aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,994 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '37be66eef9'
${ noResults }
Commit Graph

15994 Commits (37be66eef9471d7b033feecf5330dc03ee7acad7)
 

Author SHA1 Message Date
Victor Julien 37be66eef9 detect/iprep: update function naming 
Bring in line with new Rust code naming for FFI functions.
 1 year ago
Victor Julien 83976a4cd4 detect/iprep: implement isset and isnotset 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

Internally it is implemented outside the uint support.

Ticket: #6857.
 1 year ago
Victor Julien 3e46c51651 reputation: minor cleanup 
No need to init ptrs to NULL after SCCalloc.
 1 year ago
Victor Julien 539ab3a404 detect/iprep: update keyword parser for extendibility 1 year ago
Jason Ish f0dbfe863d misc: prefix functions with SC not Sc 1 year ago
Victor Julien d02054fa31 detect/noalert: point noalert/alert to new doc 1 year ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 1 year ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 1 year ago
Victor Julien d5fb8204b6 detect: implement 'alert' keyword as a companion to 'noalert' 
This can be used to implement alert then pass logic.

Add support for alert-then-pass to alert handling routines.

Ticket: #5466.
 1 year ago
Victor Julien 92581dbc06 detect: set ACTION_ALERT for rules that should alert 
Replaces default "alert" logic and removed SIG_FLAG_NOALERT.

Instead, "noalert" unsets ACTION_ALERT. Same for flowbits:noalert and
friends.

In signature ordering rules w/o action are sorted as if they have 'alert',
which is the same behavior as before, but now implemented explicitly.

Ticket: #5466.
 1 year ago
Victor Julien 8f72a04973 detect/alert: minor loop cleanup 1 year ago
Victor Julien 44e7fdc3ca detect/noalert: minor cleanup 1 year ago
Philippe Antoine d9d5170ec0 websocket: add data frame 
Ticket: 7051
 1 year ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 1 year ago
Juliana Fajardini bb45ac71ef dns: allow triggering raw stream reassembly 
For TCP streams, app proto stream reassembly can start earlier, instead
of waiting and queueing up data before doing so.

Task #7018
Related to
Bug #7004
 1 year ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 1 year ago
Philippe Antoine 0d267e29a5 files: remove the need for state in callbacks 
As files now belong to transactions
 1 year ago
Philippe Antoine e8438fdb58 app-layer: remove unused parameters 1 year ago
Philippe Antoine 5167ff6411 smtp/mime: look for urls in base64 message 
Ticket: 5185

Previously, it was looked for message in plain text, and base64
encoding was only handled for attachments.

This commit also fixes the buffering got such base64 data streamed
into urls finding, by buffering a beginning non-empty line,
and by ensuring that we run extraction on the last line,
even if it had no EOL.
 1 year ago
Philippe Antoine 1c0514c16a dpdk: simplify and fix build 1 year ago
Philippe Antoine 441813aa47 fuzz: build with dependencies on rust and c lib 
So that there is no need to remove the final binary, to recompile
it if there has been changes in the code.
 1 year ago
Philippe Antoine 358bc05fa1 ci: fix and test with Wunused-macros 
Ticket: 6937

Completes ce9bfba76a
 1 year ago
Shivani Bhardwaj de1de53e2f eve/stats: add description for flow mgr & recycler 
Ticket 6434
 1 year ago
Victor Julien 17b32f98d7 doc/userguide: fix rule container typo 
Fixes: 8781e9352a ("doc/userguide: add documentation for SMTP frames")
 1 year ago
Juliana Fajardini 0946c213cd pgsql: trigger raw stream reassembly 
Expose the raw stream earlier to the detection engine, as Pgsql can have
multiple messages per transaction and usually will have a message
complete within one TCP packet.

Bug #7000

Related to
Bug #7026
 1 year ago
Juliana Fajardini 69e26de197 pgsql/logger: open json object from logger function 
Before, the JsonBuilder object for the pgsql event was being created
from the C-side function that actually called the Rust logger.

This resulted that if another module - such as the Json Alert called the
PGSQL logger, we wouldn't have the `pgsql` key present in the log output
- only its inner fields.

Bug #6983
 1 year ago
Victor Julien 8781e9352a doc/userguide: add documentation for SMTP frames 1 year ago
Victor Julien 306fd795c3 smtp/frames: initial frame support 
Adds the following frames:

  command_line
  data
  response_line

The *_line frames are per line, so in multi-line responses each line
will have it's own frame.

Ticket: #4905.
 1 year ago
Victor Julien 2cebc8368c flow-worker: debug output about updates 1 year ago
Victor Julien c17df004ed stream: process ASYNC in packet dir 
There will generally not be an opposing direction to handle
the app update.
 1 year ago
Victor Julien a9dd1572d4 detect/frames: inspect frames only in correct direction 
Inspect frames in the correct direction after they have been created.
 1 year ago
Victor Julien 866c128c43 app-layer: flag flow for next packet in other dir 
Add new flags to trigger FLOW_TS_APP_UPDATED/FLOW_TC_APP_UPDATED flags
to be set for the next packet in the relevant direction.

This allows for app relevant work to be done in the next packet in our
direction.
 1 year ago
Victor Julien 683363b42d detect/frames: avoid IPS rescanning 
Make sure to only scan the data when the app layer has been updated
as well.

Ticket: #6718.
 1 year ago
Victor Julien 2e5e3498a6 app-layer/frames: add by type getter 
AppLayerFrameGetLastOpenByType: Returns the most recent frame with a type
with unknown length (-1).

Check if type is globally enabled first.
 1 year ago
Victor Julien 803e8dd32e frames: add FrameGetLastOpenByType 
Getter for the most recent frame with unknown length (-1).
 1 year ago
Victor Julien c7402d2d01 frames: fix bounds check 1 year ago
Victor Julien 243587805d stream: minor code clarification 
'dir' was too generic, so indicate it's about the app-layer update direction.
 1 year ago
Victor Julien e6c1b9d846 app-layer: minor code clarification 
'dir' was too generic, so indicate it's about the app-layer update direction.
 1 year ago
Philippe Antoine 9332bc2c45 dns: adds missing NS field in json schema 1 year ago
Philippe Antoine 7fb10676e7 dns: remove unneeded mut in logger 1 year ago
Philippe Antoine a10c1f1dde smtp: use rust for mime parsing 
Ticket: #3487
 1 year ago
Philippe Antoine 5f75b9a6e3 http: use rust for mime parsing 
Ticket: #3487
 1 year ago
Philippe Antoine ddb3a0c9de http: multipart unused code removal 1 year ago
Philippe Antoine 8d4699fbba eve/schema: complete and reorder smtp fields 
received and cc were missing
 1 year ago
Philippe Antoine 5555aa6788 mime: improved token parsing 
Accepts escaped quote in escaped string
 1 year ago
Victor Julien 130d75f025 github-action: remove end of life CentOS 8 stream 1 year ago
Victor Julien 1190e426f9 defrag: remove trackers on lookup 
When looking up a tracker, remove any timed out / completed trackers.
 1 year ago
Victor Julien 75b78d7643 defrag: add defrag.memuse counter 
Gives a current snapshot of the memory in use by the defrag engine.
 1 year ago
Victor Julien becc91c306 defrag: timeout check on look up; tag for removal 1 year ago
Victor Julien 83dc703d1f defrag: add various counters 1 year ago