aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,229 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f08fc8d7c5'
${ noResults }
Commit Graph

3229 Commits (f08fc8d7c57cf8248dbd4842601ac2f1dfee1c10)
 

Author SHA1 Message Date
Anoop Saldanha 4d192a6881 update all spm algos to use 16 bit pattern lengths. Should compress a lot of tables 13 years ago
Victor Julien 8d1fe9f2fa Make 'autofp' the default runmode. Increase default max-pending-packets to 1024. Move some advanced and uncommonly changed settings down in the stock suricata.yaml. Closes #433. 13 years ago
Eileen Donlon da633d490b fix misleading comment 13 years ago
Eileen Donlon 793478a832 reject rules with invalid hex digits in content 13 years ago
Eileen Donlon f2e85ab9ee reject rules with an invalid ttl range 13 years ago
Victor Julien 4157d9408d Various small flow and host table fixes. 13 years ago
Victor Julien aded3c5578 http: 'HTTP Host header ambiguous' after libhtp update. It now fires if hostname is present both in URL and Host header and the 2 are not equal. 13 years ago
Victor Julien ef52ba8f57 libhtp: update to sync with upstream 0.2.x 
Patches applied are:

commit 85f5bbc39dda2eaf03ccb6111cbf5daf1c7b75f9
Author: Craig Forbes <cforbes@qualys.com>
Date:   Wed Mar 21 16:45:04 2012 +0000

    Backport of STREAM_STATE_TUNNEL fix to 0.2.x.

    Return STREAM_STATE_TUNNEL after entering a tunnel.

commit cfbe28cd4ddde6d77c5b0d5935c8717834971441
Author: Craig Forbes <cforbes@qualys.com>
Date:   Wed Feb 29 16:52:44 2012 +0000

    Backport of the fix for HTP_AMBIGUOUS_HOST flag.

    The flag is only set when the URI host on the request line is different
    than the value in the Host: request header.

    Resolves https://github.com/ironbee/libhtp/issues/20

commit 196dfb1c8b7a5996389c719e2c912163c5607916
Author: Brian Rectanus <brectanus@qualys.com>
Date:   Wed Feb 8 08:35:46 2012 -0600

    Add missing function declaration in header.

commit 7878fec818167fcdf7c8c4852ac0dafa1ae445f1
Author: Brian Rectanus <brectanus@qualys.com>
Date:   Wed Feb 8 08:35:07 2012 -0600

    Revert part of previous patch, which was invalid.

commit bafef3d4cbfc307960677c6bd682ae195fe986cd
Author: Brian Rectanus <brectanus@qualys.com>
Date:   Wed Feb 8 08:36:06 2012 -0600

    Update version to next dev release.

commit 62cfdb41ba84f2666c7526e2e5d9e10ab8e220f1
Author: William Metcalf <wmetcalf@qualys.com>
Date:   Wed Feb 1 13:19:48 2012 -0600

Many thanks to Will, Brian and Craig.
 13 years ago
Victor Julien 18e81b7ba9 Bail out early if we're in http tunnel mode. 13 years ago
Victor Julien 0788656ef7 Silence ac-gfbs debug message. 13 years ago
Victor Julien da3c5bf84d Minor error message cleanups 13 years ago
Victor Julien fa22a26366 profiling: fix lock profiling int print issue. 13 years ago
Victor Julien 3b79dac2b7 flow: fix atomic var not being initialized and destroyed. 13 years ago
Victor Julien 60dbd34f93 Fix bug in app layer event handling causing http event rules to fail loading. 13 years ago
Victor Julien 40ed10ab38 Minor flowq updates. 13 years ago
Anoop Saldanha 7115fa3e72 Introduce the address hash based flow q handler 13 years ago
Anoop Saldanha 5ffb050ada Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET 13 years ago
Anoop Saldanha 3faed5fe79 Support freeing flow q handler out ctx. Adapt unittests to use the same 13 years ago
Anoop Saldanha d01589c9d8 neaten flow q handler code 13 years ago
Anoop Saldanha 0fa14292c0 Enable unittests for flow q handler 13 years ago
Anoop Saldanha 4e417b72b5 support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well 13 years ago
Anoop Saldanha e252048900 support for custom flow qhandlers - round robin support added 13 years ago
Pierre Chifflier d866f38982 TLS: add variable to store the error code in the decoder 
Use a variable to store the decoding error code if required, and remove
the calls to SCLogInfo and SCLogDebug.
 13 years ago
Pierre Chifflier 218b5d3ba0 TLS app layer: misc fixes, reorder some fields to same memory 13 years ago
Pierre Chifflier 3df341dbeb Add TLS decode events 13 years ago
Pierre Chifflier 71fa4a5285 TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList 13 years ago
Eric Leblond a9bb17e097 tls-handshake: add sanity checks. 13 years ago
Eric Leblond 01c7e5bde6 tls-handshake: Add some missing free in error handling. 
When DecodeAsn1BuildValue function fails, it may be necessary to
do some clean-up in the calling functions.
 13 years ago
Eric Leblond 480db00fd7 tls-handshake: DecodeAsn1BuildValue should return -1 for error 
This patch modifies DecodeAsn1BuildValue to have it return -1 when
there is a too big number of bytes announced in the ASN.1 message.
 13 years ago
Eric Leblond 8f885ce810 TLS parser: add sanity checks on loop 
It was possible in some loop to read data placed after the buffer
resulting in invalid/unpredictable value. This patch fixes two of
this issues.
 13 years ago
Eric Leblond d1c56e810b TLS parser: add sanity check 13 years ago
Eric Leblond cb1a75fc9e TLS parser: modify OCTETSTRING 
This patch does on over allocation of 1 for the OCTETSTRING
to be able to add a 0 at the end. This will then
allow us to use the string in printf.
 13 years ago
Pierre Chifflier 5a65a17f00 TLS parser: add handing of UTF8STRING 
Some certificate contains UTF8STRING which is a subset of
OCTETSTRING. This patch adds support for this type of string.
 13 years ago
Pierre Chifflier 6c2c6cffac TLS keywords: fix match regex (remove extra space) 13 years ago
Pierre Chifflier 8457ce3b11 TLS app layer: rewrite decoder to handle multiple messages in records 
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
 13 years ago
Pierre Chifflier 4bb5e2a79d TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message. 
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Eric Leblond 38c213cb84 tls app layer: add missing free 
issuerdn was not freed at exit.
 13 years ago
Eric Leblond fce2437dc2 tls app layer: handle negation on subject and issuerdn. 
This patch adds negation support for tls.subject and tls.issuerdn
matches.
 13 years ago
Eric Leblond ad0e05a112 TLS app layer: Add tls.issuerdn keyword. 13 years ago
Eric Leblond afba81bb27 decode ASN.1: Factorize value reading 
This patch factorizes the reading of integer value and fix some
indentation. By convention, a value of 0xffffffff is returned
if the size of the integer is too big. In this case, the hexadecimal
value (which is also read) must be used.
 13 years ago
Pierre Chifflier 53e5421a24 TLS handshake: get TLS ciphersuite and compression 
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message 
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Pierre Chifflier f77fcdb3e8 Add ASN.1 parser for X509 certificates (in DER format) 
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Victor Julien 0b3f6c464a Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config. 13 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 13 years ago
Anoop Saldanha 7511fa67cd Add BUG_ON to avoid overruning AppLayerDetectDirection map array 13 years ago
Eileen Donlon 9376967e65 reject rules with duplicate content modifiers 
reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.
 13 years ago
Eileen Donlon 0bb4ff34b8 added null checks for init_hash to all ac mpms 13 years ago
Eileen Donlon 617edf469c reject http_client_body with inconsistent flow dir 
reject http_client_body with flow: to_client or from_server
 13 years ago
Victor Julien feff6f7705 Clean up error message. 13 years ago