aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,084 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '77119a3186'
${ noResults }
Commit Graph

6084 Commits (77119a31863ee9cc3bedcd8abf007914ba7942cc)
 

Author SHA1 Message Date
Victor Julien 3e14aa729a detect-state: remove/hide BUG_ON statements 10 years ago
Victor Julien b7f1e9e370 file extract: add app_proto to logging 10 years ago
Victor Julien 925aac854e alproto: improve AppProtoToString 
Make AppProtoToString compilation fail on missing 'case's.
 10 years ago
Eric Leblond 0bafc71689 app-layer: add modbus to AppProtoToString 
It was missing causing protocol identified as modbus not to be
displayed in netflow events.
 10 years ago
Victor Julien ebb42f831c suppress: add track by_either mode 
So far suppress rules would apply to src or dst addresses of a packet.
This meant that if a ip would need to suppressed both as src and as dst,
2 suppress rules would be needed.

This patch introduces track by_either, which means that the ip(s) in the
suppress rule are tested against both the packets source and dest ip's.
If either of them is on the suppress list, the alert is suppressed.
 10 years ago
Victor Julien e85a44c383 suppress: support ip-lists 
Ticket: 1137

Support supplying a list of IP's to the suppress keyword. Variables from
the address-groups and negation is supported. The same logic (and code) is
used that is also used in parting the IP portions of regular detection
rules.
 10 years ago
Jason Ish 26fc5682ad hostbits: ignore leading and trailing white space 
Ignore leading and trailing space around the name and
direction tokens.
 10 years ago
Jason Ish 7c40c73482 json-stats: reorg threads and totals 
Totals are now placed at the top level instead of under a "Total"
object.

Threads are placed under a "threads" object.
 10 years ago
Jason Ish 1f2caf78c3 json-stats: log uptime in seconds, instead of a string 10 years ago
Jason Ish 0f1dd0d7ea flowbits: strip leading and trailing spaces in name 
Redmine bug 1481. Strip leading and trailing white space. Factor
out parsing from setup while in here.
 10 years ago
Zachary Rasmor 0edf28a4f8 Add Feature #1454. Generic eve-log prefix support. 10 years ago
Victor Julien a083513c49 decode: optimize DecodeThreadVars layout 
Put common counters on the first cache line. Please the flow output
pointer last as it's use depends on the flow logging being enabled
and even then it's only called very rarely.
 10 years ago
Victor Julien fe5a85aea0 decode: add erspan counter 10 years ago
Victor Julien 928957f0a3 decode: add ERSPANv1 decoder 
Only allow v1 to be parsed as thats what is tested.

Take vlan_id from the ERSPAN layer.
 10 years ago
Victor Julien aa6b24f814 decode: clean up tunnel decode logic 
Don't use mix of existing and custom types to indicate the next
layer.
 10 years ago
Victor Julien ef7cd043cc detect: various header cleanups 10 years ago
Victor Julien 5483b800c5 detect: remove struct/union tricks from Signature 10 years ago
Victor Julien 8949054212 detect: remove unused match_flags from inspect engines 10 years ago
Victor Julien 9fa2f85cc7 http: improve body pruning 
Take inspect window into account.
 10 years ago
Victor Julien 0bbc818b2d http: fix body tracking 
In HTTP body tracking for response bodies, pruning body chunks was broken
as the body parsing code wouldn't update HtpBody::body_parsed.
 10 years ago
Victor Julien 3203555708 http-client-body: create unittest util func 10 years ago
Eric Leblond d837562441 logging: fix modules ordering during logging 
With the previous code the order of the logging modules in the
YAML were determining which module was run first. This was not
wished and a consequences was that the EVE fileinfo module was
not correctly displaying the key 'stored' because it was
depending on a flag set alter by the filestore module.

This patch adds a priority file to the TmModule structure. The
higher the priority is set, the sooner the module is run in the
logging process. The RunModeOutput structure has also been
updated to contain the name of the original TmModule. Thus allowing
to define a priority for a RunModeOutput.

Currently only the filestore has a priority set. The rest of them is
set to the default value of zero.
 10 years ago
Eric Leblond be07620a60 output-lua: sync variable name with yaml 
'script-dir' was used in the code but we had 'scripts-dir' in the
configuration file. This patch fixes it to 'scripts-dir'.
 10 years ago
Jason Ish ae23144b67 --set - handle spaces on either side of '=' 
Discard spaces when provided as part of --set around the '='. For
example, "val=key", "val = key", "val= key" and "val =key" are
all equivalent now.
 10 years ago
Jason Ish d9fe95bc8a conf - function declaration style 
Use consistent style - function return type and declaration on
same line.
 10 years ago
DIALLO David 0a4fd39f9c modbus: fix heap-buffer-overflow in Modbus parser 
Modbus parser does not check length to extract/read data (read or write address,
quantity of data, etc.) that should be present.

In case of malformated data (invalid length in header), Modbus parser reads data
over the input data length.

Add check before extracting/reading data from input buffer to avoid head buffer
overflow.
 10 years ago
Victor Julien 07efec550d counters: use ptr to name instead of copy 
All counters have hardcoded names, so copies are not needed.
 10 years ago
Victor Julien 7e66c70507 counters: don't run if no counters have been registered 10 years ago
Victor Julien cb5aa8f8d5 counters: work around unix-socket init issues 10 years ago
Victor Julien e48153c6b0 counters: make threads cleanup all memory 10 years ago
Victor Julien 81548ae3e8 counters: clean up global context 10 years ago
Victor Julien 84b8829cb4 counters: turn flow.memuse into a global counter 10 years ago
Victor Julien 0a262acdfb counters: make DNS counters globals 10 years ago
Victor Julien ac069c579a counters: make tcp.memuse a global counter 10 years ago
Victor Julien cddbb0f606 http: make http.memuse a global counter 
http.memcap as well.
 10 years ago
Victor Julien f05d0692ef counters: remove references to 'perf' counters 10 years ago
Victor Julien faef92f8da counters: remove last and now unused tm_name reference 10 years ago
Victor Julien 83f27ae2a5 counters: remove old unix socket json logic 10 years ago
Victor Julien 41ead6611a counters: minor internal API cleanups 10 years ago
Victor Julien d2a9ef2680 counters: rename unparsable SCPCAElem to StatsLocalCounter 10 years ago
Victor Julien 4c3ccda72e counters: minor header cleanup 10 years ago
Victor Julien 752f03e7a4 counters: remaining s/SCPerf/Stats/g 10 years ago
Victor Julien 4362d0a6e9 counters: s/SCPerfPrivateContext/StatsPrivateThreadContext/g 10 years ago
Victor Julien 628c3b1bc7 counters: s/SCPerfPublicContext/StatsPublicThreadContext/g 10 years ago
Victor Julien 7e70f136ec counters: various renames and cleanups 10 years ago
Victor Julien 30cce2bd29 counters: s/SCPerfCounterSetUI64/StatsSetUI64/g 10 years ago
Victor Julien 1c0b4ee0ae counters: s/SCPerfCounterIncr/StatsIncr/g 10 years ago
Victor Julien 8992275b0c counters: s/SCPerfCounterAddUI64/StatsAddUI64/g 10 years ago
Victor Julien 60d9eb6790 counters: clean up defines 10 years ago
Victor Julien 1ef786e7cb counters: rename register API calls 
Also remove 'type' parameter which was always the same.
 10 years ago