aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,038 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd2142cf433'
${ noResults }
Commit Graph

9038 Commits (d2142cf4337985e190891eb3a9d8ddcc017fed58)
 

Author SHA1 Message Date
Victor Julien 76917a8732 smb1: generic smb string parse func 7 years ago
Victor Julien 668c747aee smb1: more exact tree connect record parsing 7 years ago
Victor Julien 0ed00cf104 smb: move common parsing funcs into own file 7 years ago
Victor Julien 1c701dc50e smb: make string parsing functions public 7 years ago
Victor Julien 1d4aac1d4d smb1: set event on empty/malformed dialect 7 years ago
Victor Julien c91242e71c smb: rename file to filename in output 7 years ago
Victor Julien caf29e92b3 smb1: parse and log timestamps in CREATE 7 years ago
Victor Julien 0e05ef7369 smb2: parse and log timestamps in CREATE 7 years ago
Victor Julien 28f16e38ac smb1: disable 'generic tx's for common commands 
Don't create a generic TX for each READ, WRITE, TRANS, TRANS2,
except if they cause events to trigger.
 7 years ago
Victor Julien 78cd92a933 smb: generic event per trans/read/write for tx events 7 years ago
Victor Julien 05992f1772 smb: fix event handling when no tx is available 7 years ago
Victor Julien be615c9fbc smb: small cleanups, fixes and optimizations 7 years ago
Victor Julien dab055d8c8 smb: update to der-parser 0.5.1 7 years ago
Victor Julien 0d69e7b8c2 smb: remove unused dialects from state 7 years ago
Victor Julien ad1bc7f473 smb1: minor debug improvment 7 years ago
Victor Julien a44504a1bf smb: redo gap catch up handling 7 years ago
Victor Julien 7114d5d25b smb1: parser cleanups 7 years ago
Victor Julien d9e43d3e63 smb: cleaner server component parsing 7 years ago
Victor Julien ecbf10da70 smb2: improve write error handling 7 years ago
Victor Julien b34392051d smb3: parse transform records 7 years ago
Victor Julien 894a73ee06 smb2: add missing commands and improve ioctl err handling 7 years ago
Victor Julien 170edf7c44 smb1: improve error handling 7 years ago
Victor Julien 7ceb67138f smb: add status 7 years ago
Victor Julien 98b926bf72 smb1: implement WRITE_AND_CLOSE 7 years ago
Victor Julien 595557eb8d smb1: locking andx may have no response 7 years ago
Victor Julien 7dff9b9969 smb/nbss: work around bad traffic 7 years ago
Victor Julien 8bef120898 smb: session setup improvements 
Improve ntlmssp version extraction and logging, make its data structures
optional. Extract native os/lm from smb1 ssn setup.

Move session setup handling into their own files.

Only log auth data for the session setup tx.
 7 years ago
Victor Julien 75d7c9d64a rust/smb: initial support 
Implement SMB app-layer parser for SMB1/2/3. Features:
- file extraction
- eve logging
- existing dce keyword support
- smb_share/smb_named_pipe keyword support (stickybuffers)
- auth meta data extraction (ntlmssp, kerberos5)
 7 years ago
Victor Julien 50a182194a eve: log pcap filename 7 years ago
Victor Julien 19988310d1 detect: fix tx iterator logic in detect 
The 'tx_id' variable was used to be passed into the IterFunc as a
minumum tx to return. The IterFunc could then return either the tx
for that id, or a later one if that turned out to be the first available
tx.

The tx_id however, was still used for some things as if it was the
current tx id. Most importantly for setting the tx id for alert
ammending. So this could lead to alerts with missing or wrong
applayer records.
 7 years ago
Victor Julien fec5997d1d mingw: fix compile error 7 years ago
Richard Sailer 748fda1966 output/lua: better lua output setup error handling 
If suricata was started with --init-errors-fatal and an error occured
during setup of lua output (like if lua scripts configured in the conf file
don't exist or are not readable) suricata continued, which did not reflect
"init errors fatal" very well.

This fix makes the suricata initialization abort and send an error message
in such cases.

For details see:
https://redmine.openinfosecfoundation.org/issues/1503
 7 years ago
Richard Sailer 7910b6689e output/lua: remove unnecessary detect.h include 
output-lua.c contained an include of detect.h.

Since we don't (and shouldn't) call any functions from detect.c in output-lua.c
and such coupling is generally unwanted this patch removes that include.
 7 years ago
Pierre Chifflier b69acaadf5 Rust: add 'debug' feature 
The 'debug' feature is enabled if suricata was configured with the
--enabled-debug' flag.
If enabled, the SCLogDebug format and calls the logging function as
usual. Otherwise, this macro is a no-op (similarly to the C code).
 7 years ago
Victor Julien 04e87e1a9f profiling: suppress debug statements 7 years ago
Thomas Andrejak eb12001c82 prelude: add protocol information through JSON 7 years ago
Daniel Humphries 6162ef57bd unified2: fix xff extra-data output (Bug #2305) 
In extra-data mode, suricata does not output xff data without
undocumented conditions (including enabling packet output). This
behaviour has been fixed to remove the hidden requirements. Fix
included removing previous xff data output implementation and adding a
new function for outputting xff that is called after outputting each
event.

IPv6 XFF entries were also being recorded incorrectly as if they were
IPv4 and this has been fixed.
 7 years ago
Pascal Delalande 2e5b293afb doc: update eve json output for DNS and HTTP 7 years ago
Victor Julien 12c350f77d der/afl: free data during fuzzing 7 years ago
Victor Julien 68b9ebdc02 output: fix logging wrong direction in tls upgrade 
When upgrading to TLS from HTTP logging of the final HTTP tx could
have the wrong direction. This was due to the original packet triggering/
finalizing the upgrade would be used as the base for both the toserver
and toclient pseudo packet meaning it was wrong in one direction.

This patch creates a pseudo packet in the same way as the flow timeout
code does, so it no longer takes the raw original packet in.

Bug #2430
 7 years ago
Victor Julien 710c7b821f output/json: update callers to use explicit directions 7 years ago
Victor Julien 9f13365222 output/json: make log direction explicit 
Introduce enum OutputJsonLogDirection to make logging direction
explicit.
 7 years ago
Victor Julien 44c4008f77 output/json: clean up CreateJSONHeader calls 7 years ago
Jason Ish 1115eb52eb travis: redirect unittest output to file in all builds 
On error, print the last 500 lines of output then exit 1.

Shoud allow us to see why a build fail on the debug tests,
when the error was burried in an output file we weren't
making visible.
 7 years ago
Victor Julien 053022931c rust/json: add array_append_string 7 years ago
Victor Julien 73fac478a2 rust/dns: fix nom verbose error mode 7 years ago
Brandon Sterne a01a229b37 doc: use standard spelling of daemon 7 years ago
Danny Browning 4b897c9060 source-pcap-file: Directory mode may miss files (bug #2394) 
https://redmine.openinfosecfoundation.org/issues/2394

Certain parameters of delay and poll interval could cause newly added
files in a directory to be missed. Cleaned up how time is handled for
files in a directory and fix which time is used for future directory
traversals. Add a mutex to make sure processing time is not optimized
away.
 7 years ago
Eric Leblond cd98d7ddcc ebpf: remove vlan_hdr alignement 
If we align the vlan_hdr then we increase its size and the parsing
of packets with VLAN tag is broken.
 7 years ago
Jesper Dangaard Brouer 39754a976a epf: improving the ebpf makefile 
The current ebpf/Makefile.am have the problem that clang compile
errors still result in an ELF .bpf output file.  This is obviously
problematic as the problem is first seen runtime when loading
the bpf-prog.  This is caused by the uses of a pipe from
clang to llc.

To address this problem, split up the clang and llc invocations
up into two separate commands, to get proper reaction based on
the compiler exit code. The clang compiler is used as a
frontend (+ optimizer) and instructed (via -S -emit-llvm) to
generate LLVM IR (Intermediate Representation) with suffix .ll.
The LLVM llc command is used as a compiler backend taking IR and
producing BPF machine bytecode, and storing this into a ELF
object.  In the last step the IR .ll suffix code it removed.

The official documentation of the IR language:
 http://llvm.org/docs/LangRef.html

Also fix the previous make portability warning:
 '%-style pattern rules are a GNU make extension'
I instead use some static pattern rules:
 https://www.gnu.org/software/make/manual/html_node/Static-Usage.html

Signed-off-by: Jesper Dangaard Brouer <netoptimizer@brouer.com>
 7 years ago