aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,103 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '37d228dae0'
${ noResults }
Commit Graph

11103 Commits (37d228dae03d66df7c361234c4fd23ac228e26ca)
 

Author SHA1 Message Date
Victor Julien a4568a634d htp: enforce body limits more exact 5 years ago
Victor Julien 0db3ee26d0 eve/alert: convert decoder event logging to jsonbuilder 5 years ago
Victor Julien aa0286d925 eve/anomaly: don't add timestamp twice 
Timestamp is added unconditionally by CreateEveHeader(), so no need
to have a local timestamp in case of non-IP packets.
 5 years ago
Victor Julien bd3fdeb53f eve/alert: clean up decoder event logging 5 years ago
Victor Julien b3b5802c85 eve/nfs: switch output to jsonbuilder 5 years ago
Giuseppe Longo cb7e72e602 jsonbuilder: fix build error 
Clang's build in travis-ci is actually failing because of this error:

output-json-alert.c:476:40: error: missing field 'state_index' initializer

      [-Werror,-Wmissing-field-initializers]

            JsonBuilderMark mark = { 0 };
 5 years ago
Jason Ish a77662bdbf userguide: remove old drop-log documentation 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 5 years ago
Jason Ish e26718aea3 drop-log: remove drop log (deprecated) 
Remove the old style line based drop log.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2381
 5 years ago
Jason Ish 8997a114cb userguide: RDP now enabled by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255
 5 years ago
Jason Ish 6ce9b2972b rdp: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3255
 5 years ago
Jason Ish 3eb0461abd userguide: SIP now enabled by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3256
 5 years ago
Jason Ish 5a7ba62493 sip: enable by default 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3256
 5 years ago
Phil Young 3ccd44b144 Napatech: Fix network byte order when comparing addresses 
This fixes an issue where the "endieness" was not properly accounted for
when comparing two IPv4 addresses to be sorted.
 5 years ago
Phil Young d1d09ecfa8 Napatech: Change to use separate FlowStream handle for each thread 
Previously a single handle to the FlowStream (which is  used to program
flows to the card) was shared between the threads.  This resulted
in contention between the threads where sometimes programming the flow would
silently fail.
 5 years ago
Victor Julien d0526e71c0 doc/userguide: add IPS with BPF info, minor cleanups 5 years ago
Victor Julien bd70e0e621 eve: print interface info for vxlan and other tunnel pkts 5 years ago
Jason Ish 7d22993a8f github-ci: allow pull-request to be referenced in pr body 
For example, to use suricata-verify pr #239:

suricata-verify-pr: 239

Also update the pull request template to contain the available
parameters that can be set.
 5 years ago
Jason Ish 36d687580a rfb/eve: convert to jsonbuilder 5 years ago
Jason Ish 49f7dc93bd smtp/eve: convert to jsonbuilder 5 years ago
Jason Ish 60bfbd43fd jsonbuilder: add reset marks 
Add methods to get the state of a JsonBuilder (called a mark),
then allow restoring to the mark.
 5 years ago
Jason Ish 7803a9ac40 anomaly/eve: convert to jsonbuilder 5 years ago
Jason Ish 037c449b85 tls/eve: convert to jsonbuilder 5 years ago
Jason Ish be8fa5da43 http/eve: remove jansson version of metadata logger 
With fileinfo converted over to JsonBuilder, these
Jansson versions are no longer needed.
 5 years ago
Jason Ish fb7ee888bc fileinfo-filestore/eve: convert to jsonbuilder 5 years ago
Jason Ish 0ec7d2ff66 fileinfo: use addr info cache for address logging (jsonbuilder prep) 
This is to prepare for JsonBuilder conversion where we can't
overwrite an already set value. Here we prepare the addresses
to be logged in a struct, overwite with XFF if needed, then
log.
 5 years ago
Jason Ish 6ba93d905f http/eve: convert to jsonbuilder 5 years ago
Jason Ish baf2723757 flow/eve: convert to jsonbuilder 5 years ago
Jason Ish ddb22549be rust: allow some clippy lints without warning 
Suppresses some clippy lints that have more to do with style
than anything else, to reduce the amount of noise in the
clippy output.
 5 years ago
Jason Ish 03cf3dcd6d dns/eve: convert to jsonbuilder 5 years ago
Jason Ish 6a70d6bb6e sip/eve: convert to jsonbuilder 5 years ago
Jason Ish e9a3415fc2 dhcp/eve: add common eve fields 
Add the common eve fields like metadata and community id.
 5 years ago
Jason Ish deed0541bb dhcp/eve: convert to jsonbuilder 5 years ago
Jason Ish 30cc373b7f alert/eve: convert to jsonbuilder 
Convert alert Eve logging JsonBuilder. Currently
makes heavy use of JsonBuilder being able to log Jansson's json_t
which is a temporary measure until all protocols loggers can be
converted to JsonBuilder.

New functions that replace Jansson versions with JsonBuilder
variations use "Eve" instead of "JSON".
 5 years ago
Jason Ish 942dd08654 jsonbuilder: new module for generating json 
JsonBuilder is a Rust module for creating JSON output. Unlike
Jansson, the final JSON string is built up as items are added,
instead of building up an object tree and rendering it when
done.

The idea is to create a more efficient JSON serializer instead
of a flexible one.
 5 years ago
Jason Ish c1f4edc434 rust: bring back libc as a dependency 
Its already pulled in by some of other dependencies so adds zero
extra weight, and provides handy definitions for basic functions
like free().
 5 years ago
Jason Ish 5513b4ed0b rust/json: expose libjansson json_dumps 
This will be temporarily used by JsonBuilder to add the ability
to extend JsonBuilder with Jansson's json_t types.
 5 years ago
Jason Ish 5e1b44ac71 alert/eve: use addr info struct for source/target (jsonbuilder prep) 
Update the source/target logging to use the cached address info
instead of fetching it from the constructed json_t object.

This is required for migration to JsonBuilder which does not
have the ability to retrieve already set fields.
 5 years ago
Jason Ish 5ab673aee2 flow/eve: separate flow and app_proto logging (jsonbuilder prep) 
Currently the flow logger also logs app_proto information,
but not to the flow object, but instead to the root object
of the log record.

Refactor into 2 separate methods, one for the app_proto
and one for the flow, to make this more clear, as well
as make it easier to refactor for JsonBuilder as JsonBuilder
can only write to the currently open object.
 5 years ago
Jason Ish 99f460aa5a eve/fivetuple: use intermediate address struct (jsonbuilder prep) 
Currently alert logging relies on the ability to change existing
values in the json_t structure to overwrite addresses with xff
data. This feature is also used for the "target" logging.

As we can't do this with JsonBuilder, create a new struct to
hold the 5 tuple, with the values swapped as needed, and
overwritten with XFF data if needed. This struct will now
be used to write out the 5 tuple, as well as cache the information
for log fields to be written out later on in the log path.
 5 years ago
Jason Ish cc4f9d7f3d alert/eve: remove jansson specific feature (jsonbuilder prep) 
Remove the Jansson specific feature of being able to delete
an object from json_t, in prep for refactors to JsonBuilder.

Instead create a new header for each alert to be logged.
 5 years ago
Jason Ish f4f1fdbf86 alert/eve: move logging of rule text (jsonbuilder prep) 
Move the logging of the rule text to where the alert object
is being logged to remove the usage of json_object_get...

Getting previously logged objects will not be possible with
JsonBuilder.
 5 years ago
Victor Julien f8f2a2bbc0 detect/pcre: set app proto correctly when using modifiers 5 years ago
Victor Julien 9fd56e8430 detect/pcre: minor code cleanups 5 years ago
Victor Julien de6c9b9441 detect: clarify and slightly cleanup non-pf logic 5 years ago
Victor Julien 5acfdfcc76 flow/manager: fix management tasks not running 
Fix tasks not running on the first manager, even if there is just
a single manager.
 5 years ago
Victor Julien 9fd326b6c0 ssh: minor cleanups in incomplete handling 5 years ago
Victor Julien 3a2434ed4d app-layer: support Copy and Clone traits in AppLayerResult 5 years ago
Victor Julien b0288da686 app-layer: add methods to get status from AppLayerResult 5 years ago
Philippe Antoine 6373071aa3 ssh: handles incomplete record after banner 
To signal incomplete data, we must return the number of
consumed bytes. When we get a banner and some records, we have
to take into account the number of bytes already consumed by
the banner parsing before reaching an incomplete record.
 5 years ago
Eric Leblond ae5650d443 magic: get rid of global lock 
Global magic context was involving a lock that appear to be really
costly for some traffic.
 5 years ago