aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,010 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b0b74dc16'
${ noResults }
Commit Graph

9010 Commits (1b0b74dc1610bf27a035acb878e416fc61fdf81f)
 

Author SHA1 Message Date
Jason Ish 1b0b74dc16 rust: a Rust ConfNode wrapper. 
A Rust wrapper around the C ConfNode object. Currenlty only exposes
ConfGetChildValueBool and ConfGetChildValue.
 7 years ago
Jason Ish 05e20c5c57 eve: check if enabled before attempting to setup 
Before setting up a sub eve-logger, check that it is enabled. This
allows us to set "enabled: no" for loggers that are not registered
with the system without generating an error. An example of this
is loggers that are only available with Rust.
 7 years ago
Jason Ish 2ec3381600 rust/app-layer: macros to export de_state functions 
These macros generate the extern "C" functions for transactions
structs that need provide functions for setting and getting
the de_state. The idea is to provide macros do avoid code
duplication and make it simpler to create an app-layer.

A trait would be the correct solution, but it doesn't look like
you can use traits to export extern "C" functions.
 7 years ago
Jason Ish da4912dfe7 rust: add get_tx_iterator to parser registration 7 years ago
Jason Ish 14843a7b43 app-layer-register: add GetTxIterator 
Add a field to set the GetTxIterator function to the AppLayerParser
registration struct.
 7 years ago
Jason Ish 9fc1250ca8 app-layer-detect-proto: remove unnecessary gotos 7 years ago
Pierre Chifflier e9ae62ed05 Kerberos 5: properly handle TCP buffering 7 years ago
Pierre Chifflier c51ff32adb Document Kerberos 5 parsing events 7 years ago
Pierre Chifflier 1076c7cd47 Add krb5_err_code detection keyword 7 years ago
Pierre Chifflier d6b9c0294a Add krb5_cname and krb5_sname detection keywords 7 years ago
Pierre Chifflier 0bd81ff838 Add krb5_msg_type detection keyword 7 years ago
Pierre Chifflier 5037051161 Kerberos 5: rename weak crypto to weak encryption, and log it 7 years ago
Pierre Chifflier 6ae53a1869 Add event rules for Kerberos 5 7 years ago
Pierre Chifflier 3a017f61b0 Kerberos 5: pretty-print error code when logging 7 years ago
Pierre Chifflier 52f5c7914f Log Kerberos 5 errors 7 years ago
Pierre Chifflier 1e5f5d405f Kerberos 5: add support for TCP as well 7 years ago
Pierre Chifflier 645ba17509 Kerberos: check version in probing function 7 years ago
Pierre Chifflier fd175f2bfb Add logger for Kerberos 5 metadata 7 years ago
Pierre Chifflier 77f0c11c9e Add Kerberos 5 application layer 7 years ago
Eric Leblond 325f336f63 util-random: fix detection of getrandom failure 7 years ago
Eric Leblond 851efd9c60 util-random: workaround getrandom unavailability 
getrandom syscall availability is detected at runtime. So it is
possible that the build is done on a box that supports it but
the run is done on a system with no availability. So a workaround
solution is needed to fix this case.

Also we have seen some issue in docker environment where the build
is detecting getrandom but where it does not work at runtime.

For both reasons, the code is updated to have a call to a fallback
function if ever the getrandom call returns that the syscall is
not available.
 7 years ago
Jason Ish d73b5ee276 rust: cargo fixes for out of tree build 7 years ago
Jason Ish 7e06e765f3 python: fixes for out of tree build 
Autoconf/automake and python setup.py don't play that well
together with out of tree builds.

Makes suricatasc not an autoconf input file, instead use the
defaults module that is already being created.

In the case of an out of tree build, copy the generated defaults.py
to the build directory manually.
 7 years ago
Pascal Delalande 4f48927c44 doc: spelling mistakes in various sections of the user guide 7 years ago
Pierre Chifflier 2d1c4420de Update ntp-parser to 0.2.0 7 years ago
Jason Ish 95481a9176 eve/json/xff - remove check for flow being NULL. 
Fix Coverity issue:
** CID 1435535:  Null pointer dereferences  (REVERSE_INULL)
/src/output-json-file.c: 212 in JsonBuildFileInfoRecord()

Where we check a variable for being NULL, when all paths to the
code show that it can't be NULL.
 7 years ago
Victor Julien 26b61bad90 htp: cleanup and fix test 7 years ago
Victor Julien 08af5ddd88 http: add tests for header folding 
To test for https://github.com/OISF/libhtp/issues/159
 7 years ago
Victor Julien 953dceece2 http: clean up unittest 7 years ago
Victor Julien d0a8310fcf pcap-log: don't divide by 0 on no traffic 7 years ago
Jason Ish 0d51ebc71a eve/alert: use eve-level xff config by default 
The alert section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish e3645bd9ae eve/alert: separate xff and metadata configuration 
Put xff setup and metadata setup into their own
functions.
 7 years ago
Jason Ish 4822387411 qa/coccinelle: allow to run from non git directory 
For example, when I put the contents of a git worktree into
a Docker image for a test build .git will not be a directory
causing the run_check.sh script to fail.
 7 years ago
Jason Ish 36ec1281b2 eve/files: use eve-level xff config by default 
The files section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish 6607ee8489 eve/http: use eve-level xff config by default 
The http section can still have an xff configuration which
will take priority over the eve level xff config.
 7 years ago
Jason Ish 576584152c eve: use eve-level xff configuration 
If an "xff" configuration section exists on the eve object,
parse and save it for child loggers to use.
 7 years ago
Jason Ish 781a7e1089 xff: HttpXFFGetCfg - allow conf to be NULL 
The code fully handles conf being NULL, and we have other functions
where conf can be NULL.
 7 years ago
Maurizio Abba 2543930d74 xff: Use XFF configuration in eve and filestore 
XFF configuration is already set in app-layer-htp-xff, and in
output-json-alert. Extending XFF configuration to files and HTTP allow
to get the same behavior as for alerts.

Extend the configuration of filestore json to let filestore metafile
dump be aware of xff. This is available only if write-fileinfo is set
to yes and file-store version is 2.
 7 years ago
Elazar Broad 6ba02cac50 Fix segfault when the protocol is anything other than HTTP 
When a file is transferred over anything other than HTTP, the previously hard-coded HTTP protocol would trigger a non-existent index into htp_list_array_get(), causing a segfault. This patch mimics the logic in detect-lua-extensions.c.
 7 years ago
Mats Klepsland 2d2c01e772 detect-tls-cert-fingerprint: fix typo in unittest 7 years ago
Mats Klepsland 4671d57d7a detect-tls-cert-fingerprint: fix failing unittest 
Fix unittest that failed with the content validation callback.
 7 years ago
Mats Klepsland f36d578ee0 detect-tls-ja3-hash: add setup callback to lowercase content 
Add setup callback that lowercase the content that follows 'ja3_hash'.
 7 years ago
Mats Klepsland 5b954212f7 detect-tls-ja3-hash: add warning if nocase is used 7 years ago
Mats Klepsland 2501d48ac8 detect-tls-cert-serial: add warning if nocase is used 7 years ago
Mats Klepsland 2c5d5bbdaa detect-tls-cert-fingerprint: add warning if nocase is used 7 years ago
Mats Klepsland 4c9d448fa1 detect-tls-ja3-hash: add content validation callback 
Validate that the content that follows the 'ja3_hash' keyword has
the correct length.
 7 years ago
Mats Klepsland 52d9d45747 detect-tls-cert-fingerprint: add setup callback to lowercase content 
Add setup callback that lowercase the content that follows
'tls_cert_fingerprint'.
 7 years ago
Mats Klepsland f788719348 detect-tls-cert-fingerprint: add content validation callback 
Validate that the content that follows the 'tls_cert_fingerprint'
keyword is on the correct form and has the correct length.
 7 years ago
Mats Klepsland 6cf4c3c26e detect-tls-cert-serial: add setup callback to uppercase content 
Add setup callback that uppercase the content that follows
'tls_cert_serial'.
 7 years ago
Mats Klepsland 321603de37 detect-engine: add DetectEngineCtx to setup callback function 
Add detect engine context as variable to setup callback function
in 'DetectBufferTypeRegisterSetupCallback'.
 7 years ago