aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,928 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '33fca4d4db'
${ noResults }
Commit Graph

14928 Commits (33fca4d4db112b75ffa22eb2e6f14f038cbcc1f9)
 

Author SHA1 Message Date
Jeff Lucovsky f2e2576ff4 file/htp: Add logic for file access 
Set file inspection sizes and marker for use with detect logic when
opening files by name or as part of a range.

Issue: 4145
 2 years ago
Jeff Lucovsky 82b585d202 file: Window and edge adjustments 
Issue: 4145

Adjust edge and window values after considering file size/inspected
values.
 2 years ago
Victor Julien 9ca4ef5dbe detect/engine: minor debug cleaup 2 years ago
Victor Julien 3fb92eec6f detect/mpm: remove useless checks 
The pattern store has already done these checks before.
 2 years ago
Jeff Lucovsky f1ddd310f7 mpm: Use typedef for mpm registration 
Issue: 4145
 2 years ago
Shivani Bhardwaj d4e674b390 rust: fix clippy warnings 2 years ago
Victor Julien 0068b81269 rust: update cargo.lock 2 years ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Juliana Fajardini 53b8defd79 output/alert: add verdict field 
Related to
Bug #5464
 2 years ago
Juliana Fajardini d9c430d73d misc: fix typos & update copyright years 2 years ago
Shivani Bhardwaj 789353bc1e util/mime: skip over any invalid char 
For certain edge case handling for spaces, spaces were handled
particularly in the remainder processing functions. Make sure that now
that as per RFC 2045, util-base64 would skip over any invalid char, the
edge cases in MIME processor also be handled the same way.

This completes the work done in e46b033.

Ticket 6135
Ticket 6207
 2 years ago
Philippe Antoine 60db5e981c http2: do not append data after closing file 
Ticket: #6211

Completes commit 02dece5db5

Once a http2 stream has end of stream flag, we close the file.
If we see new data frames with this stream id, the new_chunk
function should ignore them as the file was already closed.
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
Jeff Lucovsky 0a7ae99e49 config/swf: SWF deprecation warning message 
Issue: 6183

Issue a deprecation warning if SWF decompression is enabled.
 2 years ago
Victor Julien 3e53d5eea4 flow/hash: fix and cleanup key/flow_id getters 
Bug: #6205.
 2 years ago
jason taylor 62170d2fb9 doc: hyperscan information updated 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
jason taylor 19a0b2b0d2 userguide: add details about tcp flow pass 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Victor Julien ce055111fe requirements: use libhtp 0.5.45 2 years ago
Victor Julien 2cac440f7d detect/filemagic: fix thread ctx registration; reloads 
Make sure thread ctx registration happens and id remains correct
in case of reloads.

To do so, move id var into the detect ctx.
 2 years ago
Victor Julien 8417d407be detect: more compact layout of DetectEngineCtx 2 years ago
Victor Julien 377f2d7e1e detect: reduce failure_fatal to bool to save space 2 years ago
Victor Julien fd36459c96 spm: reduce spm_matcher size to uint8_t 
No more space is needed.
 2 years ago
Victor Julien 7d0851b0c2 detect: create more strict rule validation 
Don't allow control characters other than LF, CR, TAB.
 2 years ago
Victor Julien a1401ab81b detect/iponly: fix minor warning with unittest but no debug 2 years ago
Victor Julien 7f822ba053 github-ci: run cocci in fedora 38 2 years ago
Jeff Lucovsky 690b65ae88 detect/byte_math: Permit var name for bytes value 
Issue: 6145

Modifications to permit a variable name to be used for the byte_math
bytes value.
 2 years ago
Jeff Lucovsky fb847d8bb0 detect/byte_math: Use proper index for rvalue var 
Use the proper index for extracting the rvalue variable value.
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 3f118188e9 detect/bytejump: Allow nbytes to be a variable 
Issue: 6105

This commit adds the ability for nbytes to be a variable when used with
the byte_jump keyword.
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Jeff Lucovsky da866356c0 detect/byte_test: Allow nbytes value to be a variable 
Issue: 6144

This commit allows the byte_test keyword to accept an existing
variable name for a value (the value may still be specified directly as
an integer).

All nbytes values are subject to the same value constraints as before
- 23 if included with string
- 8 otherwise
 2 years ago
Lukas Sismis c339e7600a dpdk: improve handling of SOCKET_ID_ANY in DPDK 22.11+ 
Suricata complained that NIC is on different NUMA node than the CPU
thread. However, sometimes DPDK might be unable to resolve NUMA
location and as a result operate with any NUMA node that is available.
Current implementation reported NUMA ID as -1 which could have been
confusing to users.

Ticket: #6115
 2 years ago
Lukas Sismis 2fdc0e497e dpdk: refactor log messages 
Be more consistent with the log message format,
remove some unnecessary device name queries.

Ticket: #6116
 2 years ago
Lukas Sismis 3d54a103d0 dpdk: improve DPDK thread handling 
Ticket: #6106
 2 years ago
Lukas Sismis 5a3ecbde62 doc: update install instructions 
Ticket: #5987
 2 years ago
Jason Ish fa8baa35b1 requirements: suricata-update 1.3.0 2 years ago
Shivani Bhardwaj 49ad38329a util/base64: fix tests for RFC2045 2 years ago
Shivani Bhardwaj c2ae87eecf util/base64: update test macro to use user data 2 years ago
Shivani Bhardwaj 62d782156c util/base64: check dest buf size to hold 3Bytes 
The destination buffer should be able to hold at least 3 Bytes during
the processing of the last block of data. If it cannot hold at least 3
Bytes, then that may lead to dynamic buffer overflow while decoding.
 2 years ago
Shivani Bhardwaj 0e8b451699 util/base64: check for dest buf size in last block 
Just like the check for destination buffer size done previously for
complete data, it should also be done for the trailing data to avoid
goind out of bounds.
 2 years ago
Shivani Bhardwaj 095c335c72 util/base64: fix padding bytes for trailing data 
Padding bytes for the last remainder data should be as follows:

Case   |    Remainder bytes     |    Padding
----------------------------------------------
  I    |              1         |      3
  II   |              2         |      2
  III  |              3         |      1

However, we calculate the decoded_bytes with the formula:
decoded_bytes = ASCII_BLOCK - padding

this means for Case I when padding is 3 bytes, the decoded_bytes would
be 0. This is incorrect for any trailing data. In any of the above
cases, if the parsing was successful, there should at least be 1 decoded
byte.
 2 years ago
Shivani Bhardwaj e46b0337e5 util/base64: skip any invalid char for RFC2045 
RFC 2045 states that any invalid character should be skipped over, this
is the RFC used by mime handler in Suricata code to deal with base64
encoded data.
So far, only spaces were skipped as a part of implementation of this
RFC, extend it to also skip over any other invalid character. Add
corresponding test.
 2 years ago
Shivani Bhardwaj 85ae1d25e4 util/base64: add test for long string w RFC4648 2 years ago
Philippe Antoine fb2fbafed2 http: remove obsolete checks for files 
With libhtp having been improved, Suricata does not need to check
that there is either a response line or HTTP/0.9 as libhtp
will trigger the callbacks only in those cases
 2 years ago
Philippe Antoine 02dece5db5 http2: file tracker is initialized when file is closed 
Ticket: #6130

This avoids quadratic complexity by having http2_range_key_get
looking in a growing number of frames
 2 years ago