aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,649 Commits
7 Branches
155 Tags
191 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f8620d0ed2'
${ noResults }
Commit Graph

14649 Commits (f8620d0ed228766db4b5fd6bd43a216120713dcf)
 

Author SHA1 Message Date
Jason Ish f8620d0ed2 docs: update url to docs.suricata.io 2 years ago
Jason Ish 33827beae5 jsonbuilder: check buffer growth 
Use try_reserve before growing the internal buffer, and the internal
state vector. This allows allocation errors to be caught and an error
returned instead of just aborting the process.

Ticket: #6057
 2 years ago
Jason Ish 95cfc2b34f jsonbuilder: rustfmt 
Some very minor changes to formatting.
 2 years ago
Victor Julien c6d3b461a6 detect/analyzer: add the type 
Per rule type record properties of the type.

Example output:

    {
        "raw": "alert udp any any -> any any (msg:\"UDP with flow direction\"; flow:to_server; sid:1001;)",
        "id": 1001,
        "gid": 1,
        "rev": 0,
        "msg": "UDP with flow direction",
        "app_proto": "unknown",
        "requirements": [],
        "type": "pkt",
        "flags": [
            "src_any",
            "dst_any",
            "sp_any",
            "dp_any",
            "toserver"
        ],
        "pkt_engines": [],
        "frame_engines": [],
        "lists": {}
    }

Ticket: #6085.
 2 years ago
Victor Julien 2696fda041 detect: use explicit rule types 
Instead of using flags to indicate a rule type, use an explicit `type`
field.

This will make it more clean in code paths what paths a rule is taking,
and will allow easier debugging as well as analyzer output.

Define the following fields:

- SIG_TYPE_IPONLY: sig meets IP-only criteria and is handled by the IP-only
  engine.
- SIG_TYPE_PDONLY: sig inspects protocol detection results only.
- SIG_TYPE_DEONLY: sig inspects decoder events only.
- SIG_TYPE_PKT:    sig is inspected per packet.
- SIG_TYPE_PKT_STREAM: sig is inspected against either packet payload or
  stream payload.
- SIG_TYPE_STREAM: sig is inspected against the reassembled stream
- SIG_TYPE_APPLAYER: sig is inspected against an app-layer property, but not
  against a tx engine.
- SIG_TYPE_APP_TX: sig is inspected the tx aware inspection engine(s).

Ticket: #6085.
 2 years ago
Victor Julien f6f2c22574 detect/pcre: remove redundant applayer flag set 2 years ago
Victor Julien 681b4c3a23 detect: minor cleanup 2 years ago
Philippe Antoine afef35b9dc http: fix leak of normailzed uri 
if tx_ud == NULL, still need to free alloced normailzed uri
 2 years ago
Jason Ish 039c27789b rust: use 2021 edition 
With the MSRV being bumped to 1.62 for 7.0, we can move the edition up
to 2021.
 2 years ago
Victor Julien ebe0a7bdc0 streaming: minor guards cleanup 2 years ago
Victor Julien b401fe5259 streaming: fix region buf_offset update 
If region wasn't the first region, the buf_offset could get out of
sync.

Bug: #6041.
 2 years ago
Victor Julien facdbca95b streaming: stricter validation check 2 years ago
Victor Julien cf7cca4950 streaming: fix intersect detection 
Update logic to always use data right edge.

Bug: #5834.
 2 years ago
Philippe Antoine bc3311329c github: change codeowners back to team 
as in master-6.0.x
 2 years ago
Philippe Antoine 5fb0b3b8cb fuzz: make targets more resitant to allocation failures 2 years ago
Victor Julien 3247e39f0c flowworker: simplify pseudo packet use 
Pseudo packets originating in the flow worker do not need to leave the
flow worker. Putting those in the ThreadVars::decode_pq will make them
be evaluated by the next steps in the pipeline, but those will all
ignore pseudo packets.

Instead, this patch returns them to the packet pool, while still honoring
the IPS verdict logic.
 2 years ago
Philippe Antoine d47dba27bf all: remove unused literals 2 years ago
Jason Ish c30fff8bcb rust/doc: restore comment with code example, but ignore 
Use backticks for proper markdown processing. As Rust code in
backticks is compiled, and this is a non-complete example, tag the
code sample to be ignored.
 2 years ago
Jason Ish af5a0e11e8 github-ci: check for new authors in pull-request 
On pull request, get a list of commit authors for the pull request and
compare to the list of authors in git master. If any differ, save to
new-authors.txt and upload this as an artifact.

As a workflow-run, download this artifact and if non-empty, add a
comment to the pull-request that new authors may be part of the pull
request.

This 2 step approach is because GitHub actions running in pull-request
context are not allowed to comment on the pull request, instead a
post-workflow workflow has been added that runs in the context of the
repo which can then comment on the pull request.
 2 years ago
Victor Julien 3e0d2ff29a profiling/rules: minor fatal error cleanup 2 years ago
Victor Julien ecc7ec3ea7 profiling/rules: add BUG_ON to profile tracking 2 years ago
Victor Julien 2423b2a483 profiling/rules: simplify return code handling 2 years ago
Victor Julien 835eaf7ccd profiling/rules: minor code cleanup 2 years ago
Victor Julien 2596dc262b profiling/rules: use atomics for rule flag 2 years ago
Victor Julien 3de687f30c profiling/rules: doc updates 2 years ago
Victor Julien b591813b86 profiling/rules: reduce sync logic scope 
Use a simple once a second scheme.
 2 years ago
Eric Leblond 694bff11ac doc: add rule profiling information 2 years ago
Eric Leblond 8b2313b0ae profiling: socket command to control rules profiling 
This patch adds unix socket command to start and stop the collection
of stats when running in rules profiling mode.
 2 years ago
Eric Leblond ea95e85755 profiling: set sample rate to power of 2 
For the rules profiling, we really want to limit the performance
impact to the maximum. So let's use an hash size that is a power
of 2. This will allow to not use the modulo operation that is
costly and simply use a single binary operator.

This code is only active for rules profiling so we are backward
compatible.
 2 years ago
Eric Leblond df88ef0249 profiling: let 'ruleset-profile' send message 
Let's send the profile output as an answer on the Unix socket.
 2 years ago
Eric Leblond 75b46edd79 profiling: add 'ruleset-profile' unix command 
This patch adds a new unix command that allows the user to trigger
a dump of the ruleset profile to the file without having to stop
Suricata.

This will be really useful to debug performance issue related to
signatures in production environment.
 2 years ago
Eric Leblond 020cfbcd61 profiling: introduce rules profiling 
Performance measurement of rules is important on live Suricata
as bad rules can cause severe performance regression. This patch
introduces the --enable-profiling-rules that activate profiling
for the rules. This reduces the performance impact of full
profiling  and provide visiblity on the rules performance at
the same time.
 2 years ago
Philippe Antoine 656cddcf65 detect: http_client_body for HTTP2 
By using the file.data logic

Ticket: #4067
 2 years ago
Philippe Antoine 6b32bc459b detect: http.response_body for HTTP2 
Already using the file.data logic

Ticket: #4067
 2 years ago
Philippe Antoine 5391f0a8a0 detect: http_response_line for HTTP2 
Ticket: #4067

Synthetized as HTTP/2 <STAT>\r\n
 2 years ago
Philippe Antoine 0dca8cc796 detect: http_request_line support for HTTP2 
Ticket: #4067

Synthetized as <METHOD> <URI> HTTP/2\r\n
 2 years ago
Philippe Antoine 22fb385e23 detect: http_stat_msg supported for HTTP2 
By providing a constant empty buffer

Ticket: #4067
 2 years ago
Philippe Antoine c00c345123 detect: support http.protocol for HTTP2 
Ticket: #4067

By having a synthetic constant HTTP/2 buffer
 2 years ago
Victor Julien 1c182de468 dpdk: support capture timeout support 
To not inject too many packets, simulate a 100ms timeout based on
af-packet's 100ms poll() timeout.

Bug: #6064.
 2 years ago
Jason Ish 13fe957b7e rust/doc: wrap some code examples in backticks 2 years ago
Victor Julien d4c60924f1 rust/doc: fix doc compile issues 2 years ago
Jason Ish cc3f3a0a72 github-ci: fix rust check by fixing git directory permissions 
Due to the update to AlmaLinux 9.2, a new version of git with stricter
permissions was introduced.  Mark the directory as safe as we have
done in other builds with newer versions of it.
 2 years ago
Jeff Lucovsky e75bacd19e dataset: Address compile-time error 
This commit fixes an issue with using a `in_addr` when an IPv6 structure
should be used.
 2 years ago
Victor Julien 36f6e05155 counters: make tcp stats independent of flow, ssn 
Counters depended on availability of flow and tcp session, meaning
that 2 memcaps could affect the counters.

Bug: #5017.
 2 years ago
Victor Julien 0360cb6542 stream: update no-flow checks 2 years ago
Alex 60902236e4 build: harden rust.yml permissions 
Signed-off-by: Alex <aleksandrosansan@gmail.com>
 2 years ago
Jason Ish b0c329da04 doc/userguide: provide more RPM doc 
- Address the various RPM distributions
- User info
- Systemd info

Related issue: #5884
 2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Eloy Pérez González ed91d689f2 krb5: use req_type instead of msg_type to get request type 2 years ago
Eloy Pérez González a9b7241417 krb5: set msg_type for KRB-ERROR messages to MessageType::KRB_ERROR 2 years ago