years ago
Jason Ish 9b71f56728 modbus: free eve thread context on deinit 
Was triggering ASAN leak detection.
 3 years ago
Jason Ish eb6cc62937 dhcp: fix url in comment 
rustdoc was complaining about the format of the URL in a comment
while trying to generate documentation. Convert the comment to a
non-rustdoc comment for now to satisfy rustdoc.
 3 years ago
Jason Ish 55ff912ee7 app-layer: remove IsTxEventAware: never used 
The function AppLayerParserProtocolIsTxEventAware is not used so
remove.
 3 years ago
Jason Ish b57280ff48 rdp: fix transaction id 
By our convention the transaction ID is incremented then applied
to the new transaction. And the generic transaction iterator
requires this behaviour.
 3 years ago
Jason Ish 1ad71b96da app-layer: remove tx detect state setter and getter 
Instead access detect state through AppLayerParserGetTxData.
 3 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 3 years ago
Jason Ish f4b4d531b0 rdp: add tx iterator 3 years ago
Jason Ish 238ec953b7 krb5: use tx iterator 3 years ago
Jason Ish ef0c351953 ntp: add tx iterator 3 years ago
Jason Ish 871fb035b4 sip: add tx iterator 3 years ago
Jason Ish d6b2d7e16a ike: add tx iterator 
For IKE the manual iterator functions were there, but never
registered. So this commit does add a tx iterator to ike.
 3 years ago
Jason Ish 3f2d2bc12b snmp: use generic tx iterator 3 years ago
Jason Ish ac4c5ada2f dhcp: use generic tx iterator 3 years ago
Jason Ish 54e62ddf71 http2: use generic tx iterator 3 years ago
Jason Ish 6cffecfe3e template: use generic tx iterator 3 years ago
Jason Ish a936755731 nfs: use generic tx iterator 3 years ago
Jason Ish 0188a01daf rfb: use generic tx iterator 3 years ago
Jason Ish b335409690 mqtt: use generic tx iterator 3 years ago
Jason Ish d71bcd82d9 modbus: use generic tx iterator 3 years ago
Jason Ish fcfc9876ce smb: use generic tx iterator 3 years ago
Jason Ish 049d43212e rust/app-layer: provide generic implementation of iterator 
Create traits for app-layer State and Transaction that allow
a generic implementation of a transaction iterator that parser
can use when the follow the common pattern for iterating
transactions.

Also convert DNS to use the generic for testing purposes.
 3 years ago
Eric Leblond 6d5f59696d profiling: fix profiling with sample rate 
Rules profiling was returning invalid results when used with sample
rate. The problem was that the sample condition was run twice in the
packet flow. As a result, the second pass was not initializing the
variable storing the initial CPU ticks and the resulting performance
counters were reporting invalid values.

Bug: #4836.
 3 years ago
Philippe Antoine 16f4e5f31c detect: file_data keyword works on nfs protocol 
Ticket: #4839
 3 years ago
Shivani Bhardwaj 26c7d3cc35 http2: remove needless borrows 3 years ago
Shivani Bhardwaj f3a1e3b92e core: Remove unneeded consts 3 years ago
Shivani Bhardwaj b5a123adb1 ssh: use Direction enum 3 years ago
Shivani Bhardwaj baf30cfc05 snmp: use Direction enum 3 years ago
Shivani Bhardwaj 89cb337930 smb: use Direction enum 3 years ago
Shivani Bhardwaj 8f9f78c2d0 sip: use Direction enum 3 years ago
Shivani Bhardwaj 11c438a07d nfs: use Direction enum 3 years ago
Shivani Bhardwaj a7ac79bed7 mqtt: use Direction enum 3 years ago
Shivani Bhardwaj 209e2f17fa krb: use Direction enum 3 years ago
Shivani Bhardwaj 243960a511 ike: use Direction enum 3 years ago
Shivani Bhardwaj ee5b300ccf http2: use Direction enum 3 years ago
Shivani Bhardwaj 0c6e9ac931 files: use Direction enum 3 years ago
Shivani Bhardwaj a19d2b4e1e dns: use Direction enum 3 years ago
Shivani Bhardwaj a866499bca dcerpc: use Direction enum 3 years ago
Shivani Bhardwaj 9512bfd729 core: add Direction enum 
Ticket: 3832
 3 years ago
Andreas Dolp b25350ee13 doc: Fix typo in documentation of rule keyword flow 3 years ago
Philippe Antoine 6cb6225b28 tcp: rejects FIN+SYN packets as invalid 
Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.
 3 years ago
Victor Julien 50e2b973ee stream/tcp: handle RST with MD5 or AO header 
Special handling for RST packets if they have an TCP MD5 or AO header option.
The options hash can't be validated. The end host might be able to validate
it, as it can have a key/password that was communicated out of band.

The sender could use this to move the TCP state to 'CLOSED', leading to
a desync of the TCP session.

This patch builds on top of
843d0b7a10 ("stream: support RST getting lost/ignored")

It flags the receiver as having received an RST and moves the TCP state
into the CLOSED state. It then reverts this if the sender continues to
send traffic. In this case it sets the following event:

    stream-event:suspected_rst_inject;

Bug: #4710.
 3 years ago