aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,973 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'beb45c564e'
${ noResults }
Commit Graph

10973 Commits (beb45c564ec3ed8891189c15ec93195b3e3d87d8)
 

Author SHA1 Message Date
Philippe Antoine 9d2fabcd99 doc: fix typo in DetectTcpmssSetup description 
And use lowercase true for boolean
 5 years ago
Victor Julien efee458af8 stream: fix direction flags in corner case 
When a TCP DNS flow would start with a GAP on the TS side, the successful
protocol detection on the TC side would trigger 'opposing side' reassembly
and app-layer processing. In this case the stream flags would indicate the
wrong direction and the wrong parser would be called.
 5 years ago
Victor Julien 960045323d app-layer: minor code cleanup 5 years ago
Victor Julien 9b1f0656d0 app-layer: fix progress tracking 
Esp in combination with GAPs and proto detection.
 5 years ago
Victor Julien acef21b759 app-layer: extend AppLayerResult to add convenience 5 years ago
Victor Julien 2f5834cdfa rust: merge parser.rs into applayer.rs 
Both were serving the same purpose.
 5 years ago
Victor Julien 21e6f1f063 app-layer: document return macros 5 years ago
Victor Julien 5b9b0b7226 nfs: switch to new 'incomplete' logic 
Remove buffering code in favor of using incomplete API.
 5 years ago
Victor Julien 66598f9ce7 nfs: switch to AppLayerResult 5 years ago
Victor Julien 5cd9cfb5a0 smb: update return type of GAP handling 5 years ago
Victor Julien 4bf87d30e4 smb: convert to return AppLayerResult 
Support returning 'incomplete' and remove the buffering
code from the parser.
 5 years ago
Victor Julien 674b8dc0fb app-layer: add 'incomplete' return logic 
Allow app-layer parsers to indicate how much data they need
before being called again.
 5 years ago
Victor Julien 44d3f264bf app-layer: update API to return more details 
Add AppLayerResult struct as the Parser return type in
preparation of allowing returning 'Incomplete(size)' similar
to what nom in Rust allows.
 5 years ago
Victor Julien 3bcf948a75 app-layer: change return codes 
This patch simplifies the return codes app-layer parsers use,
in preparation of a patch set for overhauling the return type.

Introduce two macros:

APP_LAYER_OK (value 0)
APP_LAYER_ERROR (value -1)

Update all parsers to use this.
 5 years ago
Victor Julien 54b2ec0e4d app-layer: minor optimization 5 years ago
Victor Julien fee7b97ec0 stream: fix function style 5 years ago
Victor Julien 157d01e87e ftp: minor code cleanups 5 years ago
Victor Julien 6ae66cb2bb nfs: code cleanups 
Use 'if let' to replace simple 'match' statements.

Use explicit returns to easy code review.
 5 years ago
Victor Julien a729d266c3 smb: fix rustc 1.42 warnings 5 years ago
Jeff Lucovsky 0c5c2173bc config: General typo and grammar cleanup 5 years ago
Jeff Lucovsky e14447d594 docs/napatech: Correct typo 5 years ago
Philippe Antoine b0f6737c10 python: style for prscript 
Remove unnecessary pass
Remove unused variable
 5 years ago
Philippe Antoine be6f6cc6a2 python: style for suricatasc.py 
Remove unnecessary return
Better comparison with None
 5 years ago
Philippe Antoine 492504cf62 python: remove unused imports 5 years ago
Stephen Donnelly 47082dd5df dag: Skip over ERF_TYPE_META records 
Suricata generates an error on unrecognised ERF types.
Suricata should ignore ERF 'Provenance' records with ERF_TYPE_META.
 5 years ago
Jason Ish 76582e34c1 suricata.yaml/dns: removed unused settings 
Remove DNS settings global-memcap, state-memcap and request-flood.
These have never been used in the Rust implementation of the DNS
decoder.
 5 years ago
Jason Ish 8a643c893c detect/parse: allow for OK signature parsing errors 
The idea of an OK signature parsing error is an error that is
allowed to occur, but still lets test mode pass, unlike
silent errors which will still fail testing.

This is introduced to allow for app-layer event keywords to be
removed, but not have old rules fail out on this case. For example
the Rust DNS parser removes from DNS app-layer events that are
not used anymore.

To signal that an error is OK, -3 is returned. This also implies
silent.
 5 years ago
Jason Ish 947cfac62e detect/parse: softer error on unknown app-layer event 
On an unknown app-layer event, return -3 for "silent OK fail". A
warning will still be emitted, but its not considered a rule parse
error. This is to handle app-layer events being removed in a more
graceful manner for the user.

This allows -T to pass with an old app-layer events rule file
that may used removed app-layer event keywords.
 5 years ago
Jason Ish 688874582a dhcp: remove C app-layer-dhcp wrapper 
This just wrapped the Rust function to register the parse,
so instead just call the Rust function directly to remove
the C wrapper, and the 2 C files.
 5 years ago
Jason Ish a0e3e2d7b4 dns: register parsers from Rust 
And port the C DNS tests to Rust.
 5 years ago
Jason Ish 0af9a3a5f7 dns: remove C wrapper functions to Rust 
Remove registration of C wrapper functions and register
the Rust functions directly for UDP.
 5 years ago
Jason Ish 1b44f839e6 dns: cleanup: move event callbacks into Rust 
Remove app-layer-dns-common.c as its no longer needed.
 5 years ago
Jason Ish ca5a3f0f04 dns: cleanup: remove unused events 
Removed events that are no longer used since the Rust
implementation of DNS:
- UnsolicitedResponse
- StateMemCapReached
- Flooded
 5 years ago
Jason Ish 4d312b6813 dns: cleanup: remove C DNS type definitions (dead code) 5 years ago
Jason Ish d809b0959b dns: cleanup: move DnsGetRcode (Lua) to rust 
Move the implementation of Lua DnsGetRcode to Rust.
 5 years ago
Jason Ish d6b3b33f4a dns: cleanup: remove unused function DNSCreateTypeString 5 years ago
Shivani Bhardwaj c5cee05169 doc: Fix typo Generate -> Generator 5 years ago
Shivani Bhardwaj 7b1699c5a8 doc: Add chassis for dev docs 
Closes redmine ticket 3344.
 5 years ago
Philippe Antoine 23f796a021 kerberos: fix against packet split in record size 5 years ago
Victor Julien 76dd951523 krb5/tcp: remove notice logging on failed records 5 years ago
Philippe Antoine 8396333493 detect: adds icmpv6.hdr keyword 5 years ago
Philippe Antoine 02d94f5cf2 detect: fix typo for ipv6.hdr description 5 years ago
Philippe Antoine fc48a7cebf detect: use SC macros for IPV6 header 5 years ago
Philippe Antoine af1361a988 doc: add missing documentation for ipv6.hdr keyword 5 years ago
Philippe Antoine 5f95822f8b doc: fix typo in ByteExtractUint32 description 5 years ago
Jeff Lucovsky c20ab53eae detect/threshold: Correct typos 5 years ago
Jeff Lucovsky ff9a01ee1b detect/threshold: Don't allow duplicates 
This commit detects duplicate threshold rule options. When duplicates
are found in a rule, an error message is displayed and the rule is
rejected.
 5 years ago
Victor Julien f6c77dcdd9 pcap/file: minor code cleanups 5 years ago
Victor Julien faf5beed2f threads/time: minor code cleanup 5 years ago
Sascha Steinbiss 11912bd715 sip: address trailing space parsing 5 years ago