aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,751 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '15eac12a39'
${ noResults }
Commit Graph

9751 Commits (15eac12a3920b6a30f178beac2ef1721d0045ea6)
 

Author SHA1 Message Date
Bendik Hagen f558ef2c55 Flow/Stream: set psuedopacket iface/vlan from flow 
This fixes redmine bug #2057 by setting pseudopacket iface and vlan from
flow values, solving the problem of missing vlan/iface when psuedopacket
gets logged/alerted on.
 6 years ago
Bendik Hagen b7b40393dc Flow: Set flow iface and vlan_idx 
Setting flow iface and vlan_idx from packet, making it possible to log
iface and vlan on psuedopackets and in flow-logs.
 6 years ago
Bendik Hagen ec0dd0209a Flow: Adding livedev and vlan_idx on flow 
Adding livedev and vlan_idx on flow, making it possible to use it for
logging in_iface on flow-logs and fix in_iface on psuedopackets.
 6 years ago
Philippe Antoine bef190f767 http: logs content range 
Fixes #2485
 6 years ago
Philippe Antoine 43e205fc32 smtp: rset command resets bdat chunks length 
Fixes #1860
 6 years ago
Philippe Antoine ff52bb14b7 ssh : code style consistency 
Adds SSH_FLAG_VERSION_PARSED to flags before each return
This way, we are sure SSHParseBanner does not get called again
And proto_version does not get leaked
 6 years ago
Jeff Lucovsky 4f33b8c18d decode: Improved FTP active mode handling 
This changeset addresses 2 issues:
- 2459
- 2527
and improves handling for FTP active mode over IPv4 and IPv6.

Active mode is triggered when the FTP client conveys the port
that should be used for a data connection (PORT, EPRT).

When this occurs, the FTP state is marked as "active".
 6 years ago
Jason Ish 164fb71898 mpls: fix misaligned read 
Instead of casting the packet buffer to a uint32, memcpy it to
avoid misaligned read error, as caught by the undefined behavior
detector (ubsan).

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2903
 6 years ago
jason taylor a4ec133a88 ci: updated travis and appveyor for nss/nspr 
* added nss and nspr requirements for appveyor build
* added nss and nspr requirements for travis builds
* added travis build without nss and nspr

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor dd2063a75e configure: fix nss check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor 7ea269a212 configure: fix nspr check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien f7d8401c2e eve/smb: minor cleanup now Rust is mandatory 6 years ago
Victor Julien c2cb155ebb rust/smb: rename files and code from RustSMB to SMB 6 years ago
Victor Julien e572324c5a detect/dcerpc: cleanup now Rust is mandatory 6 years ago
Victor Julien 50709144f9 detect/app-layer-event: cleanup test 6 years ago
Victor Julien f30c05e684 smb: remove C implementation 
Now that Rust is mandatory it is obsolete.

Ticket: #2849
 6 years ago
Victor Julien 8a2b94c6f4 openbsd: fix rust linking 6 years ago
Jason Ish 67b2692d34 dns: remove as much C DNS code as possible 
As some of the C code is still used it can't all be removed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2850
 6 years ago
Jason Ish 355d125c4f userguide: remove dns-log 6 years ago
Jason Ish 78b82ce6a5 dns-log: remove, not supported now that Rust is required 
The non-json line based DNS log is not supported with Rust only
builds and has been scheduled for removal in Suricata 5.0.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2297
 6 years ago
Jason Ish 75a018ead2 doc: remove autoconf replacement var for Rust 
Set to yes as Rust is always enabled now.
 6 years ago
Jason Ish fc3191dc2d config: enable all things requiring Rust 
Instead of only enabling them if Rust is enabled, as Rust is
always enabled now.
 6 years ago
Jason Ish b2fedc9ed2 travis-ci: enable Rust for all builds 6 years ago
Jason Ish 75429bbe3e autoconf: make Rust required in configure 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2507
 6 years ago
Jason Ish 832270c1d3 travis-ci: test that configure fails without jansson 
Update the no-jansson test to fail out if configure
passes.

The script needed to be converted into a single list item
for the early exit to work on Travis.
 6 years ago
Jason Ish e49c40428e autoconf: jansson is now required 
Jansson is required by the Suricata Rust support which
will also be mandatory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1970
 6 years ago
Phil Young 6cfc39d7c9 napatech: auto-config documentation update 
Added documentation describing how to configure suricata to automaticly
configure sreams and host buffers without using NTPL.  I.e. from
suricata.yaml.
 6 years ago
Phil Young 05271bfbe5 napatech: simplify integration with Napatech cards 
- There is now an option to automatically create streams on the
  correct NUMA node when using cpu affinity.

- When not using cpu affinity the user can specify streams to be
  created in the suricata.yaml file.  It is no longer required to
  use NTPL to create streams before running suricata.

- The legacy usage model of running NTPL to create streams is still
  available. This can be used for legacy configurations and complex
  configurations that cannot be satisfied by the auto-config option.
 6 years ago
Victor Julien fd9f64d00f byte: suppress errors in byte extraction utils 6 years ago
Victor Julien a496c8be0c detect/bytejump: suppress runtime error messages 6 years ago
Victor Julien 5703ce371e detect/byteextract: suppress runtime error messages 6 years ago
jason taylor 7f63ec185a pfring: update PfringThreadVars_ for gcc 4.x 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Emmanuel Roullit 00917a0415 init: use pledge(2) after suricata initialization. 
pledge(2) can be used on OpenBSD to restrict suricata possible
operation on the system once initialization is completed.
The process promises to only make use of:
- "stdio" to allow read(2) on IPS rules and write(2) on log file
- "rpath wpath cpath" to allow log rotation
- "unix" to operate the control unix socket and log unix sockets
- "dns" to retrieve DNS from recvfrom(2)/sento(2) in IPFW mode
- "bpf" as suricata uses libpcap, which uses the BIOCGSTATS operation

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@cognitix.de>
 6 years ago
Emmanuel Roullit 8b75e69165 log: output file mode in octal on chmod warning 
The mode input in chmod is an octal integer. However when the warning is logged,
the file mode is printed in decimal which is confusing.

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@cognitix.de>
 6 years ago
Jeff Lucovsky 8e464530ef decode: Change return type of IPv4 and TCP options decode 
The return value from the options decoder in TCP and IPv4 is ignored.
This commit changes the return type of the function to `void` and
modifies existing return points to return without a value.

When an error occurs, the packet state is being set to indicate whether
it's valid or not and the existing return value is never used.
 6 years ago
Jeff Lucovsky 03b0e4272b parse: Improve unknown protocol parse message 
The message associated with unknown protocols during parsing is incomplete.
This commit improves the message readability.
 6 years ago
Jeff Lucovsky 9856c5533a doc: ssh.{proto,software} documentation update 6 years ago
Jeff Lucovsky b10125af07 sticky: Convert ssh_software to new format 6 years ago
Jeff Lucovsky ceba8c89e9 sticky: Convert ssh_proto to new format 
This changest converts the 'ssh_proto' sticky buffer
into the v2 framework.
 6 years ago
Jeff Lucovsky 80be07a534 detect/http: Use v2 inspect and mpm engines 
This changeset updates the http stub detect logic to use the v2 inspect
and npm engines.
 6 years ago
Victor Julien aaf502d383 stream: suppress noisy debug info messages 6 years ago
Victor Julien 63569aeb57 pcap: suppress info messages 6 years ago
Victor Julien ee128c7460 detect/disable-detect: suppress info message 
The message would be displayed even when level was higher than
info.
 6 years ago
Victor Julien d00950be81 log/file: use default-log-dir for suricata.log 
Default to just suricata.log instead of the full path, so that
in user mode we can log in the user mode location.
 6 years ago
Victor Julien a36482e924 user mode: use CWD as logdir 
Introduce util func for handling user mode settings.
 6 years ago
Victor Julien c72dd84ade logopenfile: remove duplicate ifdefs 6 years ago
Victor Julien 56e4c348e1 runmodes: improve error messaging 6 years ago
Victor Julien 1a7e93f4a6 startup: log system mode with version 6 years ago
Victor Julien 86ed5815cb instance: set system vs user mode 6 years ago
Victor Julien 231496f165 rust/mingw: enable in appveyor 6 years ago