aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,912 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'af06883f65'
${ noResults }
Commit Graph

10912 Commits (af06883f65ff50d2b118ffd772d1bd93bb3b00f0)
 

Author SHA1 Message Date
Jason Ish 593da166bb version: starting work on 6.0.0 
Bump version to 6.0.0-dev.
 5 years ago
Victor Julien 2c050187a3 streaming/api: fix overlap check 
In some cases a SBB could be seen as overlapping with the requested
offset, when it was in fact precisely before it. In some special cases
this could lead to the stream engine not progressing the 'raw' progress.
 5 years ago
Victor Julien 0f41cf3d74 debug/validation: check tcp/app-layer data lengths 5 years ago
Victor Julien a742c86741 stream: improve app-layer data retrieval with GAPs 
Don't assume that the next block after the sbb head is after the
requested offset.

If the next block was before the offset, the returned data_len
would underflow and return a nonsense value to the app-layer.

Bug #2993.
 5 years ago
Jeff Lucovsky ed2f6ac64b modbus: Correct typo 5 years ago
Jeff Lucovsky d4428d94de modbus: Update correct TX flags 5 years ago
Jeff Lucovsky 6c2cdbb5f0 analysis: exit if table entries are stale 
This commit causes Suricata to exit when a buffer from the analyzer
table is not recognized.

Since the table must match what's registered, exiting will bring noticed
to the condition.
 5 years ago
Victor Julien ce0ae81d95 rust: fix vendor use on MinGW 5 years ago
Jason Ish 57b683233d rust: Don't use --frozen during build. 
If sources are vendored, we get the same effect of using frozen
with a lock file, and the Cargo.lock is generated based
on the vendored sources.

This also removes the need to ship a Cargo.lock.

Fixed out of source builds with vendored sources.
 5 years ago
Jason Ish c6f168eb98 rust/Makefile: Don't include Cargo.toml 
There is no need to include Cargo.toml in the distribution,
it is always generated from Cargo.toml.in during
./configure.
 5 years ago
Jason Ish 2ff963db16 github-ci: do distcheck on fedora 31 build 
There were no distchecks being done on builds from git.
 5 years ago
Jason Ish 83630015b9 github-ci: make distcheck on centos 7 build 
Tests distcheck on a build from a distribution archive.
 5 years ago
Shivani Bhardwaj 700eebaecc doc/conf: Update copyright and regex for version 
Make the new regex in compliance with the modern autoconf syntax.
Closes redmine ticket #3423
 5 years ago
jason taylor 1666bc0ad1 doc: minor capitalization fix 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
jason taylor 4f7dc4f136 doc: add bsize documentation and rule example 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
Jason Ish 5ee8323028 rust: remove unnecessary parentheses (Rust 1.40 fixup) 
Rust 1.40 in strict mode will now fail the build on the
presence of unnecessary parentheses.

warning: unnecessary parentheses around type
  --> src/smb/smb2_ioctl.rs:41:12
   |
41 |         -> (&mut SMBTransaction)
   |            ^^^^^^^^^^^^^^^^^^^^^ help: remove these parentheses
   |
   = note: `#[warn(unused_parens)]` on by default
 5 years ago
Jason Ish b9515671be github-ci: use container for 18.04 build 
As the action runs natively on 18.04 we were not explicitly
setting a container, but this means we're using what GitHub
provides us as a default state which might be broken. Instead
use the standard Ubuntu 18.04 container.
 5 years ago
Victor Julien 3d9071639b version: starting work on 5.0.2 5 years ago
Victor Julien f9840b513d version: release 5.0.1 5 years ago
Victor Julien 6fa66e3ddb changelog: update for 5.0.1 5 years ago
Victor Julien 627cc23769 detect/asn1: fix offset bounds checking 5 years ago
Jason Ish 8609939e60 ipv4: continue parsing options after invalid option 
As long as an option has a valid length, we can continue
parsing the options after an invalid one.
 5 years ago
Jason Ish df8db1ddb0 ipv4: fail packet decoding on bad ipv4 option length 
Currently all failures in IPv4 option decode are ignore with
respect to continuing to handle the packet.

Change this to fail, and abort handling the packet if the
option length is invalid.

Ticket 3328:
https://redmine.openinfosecfoundation.org/issues/3328
 5 years ago
Victor Julien fa692df37a stream: reject broken ACK packets 
Fix evasion posibility by rejecting packets with a broken ACK field.
These packets have a non-0 ACK field, but do not have a ACK flag set.

Bug #3324.

Reported-by: Nicolas Adba
 5 years ago
Victor Julien 9f0294fadc stream: fix SYN_SENT RST/FIN injection 
RST injection during the SYN_SENT state could trick Suricata into marking
a session as CLOSED. The way this was done is: using invalid TSECR value
in RST+ACK packet. The ACK was needed to force Linux into considering the
TSECR value and compare it to the TSVAL from the SYN packet.

The second works only against Windows. The client would not use a TSVAL
but the RST packet would. Windows will reject this, but Suricata considered
the RST valid and triggered the CLOSED logic.

This patch addresses both. When the SYN packet used timestamp support
the timestamp of incoming packet is validated. Otherwise, packet responding
should not have a timestamp.

Bug #3286

Reported-by: Nicolas Adba
 5 years ago
Victor Julien 9bcc1118e1 configure: require libhtp 0.5.32 5 years ago
Victor Julien df74f34a62 decode/tcp: accept TCP fast open cookie request 5 years ago
Jason Ish 3ca7dcd8d8 configure: fix test -f for rust/vendor, should be -e 
Introduced with commit: c08ec8d8b2
 5 years ago
Jason Ish 69c00a77b5 github-ci: in a dist build, check that --frozen is being used 
Verify that ./configure is picking up the vendored Rust sources
when building from a dist archive.
 5 years ago
Victor Julien 040aff5197 htp: close request only from request side 
This allows the response side to keep going for just
a bit longer.
 5 years ago
Victor Julien 77539e08fc stream: in IDS mode, call app-layer at EOF 
On stream end call app-layer with empty message in IDS mode.
 5 years ago
Victor Julien eceb7dcba4 eve: support pcap_filename for unix socket mode 
Bug #3390.
 5 years ago
Daisu fccdb1c642 doc/commandline: -i option is useable several times 5 years ago
Steven Hostetler 4ac5ab00b7 doc/install: fix geoip typo 5 years ago
Victor Julien 411dd69e92 doc/eve: layout and formatting fixes 5 years ago
Jason Williams 55a36c79ff doc: update http keywords documentation 5 years ago
Philippe Antoine 4a2918e6b5 yaml: clarify comment about dump-all-headers 
Logs a warning if the value is unknown
Fixes #2810
 5 years ago
Jason Ish f2117774f5 configure: assume cargo vendor if cargo >= 1.37 
Rust/Cargo 1.37 and greater has vendor support built-in.
 5 years ago
Victor Julien 007a461d69 detect/parse: track negation during address parsing 
Fix address negation detection not resolving variables when
looking for the negation.

This patch makes use of the actual parsing routines to relay this
information to the signature parser.

Bug #3389.

Fixes: 92f08d85aa ("detect/iponly: improve negation handling in parsing")
 5 years ago
Victor Julien 34b7035a0d detect/iponly: debug output improvements 5 years ago
Victor Julien 618ad0d92f app-layer: optimize inspection id tracking 
Increase the inspect id for a completely inspected tx in any case.
This avoids re-evaluating transactions.

Reported-by: Ilya Bakhtin
 5 years ago
Victor Julien f5b33a070a smb1: allow empty trans records 5 years ago
Victor Julien 40fe29de96 smb1: fix 'event' txs not getting closed 
If the only reason we created a request side TX was to set an event,
we would not close it.

This patch always looks up the TX from the response side.
 5 years ago
Victor Julien 129cd28058 smb/dcerpc: close request tx sooner 5 years ago
Victor Julien 44ac3e30dd smb: post-GAP handling update 
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic.
 5 years ago
Victor Julien a7ee2ffbde smb: winreg is a DCERPC facility 5 years ago
Victor Julien f302f3543f files: add call for setting inspect sizes 
The inspect sizes are currently only used during file prune
house keeping for SMTP.
 5 years ago
Victor Julien f9f958d66e smtp: fix and clean up new file handling 
Set tx id on files that were just opened.

Move logic to a small util func.
 5 years ago
Victor Julien 683b22d114 smtp: use FILE_USE_DETECT for raw-extract 5 years ago
Victor Julien 21760bfc76 files: change pruning behavior 
If file prune is called inspect has already run. So if file is closed
we can just prune. No need to consider a window anymore.

When still in progress, fix the left_edge calculation.
 5 years ago