aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,234 Commits
7 Branches
155 Tags
201 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8d20b40cdd'
${ noResults }
Commit Graph

13234 Commits (8d20b40cdd3c8e911b0c4b06fb4fdc999b2d5c7c)
 

Author SHA1 Message Date
Victor Julien ffef10c5d7 detect: address parsing variable rename to match code style 3 years ago
Victor Julien 51ef6f4e3a detect/iponly: remove unused code 3 years ago
Juliana Fajardini 6ccc01a79c rust: fix doc comments that trigger rust warnings 
Rust generates warnings that are treated as errors for documentation
blocks before `extern` blocks.
 3 years ago
dependabot[bot] fbbf23b930 github-actions: bump ossf/scorecard-action from 1.0.4 to 1.1.0 
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 1.0.4 to 1.1.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](c1aec4ac82...5c8bc69dc8)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Victor Julien f4f63ebff8 stream: add packet header outside of lock 3 years ago
Victor Julien 419920288c log/pcap: open handles outside of lock 3 years ago
Scott Jordan c751c45850 log/pcap: add buffer timeout 
Set timeout for pcap log so that packets do not sit
in buffer. Set default to one second.
 3 years ago
Scott Jordan 2bf3172dd1 stream: memcap tracking for TcpSegment alloc 3 years ago
Eric Leblond 47a5e6356d log/pcap: handle case of multiple link types 3 years ago
Eric Leblond 2c2fc6cd91 flow: set datalink for pseudo packet 
Set pseudo packet datalink to the global one. This fixes the case
where the pcap handle is open with information coming from a
pseudo packet. Without this, we did end up in most cases with
an Ethernet packet being written in a Raw pcap.
 3 years ago
Eric Leblond 1c2fba57f8 suricata: introduce global linktype 
As Suricata is not supporting pcap-ng we have to stick with one single
datalink type for the capture if ever we want to do pcap logging.
Assuming this, this patch introduces a function to set the link
type globally. This will be used with pcap conditional logging
to get the logging of TCP segments with the correct link type.
 3 years ago
Eric Leblond 584136ecb7 log/pcap: log segments for pseudo packets 3 years ago
Eric Leblond 8f0ef48e82 log/pcap: fix conditional pcap in tag mode 
We were missing the first packet when using condition pcap logging
in tag mode as it was not tagged. As a result we were not getting
the stream data triggering the alert in the pcap file.
 3 years ago
Eric Leblond 9f4d59b3f7 detect/tag: add a tag for first packet 
We may need to know that a packet has been tagged but is the
first one (and thus is not tagged).
 3 years ago
Scott Jordan 6cfc3343e7 log/pcap: dump segments of both sides of tcp session. 
This patch updates tcp segment dumping to dump segments
from both sides of the session in order when capturing
alerts and tags.
 3 years ago
Eric Leblond 6f06f7c22c doc: add info about capture_file key 3 years ago
Eric Leblond faab853685 log/pcap and eve/alert: get pcap filename to support multi mode 
This patch adds a function to get the current pcap file name that
will be used to current packet. This patch also  updates EVE
alerts to add pcap output filename when pcap capture is done in
multi or normal mode.
 3 years ago
Eric Leblond 2317fd83ef log/pcap: fix typo in error message 3 years ago
Eric Leblond 3908166f91 stream: count realloc in memcap 
TCP memory cap was not taking into account the memory that can
be used by realloc of Packet headers in TCP segments.
 3 years ago
Eric Leblond 0f14c55e52 log/pcap: update copyright date 3 years ago
Eric Leblond 0c7e4c13a1 doc: add conditional pcap logging info 3 years ago
Eric Leblond 58ef7bcdee log/pcap: introduce tag as logging condition 
This patch adds the tag as logging condition. If this option is
used all tagged packets are written to the pcap.
 3 years ago
Eric Leblond 626fce0712 log/pcap: fix some indentation and white spaces 3 years ago
Eric Leblond cc04eef007 log/pcap: add support for tunnel logging 
In alert mode, we need to write the root packet to the pcap
file instead of the packet that did trigger the alert.
 3 years ago
Eric Leblond e7b1c52c1c log/pcap: add existing stream logging 
This patch update the alert mode of pcap logging.

It uses the packet header data added to the TCP segments
to build packets corresponding to the acked data that did trigger
the alert. It then write it to the pcap file before starting to
dump all packet for the flow that did alert.
 3 years ago
Eric Leblond b416a4455c stream: conditionally add packet header to segment 
This patch optionally adds packet header to the TCP segment
and update the for each segment function by changing the
callback.

This patch is based on the work by Scott Jordan <scottfgjordan@gmail.com>
 3 years ago
Eric Leblond 435557ee7f detect: add flag when packet is first with alert 
We add a flag to packet to be able to know if this packet was the
first one to get alerts on the flow.
 3 years ago
Eric Leblond 412ca5d64c log/pcap: add PcapWrite function 
It will be used later when multiple writing operations will be
necessary.
 3 years ago
Eric Leblond 4cab5e5262 log/pcap: conditional logging 
Add an option to only write to pcap packets with alerts and flow
that have alerted.
 3 years ago
Jason Ish 0b51022337 github-ci: remove fedora 34 build 
Fedora 34 goes EOL in early June. The checks in this build are already
covered by the 35 and 36 builds.
 3 years ago
Jason Ish 49647ad120 github-ci: bump fedora versions 
35 -> 36
34 -> 35
33 -> 34
 3 years ago
Jason Ish 3ea6572e22 rules: use primary default-rule-path if set on command line 
When reloading rules, respect `--set default-rule-path=...` from the
command line if set.

Previously the rule reload would always take the default-rule-path from
the configuration file, even if overrided on the command line.

Issue: #1911
 3 years ago
Juliana Fajardini 28ac75b505 detect/alert: directly increment alerts.discarded 
In the unlikely case of AlertQueueExpand failure, we were incrementing
the discarded alerts stats in AlertQueueAppend via the Packet member in the
DetectEngineThreadCtx, which may not be initialized yet.

Bug #5353
 3 years ago
Philippe Antoine d745d28d4a dcerpc: use vecdeque tx iterator 
Ticket: #5321
 3 years ago
dependabot[bot] 477a6f3dd2 github-actions: bump github/codeql-action from 2.1.9 to 2.1.11 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.1.9 to 2.1.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](7502d6e991...a3a6c128d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
dependabot[bot] 90573dc9d4 github-actions: bump actions/upload-artifact from 3.0.0 to 3.1.0 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](6673cd052c...3cea537223)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 years ago
Philippe Antoine 3051f7f23f protodetect: use both directions over UDP 
As is already done for TCP

Ticket: #2757
 3 years ago
Philippe Antoine edd163252d protodetect: be more tolerant 
Do not mask protocols on both directions with only first packet

For instance :
When the first packet is no valid DNS but on port 53 (a junk request)
second packet (error response from server) does not get checked for DNS
as first packet bit masked away DNS for both directions

Ticket: #2757
 3 years ago
Arne Welzel b6407c4253 stacktrace-on-signal: Use kill(getpid(), sig_num) 
kill(0, ...) re-raises the signal to every processes in the process
group which may impact unrelated processes.

Concretely, in our CI pipeline, a segfaulting Suricata process killed
the test driver.
 3 years ago
Jason Ish b5d1a80002 suricata.yaml: include version that generated this file 
Add a line to the configuration that says which version generated the
configuration file.  For example:

    # This configuration generated by:
    #     Suricata 7.0.0-dev

Issue: #4784
 3 years ago
Victor Julien 91b54f180d stream/segtree: improve docs, error handling 3 years ago
Victor Julien 5c76f787f9 streaming/buffer: add debug validation for 'impossible' condition 3 years ago
Victor Julien 79f0f2fde4 app-layer: make registration structure more compact 3 years ago
Victor Julien a57010d72d htp: minor format string fixes 3 years ago
Victor Julien 24d231315b datasets: constify some function args 3 years ago
Victor Julien 3444aec724 time: reduce scope of static string 3 years ago
Victor Julien 80124152c6 threshold: constify detect engine arg 3 years ago
Victor Julien 18e4e032db thash: reduce scope for var; suggested by cppcheck 3 years ago
Victor Julien 55de18c675 spm: constify badchars; suggested by cppcheck 3 years ago
Victor Julien 99f212bc8c radix: small cppcheck suggested cleanup 3 years ago