aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,422 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '56e10fd3b2'
${ noResults }
Commit Graph

16422 Commits (56e10fd3b298200cbf210bfe957da2eaa6af93ac)
 

Author SHA1 Message Date
Nancy Enos 56e10fd3b2 misc: Remove duplicate function declarations 
Ticket: #7297
 4 months ago
Nancy Enos 98cd2411b6 detect/analyzer: add more details for the tcp window keyword 
Ticket: 6352
 4 months ago
Sascha Steinbiss 5d8252117f mqtt: double-check detection directions 
Ticket: #7323
 4 months ago
Sascha Steinbiss 377d4705e1 mqtt: add reason code support for SUBACK 
Ticket: #7323
 4 months ago
Jason Ish b1e7917d4f eve: threadinit/deinit callbacks are optional for filetypes 
Only call ThreadInit and ThreadDeinit for custom eve filetypes if they
exist. They are not required by all filetypes.

Ticket: #7359
 4 months ago
Philippe Antoine 292c218a48 app-layer: remove ALPROTO_TEST and tests 
These tests purpose seems to have been lost.
Registering a alproto with a parser function that always fails,
and just testing that AppLayerParserParse returned -1...
We would get the same result  without registering a parser function,
or using ALPROTO_FAILED as argument to AppLayerParserParse

The comment says "Test the deallocation of app layer parser memory
on occurrence of error in the parsing process."
but I do not see how this is tested.
 4 months ago
Jason Ish 3a7eef8121 lua: update to newer lua crate 
This crate lets us instruct it where to copy the header files instead
of our Makefile trying to find the correct ones and copying them into
place.

Can prevent the simultaneous copy errors sometimes seen on a make
without a clean.
 4 months ago
Eric Leblond 9ffb2cd7dd misc: fix build of rules profiling 
The patch a0fc2b8628 has removed the
declaration of functions used when building with ruleset profiling
only (without --enable-profiling). This is causing a build failure.

This patch moves the declaration to the rules profiling section to
be sure it is always there.
 4 months ago
Jason Ish 89aa5253d6 Makefile.cvs: remove, not used 4 months ago
Nancy Enos a0fc2b8628 misc: Remove duplicate function declarations 
Ticket: #7297
 4 months ago
Victor Julien e44b2effd0 util/var-name: switch to SCTime_t 4 months ago
Victor Julien 0e21c71490 threads: track wall clock time precisely 
Issue warning if thread sleeps for a long time.
 4 months ago
Victor Julien 5bb2132bb8 time: add SCTIME_CMP_EQ 4 months ago
Victor Julien f0c4f9d64b util/hash-string: fix compile warning 
Clang 19:

util-hash-string.c:41:16: error: implicit conversion loses integer precision: 'unsigned long' to 'int' [-Werror,-Wshorten-64-to-32]
   41 |     int len1 = strlen((char *)data1);
      |         ~~~~   ^~~~~~~~~~~~~~~~~~~~~
util-hash-string.c:42:16: error: implicit conversion loses integer precision: 'unsigned long' to 'int' [-Werror,-Wshorten-64-to-32]
   42 |     int len2 = strlen((char *)data2);
      |         ~~~~   ^~~~~~~~~~~~~~~~~~~~~
2 errors generated.
 4 months ago
Victor Julien 270e19191b time: add gettimeofday wrapper for SCTime_t 4 months ago
Victor Julien bdc0df8454 time: remove unused function 
It tripped up cppcheck:

src/util-time.h:124:35: error: syntax error [syntaxError]
    return !timercmp(first, second, >);
 4 months ago
Victor Julien 3f85addaac stream: track pcap log segments timestamp with SCTime_t 
This is a more compact time format.
 4 months ago
Jason Ish a739d7623b eve/tls: don't construct const from other const 
Some compiler/platform combinations don't like creating one const from
another as it can't guarantee the other is defined, resulting in the
following compile error:

output-json-tls.c:102:5: error: initializer element is not constant
     BASIC_FIELDS |
     ^~~~~~~~~~~~

Fixes commit 377989df6c
 4 months ago
Adam Kiripolsky 175e690222 dpdk/hw_offload: add support for vlan stripping 
Utilize DPDK API for hardware vlan stripping if supported by NIC.

Ticket: 7330
 4 months ago
Nancy Enos e22c2a2332 applayer/htp: convert to new FAIL/PASS API 
Ticket: #6935
 4 months ago
Jason Ish d4a3ee163d misc: remove unneeded headers 
Remove unneeded headers from worked on in previous commits, just
simple ones flagged by clangd.
 4 months ago
Jason Ish ab6dcb3fc1 app-layer: use uint8_t consistent for event IDs 
Introduce a common function for mapping names to IDs that performs
bounds checking.

Note: For event IDs in the enum that are larger than a uint8_t, -1
will be returned instead of -4. -4 has special meaning during
signature parsin that means requirements were not met. -4 has no
special handling prior to requirements, or the meaning has been lost.
 4 months ago
Alice Akaki 5e563b0c8b detect/analyzer: add more details for flow_age 
Ticket: #6312
 4 months ago
Sascha Steinbiss 285cc29ec0 redis: add automatic trimming support for streams 4 months ago
Sascha Steinbiss d3d9f1c395 redis: implement XADD stream support 
Ticket: #7082
 4 months ago
Juliana Fajardini 1860aa81e6 userguide: fix integer keyword matches list format 
List wasn't being properly rendered.
 4 months ago
Jason Ish 45384ef969 rust/applayer: use c_int as return type for get_info_by_id 
Rust was using i8 as the return type, while C uses int. As of Rust
1.82, the return value is turned to garbage over the FFI boundary.

Ticket: #7338
 4 months ago
Jason Ish b44fc62e60 eve/schema: add missing field "code" anomaly events 4 months ago
Jason Ish 30806ce2b7 eve/tls: use BIT_U64 for flags 
Minor cleanup.
 4 months ago
Jason Ish 2462d9d4cf eve/tls: remove unused SC_ATOMIC_EXTERN 4 months ago
Jason Ish cc519beb91 suricata.yaml: add missing custom tls fields 
Also update the suricata.yaml in the userguide.
 4 months ago
Jason Ish 714ada136c eve/tls: cleanup headers; update copyright year 4 months ago
Jason Ish 377989df6c eve/tls: reimplement basic and extended logging in terms of custom 
Will prevent custom logging options getting out of sync with whats
available in extended.

Ticket: #7333
 4 months ago
Jason Ish 2e788408c0 eve/tls: remove broken check for ja3 being enabled 
During EVE TLS setup, a broken check for Ja3 being enabled led to Ja3
being disabled, but only in custom mode. This check is not needed, if
Ja3 is disabled, it won't be available, and won't be logged.

This is required to implement "extended" in terms of "custom" fields.
 4 months ago
Jason Ish 6a185a8f96 eve/tls: add alpn logging to custom output 
Adds custom fields "client_alpns" and "server_alpns".

Ticket: #7333
 4 months ago
Jason Ish 3ddd9e2512 eve/tls: disable clang formatting around tls_fields array 4 months ago
Jeff Lucovsky 799822c3db profiling: Correct profiling data array size 
The profiling arrays are incorrectly sized by the number of thread
modules. Since they contain app-layer protocol data, they should be
sized by ALPROTO_MAX.
 4 months ago
Philippe Antoine b5fcf16d97 enip/detect: remove double registration of enip_command keyword 
As found with
./src/suricata --list-keywords | sort | uniq -c | awk '$1 > 1'
 4 months ago
Juliana Fajardini 55b922ceed tls/conf: clarify usage of custom vs extended logs 
Since enabling custom logging will replace the extended logging, thus
possibly leading to certain fields disappearing from the logs, mention
this aspect.

Related to
Bug #7333
 5 months ago
Juliana Fajardini 69fe5121a1 tls: fix duplicate EVE field (issuerdn) 
Wrong function call caused `issuerdn` to be logged when
`subjectaltname` was enabled, for custom logging, only.

Bug #7332
 5 months ago
Juliana Fajardini 2eefc4dac8 schema/tls: add missing custom fields chain/cert 
Task #7287
 5 months ago
dependabot[bot] 7ae522f16a
github-actions: bump github/codeql-action from 3.26.12 to 3.26.13 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.12...v3.26.13)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
Shivani Bhardwaj 37fa2a6775 detect: rename port whitelisting to priority 
This was done following the fact that this setting was historically
named incorrectly. The purpose of the setting was always to define the
ports that will be prioritized and have rule groups associated w them on
priority. Rename all occurences of this to correctly reflect the purpose
of the setting.
 5 months ago
Shivani Bhardwaj abbdeed931 detect/engine: rename fn, add comments 5 months ago
Shivani Bhardwaj f8a5c91448 detect/proto: use BIT macros instead of expr 5 months ago
Shivani Bhardwaj 86c1e458f9 detect/engine: use combined flags for TCP 5 months ago
dependabot[bot] 285113a1e5 github-actions: bump actions/checkout from 4.2.0 to 4.2.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](d632683dd7...eef61447b9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
dependabot[bot] 9e0151cce5 github-actions: bump github/codeql-action from 3.26.10 to 3.26.12 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.10 to 3.26.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.26.10...v3.26.12)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
dependabot[bot] 4ad45fc8d0 github-actions: bump actions/upload-artifact from 4.4.0 to 4.4.3 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.4.0 to 4.4.3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](50769540e7...b4b15b8c7c)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 5 months ago
Alice Akaki fa1addae64 detect/analyzer: add more details for icmp_id 
Ticket: #6360
 5 months ago