aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,322 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '63291d0f01'
${ noResults }
Commit Graph

8322 Commits (63291d0f0175e4a9e59512f5781a637ac96bc996)
 

Author SHA1 Message Date
Victor Julien 7e0d9619ac nfs3: add readdirplus path 8 years ago
Victor Julien 41376da03c nfs: log more rpc 8 years ago
Victor Julien 9edbb6f235 nfs: split record parsers into different files 8 years ago
Victor Julien 25edac7666 nfs3: fill bytes corner case 8 years ago
Victor Julien 2a29f79960 nfs: fix rust data type declaration 8 years ago
Victor Julien 5153271b87 nfs2: basic record parsing and tracking 8 years ago
Victor Julien c7e10c73f9 nfs3: support NFS over UDP 8 years ago
Victor Julien d9f87cec3d nfs3: probing parsers in both directions 8 years ago
Victor Julien 8fe32f943b nfs3: search for next record if needed after GAP 8 years ago
Victor Julien 58af39131f rust/nfs: handle GAPs 
In normal records it will try to continue parsing.

GAP 'data' will be passed to file api as '0's. New call is used
so that the file API does know it is dealing with a GAP. Such
files are flagged as truncated at the end of the file and no
checksums are calculated.
 8 years ago
Victor Julien a116c16019 nfs3: parse mkdir and rmdir request records 8 years ago
Victor Julien 1a2985ed76 app-layer: remove checks 
Now that app-layer parser registrations are validated at startup,
a number of runtime checks are no longer necessary. So remove them.
 8 years ago
Victor Julien e930513125 app-layer: detect state registrations are mandatory 8 years ago
Victor Julien ed172985ca app-layer: validate registration 8 years ago
Victor Julien d090cd2edf dcerpc/udp: add missing tx support 8 years ago
Jason Ish 6bddc4d3e0 python: use python path found during configure 
Also look for Python under more names. For example, on OpenBSD
if you just install Python 2, you will only get a python2.7
executable.
 8 years ago
Selivanov Pavel 5162b58260 Fixed small typo: double sudo 8 years ago
Jason Ish 30be9f0b5d stream: don't do protocol detection on gap 
A gap notification has no data.

Also, break out the gap handling into its own code block to
simplify the conditional statements.
 8 years ago
Victor Julien b582cdef31 hyperscan: unittests compiler warning fixes 8 years ago
Jason Ish c473c56eed rust/dns: fix panic on rrnames with bad chars 
Check for erros in the UTF-8 conversion, on error, print the
the printable chars as chars, and print non printable chars
as \xHEX.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2148
 8 years ago
Jason Ish ecc63481c6 rust/dns: fix tcp message length verification 
And add Rust unit tests to check length validation.

Redmine issue 2144:
https://redmine.openinfosecfoundation.org/issues/2144
 8 years ago
Eric Leblond 26eb49d721 bypass: add explicit flag in stream engine 
TCP reassembly is now deactivated more frequently and triggering a
bypass on it is resulting in missing some alerts due forgetting
about packet based signature.

So this patch is introducing a dedicated flag that can be set in
the app layer and transmitted in the streaming to trigger bypass.

It is currently used by the SSL app layer to trigger bypass when
the stream becomes encrypted.
 8 years ago
Jason Ish 70808a4f1d rust/dns: support gaps in TCP DNS 8 years ago
Jason Ish f1ba406d39 travis: add rust 1.7.0 build 
One build with Rust 1.7.0, our oldest that we'll support as its
whats bundled with Ubuntu 16.04. Create another build that will use
the latest stable.
 8 years ago
Jason Ish 4bdb722371 rust/dns: fix unit tests on Rust 1.7.0 8 years ago
Jason Ish 2aebfbce94 rust/dns: support txt records 8 years ago
Jason Ish 26914cd59a rust/dns: copy over dns unit tests 
Only the tests that make sense were copied over, those testing
correlation of responses to requests were not.

Also, remove compiler warning when not built with
unit tests.
 8 years ago
Jason Ish fafa75035f rust: don't fail distcheck if cargo-vendor not found 
Allow distcheck to pass if cargo vendor is not found by not
failing out. It is not required to successfully build a dist
tarball, the Rust sources will just not be vendored in.

Also don't fail out make dist if Python is not installed. A build
will still be successful is Python is available on the end
build system.
 8 years ago
Eric Leblond 5be44eb500 output-json-alert: don't decref used object 
In the unlikely case of a allocation error we will still use the
existing object so it should not be decref and freed.
 8 years ago
Eric Leblond f4374ffd0b doc: some more info about alert format 8 years ago
Eric Leblond f5ad6a2095 doc: document target keyword 8 years ago
Eric Leblond 0c3a3101b1 alert-prelude: correctly set Source and Target 
IDMEF alert contains two entities named Source and Target that are
defined using common language:
* "The Source class contains information about the possible source(s) of
   the event(s) that generated an alert."
* "The Target class contains information about the possible target(s) of
   the event(s) that generated an alert."

Previous alerts event were not following that so we can updated the code
when we know the direction thanks to the metadata field.
 8 years ago
Eric Leblond f0e8062b2b alert-prelude: fix warnings on callback type 8 years ago
Eric Leblond 6af529d0c6 output-json-alert: output source and target 
Use metadata provided information to output the Source and Target
in the definition of IDMEF.

The output is now the following:

  "alert": {
    "action": "allowed",
    "gid": 1,
    "signature_id": 1,
    "rev": 1,
    "signature": "connection to home",
    "category": "",
    "severity": 3,
    "source": {
      "ip": "2001:31d0:000a:f68a:0000:0000:0000:0001",
      "port": 80
    },
    "target": {
      "ip": "2a01:0e34:ee97:b130:c685:08ff:dab3:c9c8",
      "port": 48390
    }
 8 years ago
Eric Leblond 97b89c0a54 detect-target: introduce new keyword 
The target keyword allows rules writer to specify information about
target of the attack. Using this keyword in a signature causes
some fields to be added in the EVE output. It also fixes ambiguity
in the Prelude output.
 8 years ago
Victor Julien 43db4697a3 github: add pull request template 8 years ago
Victor Julien e91473b151 github: add contributing doc 8 years ago
Victor Julien 8ea9a5a7d6 common: sync PROG_VER version with configure.ac 8 years ago
Victor Julien b970e1b89b changelog: update for 4.0.0-beta1 8 years ago
Jason Ish 33e09a0002 rust dns: fixup for nom 3.0 8 years ago
Jason Ish ee83f7a0db rust: build fixes and nom update 
Update nom to ~3.0.

Prefix dependencies with ~, which will allow for newer patch
versions only. Minor version updates should get a test before
using.

Remove Cargo.lock from the repo, but still generate as part
of the vendoring process for release builds. This will ensure
that all users of a particular distribution tarball will be
linking against the same Rust dependencies.
 8 years ago
Victor Julien 889a6de926 rust: add to features 8 years ago
Victor Julien d00b914ddb rust: make clear it's experimental 8 years ago
Victor Julien efdbc91687 log: fix mem leak in error path (CID1404888) 8 years ago
Eric Leblond a3f07ec02e doc: document drop-invalid option. 8 years ago
Eric Leblond 91d2809bca qa: update struct-flags coccinelle test 8 years ago
Eric Leblond 7a17b4acf5 stream-tcp: use flags field to store inline info 8 years ago
Eric Leblond 85dab65414 stream-tcp: use flags field to store bypass info 8 years ago
Eric Leblond 050d8f788b af-packet: warn when tpacket_v3 is used in IPS 
Update yaml and add an error message.
 8 years ago
Eric Leblond ea9b9b5063 stream-tcp: add option to accept invalid packets 
Suricata was inconditionaly dropping packets that are invalid with
respect to the streaming engine. In some corner case like asymetric
trafic capture, this was leading to dropping some legitimate trafic.

The async-oneside option did help but this was not perfect in some
real life case. So this patch introduces an option that allow the
user to tell Suricata not to drop packet that are invalid with
respect to streaming.
 8 years ago