aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,910 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b12a35c3cf'
${ noResults }
Commit Graph

14910 Commits (b12a35c3cf90cb900335cf28dc5c366955088a6b)
 

Author SHA1 Message Date
Philippe Antoine b12a35c3cf output: add storing boolean for files 
When filestore keyword is triggered, the file is not yet stored,
when the alert is generated, but only marked for storing.

Ticket: 4881
 2 years ago
Philippe Antoine f35052941d jsonschema: add missing field .files[].file_id 2 years ago
Philippe Antoine 805b07fa42 src: checks to avoid divisions by zero 
Ticket: #5920
 2 years ago
Philippe Antoine 4bb2241f56 profiling: fix check to compute average bytes 2 years ago
Victor Julien 1f9767a9cb stats: add drop reason counters 
{
  "accepted": 296185,
  "blocked": 162,
  "rejected": 0,
  "replaced": 0,
  "drop_reason": {
    "decode_error": 0,
    "defrag_error": 0,
    "defrag_memcap": 0,
    "flow_memcap": 0,
    "flow_drop": 94,
    "applayer_error": 0,
    "applayer_memcap": 0,
    "rules": 3,
    "threshold_detection_filter": 0,
    "stream_error": 63,
    "stream_memcap": 0,
    "stream_midstream": 2,
    "nfq_error": 0,
    "tunnel_packet_drop": 0
  }
}

Ticket: #6230.
 2 years ago
Victor Julien d56f34370d stats: update ips capture counters centrally 
This adds support to all capture methods for these counters.

The updates happen only on "real" packets, not on encapsulated
packets.

Ticket: #4756.
 2 years ago
Victor Julien 6a1138e2b1 stats: register ips capture stats for each packet thread 
ReleasePacket based verdicts can happen in several threads,
depending on the runmode details.

Only register and update if in IPS mode.
 2 years ago
Victor Julien 735c37c668 eve/schema: add ips capture stats 2 years ago
Victor Julien ece1cb3e94 stats: simplify ips capture stats logic 
Since many implementations use the ReleasePacket callback to issue
their verdict, no thread ctx is available. To work around this
just register the stats in a `thread_local` variable instead.
 2 years ago
Victor Julien 8b018818a6 mime: replace small memcpy with loop 
To address:

      In file included from /usr/include/string.h:535,
                 from suricata-common.h:108,
                 from util-decode-mime.c:26:
In function ‘memcpy’,
    inlined from ‘ProcessBase64Remainder’ at util-decode-mime.c:1201:13:
/usr/include/mipsel-linux-gnu/bits/string_fortified.h:29:10: warning: ‘__builtin_memcpy’ forming offset 4 is out of the bounds [0, 4] of object ‘block’ with type ‘uint8_t[4]’ {aka ‘unsigned char[4]’} [-Warray-bounds=]
   29 |   return __builtin___memcpy_chk (__dest, __src, __len,
      |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   30 |                                  __glibc_objsize0 (__dest));
      |                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~
util-decode-mime.c: In function ‘ProcessBase64Remainder’:
util-decode-mime.c:1174:13: note: ‘block’ declared here
 1174 |     uint8_t block[B64_BLOCK];
      |             ^~~~~

Copy data should be <= 4 bytes.
 2 years ago
Victor Julien 73b0efb03a detect: fix minor compile warning 
detect-engine.c: In function ‘DetectKeywordCtxHashFunc’:
detect-engine.c:3550:75: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
 3550 |     uint64_t hash = StringHashDjb2((const uint8_t *)name, strlen(name)) + (uint64_t)ctx->data;
      |
 2 years ago
Victor Julien b1535fe1f9 sysfs: fix minor compile warning 
Seen in Debian QA on mipsel.

util-sysfs.c: In function ‘SysFsWriteValue’:
util-sysfs.c:50:45: warning: format ‘%ld’ expects argument of type ‘long int’, but argument 4 has type ‘int64_t’ {aka ‘long long int’} [-Wformat=]
   50 |     snprintf(sentence, sizeof(sentence), "%ld", value);
      |                                           ~~^   ~~~~~
      |                                             |   |
      |                                             |   int64_t {aka long long int}
      |                                             long int
      |                                           %lld
 2 years ago
Cole Dishington 1b08c561f6 decode-ipv6: Set L4 proto on ipv6 incase of GRE decode error 
Set the L4 proto before decoding GRE in ipv6 decoding in case there is a
GRE header decoding error.

Bug: #6222
 2 years ago
Philippe Antoine fdf9cdf400 decode: fix offset for DCE layer 
Fixes: 136d351e40 ("decode: single network layer entrypoint")

Ticket: #3637
 2 years ago
Jeff Lucovsky 9a33c536c0 detect/include: Remove unnecessary includes 2 years ago
Victor Julien 5c10ea2dc8 version: start development towards 7.0.1 2 years ago
Shivani Bhardwaj 21ec99aa76 release: 7.0.0; update changelog 2 years ago
Jeff Lucovsky 9fd77c737f detect/multi-tenant: Make tenant_id 32 bits everywhere 
Issue: 6047

This commit ensures that the tenant id is contained in a unsigned 32 bit
container.
 2 years ago
Jeff Lucovsky 3286c3b912 detect/pcre: Use local match variables 
pcre2 is not thread-safe wrt match objects so use locally scoped
objects.

Issue: 4797
 2 years ago
Victor Julien 27aa35cd5b detect/base64_decode: use local pcre2_match_data 2 years ago
Victor Julien e2f4c751aa reference: fix multi-tenant loading issues 
Bug: #4797.
 2 years ago
Victor Julien 2859eeae81 classification: fix multi-tenant loading issues 
Move pcre2 data structures used for parsing into the detect engine
context, so that multiple tenant loading threads don't use the same
data structures.

Bug: #4797.
 2 years ago
Juliana Fajardini 24745b3a73 doc/userguide: update ref to installation from git 
It was still pointing to the redmine wiki and the documentation to be
truthful to the new documentation.
 2 years ago
Juliana Fajardini 049aed529f meta-docs: update links 
Readme and PR template was still pointing to the redmine wiki and
readthedocs, replace with docs.suricata links.
 2 years ago
Victor Julien 6c7a209087 doc: security policy 2 years ago
Jason Ish f511b176bf github-ci: don't build docs in almalinux:8, centos:8 
Our docs require a newer version of Sphinx.
 2 years ago
Jason Ish 500a7abf57 doc/support-status: add support status page 
Convert the wiki page,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Support_Status
into a page that is versioned along with the user guide.

Includes many updates to reflect our current support status.
 2 years ago
Jason Ish ad94ebddb7 doc/userguide: avoid horizontal scroll on rtd 
Add CSS to avoid horizontal scroll in tables on ReadTheDocs. This will
wrap the text instead.

Also, vertically align to top so if a cell does wrap, other cells that
do not wrap don't place the text in the middle of the cell.
 2 years ago
Victor Julien 389f166d78 file: remove FILE_USE_DETECT flag 
All implementations were converted to use the logic, so the flag itself
can be removed.
 2 years ago
Jeff Lucovsky 59fea84956 detect/file: Remove centralized proto definition 
Issue: 4145

Remove centralized protocol definitions for file handling in favor of
consolidated file access handling.
 2 years ago
Jeff Lucovsky f735e309e2 detect/file_data: Consolidate file handling 
Issue: 4145

Consolidate file handling for all protocols that use file objects for
file_data.

Make sure http_server_body / http.response_body for HTTP1 continue
to inspect the actual body. For HTTP2, http.response_body acts as
an internal alias for `file_data`.
 2 years ago
Jeff Lucovsky 2fd0025ede detect/file: Filehandler registration logic 
Add file handler registration functions for consolidated file handling.

Issue: 4145
 2 years ago
Jeff Lucovsky f2e2576ff4 file/htp: Add logic for file access 
Set file inspection sizes and marker for use with detect logic when
opening files by name or as part of a range.

Issue: 4145
 2 years ago
Jeff Lucovsky 82b585d202 file: Window and edge adjustments 
Issue: 4145

Adjust edge and window values after considering file size/inspected
values.
 2 years ago
Victor Julien 9ca4ef5dbe detect/engine: minor debug cleaup 2 years ago
Victor Julien 3fb92eec6f detect/mpm: remove useless checks 
The pattern store has already done these checks before.
 2 years ago
Jeff Lucovsky f1ddd310f7 mpm: Use typedef for mpm registration 
Issue: 4145
 2 years ago
Shivani Bhardwaj d4e674b390 rust: fix clippy warnings 2 years ago
Victor Julien 0068b81269 rust: update cargo.lock 2 years ago
Juliana Fajardini 9900bdc162 userguide/eve: format and reorganize alert section 
The `field action` portion seemed to be comprised of a more generic
section that followed it. Also formatted the section for lines to be
within the character limit.
 2 years ago
Juliana Fajardini 0437173848 output/drop: add verdict field 
Related to
Bug #5464
 2 years ago
Juliana Fajardini 53b8defd79 output/alert: add verdict field 
Related to
Bug #5464
 2 years ago
Juliana Fajardini d9c430d73d misc: fix typos & update copyright years 2 years ago
Shivani Bhardwaj 789353bc1e util/mime: skip over any invalid char 
For certain edge case handling for spaces, spaces were handled
particularly in the remainder processing functions. Make sure that now
that as per RFC 2045, util-base64 would skip over any invalid char, the
edge cases in MIME processor also be handled the same way.

This completes the work done in e46b033.

Ticket 6135
Ticket 6207
 2 years ago
Philippe Antoine 60db5e981c http2: do not append data after closing file 
Ticket: #6211

Completes commit 02dece5db5

Once a http2 stream has end of stream flag, we close the file.
If we see new data frames with this stream id, the new_chunk
function should ignore them as the file was already closed.
 2 years ago
Andreas Herz 24bcaf07ae doc/upgrade: add more 6 to 7 changes and minor improvements 
Issue: #5473
 2 years ago
Jeff Lucovsky 0a7ae99e49 config/swf: SWF deprecation warning message 
Issue: 6183

Issue a deprecation warning if SWF decompression is enabled.
 2 years ago
Victor Julien 3e53d5eea4 flow/hash: fix and cleanup key/flow_id getters 
Bug: #6205.
 2 years ago
jason taylor 62170d2fb9 doc: hyperscan information updated 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor c95fce39f0 doc: add multi buffer support note to keyword docs 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago