suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	a21232828e	dcerpc: add app-layer metadata in alerts Ticket: 6090	8 months ago
Philippe Antoine	5f35035928	filestore: do not try to store a file set to nostore Ticket: 6390 This can happen with keyword filestore:both,flow If one direction does not have a signature group with a filestore, the file is set to nostore on opening, until a signature in the other direction tries to set it to store. Subsequent files will be stored in both directions as flow flags are now set.	8 months ago
Philippe Antoine	0d4efe0c0f	app-layer: fix -Wshorten-64-to-32 warnings Ticket: #6186 Warnings about downcast from 64 to 32 bits	8 months ago
Philippe Antoine	1790aa49a4	util: fix -Wshorten-64-to-32 warnings Ticket: 6186 Warnings about downcast from 64 to 32 bits Generic fixes required to get app-layer clean	8 months ago
Philippe Antoine	dc043d0297	detect: remove unused field content_inspect_window is used in app-layer-smtp, but not directly in detect-file-data	8 months ago
Victor Julien	3d059611c3	detect: add tls.alpn keyword Ticket: #7108.	8 months ago
Victor Julien	869d5492dc	eve/schema: update for alpn	8 months ago
Victor Julien	c79a382e42	eve/tls: log ALPN for client and server Part of the extended logging. Logs `client_alpns` and `server_alpns` arrays in the tls object. Ticket: #7055.	8 months ago
Victor Julien	0b37654578	tls: store all ALPN records in the state For later logging and detection.	8 months ago
Victor Julien	7f474af1d0	eve/schema: minor enip reformat	8 months ago
Jason Ish	6256391408	github-ci: run cargo update test on pull requests Previously it was run once a week, hiding some issues until Monday's. Instead run on pull requests, but still not every push.	9 months ago
Victor Julien	e3e917d967	detect/icmp-id: remove prefilter pseudo check This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.	9 months ago
Victor Julien	8df53d6411	detect/dsize: remove prefilter pseudo check This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.	9 months ago
Victor Julien	44d2e1aad7	detect/stream_size: allow match on pseudo packets Often used with stream content, which can be inspected with pseudo packets.	9 months ago
Victor Julien	6958efa2dc	detect/csum: remove pseudo packet checks	9 months ago
Victor Julien	64f5865efc	detect/csum: general code cleanups	9 months ago
Victor Julien	956c8bebd1	detect/prefilter: use sig mask to exclude pkt engines Add an argument to the packet prefilter registration function to include `SignatureMask` flags. This will be used at runtime to only call these prefilter engines when the mask check passes.	9 months ago
Victor Julien	4c2960169c	detect/prefilter: minor function ptr cleanup Use a typedef'd function pointer for packet Prefilter callbacks to make the code consistent with the other callbacks.	9 months ago
Victor Julien	2d1ccb76b1	detect: remove pseudo checks from packet keywords Keep as debug validation check.	9 months ago
Victor Julien	d03660a646	detect: skip pseudo packets if sig needs real pkt If a signature uses a condition that requires a real packet, filter out pseudo packets as early as possible. To do this, the SignatureMask logic is used. This allows for the removal of checks for pseudo packets in individual keywords `Match` functions, which will be done in a follow up commit. Update analyzer to output the new flag. Ticket: #7002.	9 months ago
Philippe Antoine	e3034a6f54	tests: move detect http.uri tests to suricata-verify Ticket: 3725	9 months ago
Philippe Antoine	d59c60410f	fuzz: adapt target to number of keywords being dynamic Ticket: 4683	9 months ago
Philippe Antoine	5bb5b4f46f	rust: remove unnecessary nested unsafe	9 months ago
Philippe Antoine	4ccbcc4684	sip: use right slice to take line from We iterate over input, but we are now at start. Avois quadratic complexity turning to OOM. Ticket: 7093	9 months ago
Jason Ish	49ecf37126	rust/ike: prefix never read field names with _ New warning from rustc. The other option is to allow dead code, however this is more explicit, and when they are read, its obvious they should be renamed.	9 months ago
Jason Ish	29d7ff026a	rust: simply matches with unwrap_or_default New default clippy warning: https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default	9 months ago
Jason Ish	ee2175cdb6	rust: fix clippy lint for legacy_numeric_constants https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants	9 months ago
Jason Ish	a1bb62c059	cargo: use default-features instead of default_features "default_features" is being deprecated in Rust 2024.	9 months ago
Philippe Antoine	4fe3f04fa3	detect/enip: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	ce1eea4ad6	detect/websocket: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	16952d67e7	detect/dhcp: move keywords to rust Ticket: 4863	9 months ago
Philippe Antoine	ae72376ebe	detect/snmp: move keywords to rust Ticket: 4863 On the way, convert unit test DetectSNMPCommunityTest to a SV test. And also, make snmp.pdu_type use a generic uint32 for detection, allowing operators, instead of just equality.	9 months ago
Philippe Antoine	4bbe7d92dc	detect: helper to have pure rust keywords detect: make number of keywords dynamic Ticket: 4683	9 months ago
Philippe Antoine	08c511f1bf	enip: remove unnecessary unsafe As the function SCEnipRegisterParsers is already marked as unsafe	9 months ago
Eric Leblond	b128a75973	profiling: check packet flag first This fixes the state handling and simplify the logic.	9 months ago
Eric Leblond	eecb3440e2	profiling: add option to active rules profiling at start When replaying a pcap file, it is not possible to get rules profiling because it has to be activated from the unix socket. This patch adds a new option to be able to activate profiling collection at start so a pcap run can get rules profiling information.	9 months ago
Lukas Sismis	bd9608771e	doc: port user install and build instruction from master-6.0.x Ticket: #6686	9 months ago
Lukas Sismis	cd7c35eb5a	github-ci: add minimal build for Ubuntu and AlmaLinux	9 months ago
Lukas Sismis	6d663ec885	github-ci: remove gosu from installed packages	9 months ago
Lukas Sismis	521d1cb8e7	doc: update eBPF compilation instructions Ticket: #6599	9 months ago
Victor Julien	8b42182fee	doc/userguide: document iprep isset/isnotset	9 months ago
Victor Julien	2f74d435d3	doc/userguide: add more operators to iprep	9 months ago
Victor Julien	37be66eef9	detect/iprep: update function naming Bring in line with new Rust code naming for FFI functions.	9 months ago
Victor Julien	83976a4cd4	detect/iprep: implement isset and isnotset Implement special "isset" and "isnotset" modes. "isset" matches if an IP address is part of an iprep category with any value. It is internally implemented as ">=,0", which should always be true if there is a value to evaluate, as valid reputation values are 0-127. "isnotset" matches if an IP address is not part of an iprep category. Internally it is implemented outside the uint support. Ticket: #6857.	9 months ago
Victor Julien	3e46c51651	reputation: minor cleanup No need to init ptrs to NULL after SCCalloc.	9 months ago
Victor Julien	539ab3a404	detect/iprep: update keyword parser for extendibility	9 months ago
Jason Ish	f0dbfe863d	misc: prefix functions with SC not Sc	9 months ago
Victor Julien	d02054fa31	detect/noalert: point noalert/alert to new doc	9 months ago
Victor Julien	50ef646d45	doc/userguide: add noalert/alert keyword docs	9 months ago
Victor Julien	c83e3285ae	doc/userguide: give pcre1 to pcre2 proper heading	9 months ago

... 5 6 7 8 9 ...

16336 Commits (c9369641f8d07dd2c183d211907026b1b3b92e30) All Branches Search

16336 Commits (c9369641f8d07dd2c183d211907026b1b3b92e30)

All Branches