aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,108 Commits
7 Branches
161 Tags
177 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2b9603d94d'
${ noResults }
Commit Graph

15108 Commits (2b9603d94ddb0ff1c103ce964f22d8bc63f4392c)
 

Author SHA1 Message Date
Jason Ish 2b9603d94d github-ci: cancel previous builds workflow for branch 
On a push of the same branch, cancel the previous running builds.yml
workflow.
 2 years ago
Jeff Lucovsky 924c59448f bool: Remove TRUE/FALSE 2 years ago
Jeff Lucovsky 36e5792501 debug/bool: Switch use_color to a bool 2 years ago
Jeff Lucovsky 0a716afadc run/bool: Use bool for threading value 2 years ago
Jeff Lucovsky 28c950cef5 htp/bool: Use bool instead of int 2 years ago
Jeff Lucovsky 84b2d665d6 detect/bool: Use bool type for unittests 2 years ago
Jeff Lucovsky 8f2a3ea7be prefilter/bool: Use bool values for is_last 2 years ago
Jeff Lucovsky d2c46110d6 pcap/bool: Use bool type for is_private 2 years ago
Jeff Lucovsky 2016d68f41 stream/bool: Use bool for StreamTcpInlineMode 2 years ago
Jeff Lucovsky 9bd2b7425d general/bool: Change Suricata int to bool 
Change Suricata operational values from int to bool.
 2 years ago
Jeff Lucovsky 051a14acd3 general/bool: Use bool for file support 2 years ago
Jeff Lucovsky 310dcd1dc4 general: Use bool instead of int for condition fns 
This commit changes the conditional logging functions to use bool rather
than int values.
 2 years ago
Comfort Amaechi 491f5dcc31 util-memcmp: Convert unittests to new FAIL/PASS API 
Ticket: #6107
 2 years ago
Sascha Steinbiss d07e7f6862 detect: fix typo 2 years ago
Sascha Steinbiss 0c55fe3515 detect: add mqtt.connect.protocolstring 
Ticket:  OISF#6396
 2 years ago
Victor Julien 68a2fcaad3 mpm: thread ctx cleanups 
Remove unused thread ctx' from AC variants

Use single thread store in detection.

Minor cleanups.
 2 years ago
Victor Julien 3b826fff68 detect/tag: reuse result of previous host lookup 
Minor optimization that could lead to a reduction in host table
lookups if more than one host feature is in use.
 2 years ago
Victor Julien 6b2c33990f doc/userguide: add tag keyword page 
Ticket: #3015.
 2 years ago
Victor Julien 4a02a14df1 doc/userguide: document host table yaml settings 2 years ago
Victor Julien 3cad7cfa56 unittests: free packet using PacketFree 
Update SigTest17 which left a dangling pointer.
 2 years ago
Victor Julien 4a079541b2 detect: fix inspect engine return codes 
Use proper inspect engine codes instead of bool.
 2 years ago
Victor Julien 58c7a438ed detect/flow: optimize only_stream/no_stream options 
Until now the implementation would scan the stream, fallback to the
packet payload in exception cases, then keep track of where the match
was and in the flow match logic reject the match if it was in the wrong
buffer.

This patch simplifies this logic, by refusing to inspect the packet
payload when `only_stream` is set.

To do this the `only_stream`/`no_stream` options are now translated
to the pseudo protocols `tcp-stream` and `tcp-pkt` at parsing, so that
the `flow` keyword doesn't have to evaluate these conditions anymore.
 2 years ago
Philippe Antoine e3cd0d073f http2: app-layer event for userinfo in uri 
Ticket: #6426

as per RFC 9113
":authority" MUST NOT include the deprecated userinfo subcomponent
for "http" or "https" schemed URIs.
 2 years ago
Jeff Lucovsky a46779d866 detect/transform: Clarify transformation validation 
Issue: 6439

Clarify the transform validation step. When a transform indicates that
the content/byte-array is not compatible, validation will stop.

Content is incompatible is some cases -- e.g., following the
to_lowercase transform with content containing uppercase characters.
An alert is not possible since the content contains uppercase and the
transform has converted the buffer into all lowercase.
 2 years ago
Jeff Lucovsky 1110a86cb9 detect/transform: Register case-change transforms 
Issue: 6439
 2 years ago
Jeff Lucovsky 9ee55d2394 doc/transform: Document case-changing transforms. 
Issue: 6439
 2 years ago
Jeff Lucovsky e5c2f9a56d detect/transform: Add case changing transforms 
This commit adds the implementation for the case changing transforms:
to_lowercase and to_uppercase

Issue: 6439
 2 years ago
Jeff Lucovsky ffd559cd8e detect/transform: Add case-change transform constants 
Add the constants for the to_lowercase and to_uppercase transforms

Issue: 6439
 2 years ago
Jeff Lucovsky 6a41843035 detect/tenants: Add tenant context to rule loads 
Issue: 1520

This commit adds the tenant id for context to rule and .config file
loads.
 2 years ago
Jeff Lucovsky 9d8eec453a general: Remove vi formatting directives 2 years ago
Jeff Lucovsky ad96382cf2 output/null: Add the null output device 
This commit adds the null output device; to use, set the filetype
to "nullsink" for each output that should discard and never persist
logs/alerts/etc.

This is implemented as an "internal eve output plugin" just like the
syslog eve output type.
 2 years ago
Ralph Eastwood 9865164e75 napatech: update docs to remove hba reference 2 years ago
Ralph Eastwood 7b0a5dae60 napatech: remove deprecated hba support 2 years ago
Philippe Antoine ab9b6e30b1 detect: adds flow integer keywords 
Ticket: #6164

flow.pkts_toclient
flow.pkts_toserver
flow.bytes_toclient
flow.bytes_toserver
 2 years ago
Philippe Antoine 8c5310aefd doc: quic in eve/schema 
Ticket: #6076
 2 years ago
Victor Julien 2f4027c117 version: start work on 8.0.0 2 years ago
Victor Julien 6bb882c4c0 macset: remove dead flow init/cleanup code 
FlowInit() will only be called on a newly allocated, or a fully cleaned
up flow, so no existing storage will exist.

The only caller of `FLOW_RECYCLE` first calls `FlowFreeStorage()`, so
the reset logic in `FLOW_RECYCLE` can never trigger.

Remove now unused MacSetReset logic.
 2 years ago
daniel zhao de14e3d0b5 detect/flow: fix DETECT_FLOW_FLAG_ESTABLISHED check 
Ticket: #6448
 2 years ago
Victor Julien 741ba51c1e github-ci: Fedora 37 to 39; use packaged cbindgen 2 years ago
Jason Ish 327c629253 outputs: call plugin ThreadDeinit, not Deinit 
With the change to the hash table for tracking threaded loggers, this
call is now called once per thread, so should be changed to the
ThreadDeinit, as that is not longer being called.

Then call Deinit for the primary logger. In threaded mode this would be
the parent, its just the logger in non-threaded mode.

Bug: #6438
 2 years ago
Jason Ish f2b47bb0dc eve: remove some dead code 2 years ago
Philippe Antoine 6249722589 http2: normalize host when there is user info 
Ticket: 6479
 2 years ago
Philippe Antoine b6cd66f41d http2: update brotli crate 
Fixes debug assertion found by oss-fuzz:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63144
 2 years ago
Philippe Antoine 46a46e5b1f http2: event on mismatch between authority and host 
Ticket: #6425
 2 years ago
Philippe Antoine ae72ce77fa detect: parse units for integers 
Ticket: #6423

Especially for filesize, instead of just a number, a signature
can use a number and a unit such as kb, mb or Gb
 2 years ago
Kirjan Kohuladas c8a7204b15 doc/rule-profiling: fix suricatasc typo 2 years ago
Lukas Sismis 5300cb625e privs: refactor SCGetUser/GroupID to void functions 
SCGetUserID/SCGetGroupID either FatalErrored out or
returned zero. As a result, the functions got refactored
into non-returning void functions.
 2 years ago
Lukas Sismis 5b4ba0fe46 privs: hint the user of unset user/group name 
Ticket: #6278
 2 years ago
Victor Julien dc40a139ac packetpool: signal waiter within lock 
Needed for predictable scheduling. From pthread_cond_signal man page:

"The pthread_cond_signal() or pthread_cond_broadcast() functions may
 be called by a thread whether or not it currently owns the mutex that
 threads calling pthread_cond_wait() or pthread_cond_timedwait() have
 associated with the condition variable during their waits; however, if
 predictable scheduling behaviour is required, then that mutex is locked
 by the thread calling pthread_cond_signal() or pthread_cond_broadcast()."
 2 years ago
Victor Julien 087ca49e39 packetpool: return one packet as well on sync now 
If a thread is hitting the packet pool return on a 'sync_now' return
the packet also if it is the first packet since the last flush.

Bug: #6435.
 2 years ago