aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,430 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6978d8dac6'
${ noResults }
Commit Graph

11430 Commits (6978d8dac6fbf4c8e09d411850a2e9aa016da635)
 

Author SHA1 Message Date
Victor Julien 7583a6c37c flow: simplify hash lookup logic 
Remove double compare paths in favor of a single unified path.
 5 years ago
Victor Julien 8b016cff4b flow: only move lastts forward 
Pcaps with timestamps jumping around could confuse flow timeout
handling otherwise.
 5 years ago
Victor Julien afd4a8012e flow/worker: check pkt src using DEBUG_VALIDATE_BUG_ON 5 years ago
Jeff Lucovsky be57f6d3cc rust/rdp: Fix use of incorrect buffer 
This commit updates the connection confirmation parsing function to use
the correct buffer when determining the packet type.
 5 years ago
Shivani Bhardwaj 2529eb35e1 smb: use uuid crate 5 years ago
Jason Ish e6668560e0 rust: only run cbindgen if needed 
Only run cbindgen when necessary. This is a bit tricky. When
building a dist we want to unconditionally build the headers.

When going through a "make; sudo make install" type process,
cbindgen should not be run as the headers already exist, are
valid, and the environment under sudo is more often than
not suitable to pick up the Rust toolchains when installed
with rustup.

For the normal "make" case we have the gen/rust-bindings.h file
depend on library file, this will cause it to only be rebuilt
if the code was modified.

For "make dist" we unconditionally create "dist/rust-bindings.h".
This means the generated file could be in 2 locations, so update
configure.ac, and the library search find to find it.

The "gen/rust-bindings.h" should be picked up first if it exists,
for those who develop from a dist archive where "dist/rust-bindings.h"
also exists.

Not completely happy having the same file in 2 locations, but not
sure how else to get the dependency tracking correct.
 5 years ago
Jason Ish fd5d8b78d0 alert/eve: add snmp metadata for rdp alerts 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3441
 5 years ago
Jason Ish ef0ebc9550 alert/eve: add snmp metadata for snmp alerts 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3441
 5 years ago
Shivani Bhardwaj 4c7f55e636 dcerpc: handle gap for TCP streams 5 years ago
Jason Ish 6cff558663 dns: add tailing data to split tcp unit test 
Add trailing data to the complete payload to test the case
where data is consumed, but still incomplete.
 5 years ago
Jason Ish cc154ce152 dns: fix subtraction overflow in debug message 
The math for the return value wasn't updated in the debug log
to match the logic and could lead to a subtraction overflow
 5 years ago
Philippe Antoine 80ccbff28a dns: return status from parsing tcp request 5 years ago
Philippe Antoine 1296740471 dns: fix incomplete results 
and messages parsing whose length is >= 32768
 5 years ago
James Dutrisac 8d5e54c046 pcap: recusively reading pcaps / documentation 
Changes to doc/userguide/partials/options.rst for feature 2363
   (reading pcaps recursively)
 5 years ago
James Dutrisac db5b73d9d6 pcap: read directories recursively 
Describe Changes
- Added ability to recursively read pcap directories
- src/suricata.c: addition of new command line parameter
    --pcap-file-recursive
- src/source-pcap-file.c: parsing of the command line argument
- src/source-pcap-file-directory-helper.h: two thread vars tracking
    directory depth and should recurse
- src/util-error.c / src/util-error.h:
   Added new warning code "SC_WARN_PATH_READ_ERROR"
- Redmine ticket: https://redmine.openinfosecfoundation.org/issues/2363

Ticket: #2363
 5 years ago
James Dutrisac 5a92d0a704 path: introduce path handling util funcs 
This commit provides changes to util-path.c and util-path.h
to support the recursive reading of directories. It adds
4 functions.
- SCIsRegularFile to provide OS independent file info.
- SCIsRegularDirectory to provide OS independent directory info.
- SCRealPath is an OS independent wrapper for realpath.
- PathJoin to manage path resolution logic.
 5 years ago
Philippe Antoine 3cfc1fcb07 stream/app-layer: break loop on proto change 5 years ago
Shivani Bhardwaj c9a637d854 datasets: fix null pointer deref 5 years ago
Shivani Bhardwaj a8f147d17a datasets: Init even in socket mode 
Closes redmine ticket 3476.
 5 years ago
Sascha Steinbiss 93eef1da84 detect-mqtt: unify error handling in rule parsing 
This is meant to provide a single path to the error case.
This might help make things more clear for static
checkers.
 5 years ago
Sascha Steinbiss 5dc21b0e09 detect-engine: initialize struct fields 5 years ago
Philippe Antoine 9a954e944d http: merge duplicated code 
HtpRequestBodyHandlePUT and HtpRequestBodyHandlePOST
 5 years ago
Philippe Antoine fe6950de08 http: use more precise parameter in HtpRequestBodySetupMultipart 
So that we can see that it does not have to handle gaps
 5 years ago
Philippe Antoine e13b319beb http: remove unused code 
HtpRequestBodySetupPUT function
So that we can see that we do not use data=NULL in there
 5 years ago
Philippe Antoine 28050c967f file: handles gaps natively 
ie data=NULL and len>0 parameters
 5 years ago
Philippe Antoine f0159b2fd2 util: PrintRawDataFp handles null 
for gaps which are data=NULL and len>0
 5 years ago
Philippe Antoine 83567e8732 files: rust closes files even on 0 length chunk 5 years ago
Philippe Antoine 6343920dfc applayer: allow rust parsers to have only one probe 5 years ago
Sascha Steinbiss 4e1a41a17d output-json: add MAC address output 
This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket #962: for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR #2700.
 5 years ago
Jeff Lucovsky c42574169e output/anomaly: Restrict anomaly logger count 
This commit restricts the anomaly logger count. The restriction is
necessary due to state maintenance in the logger that doesn't scale
beyond a single logger.

Until that issue's solved, when multiple anomaly loggers are configured,
an error message will be emitted to highlight the restriction.
 5 years ago
Philippe Antoine 61c327dd80 signature: checks for integer overflow in limits propagation 5 years ago
Victor Julien 5db1d9b841 eve/yaml: move mqtt down 5 years ago
Victor Julien 1c748f394b fuzz/pcap: enable MQTT parser 5 years ago
Shivani Bhardwaj e9fe5ada7f datasets: reload static sets 5 years ago
Sascha Steinbiss c31360070b rust/mqtt: add MQTT parser 5 years ago
Philippe Antoine a5572890a9 detect: adds engine for u8 keywords 5 years ago
Jeff Lucovsky a5d30a3220 doc/output: Document multithreaded eve option 5 years ago
Jeff Lucovsky 30ae98f658 output/json: Multi-threaded EVE logging support 
This commit modifies the JSON loggers with changes necessary to support
multi-threaded EVE output.

Each "thread-init" function sets up the per-thread log file context for
subsequent calls to the JSON output to buffer function.
 5 years ago
Jeff Lucovsky aa20770277 log: Support multi-threaded eve output. 5 years ago
Jeff Lucovsky 15b4554ab3 output: Check for fwrite_unlocked 
This commit creates a macro for fwrite_unlocked which is probed during
configuration time.
 5 years ago
Jeff Lucovsky 3d0f353ee5 output: Correct typos 5 years ago
Jeff Lucovsky 1b791f34a5 output: Remove unused variables/define 5 years ago
Jeff Lucovsky 92e2e2ec8d log: remove unused include files 5 years ago
Jeff Lucovsky 60658cbe01 output/flow: Eliminate unnecessary parameter 
This commit removes a parameter to an internal-only function call.
Removing the parameter allows an JSON builder optimization to be used.
 5 years ago
Jeff Lucovsky 4aa7c988e8 output/netflow: Eliminate unneeded parameter 
This commit changes an internal-only function to remove a parameter
that's invariant in all use cases. This allows an JSON builder
optimization to be used.
 5 years ago
Philippe Antoine 1569f3e349 transform: adds url_decode keyword 
Fixes https://redmine.openinfosecfoundation.org/issues/2689

Adds a new source file to handle this keyword.
And modifies documentation, Makefile, and registration accordingly.

url_decode decodes url-encoded data, ie replacing '+' with space
and '%HH' with its value.
 5 years ago
Victor Julien 4c8af9cb96 stream: fix endless loop in traffic with gaps 5 years ago
Victor Julien 9b13c1b804 flow: avoid double state update on reuse 
Avoids an unnecessary atomic operation.
 5 years ago
Victor Julien fd2dff8542 flow: minor cleanups 5 years ago
Victor Julien 7bf000731c flow: validate emergency timeout settings 
Make sure they are below the regular values.
 5 years ago