aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,910 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b12a35c3cf'
${ noResults }
Commit Graph

14910 Commits (b12a35c3cf90cb900335cf28dc5c366955088a6b)
 

Author SHA1 Message Date
jason taylor 88960e909d doc: add multiple buffer matching documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Jason Ish 0b5dc58e15 doc/userguide: more eve http upgrade notes 
Add more information with a examples of how the changes to EVE HTTP
logging may affect users.
 2 years ago
jason taylor 19a0b2b0d2 userguide: add details about tcp flow pass 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Victor Julien ce055111fe requirements: use libhtp 0.5.45 2 years ago
Victor Julien 2cac440f7d detect/filemagic: fix thread ctx registration; reloads 
Make sure thread ctx registration happens and id remains correct
in case of reloads.

To do so, move id var into the detect ctx.
 2 years ago
Victor Julien 8417d407be detect: more compact layout of DetectEngineCtx 2 years ago
Victor Julien 377f2d7e1e detect: reduce failure_fatal to bool to save space 2 years ago
Victor Julien fd36459c96 spm: reduce spm_matcher size to uint8_t 
No more space is needed.
 2 years ago
Victor Julien 7d0851b0c2 detect: create more strict rule validation 
Don't allow control characters other than LF, CR, TAB.
 2 years ago
Victor Julien a1401ab81b detect/iponly: fix minor warning with unittest but no debug 2 years ago
Victor Julien 7f822ba053 github-ci: run cocci in fedora 38 2 years ago
Jeff Lucovsky 690b65ae88 detect/byte_math: Permit var name for bytes value 
Issue: 6145

Modifications to permit a variable name to be used for the byte_math
bytes value.
 2 years ago
Jeff Lucovsky fb847d8bb0 detect/byte_math: Use proper index for rvalue var 
Use the proper index for extracting the rvalue variable value.
 2 years ago
Jeff Lucovsky 47e268d609 detect/byte_math: Document bytes variable name 
Issue: 6145

Document that byte_math accepts a variable name for bytes (optional)
 2 years ago
Jeff Lucovsky 3a4554fc2b detect/byte-jump: Document var usage for nbytes 
Issue: 6105
 2 years ago
Jeff Lucovsky 3f118188e9 detect/bytejump: Allow nbytes to be a variable 
Issue: 6105

This commit adds the ability for nbytes to be a variable when used with
the byte_jump keyword.
 2 years ago
Jeff Lucovsky 73b943276e doc/byte_test: Document byte_test variable usage 
Issue: 6144

This commit updates the byte_test documentation now that a variable name
can be used for the nbytes value.
 2 years ago
Jeff Lucovsky da866356c0 detect/byte_test: Allow nbytes value to be a variable 
Issue: 6144

This commit allows the byte_test keyword to accept an existing
variable name for a value (the value may still be specified directly as
an integer).

All nbytes values are subject to the same value constraints as before
- 23 if included with string
- 8 otherwise
 2 years ago
Lukas Sismis c339e7600a dpdk: improve handling of SOCKET_ID_ANY in DPDK 22.11+ 
Suricata complained that NIC is on different NUMA node than the CPU
thread. However, sometimes DPDK might be unable to resolve NUMA
location and as a result operate with any NUMA node that is available.
Current implementation reported NUMA ID as -1 which could have been
confusing to users.

Ticket: #6115
 2 years ago
Lukas Sismis 2fdc0e497e dpdk: refactor log messages 
Be more consistent with the log message format,
remove some unnecessary device name queries.

Ticket: #6116
 2 years ago
Lukas Sismis 3d54a103d0 dpdk: improve DPDK thread handling 
Ticket: #6106
 2 years ago
Lukas Sismis 5a3ecbde62 doc: update install instructions 
Ticket: #5987
 2 years ago
Jason Ish fa8baa35b1 requirements: suricata-update 1.3.0 2 years ago
Shivani Bhardwaj 49ad38329a util/base64: fix tests for RFC2045 2 years ago
Shivani Bhardwaj c2ae87eecf util/base64: update test macro to use user data 2 years ago
Shivani Bhardwaj 62d782156c util/base64: check dest buf size to hold 3Bytes 
The destination buffer should be able to hold at least 3 Bytes during
the processing of the last block of data. If it cannot hold at least 3
Bytes, then that may lead to dynamic buffer overflow while decoding.
 2 years ago
Shivani Bhardwaj 0e8b451699 util/base64: check for dest buf size in last block 
Just like the check for destination buffer size done previously for
complete data, it should also be done for the trailing data to avoid
goind out of bounds.
 2 years ago
Shivani Bhardwaj 095c335c72 util/base64: fix padding bytes for trailing data 
Padding bytes for the last remainder data should be as follows:

Case   |    Remainder bytes     |    Padding
----------------------------------------------
  I    |              1         |      3
  II   |              2         |      2
  III  |              3         |      1

However, we calculate the decoded_bytes with the formula:
decoded_bytes = ASCII_BLOCK - padding

this means for Case I when padding is 3 bytes, the decoded_bytes would
be 0. This is incorrect for any trailing data. In any of the above
cases, if the parsing was successful, there should at least be 1 decoded
byte.
 2 years ago
Shivani Bhardwaj e46b0337e5 util/base64: skip any invalid char for RFC2045 
RFC 2045 states that any invalid character should be skipped over, this
is the RFC used by mime handler in Suricata code to deal with base64
encoded data.
So far, only spaces were skipped as a part of implementation of this
RFC, extend it to also skip over any other invalid character. Add
corresponding test.
 2 years ago
Shivani Bhardwaj 85ae1d25e4 util/base64: add test for long string w RFC4648 2 years ago
Philippe Antoine fb2fbafed2 http: remove obsolete checks for files 
With libhtp having been improved, Suricata does not need to check
that there is either a response line or HTTP/0.9 as libhtp
will trigger the callbacks only in those cases
 2 years ago
Philippe Antoine 02dece5db5 http2: file tracker is initialized when file is closed 
Ticket: #6130

This avoids quadratic complexity by having http2_range_key_get
looking in a growing number of frames
 2 years ago
Jason Ish 4a28f07298 file-data: better error for conflicting keywords 
Instead of just erroring out with "rule contains conflicting
keywords", give an error that says what is actually wrong.
 2 years ago
Jason Ish 4ccc9aed01 github-ci: remove fedora 36 builds 
Fedora 36 is now EOL.
 2 years ago
Jason Ish 84674f4205 github-ci: update rust versions 
New minimum Rust version: 1.63.0.
Current latest known good version: 1.70.0.

Add test specifically for MSRV as we didn't have one.

Ticket: #4163
 2 years ago
Jason Ish 401d895b1d configure: set minimum rust version to 1.63.0 
Ticket: #4163
 2 years ago
Shivani Bhardwaj b6f8f5eb3b doc/http: use "sticky buffer" where applicable 2 years ago
Philippe Antoine 4f4651e360 output/file: http2 metdata is logged in http object 
as is done for http2 events and alerts.
The http.version integer can help to determine if this is HTTP2

Ticket: #6165
 2 years ago
Victor Julien 9b09b29350 detect/fileext: reimplement based on file.name 
Ticket: #6194.
 2 years ago
Victor Julien 74f095c915 detect/filename: switch to file.name implementation 
Ticket: #6194.
 2 years ago
Victor Julien 1f22b51848 detect/filemagic: switch to file.magic implementation 
Replace implementation of the legacy `filemagic` keyword by the
implementation for the `file.magic` variant. This leads to better
performance and hooks the rules into the detection engine better.

Remove unittests that depended on the old logic.

Ticket: #6194.
 2 years ago
Victor Julien ee68947460 detect/tls: minor fingerprint cleanup 2 years ago
Victor Julien c4ed599f9b detect/content: minor cleanup 2 years ago
Jeff Lucovsky b05375f22e config/af-packet: Warn/replace rollover usage 
Issue: 6128

No longer permit rollover/cluster_rollover to be used. Usage will
generate a warning message and cluster_flow will be used instead.
 2 years ago
Jeff Lucovsky ac8f91f44f config: Document cluster_rollover deprecation 
Issue: 6128

cluster_rollover is no longer permitted; using it will generate a
warning message and it'll be replaced with cluster_flow
 2 years ago
Jeff Lucovsky 29621c7f0d doc/afpacket: Document rollover deprecation 2 years ago
Jeff Lucovsky cb30b7185f detect/stat: Display 0 instead of nan 
This commit updates the summary message when Suricata terminates.
Without this commit, "nan" was displayed if there were no drops/packets
 2 years ago
Jason Ish ebdf482580 github-ci: add CentOS Stream builders 
Builders for CentOS Stream 8 and 9.
 2 years ago
Jason Ish ca68b6b994 github-ci: replace dist builder with Debian 12 
Add new dist builder job based on Debian 12. Debian 12 gives us news
Sphinx that AlmaLinux 8, plus avoids any potential disruption in the
RHEL rebuild ecosystem.

Also make dist building its own job so it finishes quicker, allowing
other jobs to proceed.  The new non-dist building Debian 12 job will
still do a complete distcheck, as do other jobs.
 2 years ago
Jason Ish 96dd6a7ca0 github-ci: add Debian 12 builder 2 years ago