aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,603 Commits
7 Branches
161 Tags
202 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c41e64d637'
${ noResults }
Commit Graph

9751 Commits (c41e64d637fc0ce7a95e68c2de08f4d4ea24f49f)

Author SHA1 Message Date
Victor Julien c41e64d637 dnp3: reword warning message 5 years ago
Victor Julien 36a93380a5 defrag: fix pthread warning on OpenBSD 5 years ago
Philippe Antoine 61d0cd1399 signature: checks protocol for file.name keyword 
By setting the flags as for the filename keyword (not sticky version)
 5 years ago
Philippe Antoine bde0c88984 dnp3: more precise probing for banners 5 years ago
Philippe Antoine 12dfc33e05 dnp3: fix probing test not using final null in string 5 years ago
Philippe Antoine 4706b38866 ssl: do not reuse struct session_id_length 
As it can be confused between SSLv2 and TLSv13
In SSLv2, this variable is not used after the function scope, so
we can use a temporary variable.
 5 years ago
Philippe Antoine f9c6b60edc detect: fix use of uninit memory in DetectDatarepParse 
By initializing to empty string
 5 years ago
Philippe Antoine 6b735a2e57 util: fix warning about format string for integer 5 years ago
Philippe Antoine dc7a9d2b46 util: THashInitConfig limits hash size when fuzzing 5 years ago
Philippe Antoine dcd5e4dec9 util: THashInitConfig does not exit but return error 5 years ago
Jason Ish 2b215a45e0 enip: set unidirection transaction flag 5 years ago
Jason Ish 60ebc27c4e app-layer: handle unidirectional transactions 5 years ago
Philippe Antoine 2eacc6a9a8 ssl: adds safety checks 
Ensure the client version is valid by checking hello flags

Ensure no integer underflow occurs in SSLv3ParseHandshakeType
 5 years ago
Jeff Lucovsky 4624e66cdd detect/transform: Validator for compress-ws 
This commit adds a buffer validator for compress whitespace. Buffers
containing two or more consecutive whitespace characters are invalid
with this transform.
 5 years ago
Jeff Lucovsky 30b1d7a9c1 detect: Correct typo 5 years ago
Jeff Lucovsky 7ab986250a detect/file-data: Apply transforms on file_data 
This commit cause transforms to be applied on the sticky buffer.
 5 years ago
Victor Julien e07a4393a9 http: error check htp_list_size 
This avoids a potential casting to uint64_t of -1, leading to a very
high upper bound of the tx loop.
 5 years ago
Jeff Lucovsky a75e9667ce log/eve: Threaded filename change: eve.N.json 
This commit changes the name of the file used with threaded eve logging
to better support log rotation

Instead of using "eve.json.N" and creating potential issues with log
rotation (which also uses a ".N" suffix), the eve logs will be named
"eve.N.json" when threaded.
 5 years ago
Jeff Lucovsky 73567272cd path: SCBasename - function to return basename 
This commit returns the basename of a file, if it exists
in the same way that `basename(1)` works.
 5 years ago
Jeff Lucovsky db9776af64 detect/rules: Fix copy/paste error 
This commit corrects a copy/paste error handling the `include-mpm-stats`
configuration setting.
 5 years ago
Jeff Lucovsky 41967a53ec detect: Apply clang-format updates 5 years ago
Jeff Lucovsky d911fb87b8 detect/rules: Increase array size to remove SEGV 
This commit changes the size of reporting variables to be dynamic based
on the buffer ids in use instead of a fixed value to address a SEGV when
the fixed value was less than the max buffer/type id in use.
 5 years ago
Philippe Antoine d57275fa64 protodetect: rerun probing parser if pattern matched 
If a pattern matches in the other direction, after
probing parser finished without finding a protocol,
we will rerun the probing parser, which will include
the newly protocol found by its pattern
 5 years ago
Philippe Antoine 5f348e9907 protodetect: runs probing parser on protocol found 
It a protocol is found in a first direction, we should run the
probing parser, even if it is not in the known ports.

That can happen for HTTP2, where client magic is detected,
then server probe can be run
 5 years ago
Philippe Antoine 518e0e66cb applayer: fix a leak in protocol change 
TCPProtoDetect can either set f->alproto, change f->alstate
and return error.

When the original alstate gets freed, we shall set the pointer
to NULL, as it can get reused.
 5 years ago
Jeff Lucovsky bb71eac9f9 log/anomaly: Move metadata out of anomaly section 
This commit moves the metadata from the anomaly object where it was
incorrectly located.
 5 years ago
Victor Julien daffcc6e53 app-layer: improve depth handling 
Consider txs inspected and done for a direction after depth is reached for
that direction.
 5 years ago
Victor Julien a5a46795bd stream: make sure to call app-layer in case of depth reached 5 years ago
Victor Julien 8b2886635f dcerpc/tcp: implement trunc logic 
When one side of the connection reaches the STREAM_DEPTH condition the
parser should be aware of this. Otherwise transactions will forever be
waiting for data in that direction.
 5 years ago
Victor Julien 4da0d9bdea applayer/rust: expose truncate callback 5 years ago
Victor Julien 2cfa35ccc9 app-layer: don't check tx detect flags if detect is disabled 5 years ago
Victor Julien 34e83b8acf stream: remove GAP flag from stream 
This flag was checked in many places, but never set expect in 2 unittests.
 5 years ago
Jeff Lucovsky c5ace81a27 log/eve: Rename fileinfo alert object to files 
This commit changes the name of the "fileinfo" array in the alert object
to "files" to better support legacy use of "fileinfo" in reporting and
elsewhere.

The "fileinfo" event type is not an array while the alert "fileinfo"
member was.
 5 years ago
Shivani Bhardwaj 98285177ba datasets: use default memcap 5 years ago
Philippe Antoine 872de829ea detect: initialize pointer before calling pcre_study 
So as not to check an uninitialized value
Found by MSAN
 5 years ago
Victor Julien f21a4bc40e datasets: remove experimental warning 5 years ago
Shivani Bhardwaj 1286b0a8f1 datasets: parse defaults section from yaml 
Datasets can now have a global defaults setting in suricata.yaml. In
case the settings for memcap and hashsize are not find in the yaml or
rule, this shall be the fallback.

Example:

datasets:
  defaults:
    memcap: 100mb
    hashsize: 2048
  ua-seen:
    type: string
    load: datasets.csv
 5 years ago
Shivani Bhardwaj 5ac94fc407 datasets: allow memcap, hashsize be set via yaml or rule 
It is now possible to set the memcap and hashsize via suricata.yaml and
rules.

Rule example:

alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 100mb,hashsize 2048; sid:1;)

suricata.yaml example:

datasets:
  ua-seen:
    type: string
    load: datasets.csv
    memcap: 20mb
    hashsize: 2048
 5 years ago
Shivani Bhardwaj b2482d6c60 datasets: allow max possible memcap while loading 
While using the "load" option of datasets, it should be possible to load
any file from the disk, so set the limit to highest possible.
 5 years ago
Jeff Lucovsky ce603d662f log/eve: Ensure eve logs have sequential suffixes 
This commit ensures that the eve logs have sequential suffixes without
gaps.
 5 years ago
Jeff Lucovsky ad2e18be3e atomics: Add "decl and init with value" function 
This commit adds an interface to declare and initialize an atomic with a
specific value. This can help with situations where there's no defined
initialization path to set things up.
 5 years ago
Jeff Lucovsky 8395a9201e log: Ensure threaded eve honors SIGHUP 
This commit ensures that all logging contexts register for the file
rotation mechanism (SIGHUP and configured).
 5 years ago
Philippe Antoine 9b5c923327 http: disables lzma by default for HTTP 5 years ago
Philippe Antoine 7011bddf84 http2: mimic HTTP1 request from upgrade 5 years ago
Philippe Antoine 9d1b030ff0 http2: first connection upgrade from http1 5 years ago
Philippe Antoine 9185a90fc9 dnp3: fix unit tests when fuzzing 5 years ago
Philippe Antoine 82f1758573 applayer: keep running detection on protocol change 
ie do not stop on first try if we do not have enough data
 5 years ago
Philippe Antoine 21e741795d applayer: on protocol change, use previous state 5 years ago
Philippe Antoine 828ff2dc3c http: removal of connect unit tests 
moved to suricata-verify
 5 years ago
Philippe Antoine 547d6c2d78 applayer: pass parameter to StateAlloc 
This parameter is NULL or the pointer to the previous state
for the previous protocol in the case of a protocol change,
for instance from HTTP1 to HTTP2

This way, the new protocol can use the old protocol context.
For instance, HTTP2 mimicks the HTTP1 request, to have a HTTP2
transaction with both request and response
 5 years ago