19112 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
dependabot[bot]	af0feee379	github-actions: bump github/codeql-action from 4.36.1 to 4.36.2 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.36.1 to 4.36.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v4.36.1...v4.36.2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-09 07:38:25 +00:00
Shivani Bhardwaj	899eb38691	flowbits: deprecate toggle command ... toggle command is not used by any major rulesets and increases the state complexity of flowbits management. Also, all operations can be carried out with the combination of other available commands. So, remove it. Task 8595	2026-06-05 12:38:59 +00:00
Jason Ish	546209ff12	bindgen: fix include ordering ... At some point, bindgen include ordering changed such that AppLayerGetFileState was being bindgen'd as opaque, as the definition of StreamBufferingConfig was not available when bindgen hit AppLayerGetFileState, and bindgen processes in order. Move the util includes before the app-layer includes to fix the ordering problem, but still keep util includes grouped. The sys diff is large as many things have been re-ordered.	2026-06-05 12:38:58 +00:00
Philippe Antoine	42fc785e12	fuzz/iprep: initialize to 0 buffer buffer before writing to it ... And make MSAN happy	2026-06-05 12:38:57 +00:00
William Ling	30628e45bc	rust: replace helper with built-in ... Replace custom u32_as_bytes with built-in to_be_bytes Issue: 5785	2026-06-05 12:38:57 +00:00
William Ling	e7edc2a1e2	unittests: convert util-spm tests to FAIL/PASS API ... Issue: 6334	2026-06-05 12:38:56 +00:00
Philippe Antoine	9318bbfbdb	rust: format tftp files ... Ticket: 3836	2026-06-05 12:38:56 +00:00
Philippe Antoine	9ec200e834	rust: format x509 files ... Ticket: 3836	2026-06-05 12:38:56 +00:00
Philippe Antoine	dd66276f82	rust: format telnet files ... Ticket: 3836	2026-06-05 12:38:56 +00:00
Philippe Antoine	709ad1bdf4	rust: format sip files ... Ticket: 3836	2026-06-05 12:38:56 +00:00
Samaresh Kumar Singh	af3abf100e	doc: dhcp eve note for option 52 overload ... Document that DHCP options carried in the overloaded BOOTP sname or file fields are now merged into the EVE log option set alongside the main options area. Bug: #8538.	2026-06-05 12:38:55 +00:00
Samaresh Kumar Singh	f06bb7d43e	dhcp: support option 52 overload ... Per RFC 2132 the BOOTP sname and file fields can hold extra DHCP options when option 52 is present, but the parser ignored them. After parsing the main options we now look up option 52 and walk sname or file as additional option streams, appending what we find to the same options vector so the logger and detection keywords see the overloaded values too. Bug: #8538.	2026-06-05 12:38:55 +00:00
dependabot[bot]	0eda09f302	github-actions: bump codecov/codecov-action from 6.0.0 to 6.0.1 ... Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 6.0.0 to 6.0.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](57e3a136b7...e79a6962e0) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-version: 6.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 18:02:25 +00:00
dependabot[bot]	aa24d7022b	github-actions: bump github/codeql-action from 4.35.3 to 4.36.1 ... Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.35.3 to 4.36.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Commits](https://github.com/github/codeql-action/compare/v4.35.3...v4.36.1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.36.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 18:02:24 +00:00
dependabot[bot]	87a1521019	github-actions: bump actions/checkout from 6.0.2 to 6.0.3 ... Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.2 to 6.0.3. - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6.0.2...v6.0.3) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 6.0.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 18:02:24 +00:00
dependabot[bot]	9febbf6149	github-actions: bump vmactions/freebsd-vm from 1.4.5 to 1.4.6 ... Bumps [vmactions/freebsd-vm](https://github.com/vmactions/freebsd-vm) from 1.4.5 to 1.4.6. - [Release notes](https://github.com/vmactions/freebsd-vm/releases) - [Commits](d1e6581156...a6de9343ef) --- updated-dependencies: - dependency-name: vmactions/freebsd-vm dependency-version: 1.4.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2026-06-03 18:02:23 +00:00
Philippe Antoine	af7fad5514	detect: allocate arrays on the heap ... buffer_type_id is a u32 Ticket: 8001	2026-06-03 18:02:23 +00:00
Philippe Antoine	2eede11195	detect: clean app-layer txs when we pass the flow ... Ticket: 8619 Do not wait to run inspection on the other side of transactions as we do not run any tx detection on passing flows. Avoids accumulating txs	2026-06-03 18:02:22 +00:00
Juliana Fajardini	f8945e7a1a	yaml/firewall: expand firewall options explanation	2026-06-03 18:02:20 +00:00
Juliana Fajardini	04cfd33c59	doc/firewall: update hooks & configuration examples	2026-06-03 18:02:20 +00:00
Philippe Antoine	26bb18cfaa	http2: replace state todrop with a dedicated boolean ... Ticket: 8518	2026-06-02 21:16:54 +00:00
Philippe Antoine	8eed90ca9d	http2: global txs are unidirectional ... Ticket: 8518 Meaning they will now match only once per tx instead of twice: once for each direction	2026-06-02 21:16:54 +00:00
Philippe Antoine	daf68dc36f	http2: split progress per direction ... Ticket: 8518 Keywords that work for HTTP2 headers match now as soon as possible A push promise is now considered like a headers frame with regards to the progress (no dedicated "reserved" progress/state) http.protocol and http.stat_msg keywords are now registered at earliest progress, since these are synthetic like "HTTP/2" and not really seen on the wire. http.request_line and http.response_line match only on data, and not on headers, since we must wait the end of headers to be sure to have the full line http2.size_update now matches at headers progress as it should http2.frametype, http2.errorcode, http2.priority now match like http2.window, when the tx is complete from both sides, as a half-closed client may still send priority, rst_stream or window_update frames	2026-06-02 21:16:54 +00:00
Philippe Antoine	567e824e44	fuzz: add target for iprep ... Ticket: 3589	2026-06-02 21:16:52 +00:00
Philippe Antoine	29795be5a2	fuzz: make more unit test utilities available for fuzzing	2026-06-02 21:16:52 +00:00
Philippe Antoine	8217c51126	rust: format sdp files ... Ticket: 3836	2026-06-02 21:16:52 +00:00
Philippe Antoine	9d9d8df4cd	rust: format rdp files ... Ticket: 3836	2026-06-02 21:16:52 +00:00
Philippe Antoine	c8a86cdffa	ci: move rustfmt to a helper script	2026-06-02 21:16:52 +00:00
Philippe Antoine	7352bae890	smb: avoid unsigned overflow debug assertion ... As we compute a padding, we can use wrapping_add as we only care about the low-weight bit anyways	2026-06-02 21:16:51 +00:00
Jason Ish	7ec82740cd	github-ci: cancel previous nix workflow for branch ... On push, cancel previous nix workflows for the same branch.	2026-06-02 06:26:12 +00:00
Jason Ish	c0fd86f5b6	github-ci: close PRs updated after being opened ... Enforce our policy of requiring a new pull request whenever changes are made to an existing one. On any push to an open, non-draft pull request the workflow comments with the policy and closes the pull request.	2026-06-02 06:26:12 +00:00
Jason Ish	6687618b67	misc: remove log-cf-common ... It was only used to http-log which is now removed.	2026-06-02 06:26:11 +00:00
Jason Ish	3806bf4260	util-time: relocate timestamp format unit test from log-cf-common ... log-cf-common is not longer needed with the removal of http-log, but this test is still valid, so move until util-time.	2026-06-02 06:26:11 +00:00
Jason Ish	865b7243a0	http-log: remove support for http-log ... http-log was deprecated in Suricata 8, and marked for removal in Suricata 9.0. Ticket: #7232	2026-06-02 06:26:11 +00:00
Jason Ish	6368f6401b	qa: remove socket_to_gzip_file.py ... I'm not really what the purpose of this script is.	2026-06-02 06:26:11 +00:00
Giuseppe Longo	143774220e	doc: add llmnr ... Ticket #8366	2026-06-02 06:26:10 +00:00
Giuseppe Longo	0b20011a9f	llmnr: implement sticky buffers ... Add detection keywords for LLMNR protocol inspection: - llmnr.queries.rrname - llmnr.answers.rrname - llmnr.authorities.rrname - llmnr.additionals.rrname - llmnr.response.rrname LLMNR reuses the existing DNS functions since it follows the same protocol structure. The implementation registers LLMNR-specific keywords that leverage the DNS data extraction functions. Both to_server and to_client directions are supported. Ticket #8366	2026-06-02 06:26:10 +00:00
Giuseppe Longo	8f205bb34f	llmnr: implement logger ... This adds an LLMNR protocol logger that reuses existing DNS functions, following the same approach as the mDNS logger: - No grouped logging - Rdata is logged in a field that is named after the rdata type - Types are logged in lower case - Flags are logged as an array Ticket #8366	2026-06-02 06:26:10 +00:00
Giuseppe Longo	13df0f7a06	llmnr: implement parser ... This adds a parser for LLMNR protocol over both UDP and TCP. The parser reuses the existing DNS functions since LLMNR shares the same wire format as DNS, but implements its own protocol-specific validation: - LLMNR-specific flag checks (C, TC, T bits) - Opcode validation (only standard query opcode 0 is valid) - An Event is set if Z-flag is set, since it's must be zero per RFC4795 LLMNR transactions inherit DNS behavior where each packet creates a new state with one transaction. Ticket #8366	2026-06-02 06:26:10 +00:00
Victor Julien	9e82ff82e2	fuzz: use heap threadvars allocations ... Use new allocator to properly set up thread storage.	2026-06-01 15:56:59 +00:00
Victor Julien	cefee1390e	detect/threshold: don't double init per thread cache ... Can get called multiple times in the multi-tenancy case.	2026-06-01 15:56:59 +00:00
Victor Julien	f67dadc3d8	detect/threshold: fix unittests for storage based cache	2026-06-01 15:56:59 +00:00
Victor Julien	c27868a8c5	threshold: use seed consistently in hashing ... Use for IPv6 in the main hash. Update IPv4 thread cache to also use a seed. For this the thread initialization is done at thread init instead on the first packet. The thread ctx is no longer stored in a thread_local, but instead uses the thread storage API to store in the ThreadVars. This way it will stay active during rule reloads as well. Ticket: #8617.	2026-06-01 15:56:59 +00:00
Victor Julien	b742d58544	hash: allow registing with a seed value ... Seed value will have to be used by the caller's hash function.	2026-06-01 15:56:59 +00:00
Victor Julien	730ff5075d	threads: use threadvars memory helpers	2026-06-01 15:56:59 +00:00
Victor Julien	ad1459df72	threads: add threadvars allocator and free func ... Mostly meant to help unittests and fuzz targets alloc the storage correctly.	2026-06-01 15:56:59 +00:00
Victor Julien	b11aa94d42	decode/vlan: implement max layers for IEEE8021ah ... Ticket: #8615.	2026-06-01 15:56:59 +00:00
Victor Julien	377462ea63	defrag: decrement memuse on alloc failure ... Ticket: #8613.	2026-06-01 15:56:59 +00:00
Jason Ish	3dc8b154f3	rust/ffi: add safe thread storage wrapper ... Add a typed ThreadStorage<T> wrapper around the thread storage bindings. Ticket: #8445	2026-06-01 15:56:57 +00:00
Jason Ish	9f40968bba	rust/ffi: bindgen thread storage ... Ticket: #8445	2026-06-01 15:56:57 +00:00