aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,140 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9697a09d21'
${ noResults }
Commit Graph

6140 Commits (9697a09d219ca8abe9bb948df9120338646f23ca)
 

Author SHA1 Message Date
Jason Ish 9697a09d21 template app-layer: disable if not in config file (default) 
Unlike other app-layer protocols which are enabled by default,
disable this one by default as it likely shouldn't be enabled
in production use of Suricata.
 10 years ago
Eric Leblond 38c21077e6 json-email-common: fix email extended logging 
Two structure fields were uninitialized and used has a bit field.
Weird behavior were seen in list of logged fields due to that with
some build options.
 10 years ago
Eric Leblond 3676bd667d json-email-common: suppress commented code 10 years ago
Eric Leblond 484885b70f json-email-common: can now log same header twice 
Multiple events can be applied on a transaction so we may need to
log the same header twice.

The HDR_IS_LOGGED flag was making it impossible. And this system
is usless as email application layer is transaction based.
 10 years ago
Torgeir Natvig af6d1dddfa Bugfix for detect-engine.luajit-states 
detect-engine is a list, and luajit-states was looked up as a map.
 10 years ago
Mats Klepsland 70cc1ddbcd lua: SSH output support 
Support SSH in lua output scripts (Feature #1569).
 10 years ago
Mats Klepsland 7eab16c478 lua: SSH support 
Support SSH in lua detection scripts (Feature #1569).
 10 years ago
Alessandro Guido dcbbda505f Describe new unified2-alert "payload" option 10 years ago
Alessandro Guido 53bfcf64b7 Add option to omit payload in unified2 output 
Add a boolean option named "payload" to the unified2-alert output type.
Such options makes suricata omit the payload in the resulting unified2
file. The default value is true in order to preserve the current behaviour.
 10 years ago
Jason Ish 413082afc0 GPL license sync with official gpl-2.0.txt 
Synced up with:
http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
 10 years ago
Jason Ish 580728087c fix util-host-os-info unit tests. 
- Some tests always passed due to the result value being
  initialized to 1.

- Fix tests that now fail.  Looks like just the test were wrong
  and that the code does the right thing.
 10 years ago
Jason Ish 4185f3ee92 detect-pcre: allow upper cases metachars for host (/W). 
Redmine issue 1490.
 10 years ago
Eric Leblond 6572725a7a util-debug: don't colorize if a redirect is used 
It is better to disable the color mode when a redirect of stderr
is done to avoid getting colorized output in the generated file.
 10 years ago
Victor Julien 4d83318b46 defrag tests: fix compiler warnings 
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2423:5: note: remove the 'if' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2423:9: note: remove the '||' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2423:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~
defrag.c:2460:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2423:9: note: remove the '||' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~
defrag.c:2427:5: note: variable 'p' is declared here
    Packet *p = Defrag(NULL, NULL, p1, NULL);
    ^
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2486:5: note: remove the 'if' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2486:9: note: remove the '||' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~~~~~~~~~~~~~~~
defrag.c:2486:9: error: variable 'p' is used uninitialized whenever '||' condition is true [-Werror,-Wsometimes-uninitialized]
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~
defrag.c:2523:9: note: uninitialized use occurs here
    if (p != NULL) {
        ^
defrag.c:2486:9: note: remove the '||' if its condition is always false
    if (p1 == NULL || p2 == NULL || p3 == NULL) {
        ^~~~~~~~~~~~~
defrag.c:2490:5: note: variable 'p' is declared here
    Packet *p = Defrag(NULL, NULL, p1, NULL);
    ^
6 errors generated.
make[3]: *** [defrag.o] Error 1
 10 years ago
Jason Ish 6f223c6dba defrag: stop reassembly at the first packet with more flags not set 10 years ago
Jason Ish 3aa7e38c14 defrag: tracker initialization cleanup 
Remove the old tracker reset macro which is no longer being used.
Clear last_seen and remove flags on initialization.
Remove extra call to DefragTrackerInit as it was being called 2x
for each new tracker.

Now that DefragTrackerNew is just a wrapper for DefragTrackerAlloc,
remove it and just call DefragTrackerAlloc directly.
 10 years ago
Jason Ish 69b4218afc defrag: don't use trackers marked for removal 
These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
 10 years ago
Jason Ish ed400acf8e defrag: unit test for tracker reuse (current fails) 
Will be fixed in subsequent commits as tracker reuse is fixed.
 10 years ago
Alexander Gozman 3e29a23208 unix-manager: log client (dis)connection with DEBUG level. 
Also select/receive errors are logged as ERROR.
 10 years ago
Alexander Gozman 437fe40660 Feature 1527: ability to compile as a position independent executable 
Adds corresponding configure option which enables proper CPPFLAGS
and LDFLAGS.
 10 years ago
Mats Klepsland e634fcee60 lua: TLS lua output support 
Support TLS in lua output scripts (Feature #1568).

function init (args)
    local needs = {}
    needs["protocol"] = "tls"
    return needs
end

function setup (args)
    filename = SCLogPath() .. "/" .. "lua_tls.log"
    file = assert(io.open(filename, "a"))
end

function log (args)
    ts = SCPacketTimeString()
    ipver, srcip, dstip, proto, sp, dp = SCFlowTuple()

    version, subject, issuer, fingerprint = TlsGetCertInfo();
    if version == nil then
        return 0
    end

    file:write(ts .. " " .. srcip .. ":" .. sp .. " -> " .. dstip  ..
               ":" .. dp .. "  TLS: " .. "Subject='" .. subject ..
               "' " .. "Issuerdn='" .. issuer .. "\n")
    file:flush()
end

function deinit (args)
    file:close(file)
end
 10 years ago
Eric Leblond 2ecab3f765 decode-mime: fix body md5 computation 
Previous code was wrongly supposing the lines are ending with CRLF.
But this is not the case so we must propagate the length of end of
line delimiter to be able to compute the md5 of the mail body.
 10 years ago
Eric Leblond 53419b93c8 util-decode-mime: fix some unittests 
Unittests were failling when ASAN is activated because it was
finding some read outside of bounds. This patch fixes the different
reported issues.
 10 years ago
Eric Leblond dbb3e1976e util-decode-mime: fix IsIpv6Host function 
Using in6_addr is better when calling inet_pton. This fixes an
issue reported by ASAN.
 10 years ago
Eric Leblond 38750f1313 smtp-layer: remove FIXME and del excessive newline 10 years ago
Eric Leblond 6f04988ba1 output-json: add tx_id to events 
This patch updates alert, stmp and http JSON logging to have a
tx_id in the root of the JSON log message.
 10 years ago
Eric Leblond 113d6a3950 output-json: add create header with tx function 
To be able to correlate between events, it is better to have the
tx_id information in the root object. This function adds a new
function to automate the addition of the field.
 10 years ago
Eric Leblond 96412e8921 json-email: JsonEmailAddMetadata update 
Add tx_id to the list of params to be in sync with recent changes.
 10 years ago
Eric Leblond bf6b0145e2 json-http: gen metadata function with tx_id param 10 years ago
Eric Leblond d9b602fc0f json-smtp: add tx_id param to metadata generation 
In all metadata generation contexts we know the tx_id so we better
used it to log the correct transaction and not an other one.
 10 years ago
Eric Leblond 0ef0f1d526 json-smtp: change copyright date 10 years ago
Eric Leblond f03a7a032f json-alert: add smtp elements in alert 10 years ago
Eric Leblond 77a5273cde json-smtp: fix a debug message 10 years ago
Eric Leblond 946f2a6acc email-json: add bcc to extended fields 10 years ago
Eric Leblond fbd6428f1b smtp-layer: add MAIL FROM parsing test in unittest 10 years ago
Eric Leblond 534360fc02 smtp-layer: add HELO parsing test in unittest 10 years ago
Eric Leblond 8fd88f543d yaml: add comment describing smtp extended 10 years ago
Eric Leblond f81f353d1f email-json: add 'date' field extraction 10 years ago
Eric Leblond 6f033747ec util-decode-mime: add unittests for field fetching 10 years ago
Eric Leblond 17edff6c5e unittests: finally register MIME tests 10 years ago
Eric Leblond 6e0668125c email-json: improve log message 10 years ago
Eric Leblond dad1f85edb email-json: add author 
Add myself as author and change the copyright date.
 10 years ago
Eric Leblond d1b0a5aa6d yaml: document new MIME features 10 years ago
Eric Leblond caa8982b43 email-json: add some fields 
This patch adds some fields to the list of extracted fields.
 10 years ago
Eric Leblond ca52fa91dd email-json: body md5 logging is optional 10 years ago
Eric Leblond a719ea3c92 email-json: add capa to display subject md5 
To be able to identify mails with identical subjects without
using the subject itself as a key, it is possible to use the md5
hash of the subjet string. This allows to limit the privacy impact.
 10 years ago
Eric Leblond 881aa3efce email-json: don't log subject by default 
It seems to be a bit too intrusive for the privacy so this patch
adds this field to the extended logging only.
 10 years ago
Eric Leblond 7bb38f7c30 decode-mime: fix typo in comment 10 years ago
Eric Leblond 431dc155aa email-json: delete white space from "from" 
The From field is handled separatly and it could also starts by
white spaces.
 10 years ago
Eric Leblond abcaf46193 email-json: delete leading white spaces 
Some mail clients are using tabulation and/or space for comma
separated list. This patch removes them so the event will contain
only significative characters.
 10 years ago