aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,102 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75727c05e0'
${ noResults }
Commit Graph

11102 Commits (75727c05e0502d32b76bc9720212475905793dd1)
 

Author SHA1 Message Date
Victor Julien 75727c05e0 doc/manpage: add --reject-dev option 5 years ago
Victor Julien 82ac72782d doc/userguide: update app-proto list 5 years ago
Victor Julien e6330c354d doc/userguide: list valid rule actions 5 years ago
Victor Julien 14e1a342ac reject: support single vlan layer 
Support sending RST/ICMP errors for packet with a single VLAN header.
 5 years ago
Victor Julien 9f3f07dd97 reject: get MTU for reject-dev and use it 5 years ago
Victor Julien 498ae0180b reject: minor optimization of reset entry code 5 years ago
Victor Julien 279865b145 reject: remove L3 from function names 5 years ago
Victor Julien c594d0c1ad reject: allow configuration of the reject interface 
Using the '--reject-dev <dev>' commandline option. This is a global option
that applies to all 'reject' actions.

If the interface specified is using ethernet, libnet will use the faster
L2 (link) layer. Suricata sets up the ethernet header based on the packet.

When the interface is specified, cache libnet_t ctx for (much) better
performance.
 5 years ago
Victor Julien 604aa65c80 reject: don't respond to tunnel packets 5 years ago
Victor Julien a6ed9b11d5 reject: check tcp header sooner to avoid potential leak 5 years ago
Victor Julien 1b042cf108 reject: optimize and simplify run test 5 years ago
Victor Julien 66257f37eb reject: never return error 
Errors by thread modules are not handled.
 5 years ago
Jason Ish b8d1677b9c file-hash-common: fix rule_file truncation 
Loading file hash lists uses dirname(3) on the
de_ctx->rule_file which modifies the contents,
removing the last part of the path. So on subsequent
calls the rule_file no longer contains the rule_file,
but instead just the directory name.

Mostly noticed when using "-S" with rule files outside
of the default-rule-path which requires more hunting for
the rule file.
 5 years ago
Jeff Lucovsky 648bd5afff output/ftp: Use "Eve" prefix with FTP helpers 
This commit changes the prefix of the FTP helper routines from Json to
Eve.
 5 years ago
Jeff Lucovsky 1f19ab1013 output/eve: Remove unused helper function 
This commit removes an unused helper function no longer required/used
after conversion to JsonBuilder.
 5 years ago
Jeff Lucovsky 03de315bc2 ftp/eve: Convert FTP logging to use JsonBuilder 
This commit converts the FTP logging mechanisms to use JsonBuilder.
 5 years ago
Shivani Bhardwaj a7535099b4 smb/eve: convert to jsonbuilder 
Closes redmine ticket 3712.
 5 years ago
Jeff Lucovsky d14a14fa13 output/anomaly: Use helpers for string output 5 years ago
Jeff Lucovsky 9097df3a3b output/flow: Use helpers for string output 5 years ago
Jeff Lucovsky ff92745851 output/json: Include fileinfo in alerts 
This commit adds fileinfo to alerts when `metadata` is configured.
 5 years ago
Jeff Lucovsky cc99f95ecd json: macro for setting formatted false value 5 years ago
Jeff Lucovsky ae50d1a225 output/json: Refactor file output helper 
This commit creates a common file output helper function based on the
logic in output-file-info.c:BuildBuildFileInfoRecord

The refactored helper will be used to create "fileinfo" information
during the alert output path.
 5 years ago
Shivani Bhardwaj f2dbee4787 util: check if parsed data is in range 5 years ago
Shivani Bhardwaj 2162c52b17 src: remove multiple uses of atoi 
atoi() and related functions lack a mechanism for reporting errors for
invalid values. Replace them with calls to the appropriate
ByteExtractString* and StringParse* functions.

Partially closes redmine ticket #3053.
 5 years ago
Shivani Bhardwaj 271e33fbaa affinity: Convert nb_threads to uint32_t 5 years ago
Shivani Bhardwaj a516435443 napatech: make stream_id uint8_t 5 years ago
Shivani Bhardwaj f4c9d33923 redis: Change port type to uint16_t 5 years ago
Jason Ish 639f3d265e rust: lock to nom 5.1.1 
5.1.2 pulls in dependencies that don't build on Rust 1.34.
 5 years ago
Victor Julien 79681bf655 app-layer: remove old MPMId API calls 
Had been deprecated and non-functional since 2017.
 5 years ago
Jason Ish 74053f43cb json: macros for setting formatted true and string values 
JB_SET_TRUE(jb, key), and JB_SET_STRING(string, key, val) are C macros
around jb_set_formatted to set static string and true values as a
(micro) optimization.
 5 years ago
Jason Ish a545cdef6a jsonbuilder: setter for formatted data 
Create a method to set preformatted data that contains the key
and the value already formatted.

This is an optimization for static data.
 5 years ago
Jason Ish e3b7c58218 jsonbuilder: export {set,append}_string_from_bytes to C 5 years ago
Jason Ish f184bcc10e jsonbuilder: use Box::from_raw instead of transmute to free 
I think this is a bad use of transmute, while the end result
is the same, Box::from_raw is more correct as we created this
pointer with Box::into_raw.
 5 years ago
Philippe Antoine e5d4332ede signature: adds file flag for file_data keyword 
So that SigValidate can check if a protocol not supporting
files was set after this keyword
 5 years ago
Philippe Antoine baf5f52f22 ssh/eve: convert to jsonbuilder 5 years ago
Jeff Lucovsky 5e4aa5b851 doc: Improve tos description 
This commit improves the description of the `tos` keyword by emphasizing
that the value used should adhere to the guidelines in RFC2474. Instead
of specifying the DSCP value directly, right shift the DSCP value and
use that.
 5 years ago
Jeff Lucovsky 3005dca3fd doc: pcrexform documentation 5 years ago
Jeff Lucovsky a0b81b3c9d detect: Register pcrexform 
This commit registers the `pcrexform` transform.
 5 years ago
Jeff Lucovsky 66d15710b8 transform/pcrexform: Add pcrexform source files 5 years ago
Jeff Lucovsky c1875d8532 detect/pcrexform: New transform: applies RE 
This commit adds a new transform -- pcrexform -- that applies a regular
expression to the transformation buffer. If an expression was captured,
that is output to the transformation buffer. Otherwise, the
transformation buffer is unchanged.
 5 years ago
Jeff Lucovsky c8eca52804 detect: Add constant for new transform 
This commit adds the definition of the new `pcrexform` transform.
 5 years ago
Jeff Lucovsky 5d10db88bc detect/transform: Support transform options 
This commit adds support for transform-specific options. During Setup,
transforms have the signature string available for options detection.
When a transform detects an option, it should convert the option into an
internal format and supply a pointer to this format as the last argument
to DetectSignatureAddTransform.

Transforms that support options must provide a function in their
Sigmatch table entry. When the transform is freed, a pointer to the
internal format of the option is passed to this function.
 5 years ago
Jeff Lucovsky b569670c33 general: Correct typos 5 years ago
Jeff Lucovsky 4407cf8979 general: Update copyright year 5 years ago
Emmanuel Thompson be3379f00e detect/asn1: Fix relative_offset keyword option 
- Fix relative_offset keyword option to be relative in regards to the
last content match
- Change relative_offset to int32_t with bounds check to allow the full
range of the packet buffer size (uint16_t)
- Added checks for over/underflows
- Changed the offset type to uint16_t because the offset is applied to
the payload length, which is a uint16_t
- Adjusted test cases to work relative to the content match
- Added test case to verify bounds
 5 years ago
Eric Leblond f5e2968f12 redis: ensure a dump per second 
In sync mode, Suricata was waiting to have batch size alerts before
logging them. This was introducing delay in some configuration with
low traffic.
 5 years ago
Eric Leblond ec8eba28a8 redis: fix reconnect in batch mode 
In case of redis outage, the redis session was reset but the replies
were still fetch even if there is none replies in the new session.
 5 years ago
Eric Leblond 025de61f43 redis: add support for unix socket 
If there is a '/' in the redis server string then we consider that
the connection should be done other a unix socket.
 5 years ago
Joshua Lumb 82fb72678f cmdline: --list-app-layer-protos respects -c arg 5 years ago
Victor Julien a4568a634d htp: enforce body limits more exact 5 years ago