suricata

Commit Graph

Author	SHA1	Message	Date
Mats Klepsland	ba857e9739	detect: add tls.certs keyword Add keyword to do "raw" matching on each of the certificates in the TLS certificate sticky buffer. Example: alert tls any any -> any any (msg:"tls.certs test"; tls.certs; \ content:"\|01 02 03 04\|"; sid:1;)	6 years ago
Victor Julien	edae50de94	detect/ssh: fix ssh.protoversion memory leak	6 years ago
Victor Julien	567a7c3cef	detect/ssh: mark old ssh keywords as deprecated	6 years ago
Victor Julien	d623dc4ac0	detect/parse: add flag to indicate keyword is deprecated Issue warning when it is still used.	6 years ago
Victor Julien	b84eba80aa	detect/nfs.version: minor cleanups	6 years ago
Victor Julien	2ea11da230	detect/nfs: add nfs.version	6 years ago
Victor Julien	3299f007f8	detect/dcerpc: add dcerpc.iface Keep dce_iface as an alias.	6 years ago
Victor Julien	cdff1d50b7	detect/dcerpc.opnum: minor code cleanups	6 years ago
Victor Julien	6840e5c7df	detect/dcerpc: add dcerpc.opnum as new name for dce_opnum	6 years ago
Jeff Lucovsky	cc492c50c8	eve/logging: disable anomaly logging by default Disable anomaly logging by default. Networks with excessive issues may experience packet processing degradation.	6 years ago
Philippe Antoine	b6b7778e2d	http: adds event for header repetition	6 years ago
Jason Ish	9d8eb7b5f0	filestore: remove jansson ifdefs Jansson is now required.	6 years ago
Jason Ish	3dc973d4b1	eve/file: remove rust and jansson ifdefs. Both Rust and Jansson are required now.	6 years ago
Jason Ish	42c327adc4	filestore: fix leak in contructing json Use json_array_append_new instead of json_array_append to transfer ownership of the integer object to jansson so it gets freed. Redmine issue: https://redmine.openinfosecfoundation.org/issues/2961	6 years ago
Victor Julien	ddfcf76c57	detect/engine: make DetectAppLayerMpmRegister decprecated	6 years ago
Victor Julien	752bb1c410	detect/dnp3: add dnp3.data with v2 api support Adds MPM support as well. Add TxDetectFlags support to the parser to avoid duplicate matches.	6 years ago
magenbluten	09a21627d5	filestore: fix dropping of unwanted files (Issue #2853 )	6 years ago
Victor Julien	9132e4032a	files: open files with track id only	6 years ago
Victor Julien	3b31bad855	detect/dce_stub_data: add dcerpc.stub_data Also use v2 API for inspect and mpm registration.	6 years ago
Victor Julien	d270a7603a	detect/inspect: add flags to inspect buffer	6 years ago
Victor Julien	32fb7d773a	detect/content-inspect: turn void arg into Packet Replace the 'void data' argument by a 'Packet p' as this was the only user left of the data pointer.	6 years ago
Victor Julien	b7a7517273	detect/dce_stub_data: minor cleanups	6 years ago
Victor Julien	55db6d6fb4	detect/dcerpc: move endian handling from pointer to flags	6 years ago
Victor Julien	b2638f7195	detect/krb5: add krb5.sname and krb5.cname	6 years ago
Victor Julien	aefce4d761	detect/nfs: remove HAVE_RUST guards	6 years ago
Victor Julien	da45d92c54	valgrind: support hyperscan warning Issue on Ubuntu 19.04. ==18655== Conditional jump or move depends on uninitialised value(s) ==18655== at 0x5454603: hs_alloc_scratch (in /usr/lib/x86_64-linux-gnu/libhs.so.5.1.0) ==18655== by 0x3D5C9A: SCHSPreparePatterns (util-mpm-hs.c:707) ==18655== by 0x215FEC: DetectMpmPrepareBuiltinMpms (detect-engine-mpm.c:364) ==18655== by 0x20813A: SigGroupBuild (detect-engine-build.c:1932) ==18655== by 0x21287B: SigLoadSignatures (detect-engine-loader.c:366) ==18655== by 0x35A702: LoadSignatures (suricata.c:2419) ==18655== by 0x35B0DD: PostConfLoadedDetectSetup (suricata.c:2574) ==18655== by 0x35C827: main (suricata.c:2986) https://github.com/intel/hyperscan/issues/148	6 years ago
Victor Julien	15eac12a39	afl: fix compilation	6 years ago
Victor Julien	3ae2edb22a	ftp: fix realloc handling to avoid valgrind warning Bug #2951	6 years ago
Victor Julien	84881bf1b8	detect/file.magic: add sticky buffer Add sticky buffer to inspect file magic. Includes mpm support.	6 years ago
Victor Julien	d78c6ff714	detect/thread: ctx info is allowed to have NULL data	6 years ago
Victor Julien	aa52dfab04	detect/smb: clean up keywords	6 years ago
Victor Julien	d64fbb71ae	detect/file: add file.data, small cleanups	6 years ago
Victor Julien	b5d5389438	detect/ssh: minor --list-keywords improvements	6 years ago
Victor Julien	f246e319b2	detect/http.header.raw: minor cleanups	6 years ago
Victor Julien	a21a7d16bd	detect/http.host.raw: minor cleanups	6 years ago
Victor Julien	0e1d47c87b	detect/http.method: minor cleanups	6 years ago
Victor Julien	bdd8e6152b	detect/http.start: modernize name and code	6 years ago
Victor Julien	cd2e6511c9	detect/http: cleanup http stat *	6 years ago
Victor Julien	84da0376fb	detect/http.host: rename file for consistency	6 years ago
Victor Julien	2b8311beff	detect/http.host: fix --list-keywords output	6 years ago
Victor Julien	0e5c987533	detect/http.uri: fix up --list-keywords output	6 years ago
Victor Julien	19163ca2e1	detect/http: request/response line keyword modernization	6 years ago
Victor Julien	fb2e4e4453	detect/http.header_names: use v2 api and new name	6 years ago
Victor Julien	65039d4acc	changelog: update for 5.0.0-beta1	6 years ago
Victor Julien	63ab296cca	nfs: fix integer underflow Fix int underflow that leads to Rust panic in NFS3 readdirplus parsing. Reported-by: Sirko Höer -- Code Intelligence for DCSO.	6 years ago
Philippe Antoine	316a411b6b	ssl : SSLProbingParser overflow fix Found by fuzzing Fixes ssl detection evasion by packet splitting	6 years ago
Victor Julien	666bb1b6e4	parse/ip: fix potential oob write in ipv4 validation Found using AFL.	6 years ago
Jason Ish	8be4142aaf	dhcp: verify client id len before parsing data Verify that the client id length is at least 2 per the DHCP protocol rfc before parsing the data. Redmine issue: https://redmine.openinfosecfoundation.org/issues/2902	6 years ago
Jason Ish	9d75fdc6ea	rust/ftp: validate port components in passive reponse Make sure they are valid 8 bit integers before combining the two parts into a u16 to prevent an overflow of the u16 return value. Add unit tests to check parsing of invalid ports. Redmine issue: https://redmine.openinfosecfoundation.org/issues/2904	6 years ago
Jason Ish	275e8f280d	rules: add mpls packet too small decoder rule	6 years ago

... 4 5 6 7 8 ...

10027 Commits (2a778e439a41b66b06136a71438dce93bd615448) All Branches Search

10027 Commits (2a778e439a41b66b06136a71438dce93bd615448)

All Branches