aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,237 Commits
7 Branches
161 Tags
178 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fcac063cfe'
${ noResults }
Commit Graph

17237 Commits (fcac063cfe29cd0e85d32497c37ef9bc191298cc)
 

Author SHA1 Message Date
Philippe Antoine fcac063cfe ssh: make hooks available 
Allows signature like `alert ssh:request_banner_done`
 4 months ago
Philippe Antoine bbc007b4d4 rust: derive for AppLayerState 
To enable easily hooks for rust app-layers such as SSH
 4 months ago
Philippe Antoine 78dc70f5fd dns/lua: remove now unused includes 
Completes commit 1206c1c5af
 4 months ago
Jeff Lucovsky 87b7a0cef6 ftp: Apply rustfmt changes 4 months ago
Jeff Lucovsky ff59f215d6 doc/ftp: Document ftp.dynamic_port keyword 
Document the sticky buffer for ftp.dynamic_port
 4 months ago
Jeff Lucovsky 19fe098e88 detect/ftp: Add ftp.dynamic_port keyword 
Issue: 7504

Add implementation of the ftp.dynamic_port rule keyword. The
implementation uses the U16 integer matching/parsing and thus supports
the comparison operations such as <, >, <=, >=, !, !=, and range (-).
 4 months ago
Jeff Lucovsky 04bf28d6a1 app/ftp: Use common API naming 
Modify the Rust API functions to conform to project naming format:
SCFTP*

Issue: 7504
 4 months ago
Philippe Antoine 808f8a877a detect/multi-buf: helper with more explicit direction 4 months ago
Philippe Antoine 990ed204eb detect/multi-buf: use only one progress 
for both inspect engine and app-layer mpm
 4 months ago
Philippe Antoine 8ecc3efdc8 detect/multi-buf: harmonize wrapper 
Introduce DetectGetMultiData which does the generic wrapping,
including the transforms.

And let each keyword do just the getter.
 4 months ago
Victor Julien bed96505aa github-ci: update to Fedora 42 4 months ago
Philippe Antoine f301cd3702 app-layer: remove obsolete NULL check 
Completes commit 833a738dd1

Fixes coverity 1646610
 4 months ago
Jason Ish be483dc873 doc/userguide: document that lua dns rules need hooks 
And remove the old "keywords" that a lua Rule can register with for
DNS.
 4 months ago
Jason Ish 13de319b01 lua: fix fast.lua example 
This one is a little different as it logs to a file, and is the same
fast.lua used in the new Suricata-Verify test.

Ticket: #7656
 4 months ago
Jason Ish b99f254105 lua: add suricata.rule library 
Add a "suricata.rule" library for accessing rule information from a
Lua rule, or a Lua output script.

This lib replaces the following global Lua functions:
- SCRuleIds
- SCRuleAction
- SCRuleMsg
- SCRuleClass

Ticket: #7490
 4 months ago
Jason Ish a5e662cb8a doc/lua/dns: fix typo 4 months ago
Philippe Antoine a6392ac5d4 rust: use pure rust helper for registering sticky buffers 
Mark sdp and sip keywords with flags SIGMATCH_INFO_STICKY_BUFFER
as a side effect.
 4 months ago
Philippe Antoine 9c8ec0d3a9 plugin: applayer: do not use suricata JsonError 
We do not need a specific error type
 4 months ago
Philippe Antoine 833a738dd1 http: fail tx creation if we cannot allocate user data 
So, we always have a libhtp.rs htp_tx_t and a Suricata tx
with its AppLayerTxData

Thus AppLayerParserGetTxData cannot return NULL

Ticket: 5739
 4 months ago
Philippe Antoine 0167001ce8 rust/htp: remove unused code 4 months ago
Philippe Antoine e728aae1e0 websocket: fixes substraction 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")
 4 months ago
Victor Julien 7af8ef07b3 github-ci: codecov llvm updates 
Use LLVM 15 with Rust 1.67.1
 4 months ago
Victor Julien fe07781bfc github-ci: update codecov unittest job 
LLVM 19, rust 1.85.1 and Ubuntu 24.04.
 4 months ago
Philippe Antoine e41c28f7c9 dnp3: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a dnp3 tx
 4 months ago
Philippe Antoine f24d3ffb74 ftp: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a ftp tx

Was already done right for updated_tc
 4 months ago
Philippe Antoine a5b987266b http1: always mark tx as updated on request/response start 
Ticket: 7668

We should set updated_tx when allocating HtpTxUserData
 4 months ago
Philippe Antoine aa7f926ff4 detect: rust helper to register sticky buffer 4 months ago
Philippe Antoine 96afdce283 detect: rename SCSigTableElmt to SCSigTableAppLiteElmt 4 months ago
Philippe Antoine a7f4fd12d5 detect: remove never set SIGMATCH_NOT_BUILT 4 months ago
Philippe Antoine 794f991ad6 unittests: more realistic packet from UTHBuildPacketReal 
So that its contents can be reused when translating unit tests
to SV tests
 4 months ago
Philippe Antoine 8757ad5fd3 detect/dns: support string for dns.rrtype 
Ticket: 6723
 4 months ago
Philippe Antoine 44a6f7f8ca detect/dns: support string for dns.rcode 
Ticket: 6723
 4 months ago
Philippe Antoine 9814b698c8 detect/dns: move keywords to rust 
Ticket: 7529
Ticket: 3725

Adds url for dns.opcode on the way
 4 months ago
Philippe Antoine bb9b8d2460 detect: new helper to register multi-buffer with progress 
This allows to use these engines for hook rules needing exact
progress (checked in SigValidate)
 4 months ago
Philippe Antoine 7d806dc7b7 ci: rustc wrapper to disable coverage for external crates 
To keep the disk usage good even when we use new crates
 4 months ago
Philippe Antoine a1ff7424e4 http1: brotli decompression 
Ticket: 5692

http2 already used brotli crate for decompression
 4 months ago
Philippe Antoine 128ee9ba46 output: fix leak in case of alloc error 
CID: 1638290
 4 months ago
Philippe Antoine 85f2f597f1 defrag: remove unnecessary NULL check 
CID: 727861
 4 months ago
Philippe Antoine 9dac5ec23c util/mpm: prevents double free 
CID: 1645545

PatternDatabaseGetCached frees cd on success
So, we should NULL it, so that in case PatternDatabaseGetSize fails
and we goto error, we do not free cd again.
 4 months ago
Philippe Antoine e301e038ef detect: explicitly skip check on SCConfGet 
CID: 1644571
 4 months ago
Eric Leblond adfa46ab1c dox/userguide: add tx_cnt documentation 4 months ago
Eric Leblond 0044b5f682 eve/schema: remove duplicate fields 4 months ago
Eric Leblond 5cf6459f3f eve/flow: log tx_cnt 
This patch adds a `tx_cnt` field to `netflow` events to give some
context about the underlying protocol activity.

Ticket: #7635
 4 months ago
Eric Leblond 668c6d646e eve/netflow: add tx_cnt 
This patch adds a `tx_cnt` field to `netflow` events to give some
context about the underlying protocol activity.

Ticket: #7635
 4 months ago
Eric Leblond db11078315 eve/smb: add tx_id to event 
As SMB protocol is using heavily transactions, getting the transaction
ID in SMB events can be really useful for automated analysis.
 4 months ago
Philippe Antoine 16f74c68aa websocket: use max window bits of 15 
Ticket: 7285

As this is the default for websocket, which is bigger than the
defaut for zlib usage

Also limit the decompressed content to the max-payload-size
configuration parameter also used for non-compressed content.

And also use a stateful decoder to store/remember the compression
state to be able to decompress later messages.
 4 months ago
Philippe Antoine 44c8632284 rust: use flate2 with C zlib 
move flate2.rs to a backend supporting the setting
of window_bits, which is not the case for miniz-oxide.

This will allow WebSocket to use Sec-WebSocket-Extensions
which can set a non-default window_bits
 4 months ago
Philippe Antoine ff57a162d7 websocket: decompress single pdu message 
Ticket: 7285

Previously, only messages over multiple PDUs could get decompressed
 4 months ago
Jeff Lucovsky d59f5d6db6 output/rotate: Remove extra rotation flag register 
Issue: 3436

Remove duplicate register of the rotation flag. Eventually, this will
cause corruption when the file context has been freed and the rotation
flag is deregistered.
 5 months ago
Jeff Lucovsky 33445d01b3 output/rotate: Serialize rotation flag handling 
Issue: 3436

Serialize rotation flag handling to avoid corruption.
 5 months ago