suricata issues

Results 352 suricata issues

Sort by recently updated

file/swf: Use lzma-rs decompression instead of libhtp.

Use the lzma-rs crate for decompressing swf/lzma files instead of the lzma decompressor in libhtp. This decouples suricata from libhtp except for actual http parsing, and means libhtp no longer...

cccs-rtmorti

detect/alert: ensure reject action is applied to packet/flow - v2

Previous PR: #7661 Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5458 Changes from last PR: - Added two unittests to check for correct packet-action flags after signature matching Thoughts: - should more unittests...

jufajardini

Add command-line option to simulate alert-queue-expansion-failure (60x backport) - v1

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5381 Describe changes: - bring commandline option for simulation of the alert queue reallocation failure to 6.0.x - typo fixes

jufajardini

Ike v1 logging tx transforms 5455 v3

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5455 Describe changes: - ikev1 : log fields from transaction instead of fields from state Replaces #7668 with using u64 instead of usize

catenacyber

Bug 4786/v4

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5207 **Note:** This branch has a known failure and is just for an intermediary review. The work is yet to be completed and tested. Known issue...

inashivb

Smtp rfc2231 4386 v7 backport6

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/4386 Describe changes: - Backport of #6670 (only first 2 commits, last commit is more code style) Clean cherry-picks except `#include "rust.h"` was needed in addition

catenacyber

Draft: detect/from_base64: Add transform for decoding base64 data

This PR adds a transform for base64 encoded data. Here's a rule showing the transform: ``` alert http any any -> any any (msg:"from_base64 transform"; flow:established,from_server; http.response_body; from_base64; content: "This...

jlucovsky

Smtp server detection 1125 v5

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/1125 Describe changes: - smtp : adds server side detection - ftp : adds server side detection The most special trick is that the (server) probing...

catenacyber

detect: checks config keyword in cleanup

Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: https://redmine.openinfosecfoundation.org/issues/5456 Describe changes: - detect: checks config keyword in cleanup

catenacyber

lua: Expose byte_extract to lua match scripts

Continuation of #7660 Link to [redmine](https://redmine.openinfosecfoundation.org/projects/suricata/issues) ticket: [#2871](https://redmine.openinfosecfoundation.org/issues/2871) Describe changes: - Allow lua match scripts to access variables defined in rule by byte_extract or byte_math Updates - Rebase. suricata-verify-pr: 899...

jlucovsky

suricata
suricata copied to clipboard

Metadata

file/swf: Use lzma-rs decompression instead of libhtp.

detect/alert: ensure reject action is applied to packet/flow - v2

Add command-line option to simulate alert-queue-expansion-failure (60x backport) - v1

Ike v1 logging tx transforms 5455 v3

Bug 4786/v4

Smtp rfc2231 4386 v7 backport6

Draft: detect/from_base64: Add transform for decoding base64 data

Smtp server detection 1125 v5

detect: checks config keyword in cleanup

lua: Expose byte_extract to lua match scripts

← Metadata

Owner

Metadata

suricata suricata copied to clipboard

Metadata

← Metadata

Owner

Metadata

suricata
suricata copied to clipboard