aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,165 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1e8d4af29a'
${ noResults }
Commit Graph

11165 Commits (1e8d4af29afa1dd8e1765f19ab1ceca0d897f031)
 

Author SHA1 Message Date
Jeff Lucovsky a0b81b3c9d detect: Register pcrexform 
This commit registers the `pcrexform` transform.
 5 years ago
Jeff Lucovsky 66d15710b8 transform/pcrexform: Add pcrexform source files 5 years ago
Jeff Lucovsky c1875d8532 detect/pcrexform: New transform: applies RE 
This commit adds a new transform -- pcrexform -- that applies a regular
expression to the transformation buffer. If an expression was captured,
that is output to the transformation buffer. Otherwise, the
transformation buffer is unchanged.
 5 years ago
Jeff Lucovsky c8eca52804 detect: Add constant for new transform 
This commit adds the definition of the new `pcrexform` transform.
 5 years ago
Jeff Lucovsky 5d10db88bc detect/transform: Support transform options 
This commit adds support for transform-specific options. During Setup,
transforms have the signature string available for options detection.
When a transform detects an option, it should convert the option into an
internal format and supply a pointer to this format as the last argument
to DetectSignatureAddTransform.

Transforms that support options must provide a function in their
Sigmatch table entry. When the transform is freed, a pointer to the
internal format of the option is passed to this function.
 5 years ago
Jeff Lucovsky b569670c33 general: Correct typos 5 years ago
Jeff Lucovsky 4407cf8979 general: Update copyright year 5 years ago
Emmanuel Thompson be3379f00e detect/asn1: Fix relative_offset keyword option 
- Fix relative_offset keyword option to be relative in regards to the
last content match
- Change relative_offset to int32_t with bounds check to allow the full
range of the packet buffer size (uint16_t)
- Added checks for over/underflows
- Changed the offset type to uint16_t because the offset is applied to
the payload length, which is a uint16_t
- Adjusted test cases to work relative to the content match
- Added test case to verify bounds
 5 years ago
Eric Leblond f5e2968f12 redis: ensure a dump per second 
In sync mode, Suricata was waiting to have batch size alerts before
logging them. This was introducing delay in some configuration with
low traffic.
 5 years ago
Eric Leblond ec8eba28a8 redis: fix reconnect in batch mode 
In case of redis outage, the redis session was reset but the replies
were still fetch even if there is none replies in the new session.
 5 years ago
Eric Leblond 025de61f43 redis: add support for unix socket 
If there is a '/' in the redis server string then we consider that
the connection should be done other a unix socket.
 5 years ago
Joshua Lumb 82fb72678f cmdline: --list-app-layer-protos respects -c arg 5 years ago
Victor Julien a4568a634d htp: enforce body limits more exact 5 years ago
Victor Julien 0db3ee26d0 eve/alert: convert decoder event logging to jsonbuilder 5 years ago
Victor Julien aa0286d925 eve/anomaly: don't add timestamp twice 
Timestamp is added unconditionally by CreateEveHeader(), so no need
to have a local timestamp in case of non-IP packets.
 5 years ago
Victor Julien bd3fdeb53f eve/alert: clean up decoder event logging 5 years ago
Victor Julien b3b5802c85 eve/nfs: switch output to jsonbuilder 5 years ago
Giuseppe Longo cb7e72e602 jsonbuilder: fix build error 
Clang's build in travis-ci is actually failing because of this error:

output-json-alert.c:476:40: error: missing field 'state_index' initializer

      [-Werror,-Wmissing-field-initializers]

            JsonBuilderMark mark = { 0 };
 5 years ago
Jason Ish a77662bdbf userguide: remove old drop-log documentation 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 5 years ago
Jason Ish e26718aea3 drop-log: remove drop log (deprecated) 
Remove the old style line based drop log.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 5 years ago
Jason Ish 8997a114cb userguide: RDP now enabled by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255
 5 years ago
Jason Ish 6ce9b2972b rdp: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255
 5 years ago
Jason Ish 3eb0461abd userguide: SIP now enabled by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3256
 5 years ago
Jason Ish 5a7ba62493 sip: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3256
 5 years ago
Phil Young 3ccd44b144 Napatech: Fix network byte order when comparing addresses 
This fixes an issue where the "endieness" was not properly accounted for
when comparing two IPv4 addresses to be sorted.
 5 years ago
Phil Young d1d09ecfa8 Napatech: Change to use separate FlowStream handle for each thread 
Previously a single handle to the FlowStream (which is  used to program
flows to the card) was shared between the threads.  This resulted
in contention between the threads where sometimes programming the flow would
silently fail.
 5 years ago
Victor Julien d0526e71c0 doc/userguide: add IPS with BPF info, minor cleanups 5 years ago
Victor Julien bd70e0e621 eve: print interface info for vxlan and other tunnel pkts 5 years ago
Jason Ish 7d22993a8f github-ci: allow pull-request to be referenced in pr body 
For example, to use suricata-verify pr #239:

suricata-verify-pr: 239

Also update the pull request template to contain the available
parameters that can be set.
 5 years ago
Jason Ish 36d687580a rfb/eve: convert to jsonbuilder 5 years ago
Jason Ish 49f7dc93bd smtp/eve: convert to jsonbuilder 5 years ago
Jason Ish 60bfbd43fd jsonbuilder: add reset marks 
Add methods to get the state of a JsonBuilder (called a mark),
then allow restoring to the mark.
 5 years ago
Jason Ish 7803a9ac40 anomaly/eve: convert to jsonbuilder 5 years ago
Jason Ish 037c449b85 tls/eve: convert to jsonbuilder 5 years ago
Jason Ish be8fa5da43 http/eve: remove jansson version of metadata logger 
With fileinfo converted over to JsonBuilder, these
Jansson versions are no longer needed.
 5 years ago
Jason Ish fb7ee888bc fileinfo-filestore/eve: convert to jsonbuilder 5 years ago
Jason Ish 0ec7d2ff66 fileinfo: use addr info cache for address logging (jsonbuilder prep) 
This is to prepare for JsonBuilder conversion where we can't
overwrite an already set value. Here we prepare the addresses
to be logged in a struct, overwite with XFF if needed, then
log.
 5 years ago
Jason Ish 6ba93d905f http/eve: convert to jsonbuilder 5 years ago
Jason Ish baf2723757 flow/eve: convert to jsonbuilder 5 years ago
Jason Ish ddb22549be rust: allow some clippy lints without warning 
Suppresses some clippy lints that have more to do with style
than anything else, to reduce the amount of noise in the
clippy output.
 5 years ago
Jason Ish 03cf3dcd6d dns/eve: convert to jsonbuilder 5 years ago
Jason Ish 6a70d6bb6e sip/eve: convert to jsonbuilder 5 years ago
Jason Ish e9a3415fc2 dhcp/eve: add common eve fields 
Add the common eve fields like metadata and community id.
 5 years ago
Jason Ish deed0541bb dhcp/eve: convert to jsonbuilder 5 years ago
Jason Ish 30cc373b7f alert/eve: convert to jsonbuilder 
Convert alert Eve logging JsonBuilder. Currently
makes heavy use of JsonBuilder being able to log Jansson's json_t
which is a temporary measure until all protocols loggers can be
converted to JsonBuilder.

New functions that replace Jansson versions with JsonBuilder
variations use "Eve" instead of "JSON".
 5 years ago
Jason Ish 942dd08654 jsonbuilder: new module for generating json 
JsonBuilder is a Rust module for creating JSON output. Unlike
Jansson, the final JSON string is built up as items are added,
instead of building up an object tree and rendering it when
done.

The idea is to create a more efficient JSON serializer instead
of a flexible one.
 5 years ago
Jason Ish c1f4edc434 rust: bring back libc as a dependency 
Its already pulled in by some of other dependencies so adds zero
extra weight, and provides handy definitions for basic functions
like free().
 5 years ago
Jason Ish 5513b4ed0b rust/json: expose libjansson json_dumps 
This will be temporarily used by JsonBuilder to add the ability
to extend JsonBuilder with Jansson's json_t types.
 5 years ago
Jason Ish 5e1b44ac71 alert/eve: use addr info struct for source/target (jsonbuilder prep) 
Update the source/target logging to use the cached address info
instead of fetching it from the constructed json_t object.

This is required for migration to JsonBuilder which does not
have the ability to retrieve already set fields.
 5 years ago
Jason Ish 5ab673aee2 flow/eve: separate flow and app_proto logging (jsonbuilder prep) 
Currently the flow logger also logs app_proto information,
but not to the flow object, but instead to the root object
of the log record.

Refactor into 2 separate methods, one for the app_proto
and one for the flow, to make this more clear, as well
as make it easier to refactor for JsonBuilder as JsonBuilder
can only write to the currently open object.
 5 years ago