Console View
|
Tags: default personal |
|
| default | personal | |||||||||||||||||||||||||||||||||
|
|
|
|||||||||||||||||||||||||||||||||
| fccdb1c642f0... |
Daisu
daisuki@tuxtrooper.com |
|
|
|||||||||||||||||||||||||||||||
| doc/commandline: -i option is useable several times | ||||||||||||||||||||||||||||||||||
| fa692df37a79... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
stream: reject broken ACK packets Fix evasion posibility by rejecting packets with a broken ACK field. These packets have a non-0 ACK field, but do not have a ACK flag set. Bug #3324. Reported-by: Nicolas Adba |
||||||||||||||||||||||||||||||||||
| f9840b513d1b... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| version: release 5.0.1 | ||||||||||||||||||||||||||||||||||
| f2117774f53f... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
configure: assume cargo vendor if cargo >= 1.37 Rust/Cargo 1.37 and greater has vendor support built-in. |
||||||||||||||||||||||||||||||||||
| ed2f6ac64bc0... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
| modbus: Correct typo | ||||||||||||||||||||||||||||||||||
| eceb7dcba466... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
eve: support pcap_filename for unix socket mode Bug #3390. |
||||||||||||||||||||||||||||||||||
| df8db1ddb073... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
ipv4: fail packet decoding on bad ipv4 option length Currently all failures in IPv4 option decode are ignore with respect to continuing to handle the packet. Change this to fail, and abort handling the packet if the option length is invalid. Ticket 3328: https://redmine.openinfosecfoundation.org/issues/3328 |
||||||||||||||||||||||||||||||||||
| df74f34a6287... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| decode/tcp: accept TCP fast open cookie request | ||||||||||||||||||||||||||||||||||
| d4428d94deba... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
| modbus: Update correct TX flags | ||||||||||||||||||||||||||||||||||
| ce0ae81d9530... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| rust: fix vendor use on MinGW | ||||||||||||||||||||||||||||||||||
| c6f168eb98c6... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
rust/Makefile: Don't include Cargo.toml There is no need to include Cargo.toml in the distribution, it is always generated from Cargo.toml.in during ./configure. |
||||||||||||||||||||||||||||||||||
| b9515671be59... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github-ci: use container for 18.04 build As the action runs natively on 18.04 we were not explicitly setting a container, but this means we're using what GitHub provides us as a default state which might be broken. Instead use the standard Ubuntu 18.04 container. |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
| a742c8674102... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
stream: improve app-layer data retrieval with GAPs Don't assume that the next block after the sbb head is after the requested offset. If the next block was before the offset, the returned data_len would underflow and return a nonsense value to the app-layer. Bug #2993. |
||||||||||||||||||||||||||||||||||
| 9f0294fadca3... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
stream: fix SYN_SENT RST/FIN injection RST injection during the SYN_SENT state could trick Suricata into marking a session as CLOSED. The way this was done is: using invalid TSECR value in RST+ACK packet. The ACK was needed to force Linux into considering the TSECR value and compare it to the TSVAL from the SYN packet. The second works only against Windows. The client would not use a TSVAL but the RST packet would. Windows will reject this, but Suricata considered the RST valid and triggered the CLOSED logic. This patch addresses both. When the SYN packet used timestamp support the timestamp of incoming packet is validated. Otherwise, packet responding should not have a timestamp. Bug #3286 Reported-by: Nicolas Adba |
||||||||||||||||||||||||||||||||||
| 9bcc1118e180... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| configure: require libhtp 0.5.32 | ||||||||||||||||||||||||||||||||||
| 8609939e60cd... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
ipv4: continue parsing options after invalid option As long as an option has a valid length, we can continue parsing the options after an invalid one. |
||||||||||||||||||||||||||||||||||
| 83630015b9ab... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github-ci: make distcheck on centos 7 build Tests distcheck on a build from a distribution archive. |
||||||||||||||||||||||||||||||||||
| 77539e08fc8a... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
stream: in IDS mode, call app-layer at EOF On stream end call app-layer with empty message in IDS mode. |
||||||||||||||||||||||||||||||||||
| 700eebaeccb9... |
Shivani Bhardwaj
shivanib134@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
doc/conf: Update copyright and regex for version Make the new regex in compliance with the modern autoconf syntax. Closes redmine ticket #3423 |
||||||||||||||||||||||||||||||||||
| 6fa66e3ddb2f... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| changelog: update for 5.0.1 | ||||||||||||||||||||||||||||||||||
| 6c2cdbb5f0c8... |
Jeff Lucovsky
jeff@lucovsky.org |
|
|
|||||||||||||||||||||||||||||||
|
analysis: exit if table entries are stale This commit causes Suricata to exit when a buffer from the analyzer table is not recognized. Since the table must match what's registered, exiting will bring noticed to the condition. |
||||||||||||||||||||||||||||||||||
| 69c00a77b5a0... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github-ci: in a dist build, check that --frozen is being used Verify that ./configure is picking up the vendored Rust sources when building from a dist archive. |
||||||||||||||||||||||||||||||||||
| 627cc23769dc... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| detect/asn1: fix offset bounds checking | ||||||||||||||||||||||||||||||||||
| 618ad0d92fcc... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
app-layer: optimize inspection id tracking Increase the inspect id for a completely inspected tx in any case. This avoids re-evaluating transactions. Reported-by: Ilya Bakhtin |
||||||||||||||||||||||||||||||||||
| 5ee8323028ae... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
rust: remove unnecessary parentheses (Rust 1.40 fixup) Rust 1.40 in strict mode will now fail the build on the presence of unnecessary parentheses. warning: unnecessary parentheses around type --> src/smb/smb2_ioctl.rs:41:12 | 41 | -> (&mut SMBTransaction) | ^^^^^^^^^^^^^^^^^^^^^ help: remove these parentheses | = note: `#[warn(unused_parens)]` on by default |
||||||||||||||||||||||||||||||||||
| 57b683233dba... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
rust: Don't use --frozen during build. If sources are vendored, we get the same effect of using frozen with a lock file, and the Cargo.lock is generated based on the vendored sources. This also removes the need to ship a Cargo.lock. Fixed out of source builds with vendored sources. |
||||||||||||||||||||||||||||||||||
| 55a36c79ff60... |
Jason Williams
jwilliams@oisf.net |
|
|
|||||||||||||||||||||||||||||||
| doc: update http keywords documentation | ||||||||||||||||||||||||||||||||||
| 4f7dc4f136ce... |
jason taylor
jtfas90@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
doc: add bsize documentation and rule example Signed-off-by: jason taylor <jtfas90@gmail.com> |
||||||||||||||||||||||||||||||||||
| 4ac5ab00b7a5... |
Steven Hostetler
steven.hostetler@gmail.com |
|
|
|||||||||||||||||||||||||||||||
| doc/install: fix geoip typo | ||||||||||||||||||||||||||||||||||
| 4a2918e6b5d3... |
Philippe Antoine
contact@catenacyber.fr |
|
|
|||||||||||||||||||||||||||||||
|
yaml: clarify comment about dump-all-headers Logs a warning if the value is unknown Fixes #2810 |
||||||||||||||||||||||||||||||||||
| 411dd69e92c9... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| doc/eve: layout and formatting fixes | ||||||||||||||||||||||||||||||||||
| 3d9071639b60... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| version: starting work on 5.0.2 | ||||||||||||||||||||||||||||||||||
| 3ca7dcd8d833... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
configure: fix test -f for rust/vendor, should be -e Introduced with commit: c08ec8d8b27280e2bcb066c9caa24da97e0419ee |
||||||||||||||||||||||||||||||||||
| 34b7035a0d0a... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| detect/iponly: debug output improvements | ||||||||||||||||||||||||||||||||||
| 2ff963db1653... |
Jason Ish
jason.ish@oisf.net |
|
|
|||||||||||||||||||||||||||||||
|
github-ci: do distcheck on fedora 31 build There were no distchecks being done on builds from git. |
||||||||||||||||||||||||||||||||||
| 2c050187a3ad... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
streaming/api: fix overlap check In some cases a SBB could be seen as overlapping with the requested offset, when it was in fact precisely before it. In some special cases this could lead to the stream engine not progressing the 'raw' progress. |
||||||||||||||||||||||||||||||||||
| 1666bc0ad186... |
jason taylor
jtfas90@gmail.com |
|
|
|||||||||||||||||||||||||||||||
|
doc: minor capitalization fix Signed-off-by: jason taylor <jtfas90@gmail.com> |
||||||||||||||||||||||||||||||||||
| 0f41cf3d74de... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
| debug/validation: check tcp/app-layer data lengths | ||||||||||||||||||||||||||||||||||
| 040aff5197ba... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
htp: close request only from request side This allows the response side to keep going for just a bit longer. |
||||||||||||||||||||||||||||||||||
| 007a461d69b0... |
Victor Julien
victor@inliniac.net |
|
|
|||||||||||||||||||||||||||||||
|
detect/parse: track negation during address parsing Fix address negation detection not resolving variables when looking for the negation. This patch makes use of the actual parsing routines to relay this information to the signature parser. Bug #3389. Fixes: 92f08d85aac2 ("detect/iponly: improve negation handling in parsing") |
||||||||||||||||||||||||||||||||||