aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,026 Commits
8 Branches
165 Tags
178 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b1dacaf394'
${ noResults }
Commit Graph

18026 Commits (b1dacaf3948accc675dff42877c8b21e75f53a5f)
 

Author SHA1 Message Date
Andreas Dolp 37d748d441 doc: fix typo duplicate 'of' 
Thanks to catenacyber
 3 months ago
Andreas Dolp 375b5dd306 doc: fix typo /var/run/suricata in file permissions docs. 3 months ago
Andreas Dolp cc590b54c7 doc: fix typo and missing newline in rules/ssh_keywords. 3 months ago
Andreas Dolp 228abb7da0 doc: fix doc syntax error in rate_filter example. 3 months ago
Juliana Fajardini 21b27597d6 doc/rules/internals: minor fixes 
Fix typo and add a reference about the classtype keyword effect.

Related to
Task #5449
 3 months ago
Fupeng Zhao e79d735374 decode/etag: ETag 802.1BR decoder 
Ticket: #3953.
 3 months ago
Philippe Antoine cb9ab951b9 detect/integers: subslice for multi-integers 3 months ago
Philippe Antoine 82f0e725a2 detect/integers: index or_absent and or_oob 
To match if array is empty, or index is out of bounds
 3 months ago
Philippe Antoine 1480cf47ab detect/integers: nb index to match a specific number of times 
For example
dns.rrtype: !A,nb>3
will match if we have more than 3 dns records which are not A
 3 months ago
Philippe Antoine 6f848eeaaf detect/integers: all1 index to match only on non-empty arrays 3 months ago
Philippe Antoine dd81cfa733 detect/uint: wait for end of progress to match on all 
As is done for absent keyword for instance
 3 months ago
Philippe Antoine 5add185f22 http2/detect: http2.window can now use index 
Ticket: 7480
 3 months ago
Philippe Antoine 83868778b9 http2/detect: http2.priority can now use index 
Ticket: 7480
 3 months ago
Philippe Antoine 9fc407fd75 mqtt/detect: mqtt.type can now use index 
Ticket: 7480
 3 months ago
Philippe Antoine dad424d74a doc: multi-integers section for rules 
Ticket: 7480

Describing the usage of index
 3 months ago
Philippe Antoine c0988252ba dns/detect: rrtype can now use index 
Ticket: 7480
 3 months ago
Philippe Antoine d8c1f8e7be rust/detect: generic detect_uint_match_at_index 
and make ldap use it

Ticket: 7480

No behavior change, just code restyling
 3 months ago
Philippe Antoine 7effcb7835 rust/ldap: use Vec instead of Vecdeque 
as we do not pop

Ticket: 7480

May have a behavior change, but only in terms of performance
 3 months ago
Philippe Antoine f555f02ed4 rust/detect: generic detect_parse_array_uint_enum 
And make ldap use it

Ticket: 7480

No behavior change, just code restyling
 3 months ago
Philippe Antoine c6d3857793 rust/detect: create generic DetectUintArrayData 
And make ldap use them

Ticket: 7480

No behavior change, just code restyling
 3 months ago
Philippe Antoine e01d19889e rust/detect: move DetectUintIndex definition to generic file 
Ticket: 7480

No behavior change, just code restyling
 3 months ago
Philippe Antoine ef6ce7d701 detect: rename LdapIndex to something generic 
to be able to use it outside of ldap

Ticket: 7480

No behavior change, just code restyling
 3 months ago
Philippe Antoine 2ed7a85356 rust: rustfmt detect uint 3 months ago
Fupeng Zhao 7a04a032b9 decoder/vxlan: fix VXLAN port detection per RFC 7348 
Simplify DecodeVXLANEnabledForPort() to only check destination port
to avoids false positives when identifying VXLAN traffic.

Per RFC 7348 §5, VXLAN identification is based solely on the outer UDP
destination port (4789), regardless of inner packet direction. The
outer UDP source port is used for load balancing via inner packet
hash and should not be considered for VXLAN detection. This ensures
correct VXLAN identification for all encapsulated traffic patterns.

Checking both source and destination ports could incorrectly classify
non-VXLAN UDP traffic as VXLAN when the source port happens to be 4789,
leading to false positives in VXLAN detection and potential decode errors.
 3 months ago
Fupeng Zhao 4f68cb026f decoder/vxlan: add configurable reserved bits validation for VXLAN 
Add support for two VXLAN reserved bits check modes:
- strict: validate all reserved bits for standard VXLAN format
- permissive: skip all reserved bits validation (allows extensions)

Configuration added to suricata.yaml.in with 'strict' as default.
Includes comprehensive unit tests and documentation updates.

Ticket: 7753
 3 months ago
Philippe Antoine b7056cd2dc src: remove some unused functions 3 months ago
Philippe Antoine 26b3f901cb detect: remove unused PrefilterStoreGetName 3 months ago
Alice Akaki 8e0b0ef35f detect: add email.body_md5 keyword 
email.body_md5 matches on md5 hash generated from email body
This keyword maps to the EVE field email.body_md5
It is a sticky buffer
Supports prefiltering

Ticket: #7587
 3 months ago
Alice Akaki 6c88cc1e0c detect/mime: fix detect mime nits 
Return 0 if .to_str() fails in functions
SCDetectMimeEmailGetData and SCDetectMimeEmailGetDataArray

Fixes:
431822c ("detect: add email.from")
96e461f ("detect: add email.received keyword")
 3 months ago
Alice Akaki 4f1cc19f25 mime/smtp: Change md5_result type from GenericArray<u8, U16> to String 3 months ago
Victor Julien 96ae693b44 version: start work on 9.0.0 3 months ago
Philippe Antoine dae9264120 doc: really enforce more the completeness of json schema 
Completes commit f1f32a39ee

End better describe exception_policy
 3 months ago
dependabot[bot] cf4a86185d github-actions: bump codecov/codecov-action from 5.5.0 to 5.5.1 
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.5.0 to 5.5.1.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](fdcc847654...5a1091511a)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-version: 5.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 months ago
dependabot[bot] 5aa30fccc8 github-actions: bump actions/github-script from 7.0.1 to 8.0.0 
Bumps [actions/github-script](https://github.com/actions/github-script) from 7.0.1 to 8.0.0.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](60a0d83039...ed597411d8)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 months ago
dependabot[bot] f18c8883cf github-actions: bump github/codeql-action from 3.30.0 to 3.30.3 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.30.0 to 3.30.3.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Commits](https://github.com/github/codeql-action/compare/v3.30.0...v3.30.3)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 3.30.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 3 months ago
Shivani Bhardwaj 0d65d35c92 version: start development towards 8.0.2 3 months ago
Victor Julien 46203de0e9 doc: adjust for master to main rename 3 months ago
Victor Julien b58c8461c3 clang-format: adjust for master to main rename 3 months ago
Victor Julien 63767252be github-action: adjust for master to main rename 3 months ago
Jason Ish 2444feed0d release: 8.0.1; update changelog 3 months ago
Jason Ish 708874053f detect/mpm: prevent format string truncation warnings 
- Declare the profiling name variable once we know the actual size allowed
for the name instead of before. Prevents an snprintf truncation warning.

- Account for the null byte when calculating how much space is left to
avoid an snprintf format string truncation warning.
 3 months ago
Victor Julien 2b6df6381a detect/mpm: improve profiling name for frame/pkt buffers 3 months ago
Victor Julien 6655283d2d detect/mpm: improve profiling name creation 
The (p)name is used in profiling and will now always have the full id.

Ticket: #7861.
 3 months ago
Victor Julien 38a2cba5c3 misc: harden string shortener 
Ticket: #7861.
 3 months ago
Philippe Antoine d590fdfe42 detect/tls: fix null deref with subjectaltname 
Ticket: 7881
 3 months ago
Jeff Lucovsky 9f32550e18 detect/entropy: Ensure entropy matcher has flow 
Make sure that the flow is available to the entropy matcher so it can
handle content that's not anchored to a sticky buffer.

Issue: 7838
 3 months ago
Victor Julien e62eb00459 doc/userguide: add ips chapter; add concept 
Move setup guides into the new chapter as well.

Explain `stream.inline` logic.

Ticket: #5513.
Ticket: #6284.
 3 months ago
Philippe Antoine 9146fc8957 doc: upgrade note about keyword tls.cert_subject 
Following commit 5379b52af2
rules that use multiple times the keyword tls.cert_subject
will result in

Warning: detect: duplicate instance for tls.cert_subject

These rules likely meant to use a multi-buffer which is not the
case for tls.cert_subject (even if it was documented so).

Ticket: 7890

This is put in a new section of upgrade notes for
upgrading to 8.0.1
 3 months ago
Juliana Fajardini 27e165f760 doc/rules/index: keep rule types doc near the end 
As this chapter is more meta than about rule keywords, keep it by the
end of the index, to have some semantic separation from the other
sections.
 3 months ago
Juliana Fajardini d5810a42e1 userguide: document how suricata processes rules 
Added a page that explains how rules are prioritized by Suri, as well
as what main different types of inspection happen and what elements are
involved when ordering rules.

Task #5449
 3 months ago