aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
16,053 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd205ff82d0'
${ noResults }
Commit Graph

16053 Commits (d205ff82d0f369f26973abe53a7beeebbdda11f6)
 

Author SHA1 Message Date
Jeff Lucovsky d205ff82d0 doc/transform: Describe the from_base64 transform 
Issue: 6487

Document the new transform and indicate that it's the preferred way to
perform base64 decoding (preferred over base64_decode)
 1 year ago
Jeff Lucovsky f042e9034b detect/transform: Add from_base64 transform 
Issue: 6487

Implement the from_base64 transform:
    [bytes value] [offset value] [mode strict|rfc4648|rfc2045]

    The value for bytes and offset may be a byte_ variable or an
    unsigned integer.
 1 year ago
Jeff Lucovsky 1823681709 detect/transform: from_base64 option parsing 
Issue: 6487

Implement from_base64 option parsing in Rust. The Rust module also
contains unit tests.
 1 year ago
Jeff Lucovsky ab0cb960a1 detect/parser: Refactor utility routines 
Refactor utility functions/definitions from the byte_math module into
the parser module. This includes parse_var and ResultValue

Issue: 6487
 1 year ago
Shivani Bhardwaj 903283d76e flow: declare and use constansts where possible 1 year ago
Shivani Bhardwaj 00a644c5c2 flow/manager: make fn calls only when necessary 1 year ago
Shivani Bhardwaj eb95d2bf66 flow/timeout: cleanup fn names and comments 1 year ago
Shivani Bhardwaj 8818b9cbe0 flow: remove unneeded args to fn 1 year ago
Shivani Bhardwaj f97b4ec1e8 flow/manager: add fn docs 1 year ago
Shivani Bhardwaj 14cd594d3c flow: add defensive check 1 year ago
Shivani Bhardwaj a87c8eb46f packetpool: use DEBUG_VALIDATE statement 1 year ago
Shivani Bhardwaj 87fa7f10ef flow: use bool wherever possible 1 year ago
Philippe Antoine 8b831e6751 detect/icmp: require real packet in signature 
Fixes: 956c8bebd1 ("detect/prefilter: use sig mask to exclude pkt engines")
 1 year ago
Philippe Antoine 0a953fe1ce detect: add to signature mask for decode events 
Ticket: 6291
 1 year ago
Philippe Antoine 4e584ed201 detect: fix check for app_layer events 
Ticket: 7106
 1 year ago
Jeff Lucovsky 834cd6fbdb af-packet: Remove unused preprocessor define 
Remove unused preprocessor value; exposed by compilation warning
 1 year ago
Philippe Antoine c9ce43b31e output: configurable payload_length field for alerts 
Ticket: 7098
 1 year ago
Philippe Antoine a21232828e dcerpc: add app-layer metadata in alerts 
Ticket: 6090
 1 year ago
Philippe Antoine 5f35035928 filestore: do not try to store a file set to nostore 
Ticket: 6390

This can happen with keyword filestore:both,flow
If one direction does not have a signature group with a filestore,
the file is set to nostore on opening, until a signature in
the other direction tries to set it to store.
Subsequent files will be stored in both directions as flow flags
are now set.
 1 year ago
Philippe Antoine 0d4efe0c0f app-layer: fix -Wshorten-64-to-32 warnings 
Ticket: #6186

Warnings about downcast from 64 to 32 bits
 1 year ago
Philippe Antoine 1790aa49a4 util: fix -Wshorten-64-to-32 warnings 
Ticket: 6186

Warnings about downcast from 64 to 32 bits

Generic fixes required to get app-layer clean
 1 year ago
Philippe Antoine dc043d0297 detect: remove unused field 
content_inspect_window is used in app-layer-smtp, but
not directly in detect-file-data
 1 year ago
Victor Julien 3d059611c3 detect: add tls.alpn keyword 
Ticket: #7108.
 1 year ago
Victor Julien 869d5492dc eve/schema: update for alpn 1 year ago
Victor Julien c79a382e42 eve/tls: log ALPN for client and server 
Part of the extended logging.

Logs `client_alpns` and `server_alpns` arrays in the tls object.

Ticket: #7055.
 1 year ago
Victor Julien 0b37654578 tls: store all ALPN records in the state 
For later logging and detection.
 1 year ago
Victor Julien 7f474af1d0 eve/schema: minor enip reformat 1 year ago
Jason Ish 6256391408 github-ci: run cargo update test on pull requests 
Previously it was run once a week, hiding some issues until
Monday's. Instead run on pull requests, but still not every push.
 1 year ago
Victor Julien e3e917d967 detect/icmp-id: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 8df53d6411 detect/dsize: remove prefilter pseudo check 
This is now handled at registration with SIG_MASK_REQUIRE_REAL_PKT.
 1 year ago
Victor Julien 44d2e1aad7 detect/stream_size: allow match on pseudo packets 
Often used with stream content, which can be inspected with pseudo packets.
 1 year ago
Victor Julien 6958efa2dc detect/csum: remove pseudo packet checks 1 year ago
Victor Julien 64f5865efc detect/csum: general code cleanups 1 year ago
Victor Julien 956c8bebd1 detect/prefilter: use sig mask to exclude pkt engines 
Add an argument to the packet prefilter registration function to include
`SignatureMask` flags. This will be used at runtime to only call these
prefilter engines when the mask check passes.
 1 year ago
Victor Julien 4c2960169c detect/prefilter: minor function ptr cleanup 
Use a typedef'd function pointer for packet Prefilter callbacks to make
the code consistent with the other callbacks.
 1 year ago
Victor Julien 2d1ccb76b1 detect: remove pseudo checks from packet keywords 
Keep as debug validation check.
 1 year ago
Victor Julien d03660a646 detect: skip pseudo packets if sig needs real pkt 
If a signature uses a condition that requires a real packet, filter
out pseudo packets as early as possible. To do this, the SignatureMask
logic is used.

This allows for the removal of checks for pseudo packets in individual
keywords `Match` functions, which will be done in a follow up commit.

Update analyzer to output the new flag.

Ticket: #7002.
 1 year ago
Philippe Antoine e3034a6f54 tests: move detect http.uri tests to suricata-verify 
Ticket: 3725
 1 year ago
Philippe Antoine d59c60410f fuzz: adapt target to number of keywords being dynamic 
Ticket: 4683
 1 year ago
Philippe Antoine 5bb5b4f46f rust: remove unnecessary nested unsafe 1 year ago
Philippe Antoine 4ccbcc4684 sip: use right slice to take line from 
We iterate over input, but we are now at start.
Avois quadratic complexity turning to OOM.

Ticket: 7093
 1 year ago
Jason Ish 49ecf37126 rust/ike: prefix never read field names with _ 
New warning from rustc.

The other option is to allow dead code, however this is more explicit,
and when they are read, its obvious they should be renamed.
 1 year ago
Jason Ish 29d7ff026a rust: simply matches with unwrap_or_default 
New default clippy warning:
https://rust-lang.github.io/rust-clippy/master/index.html#manual_unwrap_or_default
 1 year ago
Jason Ish ee2175cdb6 rust: fix clippy lint for legacy_numeric_constants 
https://rust-lang.github.io/rust-clippy/master/index.html#legacy_numeric_constants
 1 year ago
Jason Ish a1bb62c059 cargo: use default-features instead of default_features 
"default_features" is being deprecated in Rust 2024.
 1 year ago
Philippe Antoine 4fe3f04fa3 detect/enip: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ce1eea4ad6 detect/websocket: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine 16952d67e7 detect/dhcp: move keywords to rust 
Ticket: 4863
 1 year ago
Philippe Antoine ae72376ebe detect/snmp: move keywords to rust 
Ticket: 4863

On the way, convert unit test DetectSNMPCommunityTest to a SV test.

And also, make snmp.pdu_type use a generic uint32 for detection,
allowing operators, instead of just equality.
 1 year ago
Philippe Antoine 4bbe7d92dc detect: helper to have pure rust keywords 
detect: make number of keywords dynamic

Ticket: 4683
 1 year ago