aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,803 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10d9deec9f'
${ noResults }
Commit Graph

10803 Commits (10d9deec9f2293c797df7dbe8bda346d4dc7d600)
 

Author SHA1 Message Date
Pierre Chifflier 10d9deec9f rust: add common function to exchange CString objects from/to C 5 years ago
Jeff Lucovsky e0bd79670c detect: byte-test convert neg_op flag to a bool 
Only 8 flags are permitted so convert one of them to a struct member. I
choose neg_op
 5 years ago
Jeff Lucovsky 313c23a26b detect: Add unittests to exercise bitmask 5 years ago
Jeff Lucovsky d12950c9e4 detect: fixup incorrect comments, indentation 5 years ago
Jeff Lucovsky 31ed9786f6 detect: byte_test impl for bitmask 
This commit implements byte_test's bitmask feature.
 5 years ago
Jeff Lucovsky 4ad6c5421a doc: fix documentation typos 5 years ago
Jeff Lucovsky bc01392e93 doc: Update byte_test documentation 5 years ago
Sascha Steinbiss 26123e05f2 rfb: use more idiomatic Rust code 
Using 'if let Some()...' makes the code in these many checks more
concise and readable.
 5 years ago
Victor Julien b85539b2ab stream/tcp: fix fast open off by one 
With data on SYN the sequence number used for the first data
was off by one, leading to the next segments to appear to come
after a one byte gap.
 5 years ago
Philippe Antoine f51d7d8947 fuzz: check tcp splitting evasions in protocol detection 5 years ago
Philippe Antoine 9eddaa038e fuzz: enable AFLFUZZ_PERSISTANT_MODE for libfuzzer targets 5 years ago
Philippe Antoine ac35118ebe fuzz: use env variable to restrict app layer 5 years ago
Philippe Antoine 600b0d7c55 fuzz: adds eight fuzz targets 
And ways to compile them with enable-fuzztargets at configure time
Adds utility function in util-unittest-helper
 5 years ago
Frank Honza 1c8943dedd add RFB parser 
This commit adds support for the Remote Framebuffer Protocol (RFB) as
used, for example, by various VNC implementations. It targets the
official versions 3.3, 3.7 and 3.8 of the protocol and provides logging
for the RFB handshake communication for now. Logged events include
endpoint versions, details of the security (i.e. authentication)
exchange as well as metadata about the image transfer parameters.
Detection is enabled using keywords for:

 - rfb.name: Session name as sticky buffer
 - rfb.sectype: Security type, e.g. VNC-style challenge-response
 - rfb.secresult: Result of the security exchange, e.g. OK, FAIL, ...

The latter could be used, for example, to detect brute-force attempts
on open VNC servers, while the name could be used to map unwanted VNC
sessions to the desktop owners or machines.

We also ship example EVE-JSON output and keyword docs as part of the
Sphinx source for Suricata's RTD documentation.
 5 years ago
Victor Julien b4d75b7448 output/anomaly: minor code cleanups 5 years ago
Victor Julien 4d21b03575 detect/app-layer-event: code cleanups 5 years ago
Jeff Lucovsky f0bd69e7e3 detect/pcre: Correct spelling typos 5 years ago
Jeff Lucovsky 7f6af10fed general: copyright bump 5 years ago
Jeff Lucovsky 4b0085b03c detect: Update to take advantage of PCRE refactor 
This commit changes the keyword detectors to use the refactored PCRE
modifications from detect-parse.[ch]
 5 years ago
Jeff Lucovsky abe0cdc4ad detect/pcre: Changes to support pcre_jit_exec 
This command causes `pcre_jit_exec` to be used when available. If it's
available and there are allocation errors preparing for it, things
fallback to `pcre_exec`.
 5 years ago
Jeff Lucovsky aa67a0a236 detect/pcre: Add warning for failed registrations 
This commit adds a warning used by the PCRE detect logic when it fails
to register initialization and free functions for per-thread JIT stack
handling.

This error code is only used when the platform has PCRE JIT exec
functionality.
 5 years ago
Jeff Lucovsky d19429f7e5 detect/parse: Refactor interfaces/definitions 
This commit refactors existing code patterns to reduce code duplication
and to be a base for supporting additional PCRE jit-related actions.
 5 years ago
Jeff Lucovsky 94df0b08d4 configure: Determine whether pcre_jit_exec exists 
This commit adds logic to determine whether pcre_jit_exec is present in
the system's pcre library using AC_RUN_ELSEIF
 5 years ago
Victor Julien ccfdcb55fb devguide: document new app-layer retvals 5 years ago
Philippe Antoine 6251deae21 doc: adds doc for ipv4.hdr signature keyword 5 years ago
Philippe Antoine 1cd314c500 detect: adds icmpv6.mtu keyword 5 years ago
Philippe Antoine 75ec528384 detect: adds utility file for uint keywords 5 years ago
Philippe Antoine 0355b70f5a detect: define generic PrefilterIsPrefilterableById 5 years ago
Philippe Antoine bb7abbd6ec detect: extend PrefilterPacketHeaderValue to 16 bytes 5 years ago
Philippe Antoine d04d69acbb decode: fix endianness for ICMPv6 MTU 5 years ago
Philippe Antoine 9d2fabcd99 doc: fix typo in DetectTcpmssSetup description 
And use lowercase true for boolean
 5 years ago
Victor Julien efee458af8 stream: fix direction flags in corner case 
When a TCP DNS flow would start with a GAP on the TS side, the successful
protocol detection on the TC side would trigger 'opposing side' reassembly
and app-layer processing. In this case the stream flags would indicate the
wrong direction and the wrong parser would be called.
 5 years ago
Victor Julien 960045323d app-layer: minor code cleanup 5 years ago
Victor Julien 9b1f0656d0 app-layer: fix progress tracking 
Esp in combination with GAPs and proto detection.
 5 years ago
Victor Julien acef21b759 app-layer: extend AppLayerResult to add convenience 5 years ago
Victor Julien 2f5834cdfa rust: merge parser.rs into applayer.rs 
Both were serving the same purpose.
 5 years ago
Victor Julien 21e6f1f063 app-layer: document return macros 5 years ago
Victor Julien 5b9b0b7226 nfs: switch to new 'incomplete' logic 
Remove buffering code in favor of using incomplete API.
 5 years ago
Victor Julien 66598f9ce7 nfs: switch to AppLayerResult 5 years ago
Victor Julien 5cd9cfb5a0 smb: update return type of GAP handling 5 years ago
Victor Julien 4bf87d30e4 smb: convert to return AppLayerResult 
Support returning 'incomplete' and remove the buffering
code from the parser.
 5 years ago
Victor Julien 674b8dc0fb app-layer: add 'incomplete' return logic 
Allow app-layer parsers to indicate how much data they need
before being called again.
 5 years ago
Victor Julien 44d3f264bf app-layer: update API to return more details 
Add AppLayerResult struct as the Parser return type in
preparation of allowing returning 'Incomplete(size)' similar
to what nom in Rust allows.
 5 years ago
Victor Julien 3bcf948a75 app-layer: change return codes 
This patch simplifies the return codes app-layer parsers use,
in preparation of a patch set for overhauling the return type.

Introduce two macros:

APP_LAYER_OK (value 0)
APP_LAYER_ERROR (value -1)

Update all parsers to use this.
 5 years ago
Victor Julien 54b2ec0e4d app-layer: minor optimization 5 years ago
Victor Julien fee7b97ec0 stream: fix function style 5 years ago
Victor Julien 157d01e87e ftp: minor code cleanups 5 years ago
Victor Julien 6ae66cb2bb nfs: code cleanups 
Use 'if let' to replace simple 'match' statements.

Use explicit returns to easy code review.
 5 years ago
Victor Julien a729d266c3 smb: fix rustc 1.42 warnings 5 years ago
Jeff Lucovsky 0c5c2173bc config: General typo and grammar cleanup 5 years ago