aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,200 Commits
7 Branches
161 Tags
176 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3f8251bd47'
${ noResults }
Commit Graph

16200 Commits (3f8251bd47d4445befe38a57fe1485374657d246)
 

Author SHA1 Message Date
Philippe Antoine 3f8251bd47 fuzz: make confyaml.c an explicit source 
Ticket: 7181

Allows confyaml.c to be in the release archive
 1 year ago
Philippe Antoine f96994fb3b source: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 1 year ago
Philippe Antoine 4ae5799720 log: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 1 year ago
Philippe Antoine 87eb4b5077 output/tx: use dynamic number of app-layer protos 
Ticket: 5053
 1 year ago
Philippe Antoine 323610c1e8 output: use dynamic number of app-layer protos 
Ticket: 5053
 1 year ago
Philippe Antoine dacb965fb8 runmodes: use dynamic number of app-layer protos 
Ticket: 5053
 1 year ago
Philippe Antoine 089d2b11fd frames: remove unneeded comments 
Used by documentation with the SIP frames only
 1 year ago
Philippe Antoine ef42f835eb ssh: avoid panic in packet path 
use debug_validate_bug_on instead
 1 year ago
Philippe Antoine 6ae294c770 detect: run frames on pseudo flush packets 
for SSH packets that mark the end of plaintext
 1 year ago
Philippe Antoine 0b2ed97f36 ssh: frames support 
Ticket: 5734

Adds frames for SSH records, that come after banner, and before
the data is encrypted.
These records may contain cipher lists for instance.
 1 year ago
Victor Julien da1645b3e1 rust: bump time to most recent 
Fixes build on rustc 1.80.

Bumps the MSRV to 1.67.1.

Bug: #7130.
 1 year ago
Victor Julien 058ad87089 rust: set MSRV to 1.67.1 
This is needed for updating the ``time`` crate.
 1 year ago
Victor Julien e480938724 github-actions: switch dist builders to ubuntu 22.04 
Part of bumping MSRV.

22.04 is the first Ubuntu release to ship a new enough Sphinx.
 1 year ago
Victor Julien f94988d050 github-actions: update for MSRV 1.67.1 1 year ago
Victor Julien a0bf282963 rust: address clippy errors 1 year ago
Victor Julien 5bda7b5017 ssh/hassh: fix clippy warning 1 year ago
Shivani Bhardwaj 638b5c4da7 eve/stats: add description for flow stats 
Ticket 6434
 1 year ago
Philippe Antoine 7617fe5ab0 ldap: reset tx_index_completed on tx removal 
So, that this index does not overflow
 1 year ago
Philippe Antoine 7f6c963ac4 doh2: log like dns v3 1 year ago
Philippe Antoine 8aa2964e73 doh: move fields into dedicated Optional struct 
So as to consume less memory for HTTP2Transaction
 1 year ago
Philippe Antoine 6e12475f48 doh2: handle dns message in POST requests 
Ticket: 5773

Handles both directions the same way for data if content type is
application/dns-message
 1 year ago
Philippe Antoine bd5ad0d74a util/profiling: remove assertion 
Now a flow alproto can be changed by a call to AppLayerParserParse
when HTTP2 forces the flow to turn into DOH2.
 1 year ago
Philippe Antoine 0ccad8fd88 doh: make dns and http keywords for doh2 
Ticket: 5773
 1 year ago
Philippe Antoine 1e82e20c65 doh: implement dns over http2 app-proto 
Ticket: 5773
 1 year ago
Philippe Antoine 46d98ae81c http2: log dns if DoH is recognized 
Ticket: 5773
 1 year ago
Philippe Antoine 29d9dc2729 http2: rustfmt 1 year ago
Philippe Antoine b5f55b5b1f dns: prepare for dns over http2 support 
by making tx parsing and creation more easily available,
without needing a dns state.

Dns event NotResponse is now set on the right tx, and not the one
before.

Also debug log for Z-flag on request says "request" instead of
"response"

Also rustfmt dns.rs
 1 year ago
Philippe Antoine eff7b52327 build: Wimplicit-int-float-conversion checked with --enable-warnings 
When configure is used with --enable-warnings, we try to add most
warning flags that should pass.
This commits adds the warning Wimplicit-int-float-conversion
 1 year ago
Philippe Antoine 10ef4e832f runmodes: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 1 year ago
Philippe Antoine ce2c087e92 defrag: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 1 year ago
Philippe Antoine bb9a45cfd0 datasets: fix -Wshorten-64-to-32 warnings 
Ticket: #6186
 1 year ago
Victor Julien 6598a6953e rust/ldap: add ldap-parser to Cargo.lock.in 1 year ago
Giuseppe Longo 70ed9f91d8 doc: add ldap protocol 1 year ago
Giuseppe Longo 910a5b226c rust/ldap: implement logger 1 year ago
Giuseppe Longo 93da339975 rust/ldap: implement app-layer 1 year ago
Giuseppe Longo ce7e190501 rust/ldap: implement types and filters 
This implementation adds types and filters specified in the LDAP RFC to
work with the ldap_parser.
Although using the parser directly would be
best, strange behavior has been observed during transaction logging.
It appears that C pointers are being overwritten, leading to incorrect
output when LDAP fields are logged.
 1 year ago
Philippe Antoine b8c12090f7 smtp: add port 465 for probing 1 year ago
Philippe Antoine eac9cd959f smtp: do not return error on NULL buffer for end of stream 1 year ago
Philippe Antoine e2d1d05878 smtp: recognize more reply codes 
Ticket: 6821
 1 year ago
Philippe Antoine 694b2797cd ftp: adds server side detection 1 year ago
Philippe Antoine cc3dde8ada smtp: adds server side detection 
Ticket: #1125
 1 year ago
mmaatuq 64d18e3cc2 imap: extend detection patterns 
Ticket: #2886

Signed-off-by: mmaatuq <mahmoudmatook.mm@gmail.com>
 1 year ago
Philippe Antoine bce8f4b853 detect/ssh: remove deprecated keywords 
Ticket: 2377
 1 year ago
Philippe Antoine 0a1062fad2 detect/mqtt: move keywords to rust 
Ticket: 4863

On the way, convert some keywords to use the first-class integer
support.
And helpers for pure rust the support for multi-buffer.

Move the C unit tests about keyword mqtt.protocol_version
to unit tests for generic integer parsing, and test version 5
instead of testing twice version 3.

Also iterate all tx's messages for reason code as is done for other
keywords.

And allow detection on empty topics.
 1 year ago
Philippe Antoine f4e7d1e217 detect: helper function for multibuffer registration 
So that rust does not need to know about SIG_FLAG_TOCLIENT value
 1 year ago
Philippe Antoine 4e074b8f38 output/alert: remove now unused include 
Including the mqtt one, now that it is almost rust only
 1 year ago
Philippe Antoine ad08309c75 mqtt: parse and store raw connect flags 
for easier later matching
 1 year ago
Philippe Antoine 9adf4224e4 rust/derive: string enumeration become case insensitive 
As needed for MQTTTypeCode which accepts both CONNECT uppercase
and unassigned lowercase
 1 year ago
Philippe Antoine 3c5ad7a23d rust/derive: transform all uppercase names the right way 
So that MQTTTypeCode::CONNECT does not become c_o_n_n_e_c_t
 1 year ago
Philippe Antoine daad7f2d41 detect/integers: harmonize parser return handling 
Ticket: 7172

When parsing an integer for a rule keyword fails, we return error
straight away, without bothering to try to free the NULL pointer.

On the way, remove some one-line wrapper around DetectUxParse
 1 year ago