aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,412 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '76c71a9120'
${ noResults }
Commit Graph

14412 Commits (76c71a9120a3f1f66b2fd38e21a84b3c9283133a)
 

Author SHA1 Message Date
Victor Julien 50dba4665d detect/urilen: support HTTP/2 
Ticket: #5931.
 2 years ago
Victor Julien 09348564f0 eve/drop: don't log drops unless packet is dropped 
In pass/drop combinations where the pass rule took precendence over
the drop, a "drop" false positive could still be logged due to the
storing of the drop record in the packet drop alert store.

Bug: #5867.
 2 years ago
Victor Julien 9b4fb63a7b detect/mpm: minor code cleanups 2 years ago
Victor Julien d518416f0d detect: apply within as depth where possible 
The rule lang allows for within and distance to act as depth/offset,
but internally this was not handle the same way. This patch converts
within/distance w/o a prior pattern to depth/within.
 2 years ago
Victor Julien 5254a88e1e detect/offset: minor code cleanups 2 years ago
Victor Julien 33bee20d3d detect/content: refactor limit propagation 2 years ago
Victor Julien 8831ae9be7 detect/distance: minor code cleanups 2 years ago
Victor Julien c945eff66e detect/within: minor code cleanups 2 years ago
Victor Julien 8de2948df8 detect/analyzer: fix lists names 
Simpler names that lead to cleaner json.
 2 years ago
Victor Julien 325000ca2b detect/analyzer: add byte_test/byte_jump detail 2 years ago
Victor Julien 105dd636cb detect/analyzer: add content relative_next flag 2 years ago
Victor Julien 2b85ab0ba1 detect/analyzer: add more pcre detail 2 years ago
Victor Julien e624328deb detect: split mpm per alproto for file.data & others 
Instead of a shared mpm context for just "file.data" or "file.magic"
use per alproto mpms. This way http file.data rules won't affect smb
file.data performance.

Ticket: #4378.
 2 years ago
Victor Julien a806445abf mpm factory: include alproto 
In preparation of spliting out mpm's for keywords shared by
multiple protocols, like file.data.
 2 years ago
Philippe Antoine 416a780f69 jsonschema: do not enforce keys for alert metadata 
As this is a free field and can have any key based on a rule
 2 years ago
Philippe Antoine 8f9cd8ff1a doc: security.limit-noproc upgrade note 
Ticket: #5621
 2 years ago
Lukas Sismis 4f3e1279f5 github-ci: Add Netmap build to GH actions 
Issue: #5803
 2 years ago
Jason Ish 0533737726 smtp: apply suricata.yaml defaults to in-code defaults 
Currently the default suricata.yaml sets some values that do not
reflect the default values in the code. As most users are probably
using a default suricata.yaml, make the code have the same defaults as
in suricata.yaml:

- mime.decode-mime: false -> true
- mime.decode-base64: false -> true
- mime.decode-quoted-printable: false -> true
- mime.extract-urls: false -> true

Issue: #5823
 2 years ago
Jason Ish 3a44197183 schema: add "message_id" to email 2 years ago
Jason Ish 3d92990c6f conf: document ConfGetChildValueBool 2 years ago
Gabriel Lima Luz b43357eb26 detect-lua: Convert unittests to FAIL/PASS API 
Ticket: 4051
 2 years ago
Jason Ish bdd889899f source-xdp: only allow busy poll if headers support it 
Wrap the enabling of busy poll in a compile time conditional checking
for the required defines to be set. While we have runtime support for
kernels less than 5.11, we also need a compile time check as the headers
may be old as well.

Issue: 5855
 2 years ago
Jason Ish b734676617 github-ci: add Debian 11 builder with XDP 2 years ago
Jason Ish bf079c9214 schema: fix optional 
"optional" is not part of jsonschema. Instead an array named "required"
is used to list all field names that are required.
 2 years ago
Jason Ish 49ba378d38 schema: fix engines section 
The definition of items is an object, not an array.
 2 years ago
Jeff Lucovsky 2dbcbb2a2a nflog/time: Fixup timestamp handling 
Issue: 5818

This commit corrects the timestamp handling for the packet to work with
the SCTime_t struct.
 2 years ago
Jason Ish 159b72c101 rust/clippy: allow derivable impls 
The latest Rust will automatically "fix" derivable default
implementation, which is nice, but makes changes that don't meet our
current MSRV, so allow derivable impls for now.
 2 years ago
Victor Julien 1726bd643c detect/app-layer-event: simplify parsing code 
Simpler and fully local parsing code.

Remove unittests that relied on previous implementation. Code
is tested by SV tests.
 2 years ago
Victor Julien 0c8646959e detect/analyzer: add transform names 2 years ago
Shivani Bhardwaj c089bbb7d7 util/mime: use uint32_t for consumed bytes 
In a case of the line buffer being over 255 bytes, the consumed bytes
would reset to 0 as it was uint8_t. Fix this integer overflow by setting
the type to uint32_t.

Redmine ticket: 5883
 2 years ago
Shivani Bhardwaj 0f3e7761da doc: add dataset examples 2 years ago
Shivani Bhardwaj 901e99fa95 detect: add comments for DETECT_SM_LIST_* types 2 years ago
Jason Ish c6c781ef67 config: put version in configuration as a proper value 
Adds a new field, "suricata-version" to the configuration file with
the major and minor version of the Suricata that generated the
configuration file.

This may be useful in the future for presenting warnings about
important changes, or even providing different defaults based on what
the user might expect.

Ticket: 5822
 2 years ago
Jeff Lucovsky 2d28c09ea1 pfring: Packet structure for ts fix 
Issue: 5818

This commit addresses the issue with using the address of a packed
member of a structure. The pfring timeval is within a packed structure.
 2 years ago
Jeff Lucovsky 056c13c417 pfring/time: Track stat output with SCTime_t 
Issue: 5818

This commit changes the datatype of the tracking value for the last time
stats were dumped.

Changing the type also eliminates a comparison between values with
different signs.
 2 years ago
Jeff Lucovsky 59ab1c20ec time: SCTime additions -- neq, initializer 
Issue: 5818

This commit adds an initializer for the SCTime_t type and a comparison
macro for "not equal".

Use them as follows:
    SCTime_t my_var = SCTIME_INITIALIZER;
    if (SCTIME_CMP_NEQ(sctime1_val, sctime2_val)) {
    }
 2 years ago
Lancer Cheng 08b17e9778 eve: add version and warning in ntlmssp 
Bug OISF#5783
 2 years ago
Lancer Cheng 6142593a69 doc: add version filed in NTLMSSP documentation 
Bug OISF#5783
 2 years ago
Lancer Cheng 9207012e4b smb: fix parser of ntlmssp negotiateflags 
Fix endian-conversion bug in function parse_ntlm_auth_nego_flags

Bug OISF#5783
 2 years ago
Jeff Lucovsky cb174e4fd9 log/thread: Consolidate threaded file tracking 
Issue: 5836

This commit removes the duplicate threaded file tracking from the log
file mechanisms.

Tracking is now consolidated with the threaded hash table.
 2 years ago
Jeff Lucovsky 99b7257ef6 log: Stop if log initialization fails at startup 
Issue: 5836

This commit modifies Suricata to fail if log initialization errors occur
during startup.
 2 years ago
Victor Julien 8746fbe07e stream: add seq min and max; use in segment compare 2 years ago
Victor Julien cbcd70537a stream: fix overlap detection 
If a in-tree segment was partly before base_seq the overlap detection
miscalculated the data offset. This lead to memcmp comparing the wrong
data.

Bug: #5881.
 2 years ago
Victor Julien ceebd6e904 stream: reuse TCP session after TFO SYN+data reject 2 years ago
Victor Julien ee76b27535 eve/stream: log tcp reuse flag in packets 2 years ago
Victor Julien 2bb1e5a38a flow: remove unused tcp reuse flow flag 2 years ago
Victor Julien 7ef57cc7cb stream: support SYN/ACK with TFO only ack'ing ISN 
Not ack'ing the data.
 2 years ago
Victor Julien 7e6154a26f stream: add counter for acks for unseen data 
This is another indicator for packet loss or strange captures.
 2 years ago
Victor Julien 37e694b5b8 eve/stream: ack unseen data 2 years ago
Victor Julien b7739bfdba stream: flag ACKs that ack segments after next_seq 
Avoid this for async streams.
 2 years ago