aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,387 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'edfda9f69f'
${ noResults }
Commit Graph

15387 Commits (edfda9f69fb2f095a195860b382eed94655238be)
 

Author SHA1 Message Date
Juliana Fajardini 4f85d06192 pgsql: fix probing functions 
Some non-pgsql traffic seen by Suricata is mistankenly identified as
pgsql, as the probing function is too generic. Now, if the parser sees
an unknown message type, even if it looks like pgsql, it will fail.

Bug #6080
 1 year ago
Juliana Fajardini 1ac5d97259 pgsql: add unknonwn frontend message type 
We had unkonwn message type for the backend, but not the frontend
messages. It's important to better identify those to improve pgsql
probing functions.

Related to
Bug #6080
 1 year ago
Shivani Bhardwaj c1bf955326 detect-engine: use ports only after edge case handling 
Also, add comments to clarify what's happening in the code.
 1 year ago
Shivani Bhardwaj 77eb85e224 detect: remove misleading comment 
The comment seems to have come from the enum for addresses where IPv4
and IPv6 matters.
 1 year ago
Shivani Bhardwaj 8960a86f4f detect/port: remove BUG_ON in favor of PORT_ER 
Either the BUG_ON condition would hit or PORT_ER. Prefer to return error
in case of an error as the fn expects that.
 1 year ago
Shivani Bhardwaj d8a887e518 detect/engine: defensive check and comment update 1 year ago
Shivani Bhardwaj 945ec4bc0a detect: remove redundant null setting 
de_ctx->dport_hash_table is already set to NULL in the fn
DetectPortHashFree which is called right before this setting.
Remove the redundant setting.
 1 year ago
Shivani Bhardwaj 6076b9e2f0 detect: use proper names for whitelist score criteria 1 year ago
Shivani Bhardwaj 4a00ae6076 detect/engine: fix whitelisted port range check 
So far, the condition for checking if the whitelisted port was in the
port range of "a" said

a->port >= w->port && a->port2 <= w->port

But, if a->port <= a->port2, this condition could only be true when
a->port == w->port == a->port2. However, the motivation for this fn was
to be able to find if the whitelisted port for a carrier proto already
was in the range of the given protocol and calculate a score for the
port accordingly.
Fix the range check such that a->port <= w->port <= a->port2.
 1 year ago
Shivani Bhardwaj 2b73a17bb0 detect: rename whitelist to score 
The term "whitelist" is actually used to store a list of DetectPort type
items for tcp and udp in detect.h. Using the same term for also keeping
the score that affects the grouping of rules is confusing. So, rename
the variable to "score".
 1 year ago
Shivani Bhardwaj 1f78a4fcd8 detect-engine: use only the exact match fn 
DetectFlagsSignatureNeedsSynPackets checks if TCP SYN flag is set among
other flags.
DetectFlagsSignatureNeedsSynOnlyPackets checks if only TCP SYN flag is
set and no other flag.

Since DetectFlagsSignatureNeedsSynOnlyPackets also already checks for
TCP SYN flag, it does not need to be used in combination with
DetectFlagsSignatureNeedsSynPackets as this fn seems to be the superset
of the former.
 1 year ago
Victor Julien d3ccff5822 detect/asn1: handle in PMATCH 
Since the asn1 keyword is processing payload data, move the handling of
the keyword into the PMATCH with content inspection.

Use u32 as buffer length in the Rust FFI
 1 year ago
Victor Julien 13cc493885 flow/timeout: clean up flow finish code 1 year ago
Victor Julien ea4503c3e3 flow/timeout: use single packet for timeout handling 
In the FlowFinish logic, one or two pseudo packets are used to finish flow
handling. In the case of 2 (one per direction), the logic first set up the
2 packets, then it would process them one by one. This lead to poor cache
locality.

This patch processes the first packet entirely first, followed by the second
packet.
 1 year ago
Victor Julien 2a4fd85d1d flow/timeout: use const TcpSession; cleanup prototypes 1 year ago
Victor Julien 9639da32b7 detect/content-inspect: minor code cleanups 1 year ago
Victor Julien a3ac3e69d6 detect/replace: minor code cleanup 1 year ago
Victor Julien 3d7e0927bf detect/content: minor code/comment cleanups 1 year ago
Victor Julien 8ba7f23c9b detect/content: use const pointer where possible 1 year ago
Victor Julien 643f25280b detect/app-layer-events: constify arguments; minor cleanups 1 year ago
Victor Julien 15b545d16f detect: improve explanation of offset tracking 1 year ago
Victor Julien 65560ad8ca detect/content: test cleanup 1 year ago
Victor Julien 83c4de4cee detect/bytejump: fix debug messages 
Remove newlines.
 1 year ago
Victor Julien 474a89e098 detect/file.data: modernize test 1 year ago
Victor Julien fa450c0531 detect: modernize unittest 1 year ago
Victor Julien 6cf0e4d604 detect/content-inspect: keyword context as const 1 year ago
Victor Julien b69f4cb5cf detect/pcre: match data is const at match time 1 year ago
Victor Julien 529e02686b detect/http.uri: modernize unittest 1 year ago
Victor Julien 23d15259f5 util/print: minor code cleanups 1 year ago
Victor Julien 132fe57ac6 rust: add copyright header to common.rs 1 year ago
Victor Julien 99c616389e util/prefilter: constify sids 1 year ago
Victor Julien 3b3b0ed30a mpm: free sids in MpmFreePattern as well 1 year ago
Victor Julien 14c452e4c6 mpm: cleanup pattern free function 
Avoid redundant pointer checks; instead check once.
 1 year ago
Victor Julien 0b21b543a2 mpm/ac-bs: add warning if still used 
Fall back to default matcher.

Ticket #6586.
 1 year ago
Victor Julien 2be36c0f0c mpm: document Search callback return value 1 year ago
Victor Julien 74ef5fc3d1 mpm/ac-ks: return only unique match count 
Bring implementation in line with Hyperscan, which only counts unique matches.

Update test to reflect the new behavior.
 1 year ago
Victor Julien 83630ebb9c mpm/ac: return only unique match count 
Bring implementation in line with Hyperscan, which only counts unique matches.

Update test to reflect the new behavior.
 1 year ago
Victor Julien 6a73b3c90b mpm: remove ac-bs implementation 
Ticket: #6586.
 1 year ago
Victor Julien ee7c140028 detect: minor cleanup 
MPM_HS does not need a guard.
 1 year ago
Jason Ish cc0adaaf4a userguide: remove old css files 
In our conf.py we reference some ReadTheDocs stylesheets that appear to
be old and break formatting of some items like bulletted lists.

Bug: #6589
 1 year ago
Victor Julien 7f42506760 detect: reimplement discontinue matching logic 
Previously various steps in the content inspection logic would use
a variable in the DetectEngineThreadCtx to flag that matching should
be discontinued.

This patch reimplements this logic by using a new return code instead.

Split content inspection into public and private version, so that
common initialization can be done in a single place.

Update the callsites.
 1 year ago
Victor Julien 368adf4599 detect/file-data: simplify content inspect loop 1 year ago
Victor Julien ee66a7246f detect-engine: minor content inspection cleanup 1 year ago
Victor Julien 4ccc8293b1 packet: minor macro cleanups 1 year ago
Victor Julien 9ae2cd0c59 packet: access packet data through flex array 1 year ago
Victor Julien bc7508e4df log-pcap: constify PcapWrite args 
General cleanup, but also needed for packet changes.
 1 year ago
Victor Julien f10233fecf device/storage: use flex array instead of calculated ptr 1 year ago
Victor Julien 11d73e284c ippair/storage: use flex array instead of calculated ptr 1 year ago
Victor Julien 3d3a62dfe6 host/storage: use flex array for host storage 1 year ago
Victor Julien d405efd3f6 flow/storage: use flex array instead of calculated ptr 1 year ago