suricata

Commit Graph

Author	SHA1	Message	Date
Jason Ish	2ac16ee1a6	detect: break apart sigtable setup and initialization Allows initialization to be done early, so the table is ready for dynamic registration by plugins which are loaded before signature setup.	8 months ago
Philippe Antoine	63324b7368	transforms: move urldecode to rust Ticket: 7229	9 months ago
Philippe Antoine	8984bc6801	transforms: move xor to rust Ticket: 7229	9 months ago
Philippe Antoine	45e0acf772	transforms: move http headers transforms to rust Ticket: 7229	9 months ago
Philippe Antoine	f0414570d2	transforms: move casechange to rust Ticket: 7229	9 months ago
Philippe Antoine	0e5b49d20f	transforms: move hash transforms to rust md5, sha1 and sha256 Ticket: 7229	9 months ago
Philippe Antoine	71da38e702	transforms: move dotprefix to rust Ticket: 7229	9 months ago
Philippe Antoine	966f659201	transforms: move compress_whitespace to rust Ticket: 7229	9 months ago
Philippe Antoine	4985ebc0e0	transforms: move strip_whitespace to rust Ticket: 7229	9 months ago
Philippe Antoine	96c8470cdd	template: move detect keywords to pure rust Ticket: 3195 Also remove unused src/tests/detect-template-buffer.c Completes commit `4a7567b3f0` to remove references to template-rust	10 months ago
Giuseppe Longo	969f4d131f	sip: rustify sticky buffers Ticket #7204	10 months ago
Philippe Antoine	62a186ceef	detect/rfb: move keywords to rust Ticket: 7178 On the way, convert rfb.secresult to a generic integer with enumeration cf ticket 6723	12 months ago
Philippe Antoine	0a1062fad2	detect/mqtt: move keywords to rust Ticket: 4863 On the way, convert some keywords to use the first-class integer support. And helpers for pure rust the support for multi-buffer. Move the C unit tests about keyword mqtt.protocol_version to unit tests for generic integer parsing, and test version 5 instead of testing twice version 3. Also iterate all tx's messages for reason code as is done for other keywords. And allow detection on empty topics.	1 year ago
Jeff Lucovsky	f042e9034b	detect/transform: Add from_base64 transform Issue: 6487 Implement the from_base64 transform: [bytes value] [offset value] [mode strict\|rfc4648\|rfc2045] The value for bytes and offset may be a byte_ variable or an unsigned integer.	1 year ago
Victor Julien	3d059611c3	detect: add tls.alpn keyword Ticket: #7108.	1 year ago
Philippe Antoine	4fe3f04fa3	detect/enip: move keywords to rust Ticket: 4863	1 year ago
Philippe Antoine	ce1eea4ad6	detect/websocket: move keywords to rust Ticket: 4863	1 year ago
Philippe Antoine	16952d67e7	detect/dhcp: move keywords to rust Ticket: 4863	1 year ago
Philippe Antoine	ae72376ebe	detect/snmp: move keywords to rust Ticket: 4863 On the way, convert unit test DetectSNMPCommunityTest to a SV test. And also, make snmp.pdu_type use a generic uint32 for detection, allowing operators, instead of just equality.	1 year ago
Philippe Antoine	4bbe7d92dc	detect: helper to have pure rust keywords detect: make number of keywords dynamic Ticket: 4683	1 year ago
Philippe Antoine	82c03f72c3	enip: convert to rust Ticket: 3958 - transactions are now bidirectional - there is a logger - gap support is improved with probing for resync - frames support - app-layer events - enip_command keyword accepts now string enumeration as values. - add enip.status keyword - add keywords : enip.product_name, enip.protocol_version, enip.revision, enip.identity_status, enip.state, enip.serial, enip.product_code, enip.device_type, enip.vendor_id, enip.capabilities, enip.cip_attribute, enip.cip_class, enip.cip_instance, enip.cip_status, enip.cip_extendedstatus	1 year ago
Shivani Bhardwaj	83af42cc03	detect/tls-subjectaltname: add sticky buffer Add TLS SubjectAltName sticky buffer. It is implemented as multi-buffer. Feature 5234	1 year ago
Philippe Antoine	44b6aa5e4b	app-layer: websockets protocol support Ticket: 2695	1 year ago
Sascha Steinbiss	120313f4da	ja4: implement for TLS and QUIC Ticket: OISF#6379	1 year ago
Hadiqa Alamdar Bukhari	3aa313d0c5	dns: add dns.rcode keyword dns.rcode matches the rcode header field in DNS messages It's an unsigned integer valid ranges = [0-15] Does not support prefilter Supports matches in both flow directions Task #6621	1 year ago
Hadiqa Alamdar Bukhari	4b81851097	dns: add dns.rrtype keyword It matches the rrtype field in DNS It's an unsigned integer match valid ranges = [0-65535] Does not support prefilter Supports flow in both directions Feature #6666	1 year ago
jason taylor	3cb7112aa5	detect: update smb.version keyword Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Eloy Pérez González	415722dab2	smb: add smb.version keyword Ticket: #5075 Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Philippe Antoine	adf5e6da7b	detect: strip_pseudo_headers transform Ticket: 6546	2 years ago
Jason Ish	5d5b0509a5	requires: add requires keyword Add a new rule keyword "requires" that allows a rule to require specific Suricata versions and/or Suricata features to be enabled. Example: requires: feature geoip, version >= 7.0.0, version < 8; requires: version >= 7.0.3 < 8 requires: version >= 7.0.3 < 8 \| >= 8.0.3 Feature: #5972 Co-authored-by: Philippe Antoine <pantoine@oisf.net>	2 years ago
Jason Ish	482325e28b	dns: add dns.query.name sticky buffer This buffer is much like dns.query_name but allows for detection in both directions. Feature: #6497	2 years ago
Jason Ish	5f99abb0cb	dns: add dns.answer.name keyword This sticky buffer will allow content matching on the answer names. While ansers typically only occur in DNS responses, we allow the buffer to be used in request context as well as the request message format allows it. Feature: #6496	2 years ago
Victor Julien	53591702aa	detect/bytemath: pass match ctx directly Adjust includes to enable this.	2 years ago
Philippe Antoine	32cce122e1	detect: header_lowercase transform Ticket: 6290	2 years ago
Sascha Steinbiss	0c55fe3515	detect: add mqtt.connect.protocolstring Ticket: OISF#6396	2 years ago
Jeff Lucovsky	1110a86cb9	detect/transform: Register case-change transforms Issue: 6439	2 years ago
Philippe Antoine	ab9b6e30b1	detect: adds flow integer keywords Ticket: #6164 flow.pkts_toclient flow.pkts_toserver flow.bytes_toclient flow.bytes_toserver	2 years ago
Jeff Lucovsky	2fd0025ede	detect/file: Filehandler registration logic Add file handler registration functions for consolidated file handling. Issue: 4145	2 years ago
Victor Julien	9b09b29350	detect/fileext: reimplement based on file.name Ticket: #6194.	2 years ago
Philippe Antoine	415b036dca	http1: implement http.request_header So that it is generic for HTTP1 and HTTP2 Ticket: #5780	2 years ago
Victor Julien	b31ffde6f4	output: remove error codes from output	3 years ago
Jason Ish	8683154115	templates: remove C app-layer templates	3 years ago
Eric Leblond	7e516aad94	detect: add ip.src keyword It is a sticky buffer matching on src_ip. Feature: #5383	3 years ago
Eric Leblond	9cb06d4376	detect/smb: add smb.ntlmssp_domain keyword Feature #5411.	3 years ago
Eric Leblond	69ef1bc194	detect/smb: add smb.ntlmssp_user keyword Feature #5411.	3 years ago
Philippe Antoine	390cf9248f	detect: adds flow.age keyword Ticket: #5536	3 years ago
Victor Julien	682e2a07fe	detect/tls: add tls.cert_chain_len keyword	3 years ago
Victor Julien	e250ef6402	debug: remove empty header	3 years ago
Philippe Antoine	5ef259722b	dhcp: adds renewal-time keyword Ticket: #5507	3 years ago
Philippe Antoine	6faf6299e0	dhcp: adds rebinding-time keyword Ticket: #5506	3 years ago

1 2 3

134 Commits (820a3e51b752867da1322f29d542e5844bb6e727)