aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,600 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c95850c6ce'
${ noResults }
Commit Graph

11600 Commits (c95850c6ce334af9174ef6efeeb19347e2804b1b)
 

Author SHA1 Message Date
Victor Julien 0025467f90 sources: hide RegisterTests behind ifdef UNITTESTS 
Update callers.
 5 years ago
Victor Julien 00cc3c7374 eve/ssh: change hassh logging format 
Elastic search didn't accept the 'hassh' and 'hassh.string'. It would
see the first 'hassh' as a string and split the second key into a
object 'hassh' with a string member 'string'. So two different types
for 'hassh', so it rejected it.

This patch mimics the ja3(s) logging by creating a 'hassh' object
with 2 members: 'hash', which holds the md5 representation, and
'string' which holds the string representation.
 5 years ago
Victor Julien 085eb9fc8e eve/ssh: minor cleanup 5 years ago
Philippe Antoine 0c92b8f7e4 dcerpc: adds invalid signature unit test 5 years ago
Philippe Antoine b8069365f5 dcerpc: check app proto for signature keywords 5 years ago
Victor Julien 6ab323d323 detect: hide RegisterTests behind ifdef UNITTESTS 
Update all callers to more aggressively use UNITTESTS guards as well.
 5 years ago
Xiaofan Wang 071f55dcd7 ftp: fix direction of expectation for STOR command 
Fix direction in active mode.
 5 years ago
Victor Julien 0d24066876 sip: minor cleanup 5 years ago
Victor Julien db3b637ada htp: minor UNITTESTS guarding cleanup 5 years ago
Victor Julien 7c364017da ftp: small code cleanup 5 years ago
Victor Julien 0c06d08d94 gitignore: add .vscode and various other files 5 years ago
Jeff Lucovsky 72e2f36f9b ftp: Restrict file name lengths 
Restrict file name lengths to PATH_MAX - 1 to avoid over subscribing
memory to FTP file name tracking.
 5 years ago
Shivani Bhardwaj c169cfe0a3 bytetest: use ByteExtractString instead of StringParse 5 years ago
Shivani Bhardwaj 6f84515dd9 util: fix trailing char check with ByteExtractString 5 years ago
Philippe Antoine eb5b927787 ssh: fixing incomplete kex parsing 
We use the record length from the ssh record header,
and not the size of the parsed data, as is done in other places.
 5 years ago
Victor Julien bcd416e6ba nfs: fix 'dangling' files in lossy sessions 
In case of lossy connections the NFS state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.

This would lead these files staying in the NFS's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.

This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.

Based on 65e9a7c31c
 5 years ago
Victor Julien fc7cecb4ae nfs: check post-gap timeouts once a second at most 
Based on 25f2efe977
 5 years ago
Victor Julien 5d65e5a748 nfs: update ts only if it changed 
Based on 8aa380600d
 5 years ago
Zach Kelly b25de4d99a rdp: remove parser buffering code 5 years ago
Zach Kelly 22a2bee614 rdp/eve: convert to jsonbuilder 5 years ago
Zach Kelly ef397daba3 rdp: rustfmt (update) 5 years ago
Joshua Lumb f7c4600482 threads/runmode: Changes to thread config behaviour 5 years ago
Shivani Bhardwaj 0ae63e85ed gh-checks: Add enable-debug-validation to test 5 years ago
Shivani Bhardwaj 68bf7d998a travis: add test for enable-debug-validation 5 years ago
Shivani Bhardwaj 35362b7bfa jsonbuilder: run test if not debug-validate 5 years ago
Shivani Bhardwaj 333a785efd sip: remove extra jsonbuilder close 5 years ago
Shivani Bhardwaj 2ce7d98af1 dcerpc: fix tests to have a valid header 5 years ago
Shivani Bhardwaj 9f9670ebdc logging: Add DCERPC logger 5 years ago
Shivani Bhardwaj bab497ab2c dcerpc: Add multi transaction support 
DCERPC parser so far provided support for single transactions only.
Extend that to support multiple transactions.

In order for multiple transactions to work, there is always a
transaction identifier for any protocol in its header that lets a
response match the request. In DCERPC, for TCP, that param is call_id in
the header which is a 32 bit field. For UDP, however since it uses
different version of RPC (4.x), this is defined by serial number field
defined in the header. This field however is not contiguous and needs to
be assembled by the provided serial_low and serial_hi fields.
 5 years ago
Victor Julien 9831839388 detect/mpm: fix hs check 5 years ago
Tristan Fletcher 6cbb4d4909 doc: fix spelling in flowbits image 5 years ago
Roland Fischer 9f1efa3c10 pcap: 32bit counters can wrap-around 
Fixes issue 2845.

pcap_stats is based on 32bit counters and given a big enough throughput
will overflow them. This was reported by people using Myricom cards which
should only be a happenstance. The problem exists for all pcap-based
interfaces.

Let's use internal 64bit counters that drag along the pcap_stats and
handle pcap_stats wrap-around as we update the 64bit stats "often enough"
before the pcap_stats can wrap around twice.
 5 years ago
Shivani Bhardwaj 67e7be633c krb: convert to jsonbuilder 
Closes redmine ticket 3754.
 5 years ago
Shivani Bhardwaj 72dab0a8b7 snmp: convert to jsonbuilder 
Closes redmine ticket 3756.
 5 years ago
Jason Ish 5d0d630237 github-ci: build rust doc on stable and 1.34.2 
Nothing is done with the rustdoc, its just build to make
sure it builds with our supported versions of Rust
 5 years ago
Jason Ish 7ca24041b6 rust: add doc target to build rust docs 
Uses "cargo doc --no-deps" to build the documentation just for
our Suricata package. Without --no-deps, documentation will be
build for all our dependencies as well.

The generated documentation will end up in target/doc as HTML.
 5 years ago
Jason Ish abc71dc4a5 applayer template (rust): better gap handling example 
In the request parser, show checking if a gap was received
and what one example of trying to continue might look like.
 5 years ago
Jason Ish b91bb92b7d applayer template (rust): incomplete support 
Show how to use the incomplete AppLayerResult type within the
limits of what the template protocol parser can provide.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/3541
 5 years ago
Jason Ish 3f615f751b rust app-layer template: add stubs for gap handling 5 years ago
Jason Ish d60671d855 rust/dns: use new flags field to set parser option flags 5 years ago
Jason Ish 53aa967e0b applayer: add flags to parser registration struct 
This will allow Rust parsers to register for gap handing from
Rust (some Rust parsers do handle gaps, but they set the flag
from C).
 5 years ago
Jason Ish 7476399f43 template: add gap handling 5 years ago
Victor Julien e04d48c8c8 doc/userguide: fix outdated mpm info 5 years ago
Victor Julien 4726d7027c detect/mpm: 'mpm-algo' parsing cleanups 5 years ago
Victor Julien f2a3d6d834 flow: fix unlikely issue with int handling 
Thanks for reporting this magenbluten PR 4575.
 5 years ago
Victor Julien 04d88e7012 doc/suricata-update: fix typo and do minor cleanups 
Thanks to showipintbri PR 4465.
 5 years ago
Zackeus Bengtsson 6887a2ab35 buildbot-pcaps: remove redundant sudo 5 years ago
jason taylor 89839e3c27 suricatasc: updates copyright date and FSF address 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
jason taylor 7be7f06ac6 suricatasc: update copyright date and FSF address 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago
jason taylor 143f08fa7a prscript: update copyright dates and FSF address 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 5 years ago