aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,892 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b91e7fe2ae'
${ noResults }
Commit Graph

15892 Commits (b91e7fe2ae5b572260e4a2cd54f21e4639ca12a3)
 

Author SHA1 Message Date
Philippe Antoine b91e7fe2ae detect/http-server-body: clean up tests 
Ticket: 4083
 1 year ago
Philippe Antoine ce16a56a1f detect: unify functions for multi-buffer 
Ticket: 6575

Multi buffers keywords now use a single registration function
DetectAppLayerMultiRegister with a GetBuffer argument.

This GetBuffer function pointer is similar to the ones used by
single-buffer keyword, except that it takes an additional
parameter which is the index of the buffer to get.
Under the hood, an anonymous union between these 2 functions
pointers types is used.

In the end, this deduplicates code, especially the calls to
DetectEngineContentInspection
 1 year ago
Philippe Antoine 55bc5f2290 detect/template: make template use DetectEngineInspectBufferGeneric 1 year ago
Philippe Antoine ce9bfba76a ci: fix and test with Wunused-macros 
Ticket: 6937
 1 year ago
Philippe Antoine b3eb1c4f81 clean: remove unused struct definitions 
Found with
git grep "typedef struct" src/ | awk '{print $3}' | sort |
uniq | sed 's/_$//' | while read i; do
echo -n $i; git grep $i | wc -l; done | awk '$2 < 3'

Ticket: 4083
 1 year ago
Richard McConnell fc2e49f84a app-layer: Set sc_errno upon error return 
Bug: https://redmine.openinfosecfoundation.org/issues/6782

Callers to these allocators often use ``sc_errno`` to provide context of
the error. And in the case of the above bug, they return ``sc_errno``,
but as it has not been set ``sc_errno = 0; == SC_OK``.

This patch simply sets this variable to ensure there is context provided
upon error.
 1 year ago
Victor Julien 52a008e358 detect/http-host: clean up tests 1 year ago
Victor Julien 6c937a9243 pcap-log: use correct pkthdr size for limit enforcement 
The on-disk pcap pkthdr is 16 bytes. This was calculated using
`sizeof(struct pcap_pkthdr)`, which is 24 bytes on 64 bit Linux. On
Macos, it's even worse, as a comment field grows the struct to 280
bytes.

Address this by hardcoding the value of 16.

Bug: #7037.
 1 year ago
Victor Julien 9b980b18a8 pcap-log: minor cleanups 1 year ago
Victor Julien ea8c283dc7 pcap-log: minor cleanup 
Use same pointer to one location consistently.
 1 year ago
Victor Julien 8c4b96129f pcap-log: always pass 'comp' to PcapWrite 
The variable is always available.
 1 year ago
Victor Julien 5aa00aae0a pcap-log: rename connp to comp 
Matches other variable names for the compression settings.
 1 year ago
Victor Julien 3eb74c9992 pcap-log: don't check variable that is never set 
`rotate` was never modified.
 1 year ago
Victor Julien 5455799795 time: only consider packet threads 
In offline mode, a timestamp is kept per thread, and the lowest
timestamp of the active threads is used. This was also considering the
non-packet threads, which could lead to the used timestamp being further
behind that needed. This would happen at the start of the program, as
the non-packet threads were set up the same way as the packet threads.

This patch both no longer sets up the timestamp for non-packet threads
as well as not considering non-packet threads during timestamp
retrieval.

Fixes: 6f560144c1 ("time: improve offline time handling")

Bug: #7034.
 1 year ago
Shivani Bhardwaj 0aaec69303 flow: use debug validate macro 1 year ago
Shivani Bhardwaj d6b63b38ca flow: add defensive check on memuse 1 year ago
Shivani Bhardwaj 7144b9421d tcp: use bool wherever possible 1 year ago
Shivani Bhardwaj f4b8f706fa flow: use bool wherever possible 1 year ago
Shivani Bhardwaj 2c751dba73 flow: remove unneeded else 1 year ago
Shivani Bhardwaj 7bd9f88ecd flow: minor loop cleanups 1 year ago
Philippe Antoine fd262df457 http: fix nul deref on memcap reached 
HttpRangeOpenFileAux may return NULL in different cases, including
when memcap is reached.
But is only caller did not check it before calling HttpRangeAppendData
which would dereference the NULL value.

Ticket: 7029
 1 year ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 1 year ago
Shivani Bhardwaj 232c44eb4a output/json: log tls subjectaltname 
Feature 5234
 1 year ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 1 year ago
Shivani Bhardwaj 83af42cc03 detect/tls-subjectaltname: add sticky buffer 
Add TLS SubjectAltName sticky buffer. It is implemented as multi-buffer.

Feature 5234
 1 year ago
Shivani Bhardwaj 3a1c12414a tls: store list of subject alternative names 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
 1 year ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml 
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
 1 year ago
Jason Ish 6d2d8c26d3 detect-lua: small cleanups 
- remove unused headers
- cleanup/rename flags
 1 year ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 1 year ago
Philippe Antoine f2c39fc87b ftp: protocol detection avoiding FP on POP3 1 year ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 1 year ago
Philippe Antoine ed895c04ff smtp: exit data mode if data command was rejected 
And the server was advertising pipelining.

Ticket: 6906
 1 year ago
Philippe Antoine dfdf2e2d1a detect: checks for space in http.protcol keyword 1 year ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 1 year ago
Giuseppe Longo b728916ca6 decode/gre: decode arp packets 1 year ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 1 year ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 1 year ago
Giuseppe Longo a1c6328156 output/json: check 5-tuple values prior to logging 
This commit enhances the JSON output by introducing a feature for conditional port logging.
Now, port logging is dependent on the underlying protocol
(such as TCP, UDP, or SCTP), where port information is pertinent, while it
avoids unnecessary logging for protocols where a port is not utilized (e.g. ARP).

Furthermore, this update ensures that IP addresses and the protocol have
meaningful values set, rather than being logged as empty strings.

These changes will make each log entry more precise, eliminating cases where
5-tuple fields are empty or set to zero, indicating the absence of a field.
 1 year ago
Giuseppe Longo 987a27923d output/json: make JSONFormatAndAddMACAddr public 
This change exposes 'JSONFormatAndAddMACAddr' as a public function,
allowing it to be reused across modules, such as the ARP logger, for logging
MAC addresses extracted from ARP packets.
 1 year ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 1 year ago
Shivani Bhardwaj 12d027f6a2 base64: re-add the check for destination space 
Cover all the calls to DecodeBase64Block with the check for enough
space. Found by the recently introduced fuzz target.

Bug 7028

Fixes: c0bc43c393 ("util/base64: use decoder fns per RFC")
 1 year ago
Victor Julien d401082bba github-actions: set bpf to icmp for af-packet 1 year ago
Victor Julien 1240bdd914 github-actions: add pcap live test script and jobs 
Asan and coverage jobs.
 1 year ago
Victor Julien 27b6a31a0c github-actions: unix pcap coverage run 
To increase code coverage.
 1 year ago
Victor Julien ea95aac022 github-actions: add unix socket runmode script and job 
Runs with ASAN.
 1 year ago
Victor Julien 40b87bfd04 github-actions: add ASAN enabled Ubuntu 24.04 build of live tests 1 year ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 1 year ago
Philippe Antoine 3b5f1173ab Revert "rust: temporary: disable debug assertions" 
This reverts commit 14ab9aa763.
 1 year ago
Philippe Antoine 37a9003736 rust/probing: safety check for null input 
Ticket: 7013

Done consistently for all protocols

This may change some protocols behaviors which failed early
if they found there was not enough data...
 1 year ago
Philippe Antoine 5dc8dea869 rust: return empty slice without using from_raw_parts 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`

Ticket: 7013
 1 year ago