aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,163 Commits
7 Branches
161 Tags
202 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '363b5f99c3'
${ noResults }
Commit Graph

12163 Commits (363b5f99c36fda06f185e446ca28dff6da81fbcc)
 

Author SHA1 Message Date
Philippe Antoine 999327ba1f http2: http.cookie keyword now works for HTTP2 4 years ago
Philippe Antoine df039555bc http2: http.host.raw keyword now works for HTTP2 4 years ago
Philippe Antoine 1e82d0b3c8 http2: http.method keyword now works for HTTP2 4 years ago
Philippe Antoine 017e39d8fd http2: makes all HTTP1 header keywords work 4 years ago
Philippe Antoine 2cadddda89 http2: there is no status msg in HTTP2 
so we revert its detection, mistaken with the status code
 4 years ago
Philippe Antoine 1e96272576 http2: http.stat_code keyword now works for HTTP2 4 years ago
Jeff Lucovsky fcd1ae3bf1 doc: Protocol name/case change for upgrade doc 
This commit adds a one-liner to the upgrade document for 7.0 stating
that protocol names/values are now builtin to Suricata and that names
and their casing may change.
 4 years ago
Jeff Lucovsky e77e8dbe18 proto: Remove dependency on /etc/protocols 
This commit eliminates the dependency on /etc/protocols and equivalent
on other platforms by using a static table of IANA assigned protocol
values (names, description).
 4 years ago
Jason Ish def636383e github-ci: enable hiredis on fedora 33 build 4 years ago
Jason Ish 587c326d73 yaml: treat some unquoted values as null (per spec) 
Per the YAML spec, the following values when present unquoted
should be equivalent to null:
- ~
- NULL
- Null
- null
 4 years ago
Jeff Lucovsky 7fa98cde4d output/redis: Redis threaded output changes 4 years ago
Jeff Lucovsky 8867dcf403 config/plugin: Add template for plugins 4 years ago
Jeff Lucovsky 1defca3c34 output/plugin: Support threaded output plugins 4 years ago
Jeff Lucovsky 05836a4452 output/plugin: API changes for threaded support 
This commit extends the interface to better support file output plugins.
 4 years ago
Simon Dugas 0ed62e93ec doc/modbus: add eve logging documentation 4 years ago
Simon Dugas a8a51dc004 modbus: add eve logging 4 years ago
Simon Dugas 8342641477 modbus: move tests from c to rust 
Move tests in a seperate commit so that we can use the previous one for
regression testing. This also gets rid of the temporary glue that made
the C tests work with the rust implementation.
 4 years ago
Simon Dugas a458a94dca modbus: move from C to rust 
Adds a new rust modbus app layer parser and detection module.

Moves the C module to rust but leaves the test cases in place to
regression test the new rust module.
 4 years ago
Simon Dugas 7c99fe3689 modbus: fix app-layer test cases 
invalidFunctionCode: make protocol id valid since we are only testing
the function code here.

readCoilsErrorRsp: changed to different invalid response code.

ModbusParserTest10: wrong length was passed to AppLayerParserParse.

ModbusParserTest11: allocate the entire buffer.
 4 years ago
Simon Dugas f629321de0 ci: update known rust version 
Update RUST_VERSION_KNOWN to the latest stable known to succeed. Also
updates the documentation to avoid confusion around the use of this
variable.
 4 years ago
Victor Julien 28548b072b travis: remove ci file as we switched to github-ci 4 years ago
frank honza f83d51d0cb ike: set event for multiple server proposals 4 years ago
Jason Ish 488d5fb342 unix-socket: reset to ready state on startup 
As part of commit ea15282f47,
some initialization was moved to happen even in unix socket mode,
however, this initialization does setup some loggers that can only have
one instance enabled (anomaly, drop, file-store).

This will cause these loggers to error out on the first pcap, but work
on subsequent runs of the pcap as some deinitialization is done after
each pcap.

This fix just runs the post pcap-file deinitialization routine to
reset some of the initialization done on startup, like is done after
running each pcap in unix socket mode.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4225

Additionally this prevents alerts from being logged two times
on the first run of a pcap through the unix socket:

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4434
 4 years ago
Jeff Lucovsky 0f0cb5169f decode/vntag: Add VNTag decoder logic 4 years ago
Jeff Lucovsky 596d760833 tests/vntag: VNTAG decoder unittests 4 years ago
Jeff Lucovsky 713bace44f decode/vntag: VNTAG 802.1Qbh decoder 4 years ago
Jeff Lucovsky b944e636a8 decode/stats: VNTAG stats 4 years ago
Jeff Lucovsky 1ddad0a0d6 decode/events: VNTAG decoder events 4 years ago
Jeff Lucovsky 049afde3a2 decode: Add ethertype for VNTAG 4 years ago
Shivani Bhardwaj 0c5a8fb35d github: Update codeowner handle 4 years ago
Philippe Antoine ca6e434e0b ftp: completely parses pasv and epsv responses 4 years ago
Luke Coughlan 7fb56a9075 flow/bypass: Properly set the ICMP emergency-bypassed value 
Currently the ICMP emergency-bypassed value defined in suricata.conf is
overwriting the UDP value rather than correctly setting it for ICMP.
This commit corrects this bug so that the ICMP value can be set as
expected.
 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 4 years ago
Philippe Antoine 6fe8bce3b0 http2: have filecontainer for both directions 4 years ago
Jason Ish d4554ec6bb misc: include queue.h before other headers 
At least on FreeBSD, some other include is including "sys/queue.h"
which results in FreeBSDs /usr/include/sys/queue.h being picked
up and setting __SYS_QUEUE_H__ so our queue.h is not picked up.

But the FreeBSD queue.h does not have the CIRCLEQ definitions. To
fix just include our queue.h first, which also sets __SYS_QUEUE_H__
preventing the system one from being picked up.
 4 years ago
Jason Ish c7f44447c9 dns: remove flood protection purging 
It doesn't look like flood protection is required with the
stateless parser anymore. It actually can get in the way of TCP
DNS when a large number of requests end-up in the same segment
where a TX can get purged before it has a chance to go through
the normal TX life-cycle.
 4 years ago
Jason Ish afaa18c5ad tx: fix unidir tx cleanup 
A unidirection protocol parser should only have its transactions
marked as "skipped" if it is skipped in both the TS and TC
directions, otherwise unidir transactions are always considered
skipped and the cleanup will never updates its minimum id.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/4437
 4 years ago
Jeff Lucovsky fc7a443c3f general: Typo cleanup 4 years ago
Jeff Lucovsky 2c0485ae15 detect/address: Improve support for large addrs 
This commit improves support for large address variables. Without this
commit, address size was fixed at 8196 or less. This commit permits
larger sized address variables.
 4 years ago
Shivani Bhardwaj 089972fd31 applayer: fix test data for a valid DCERPC pkt 4 years ago
Shivani Bhardwaj c663ac6ddd dcerpc/tcp: improve detection 
Lately, some of the TLS data was misdetected as DCERPC/TCP because of
the pattern |05 00|. Add more checks in DCERPC probe function to ensure
that it is in fact DCERPC/TCP.
 4 years ago
Andreas Herz a5f36eccf1 doc: add documentation for rawbytes keyword 4 years ago
Andreas Herz d62616f805 detect-rawbytes: add rawbytes doc help output 4 years ago
Andreas Herz 37789d9189 detect-rawbytes: update to new clang format 4 years ago
Jason Ish 06f58650d6 eve: refactor OutputJsonBuilderBuffer to take context 
All callers of OutputJsonBuilderBuffer are now calling it
using fields from an OutputJsonThreadCtx, so just pass
a pointer to the thread context now.
 4 years ago
Jason Ish 08eee26d27 eve: convert many loggers to use generate thread context 
- mqtt
- dnp3
- smtp
- ike
- dns
- alert
- tls
- anomaly
- drop
- file
- http
- http2
- templates
- dhcp

The idea is to factor out the commom code for setting
up the output file objects, which is repetitive, and
often done wrong when it comes to threading.
 4 years ago
Jason Ish 013becf569 eve: reset buffer in OutputJsonBuilderBuffer 
Reset the buffer here so each caller doesn't need to do it.
 4 years ago
Jason Ish c890f9db63 eve: factor thread context creation/free for reuse 4 years ago
Jason Ish 702f3b3c73 eve: remove duplicate call to LogFileEnsureExists 
Remove duplicate call to LogFileEnsureExists in the generic
eve thread init function.
 4 years ago
Eric Leblond 23b1607d69 github-ci: add ebpf build 
Use Debian 10 to build eBPF.
 4 years ago