16152 Commits (3c5ad7a23de5c3f2ab899c33bee3920243b0759b)

 

All Branches   

Search

Author	SHA1	Message	Date
Jeff Lucovsky	f042e9034b	detect/transform: Add from_base64 transform ... Issue: 6487 Implement the from_base64 transform: [bytes value] [offset value] [mode strict|rfc4648|rfc2045] The value for bytes and offset may be a byte_ variable or an unsigned integer.	8 months ago
Jeff Lucovsky	1823681709	detect/transform: from_base64 option parsing ... Issue: 6487 Implement from_base64 option parsing in Rust. The Rust module also contains unit tests.	8 months ago
Jeff Lucovsky	ab0cb960a1	detect/parser: Refactor utility routines ... Refactor utility functions/definitions from the byte_math module into the parser module. This includes parse_var and ResultValue Issue: 6487	8 months ago
Shivani Bhardwaj	903283d76e	flow: declare and use constansts where possible	8 months ago
Shivani Bhardwaj	00a644c5c2	flow/manager: make fn calls only when necessary	8 months ago
Shivani Bhardwaj	eb95d2bf66	flow/timeout: cleanup fn names and comments	8 months ago
Shivani Bhardwaj	8818b9cbe0	flow: remove unneeded args to fn	8 months ago
Shivani Bhardwaj	f97b4ec1e8	flow/manager: add fn docs	8 months ago
Shivani Bhardwaj	14cd594d3c	flow: add defensive check	8 months ago
Shivani Bhardwaj	a87c8eb46f	packetpool: use DEBUG_VALIDATE statement	8 months ago
Shivani Bhardwaj	87fa7f10ef	flow: use bool wherever possible	8 months ago
Philippe Antoine	8b831e6751	detect/icmp: require real packet in signature ... Fixes: 956c8bebd1 ("detect/prefilter: use sig mask to exclude pkt engines")	8 months ago
Philippe Antoine	0a953fe1ce	detect: add to signature mask for decode events ... Ticket: 6291	8 months ago
Philippe Antoine	4e584ed201	detect: fix check for app_layer events ... Ticket: 7106	8 months ago
Jeff Lucovsky	834cd6fbdb	af-packet: Remove unused preprocessor define ... Remove unused preprocessor value; exposed by compilation warning	8 months ago
Philippe Antoine	c9ce43b31e	output: configurable payload_length field for alerts ... Ticket: 7098	8 months ago
Philippe Antoine	a21232828e	dcerpc: add app-layer metadata in alerts ... Ticket: 6090	8 months ago
Philippe Antoine	5f35035928	filestore: do not try to store a file set to nostore ... Ticket: 6390 This can happen with keyword filestore:both,flow If one direction does not have a signature group with a filestore, the file is set to nostore on opening, until a signature in the other direction tries to set it to store. Subsequent files will be stored in both directions as flow flags are now set.	8 months ago
Philippe Antoine	0d4efe0c0f	app-layer: fix -Wshorten-64-to-32 warnings ... Ticket: #6186 Warnings about downcast from 64 to 32 bits	8 months ago
Philippe Antoine	1790aa49a4	util: fix -Wshorten-64-to-32 warnings ... Ticket: 6186 Warnings about downcast from 64 to 32 bits Generic fixes required to get app-layer clean	8 months ago
Philippe Antoine	dc043d0297	detect: remove unused field ... content_inspect_window is used in app-layer-smtp, but not directly in detect-file-data	8 months ago
Victor Julien	3d059611c3	detect: add tls.alpn keyword ... Ticket: #7108.	8 months ago
Victor Julien	869d5492dc	eve/schema: update for alpn	8 months ago
Victor Julien	c79a382e42	eve/tls: log ALPN for client and server ... Part of the extended logging. Logs `client_alpns` and `server_alpns` arrays in the tls object. Ticket: #7055.	8 months ago
Victor Julien	0b37654578	tls: store all ALPN records in the state ... For later logging and detection.	8 months ago
Victor Julien	7f474af1d0	eve/schema: minor enip reformat	8 months ago
Jason Ish	6256391408	github-ci: run cargo update test on pull requests ... Previously it was run once a week, hiding some issues until Monday's. Instead run on pull requests, but still not every push.	9 months ago
Victor Julien	e3e917d967	detect/icmp-id: remove prefilter pseudo check ... This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.	9 months ago
Victor Julien	8df53d6411	detect/dsize: remove prefilter pseudo check ... This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.	9 months ago
Victor Julien	44d2e1aad7	detect/stream_size: allow match on pseudo packets ... Often used with stream content, which can be inspected with pseudo packets.	9 months ago
Victor Julien	6958efa2dc	detect/csum: remove pseudo packet checks	9 months ago
Victor Julien	64f5865efc	detect/csum: general code cleanups	9 months ago
Victor Julien	956c8bebd1	detect/prefilter: use sig mask to exclude pkt engines ... Add an argument to the packet prefilter registration function to include `SignatureMask` flags. This will be used at runtime to only call these prefilter engines when the mask check passes.	9 months ago
Victor Julien	4c2960169c	detect/prefilter: minor function ptr cleanup ... Use a typedef'd function pointer for packet Prefilter callbacks to make the code consistent with the other callbacks.	9 months ago
Victor Julien	2d1ccb76b1	detect: remove pseudo checks from packet keywords ... Keep as debug validation check.	9 months ago
Victor Julien	d03660a646	detect: skip pseudo packets if sig needs real pkt ... If a signature uses a condition that requires a real packet, filter out pseudo packets as early as possible. To do this, the SignatureMask logic is used. This allows for the removal of checks for pseudo packets in individual keywords `Match` functions, which will be done in a follow up commit. Update analyzer to output the new flag. Ticket: #7002.	9 months ago
Philippe Antoine	e3034a6f54	tests: move detect http.uri tests to suricata-verify ... Ticket: 3725	9 months ago
Philippe Antoine	d59c60410f	fuzz: adapt target to number of keywords being dynamic ... Ticket: 4683	9 months ago
Philippe Antoine	5bb5b4f46f	rust: remove unnecessary nested unsafe	9 months ago
Philippe Antoine	4ccbcc4684	sip: use right slice to take line from ... We iterate over input, but we are now at start. Avois quadratic complexity turning to OOM. Ticket: 7093	9 months ago
Jason Ish	49ecf37126	rust/ike: prefix never read field names with _ ... New warning from rustc. The other option is to allow dead code, however this is more explicit, and when they are read, its obvious they should be renamed.	9 months ago
Jason Ish	29d7ff026a	rust: simply matches with unwrap_or_default ... New default clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default	9 months ago
Jason Ish	ee2175cdb6	rust: fix clippy lint for legacy_numeric_constants ... https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants	9 months ago
Jason Ish	a1bb62c059	cargo: use default-features instead of default_features ... "default_features" is being deprecated in Rust 2024.	9 months ago
Philippe Antoine	4fe3f04fa3	detect/enip: move keywords to rust ... Ticket: 4863	9 months ago
Philippe Antoine	ce1eea4ad6	detect/websocket: move keywords to rust ... Ticket: 4863	9 months ago
Philippe Antoine	16952d67e7	detect/dhcp: move keywords to rust ... Ticket: 4863	9 months ago
Philippe Antoine	ae72376ebe	detect/snmp: move keywords to rust ... Ticket: 4863 On the way, convert unit test DetectSNMPCommunityTest to a SV test. And also, make snmp.pdu_type use a generic uint32 for detection, allowing operators, instead of just equality.	9 months ago
Philippe Antoine	4bbe7d92dc	detect: helper to have pure rust keywords ... detect: make number of keywords dynamic Ticket: 4683	9 months ago
Philippe Antoine	08c511f1bf	enip: remove unnecessary unsafe ... As the function SCEnipRegisterParsers is already marked as unsafe	9 months ago