aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,312 Commits
8 Branches
159 Tags
193 MiB
dependabot/github_actions/github/codeql-action-3.29.2
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3b8ed937d7'
${ noResults }
Commit Graph

15312 Commits (3b8ed937d723d553c0ff486b4ba28a2b14beed06)
 

Author SHA1 Message Date
Victor Julien 3b8ed937d7 detect: remove DCERPC mask logic 
Added nothing over alproto check already in place.
 2 years ago
Victor Julien 44a8bf463e detect/rule-header: use bool type 
Update frame prototype as well, to match already returned true/false values.
 2 years ago
Victor Julien 72841be050 detect/rule-header: minor code cleanups 2 years ago
Victor Julien 5c6089f93f detect/address: refactor match array building 2 years ago
Victor Julien 7b2d6b6894 detect/address: minor cleanup 2 years ago
Victor Julien 96aee6434f mpm/ac: pointer hygene 2 years ago
Victor Julien aad403d87d mpm/hs: improve pointer hygene 2 years ago
Victor Julien 11bf60aa3a detect/mpm: minor cleanup 2 years ago
Victor Julien db2484276e detect: shrink sgh to have all runtime members on one cache line 2 years ago
Victor Julien 91f153fb1d detect: constify flow flags in tx rule inspect 2 years ago
Victor Julien e4550bee0a detect: minor cleanup for rule group get function 2 years ago
Victor Julien fd4ca53eb7 app-layer: micro optimization for AppProtoEquals 
Add most common condition first.
 2 years ago
Victor Julien 88cc999184 detect/bsize: constify keyword args during size check 2 years ago
Victor Julien e06d2c402a detect/content: limits prop comment cleanup 2 years ago
Victor Julien 4f0f7b1969 detect/dsize: minor code cleanup 2 years ago
Victor Julien 2b3ec34de8 detect: use do { } while loop for app engine loop 2 years ago
Victor Julien 2911656d6c detect/content: fix offset for negative distance 
Fix offset calculation on sigs with negative distance. Can lead to FN
in certain cases.

Bug: #6661.
 2 years ago
Victor Julien 18eafb622f detect/content-inspect: add more tests 2 years ago
Victor Julien 0172c01dc2 spm/bm: minor code cleanups; constification 2 years ago
Victor Julien 4a6a3dc296 mpm: UNITTESTS guard for RegisterUnittests func 2 years ago
Victor Julien ea5cf44fc2 mpm: remove unused flags field 2 years ago
Victor Julien 4558c5c515 detect/http_server_body: modernize test 2 years ago
Victor Julien bd66504a43 detect: implement --qa-skip-prefilter 
Option meant for testing performance of rule engine w/o prefilter
optimizations.
 2 years ago
Victor Julien 222dcf776e detect/content-inspect: add negation tests 
Test mixing of negation, endswith and depth.
 2 years ago
Victor Julien fd75aca1a1 detect/bytetest: remove unused Match function 
All matching is done as part of content inspection.
 2 years ago
Victor Julien f2e9c258c4 detect/pcre: remove unused match member 
pcre2_match_data is created per thread when needed.
 2 years ago
Victor Julien 3e8db97687 detect/bytemath: fix u32 buffer size logic 
Remove u16 cast. Remove debug assert for u16 size.

In 83ed2c3b97 the input was changed to
u32
 2 years ago
Victor Julien eca6639a82 detect/pcre: localize match limit option parsing 
No need to put it into a per ctx flag.
 2 years ago
Victor Julien 18dfa69364 detect/pcre: remove unused opts field 2 years ago
Victor Julien 9dc35fbd00 detect/pcre: put commonly used members on first cache line 2 years ago
Victor Julien e3f2b3418a detect/content-inspect: use of replace keyword is rare 
Hint compiler about this.
 2 years ago
Victor Julien bcb2b50cfc detect/profiling: improve pcap reading performance 
When reading a pcap, packet time can move much faster than wall
clock time. This would trigger many more profile syncs than before.

As the sync is using a lock to synchronize with other threads, this
is an expensive operation.

Bug: #6619.

Fixes: b591813b86 ("profiling/rules: reduce sync logic scope")
 2 years ago
Juliana Fajardini 8d3de85edd pgsql: fix u16 overflow in query data_row 
Found by oss-fuzz with quadfuzz.

Cf https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=63113

According to PostgreSQL documentation the maximum number of rows can be
the maximum of tuples that can fit onto max u32 pages - 4,294,967,295 (cf
https://www.postgresql.org/docs/current/limits.html). Some rough
calculations for that indicate that this could go over max u32, so
updating the data_row data type to u64.

Bug #6389
 2 years ago
Philippe Antoine 4933b817aa doc: fix byte_test examples 
As this keyword has 4 mandatory arguments, and some examples
had only three...

Ticket: 6629
 2 years ago
Juliana Fajardini a37fa62710 devguide: explain example-rule container usage 
Have these options documented, so that whoever writes rule-related
documentation can easily know what they could use to make the doc look
better.
 2 years ago
Philippe Antoine d3218385e9 detect: case-insensitive comparison for requires 
Ticket: 6656
 2 years ago
Philippe Antoine 673d13d445 rust: allow clippy::items_after_test_module 
As clippy began to complain about jsonbuilder.rs
 2 years ago
Juliana Fajardini fc2acf8cb0 devguide: fix main channels list 
Sphinx and RtD sometimes render lists in weird ways. The communication
channels list barely looked like one, at all...
 2 years ago
Juliana Fajardini d15877b2c0 devguide: update branches, refer to backports guide 
Update the list of active branches to include 7 renaming and new master,
link to backports document.
 2 years ago
Juliana Fajardini 9fbdfd219c devguide: add chapter with backports guide 
Task #6568
 2 years ago
Juliana Fajardini de8bffd244 devguide: doc from behavior changes needs ticket # 
If a commit introduces code that changes Suricata behavior, the related
documentation changes should go in a separate commit, but refer to the
same ticket number.
This reduces the chances of said changes being lost if there are backports
while still keeping the backporting process a bit less bulky, for each
commit.

Related to
Task #6568
 2 years ago
Juliana Fajardini 71e4ca81ef devguide: reorganize pr-workflow section 
This section seemed to aim both at PR reviewers and PR authors at the
same time, even though some info is probably of low value for
contributors.

Created new section for PR reviewers and maintainers, and kept the info
for PR authors separated. Also highlighted information on requested
changes and stale PRs.
 2 years ago
Juliana Fajardini 08eb67f74c devguide: make 'contributing' a chapter 
This could be justified from a semantic point of view, and also can help
in bringing more attention to where this information is, as it is less
hidden, now.

Also add Dev Guide as one of our resources in our Readme.
 2 years ago
Jeff Lucovsky f12e026696 mqtt: Move conf code to rust 
Issue: 6387

This commit moves the configuration logic to Rust.
 2 years ago
Jason Ish b453eea150 stats: add rules skipped 
Rule skipped is a count of the number of rules that are skipped due to
missing requirements.

Feature: #6637
 2 years ago
Jason Ish 5cc872fa1a rust.h: don't include util-file.h, not needed 2 years ago
Jason Ish 71bbba9248 detect-parse: parse sid in pre-scan 
During the pre-scan for "requires", also parse the SID if possible. If
the rule fails high level parsing (syntax), the SID will not be
parsed.

But every keyword other than "sid" and "requires" should expect to be
provided with a parsed sid.
 2 years ago
Jason Ish 435c03172e requires: pre-scan rule for requires expressions 
Add a "pre-scan" rule parse that will check for requires statement. It
will return a special error code (-4) if the requires fails due to
missing requirements.

Syntactic errors will also abort parsing here.

Feature: #5972
 2 years ago
Jason Ish 5d5b0509a5 requires: add requires keyword 
Add a new rule keyword "requires" that allows a rule to require specific
Suricata versions and/or Suricata features to be enabled.

Example:

  requires: feature geoip, version >= 7.0.0, version < 8;
  requires: version >= 7.0.3 < 8
  requires: version >= 7.0.3 < 8 | >= 8.0.3

Feature: #5972

Co-authored-by: Philippe Antoine <pantoine@oisf.net>
 2 years ago
Jason Ish 15ed51f9b8 feature: provide a Rust binding to the feature API 
As the feature module is not available for Rust unit tests, a mock
version is also provided.
 2 years ago