Open Information Security Foundation

08/19/2022

12:52 PM Suricata Feature #3306: Support AF_XDP capture method

AF_XDP functions in libbpf have been moved to xdp-tools (https://github.com/xdp-project/xdp-tools) which means we nee... Eric Leblond

08/03/2022

12:23 PM Suricata Feature #5479 (New): Add landlock support

Landlock is a Linux Security Module that can be used to sandbox Suricata and avoid attacks relying on file access. Eric Leblond

06/29/2022

07:41 AM Suricata Feature #5413 (In Progress): DCERPC logging is not easy to use in analysis

The dcerpc part of smb events have the dcerpc uudi in one event and the opnum in another event. This is not convenien... Eric Leblond

07:25 AM Suricata Bug #5412 (In Progress): SMB status errors list is incomplete

Some SMB status value are not in the code and this result and getting integer instead of user readable message. Eric Leblond

07:24 AM Suricata Feature #5411 (In Progress): Add keywords for user and domain seen in smb

SMB protocol parser is able to see user and domain during the setup phase and should have keywords to match on these ... Eric Leblond

06/04/2022

09:08 PM Suricata Feature #5383 (In Progress): Support for IP addresses in dataset

Even if Suricata has iprep support, this is far less interesting from a support of IPv4 and IPv6 in dataset. Eric Leblond

05/31/2022

01:50 PM Suricata Bug #5374: pcap-log: breaking change in file names

If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is co... Eric Leblond

05/11/2022

07:15 AM Suricata Bug #5360 (In Review): Build with ebpf is failing

Fix pushed in https://github.com/OISF/suricata/pull/7401 Eric Leblond

07:11 AM Suricata Bug #5360: Build with ebpf is failing

Peter Manev wrote in #note-1:
> This needs internal qa test.
> Will add done
Master has an ebpf build in github ... Eric Leblond

07:08 AM Suricata Bug #5360 (Closed): Build with ebpf is failing

Current master-6.0.x is not building when ebpf is enable. Eric Leblond