aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,690 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '32f23b6d2f'
${ noResults }
Commit Graph

15690 Commits (32f23b6d2f71a289e78e67b9121dfa661c78aef3)
 

Author SHA1 Message Date
Sascha Steinbiss 32f23b6d2f suricata: initialize feature tracking earlier 
This gives app layer code a chance to access feature
information.
 1 year ago
Jeff Lucovsky c305ed149c flow/inject: Select thread_id by flow flag 
Issue: 6957

Rather than selecting the thread_id index by packets traveling to the
server, use the flow flags. If the flow has been reversed, the second
slot is represents the thread id to be used.
 1 year ago
Victor Julien 516441b600 decode/ppp: add missing types definitions 
Recognize PPP_CCP, PPP_CBCP and PPP_COMP_DGRAM.

Does not implement decoders for these record types, so these
are logged as unsupported types. Was "wrong_type" before.
 1 year ago
Victor Julien 7e3f071e49 decode/ppp: clean up ppph pointer use 
No users of the pointer anymore, so remove it.
 1 year ago
Victor Julien 6067955afd decode/ppp: remove ppph check in favor of flag 
As we now support variable size headers, we can't use the old pointer.

Replace with a flag.
 1 year ago
Victor Julien 68092ff33c decode/ppp: support different header formats 
Support compressed proto and optional HDLC header.

Bug: #6942.
 1 year ago
Philippe Antoine bd3bed6c31 detect/analyzer: add more details for tcp_mss 
Issue: #6355
 1 year ago
Philippe Antoine 49caf005a4 detect/analyzer: create tojson function for generic integers 
As will be needed for tcp.mss
 1 year ago
Philippe Antoine 784ce30ae1 util: remove unused bloom filter code 
Ticket: 4083
 1 year ago
Philippe Antoine b113bdd9e3 src: remove unused headers-exported functions 
+ remove double definition of IPPairLock

Ticket: #4083
 1 year ago
Jeff Lucovsky 2dfa4cecb5 stats: Memcap pressure max relocation 
This commit moves the memcap pressure/pressure_max stats from the global
stats namespace into the memcap namespace.

With per-thread stats, they will be within the flow-manager's values.

Issue: 6398
 1 year ago
Jeff Lucovsky 7a5a1e2560 doc: Describe noalert keyword 
Issue: 6685
 1 year ago
Philippe Antoine 3643b6ed4b output: generic simple tx json logger 
Ticket: 3827
 1 year ago
Philippe Antoine 688efe79f0 output/dns: do not add empty app-layer metadata 1 year ago
Philippe Antoine 74aa80022c output/dnp3: restrict function scope to one file 1 year ago
Victor Julien 76322368ed pcap: support LINKTYPE_IPV6 (229) 
This is just another variant of DLT_RAW.

Ticket: #6943.
 1 year ago
Victor Julien 49c67b2bb1 defrag: fix wrong datalink being logged 
Eve's packet_info.linktype should correctly indicated what the `packet`
field contains. Until now it was using DLT_RAW even if Ethernet or other
L2+ headers were present.

This commit records the datalink of the packet creating the first
fragment, which can include the L2+ header data.

Bug: #6887.
 1 year ago
Juliana Fajardini 72146b969c eve/stats: allow hiding counters whose valued is 0 
Some stats can be quite verbose if logging all zero valued-counters.
This allows users to disable logging such counters. Default is still
true, as that's the expected behavior for the engine.

Task #5976
 1 year ago
Lukas Sismis 10590e6d94 dpdk: support 52 byte long key on ice (E810) cards 1 year ago
Lukas Sismis d4085fceb6 dpdk: enlarge key length to 52 bytes 1 year ago
Philippe Antoine 365a66ac1c ci: clean some disk space to run CIFuzz again 1 year ago
Jason Ish 1657b6ff3c cargo: add description and license 
Required for publishing to crates.io.
 1 year ago
Jason Ish b9127e8b96 automake/rust: remove path.lib 
Remove the path.lib parameter that is substituted into the output
Cargo.toml by autoconf. Instead, as part of the build, "cd" into the
source directory. We already set the Rust target directory to the
external build directory.

This makes the Cargo.toml more generic, and in a format suitable for
publishing to crates.io. It also makes it easier to pull in external
crates without needing to patch up their Cargo.toml, for example, it
might make pulling libhtp-rs easier.
 1 year ago
Victor Julien 172775ed84 alert/syslog: fetch ipproto once 1 year ago
Victor Julien 7ad1a6b21b alert/syslog: stringify addresses outside alert loop 1 year ago
Victor Julien 291250f705 alert/syslog: minor code cleanups 1 year ago
Victor Julien 285fda5de8 alert/syslog: only hold lock for syslog call 1 year ago
Juliana Fajardini 172b55c547 log/stats: allow longer counter names 
With the addition of exception policy stats counters, the human readable
version of the sats log was mis-aligned, when counters for per-app-proto
were enabled.

Width change made large enough to accomodate a counter as long as
"app_layer.error.bittorrent-dht.exception_policy.pass_packet" which
could be valid.

Task #5816
 1 year ago
Juliana Fajardini 0f6dbf650e yaml: minor wording fix on Suricata package version 1 year ago
Juliana Fajardini 8defee93b2 yaml: explicitly mention exception policy in conf 
While our documentation indicated what were the possible configuration
settings for exception policies, our yaml only explicitly mentioned
exception policy for the master switch. Clearly indicate which config
settings are about exception policies.

Related to
Task #5816
 1 year ago
Juliana Fajardini 514e8b8b04 userguide: document exception policy stats 
Configuration options and defaults, existing counters etc.

Related to
Task #5816
 1 year ago
Juliana Fajardini 94b111283d userguide: highlight exception policy effects 
Some exception policies can only be applied to entire flows or
individual packets, for some exception scenarios. Make this easier to
read, in the documentation.

Related to
Task #5816
 1 year ago
Juliana Fajardini caf590d51f stream/midstream: add counter for exception policy 
Add stats counters for when there is an exception policy applied in case
of a session picked up midstream.

Task #5816
 1 year ago
Juliana Fajardini fd9a20ffcf stream/reassemble: add exception policy counters 
Add stats counters for exception policies applied in case of memcap hit
during stream reassembly.

Task #5816
 1 year ago
Juliana Fajardini 2dee3772bf stream/tcp: add ssnmemcap exception policy counter 
Add stats counters for exception policies applied in case a stream
session memcap is hit.

Task #5816
 1 year ago
Juliana Fajardini a71ace8575 applayer: add stats counters for exception errors 
Add stats counters for exception policy are applied for app-layer errors

Part of
Task #5816
 1 year ago
Juliana Fajardini 485c0e1d9a defrag: add exception policy memcap stats counters 
Add defrag memcap stats counter.

Task #5816
 1 year ago
Juliana Fajardini 657419b53e decode/flow: add exception policy stats counters 
We will register stats counters for all policies, even though for now
Suri only uses one possible configuration policy at a time. The idea is
that this could change in the near future, so we want to have this
ready.

Task #5816
 1 year ago
Juliana Fajardini c2c8cdb78a exceptions: make types and ToStr fns more accessible 
Decode file needed ExceptionPolicy types and exception-policy file
needed Decode types, rendering some works quite difficult to work
around.

ExceptionPolicyToStr is useful for registering exception policy
counters, so make that public.

Part of
Task #5816
 1 year ago
Juliana Fajardini ce001d8eae schema: apply clang formatting changes 1 year ago
Juliana Fajardini 112f5cc0ad app-layer/htp: clean up unused code in unittests 
Remove unit test that was disabled and printf statements that were
replaced but not deleted, both in 48cf0585fb.
 1 year ago
Juliana Fajardini cea917c38c app-layer: fix minor typo and formatting in LogInfo 
Also update copyright years.
 1 year ago
Daniel Olatunji d9148d1023 detect/analyzer: add more details for tcp_seq 
Log the matched Sequence number of a packet
Issue: 6353
 1 year ago
Lukas Sismis e54084fa87 dpdk: implement DPDK SW tests 
Implement Github CI tests to run DPDK Suri with the minimal
configuration to verify that Suricata can start in both IDS
and IPS configuration.
 1 year ago
Lukas Sismis 28ac3c2097 dpdk: fix thread slot assignment 
Commit 5592ec07 introduced a bug where ptv->slot was
assigned with the current one instead of the next one
in the list. This caused a Suricata crash in the DPDK mode.

Ticket: 6877
 1 year ago
Lukas Sismis 3fdcf7fbe4 dpdk: make static variables thread_local 
Per a newly obtained knowledge, static variables in functions
are not thread-safe and as a result thread_local attribute was
added.
 1 year ago
Lukas Sismis 78313100a4 ci: bump up the DPDK versions 1 year ago
jason taylor 7de16809ef doc: update http keyword listing order 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 8b3db3c3b5 doc: update file.name keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago
jason taylor 49dba7bb94 doc: update file.data keyword information 
Ticket: 3025

Signed-off-by: jason taylor <jtfas90@gmail.com>
 1 year ago