aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,023 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '44d2e1aad7'
${ noResults }
Commit Graph

16023 Commits (44d2e1aad7177614331cb26d36fc81973a5bdaf4)
 

Author SHA1 Message Date
Victor Julien 44d2e1aad7 detect/stream_size: allow match on pseudo packets 
Often used with stream content, which can be inspected with pseudo packets.
 9 months ago
Victor Julien 6958efa2dc detect/csum: remove pseudo packet checks 9 months ago
Victor Julien 64f5865efc detect/csum: general code cleanups 9 months ago
Victor Julien 956c8bebd1 detect/prefilter: use sig mask to exclude pkt engines 
Add an argument to the packet prefilter registration function to include
`SignatureMask` flags. This will be used at runtime to only call these
prefilter engines when the mask check passes.
 9 months ago
Victor Julien 4c2960169c detect/prefilter: minor function ptr cleanup 
Use a typedef'd function pointer for packet Prefilter callbacks to make
the code consistent with the other callbacks.
 9 months ago
Victor Julien 2d1ccb76b1 detect: remove pseudo checks from packet keywords 
Keep as debug validation check.
 9 months ago
Victor Julien d03660a646 detect: skip pseudo packets if sig needs real pkt 
If a signature uses a condition that requires a real packet, filter
out pseudo packets as early as possible. To do this, the SignatureMask
logic is used.

This allows for the removal of checks for pseudo packets in individual
keywords `Match` functions, which will be done in a follow up commit.

Update analyzer to output the new flag.

Ticket: #7002.
 9 months ago
Philippe Antoine e3034a6f54 tests: move detect http.uri tests to suricata-verify 
Ticket: 3725
 9 months ago
Philippe Antoine d59c60410f fuzz: adapt target to number of keywords being dynamic 
Ticket: 4683
 9 months ago
Philippe Antoine 5bb5b4f46f rust: remove unnecessary nested unsafe 9 months ago
Philippe Antoine 4ccbcc4684 sip: use right slice to take line from 
We iterate over input, but we are now at start.
Avois quadratic complexity turning to OOM.

Ticket: 7093
 9 months ago
Jason Ish 49ecf37126 rust/ike: prefix never read field names with _ 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
 9 months ago
Jason Ish 29d7ff026a rust: simply matches with unwrap_or_default 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
 9 months ago
Jason Ish ee2175cdb6 rust: fix clippy lint for legacy_numeric_constants 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
 9 months ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features 
"default_features" is being deprecated in Rust 2024.
 9 months ago
Philippe Antoine 4fe3f04fa3 detect/enip: move keywords to rust 
Ticket: 4863
 9 months ago
Philippe Antoine ce1eea4ad6 detect/websocket: move keywords to rust 
Ticket: 4863
 9 months ago
Philippe Antoine 16952d67e7 detect/dhcp: move keywords to rust 
Ticket: 4863
 9 months ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 9 months ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords 
detect: make number of keywords dynamic

Ticket: 4683
 9 months ago
Philippe Antoine 08c511f1bf enip: remove unnecessary unsafe 
As the function SCEnipRegisterParsers is already marked as unsafe
 9 months ago
Eric Leblond b128a75973 profiling: check packet flag first 
This fixes the state handling and simplify the logic.
 9 months ago
Eric Leblond eecb3440e2 profiling: add option to active rules profiling at start 
When replaying a pcap file, it is not possible to get rules
profiling because it has to be activated from the unix socket.
This patch adds a new option to be able to activate profiling
collection at start so a pcap run can get rules profiling
information.
 9 months ago
Lukas Sismis bd9608771e doc: port user install and build instruction from master-6.0.x 
Ticket: #6686
 9 months ago
Lukas Sismis cd7c35eb5a github-ci: add minimal build for Ubuntu and AlmaLinux 9 months ago
Lukas Sismis 6d663ec885 github-ci: remove gosu from installed packages 9 months ago
Lukas Sismis 521d1cb8e7 doc: update eBPF compilation instructions 
Ticket: #6599
 9 months ago
Victor Julien 8b42182fee doc/userguide: document iprep isset/isnotset 9 months ago
Victor Julien 2f74d435d3 doc/userguide: add more operators to iprep 9 months ago
Victor Julien 37be66eef9 detect/iprep: update function naming 
Bring in line with new Rust code naming for FFI functions.
 9 months ago
Victor Julien 83976a4cd4 detect/iprep: implement isset and isnotset 
Implement special "isset" and "isnotset" modes.

"isset" matches if an IP address is part of an iprep category with any
value.

It is internally implemented as ">=,0", which should always be true if
there is a value to evaluate, as valid reputation values are 0-127.

"isnotset" matches if an IP address is not part of an iprep category.

Internally it is implemented outside the uint support.

Ticket: #6857.
 9 months ago
Victor Julien 3e46c51651 reputation: minor cleanup 
No need to init ptrs to NULL after SCCalloc.
 9 months ago
Victor Julien 539ab3a404 detect/iprep: update keyword parser for extendibility 9 months ago
Jason Ish f0dbfe863d misc: prefix functions with SC not Sc 9 months ago
Victor Julien d02054fa31 detect/noalert: point noalert/alert to new doc 9 months ago
Victor Julien 50ef646d45 doc/userguide: add noalert/alert keyword docs 9 months ago
Victor Julien c83e3285ae doc/userguide: give pcre1 to pcre2 proper heading 9 months ago
Victor Julien d5fb8204b6 detect: implement 'alert' keyword as a companion to 'noalert' 
This can be used to implement alert then pass logic.

Add support for alert-then-pass to alert handling routines.

Ticket: #5466.
 9 months ago
Victor Julien 92581dbc06 detect: set ACTION_ALERT for rules that should alert 
Replaces default "alert" logic and removed SIG_FLAG_NOALERT.

Instead, "noalert" unsets ACTION_ALERT. Same for flowbits:noalert and
friends.

In signature ordering rules w/o action are sorted as if they have 'alert',
which is the same behavior as before, but now implemented explicitly.

Ticket: #5466.
 9 months ago
Victor Julien 8f72a04973 detect/alert: minor loop cleanup 9 months ago
Victor Julien 44e7fdc3ca detect/noalert: minor cleanup 9 months ago
Philippe Antoine d9d5170ec0 websocket: add data frame 
Ticket: 7051
 9 months ago
Juliana Fajardini 43b998aa73 userguide/upgrade: add note about alerts' increase 
With triggering stream reassembly early, since for certain types of
rules there may be more alerts triggered - even in IPS mode, make this
clear in the upgrading section.

Bug #7026
 9 months ago
Juliana Fajardini bb45ac71ef dns: allow triggering raw stream reassembly 
For TCP streams, app proto stream reassembly can start earlier, instead
of waiting and queueing up data before doing so.

Task #7018
Related to
Bug #7004
 9 months ago
Philippe Antoine 82c03f72c3 enip: convert to rust 
Ticket: 3958

- transactions are now bidirectional
- there is a logger
- gap support is improved with probing for resync
- frames support
- app-layer events
- enip_command keyword accepts now string enumeration as values.
- add enip.status keyword
- add keywords :
    enip.product_name, enip.protocol_version, enip.revision,
    enip.identity_status, enip.state, enip.serial, enip.product_code,
    enip.device_type, enip.vendor_id, enip.capabilities,
    enip.cip_attribute, enip.cip_class, enip.cip_instance,
    enip.cip_status, enip.cip_extendedstatus
 9 months ago
Philippe Antoine 0d267e29a5 files: remove the need for state in callbacks 
As files now belong to transactions
 9 months ago
Philippe Antoine e8438fdb58 app-layer: remove unused parameters 9 months ago
Philippe Antoine 5167ff6411 smtp/mime: look for urls in base64 message 
Ticket: 5185

Previously, it was looked for message in plain text, and base64
encoding was only handled for attachments.

This commit also fixes the buffering got such base64 data streamed
into urls finding, by buffering a beginning non-empty line,
and by ensuring that we run extraction on the last line,
even if it had no EOL.
 9 months ago
Philippe Antoine 1c0514c16a dpdk: simplify and fix build 9 months ago
Philippe Antoine 441813aa47 fuzz: build with dependencies on rust and c lib 
So that there is no need to remove the final binary, to recompile
it if there has been changes in the code.
 9 months ago