aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,482 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0366d47608'
${ noResults }
Commit Graph

7482 Commits (0366d47608eeb00bb69ff93d2b8cef354c3435ec)
 

Author SHA1 Message Date
Victor Julien 0366d47608 luajit: remove unused instance counter 8 years ago
Victor Julien 3012edae1c luajit: update default yaml and doc for 'states' 8 years ago
Victor Julien 3da7dad514 lua: luajit improvements 
Luajit has a strange memory requirement, it's 'states' need to be in the
first 2G of the process' memory.

This patch improves the pool approach by moving it to the front of the
start up.

A new config option 'luajit.states' is added to control how many states
are preallocated. It defaults to 128.

Add a warning when more states are used then preallocated. This may fail
if flow/stream/detect engines use a lot of memory. Add hint at exit that
gives the max states in use if it's higher than the default.
 8 years ago
Jason Ish 0792f80909 doc: only build pdf on dist if pdflatex is installed 8 years ago
Jason Ish ee16b86900 doc: fix build pdf on non gnu make platforms 
The Makefile generated by sphinx-build is GNU Make specific
causing the PDF phase to fail. Instead call pdflatex directly
based on how the generated Makefile was doing it.
 8 years ago
Victor Julien 064c070db7 pcap-file: minor cleanup 8 years ago
Victor Julien f9f5e8a348 changelog: update for 3.2RC1 release 8 years ago
Victor Julien 3973363164 yaml: group ICS protocols together 8 years ago
Victor Julien b231558957 ENIP: add default ports to yaml 8 years ago
Victor Julien 238163bc8d ENIP: disable parser if no config found 8 years ago
Victor Julien 080a2f0cfb DNP3: disable in case of no dnp3 config 8 years ago
Priit Laes 12849fa927 readme: Fix markdown header levels 8 years ago
Priit Laes 6d9733a72b readme: reformat some key points about possible security issues 8 years ago
Priit Laes d709bf49e8 readme: Add link to up-to-date user guide and mark wiki as deprecated. 8 years ago
Jason Ish 65bf06975c dnp3: fix coverity checks; return value not checked 8 years ago
Victor Julien 1f670837ac detect: add missing break (CID 1374301) 8 years ago
Victor Julien c0f25bddaf eve: make payload printing in alerts more robust 8 years ago
Victor Julien 39a23d8d1b flowint: allow / in name 8 years ago
Victor Julien 56ff853e73 hostbits: test fixes 8 years ago
Victor Julien 8831e5b375 pkt-var: const name 8 years ago
Victor Julien 5dc9c1b874 DNP3: minor cleanup 8 years ago
Victor Julien 7cf231c7ec DNP3: don't leak memory on dnp3_obj parsing 8 years ago
Jason Ish f0de1d04a9 DNP3: Use directional logging. 
Instead of waiting for a transaction complete, log the
request as soon as it is completes which will give it a
more accurate timestamp.
 8 years ago
Jason Ish f70badeb0e DNP3: --afl-dnp3 entry point 8 years ago
Jason Ish a59f31a99f DNP3: Lua detect support. 
Adds support for access the DNP3 transaction in Lua rules.
 8 years ago
Jason Ish 44a69f6355 DNP3: Log DNP3 info with DNP3 alert. 8 years ago
Jason Ish 1c3f373543 DNP3: Log DNP3 transactions. 8 years ago
Jason Ish 1a31bded4a DNP3: dnp3_data, dnp3_func, dnp3_ind, dnp3_obj rule keywords 8 years ago
Jason Ish bbaa79b80e DNP3: Application layer decoder. 
Decodes TCP DNP3 and raises some DNP3 decoder alerts.
 8 years ago
Jason Ish 240d789c40 DNP3: dnp3-gen: code generator for repetitive DNP3 code 8 years ago
Jason Ish da40714cb1 common: define json_boolean when not defined 
Older versions of jansson in current use don't have this
macro defined.
 8 years ago
fooinha f6c0abaae7 eve: check redis reply in non pipeline mode 
We may lose the reply if disconnection happens.
Reconnection is needed.
 8 years ago
Victor Julien 2758f82515 flowvar: cleanups 8 years ago
Jason Ish 9d271e9a71 fast-pattern: fix tls_sni 
Use all 38 arguments in call to SigMatchGetLastSMFromLists

Was preventing fast_pattern from being applied to tls_sni:
https://redmine.openinfosecfoundation.org/issues/1936
 8 years ago
Jason Ish 7d734edca8 dns: use new unittest macros 8 years ago
Jason Ish a8f6fb0f78 dns: support back to back requests without a response 
Address the issue where a DNS response would not be logged when
the traffic is like:
- Request 1
- Request 2
- Response 1
- Response 2
which can happen on dual stack machines where the request for A
and AAAA are sent out at the same time on the same UDP "session".

A "window" is used to set the maximum number of outstanding
responses before considering the olders lost.
 8 years ago
Jason Ish 64cc91a569 tcp dns: unit test for multi-request buffer 8 years ago
Jason Ish 2d4df19401 tcp dns: fix advancement to next request in buffer 
The advancement through the buffer was not taking into account
the size of the length field resulting in the second request
being detected as bad data.
 8 years ago
Victor Julien db1c47cb6e multi-tenant: make less verbose 8 years ago
Victor Julien 51bb1f0d77 multi-tenants: fix minor memleak 8 years ago
Victor Julien 059b25b564 detect: suppress debug message for reloads 8 years ago
Victor Julien 321fb6463e vars: small cleanups 8 years ago
Victor Julien e4b2729399 nfq: support bypass for rebuilt fragment packets 8 years ago
Victor Julien 629fa30345 nfq_set_mask: set mark on root pkt for tunnels 8 years ago
Eric Leblond d8acf3542d source-nfq: document bypass function 8 years ago
Eric Leblond e0000eb58d source-nfq: fix tunnel mark callback algorithm 
In case of a tunnel packet, adding a mark to the root packet will have
for consequence to bypass all the flows that are hosted in this tunnel.
This is not the attended behavior and as initial fix let's simply warn
suricata that bypass for NFQ is not possible for this kind of packets.

This patch also fixes a segfault. The root packet was accessed even if it is
NULL causing a NULL dereference:

ASAN:SIGSEGV
=================================================================
==24408==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000060 (pc 0x00000076f948 bp 0x7f435c000240 sp 0x7f435c000220 T5)
ASAN:SIGSEGV
==24408==AddressSanitizer: while reporting a bug found another one. Ignoring.
    #0 0x76f947 in NFQBypassCallback /home/victor/dev/suricata/src/source-nfq.c:510
    #1 0x4d0f02 in PacketBypassCallback /home/victor/dev/suricata/src/decode.c:395
    #2 0x7b8a95 in StreamTcpPacket /home/victor/dev/suricata/src/stream-tcp.c:4661
    #3 0x7b9ddd in StreamTcp /home/victor/dev/suricata/src/stream-tcp.c:4913
    #4 0x68fa50 in FlowWorker /home/victor/dev/suricata/src/flow-worker.c:194
    #5 0x7f0abd in TmThreadsSlotVarRun /home/victor/dev/suricata/src/tm-threads.c:128
    #6 0x7f2958 in TmThreadsSlotVar /home/victor/dev/suricata/src/tm-threads.c:585
    #7 0x7f436368e6f9 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x76f9)
    #8 0x7f4362802b5c in clone (/lib/x86_64-linux-gnu/libc.so.6+0x106b5c)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/victor/dev/suricata/src/source-nfq.c:510 NFQBypassCallback
Thread T5 (W#04) created by T0 (Suricata-Main) here:
    #0 0x7f4364ff2253 in pthread_create (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x36253)
    #1 0x7f9c48 in TmThreadSpawn /home/victor/dev/suricata/src/tm-threads.c:1843
    #2 0x8da7c0 in RunModeSetIPSAutoFp /home/victor/dev/suricata/src/util-runmodes.c:519
    #3 0x73e3ff in RunModeIpsNFQAutoFp /home/victor/dev/suricata/src/runmode-nfq.c:74
    #4 0x7503fa in RunModeDispatch /home/victor/dev/suricata/src/runmodes.c:382
    #5 0x7e5cb3 in main /home/victor/dev/suricata/src/suricata.c:2547
    #6 0x7f436271c82f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
 8 years ago
Victor Julien 0d4b93cafd tls-rules: install on 'make install-full' 8 years ago
Victor Julien 397c541c09 detect: fix multi-tenant loaders 8 years ago
Victor Julien 7e54ee7d0e flow-timeout: fix memory errors on flow bypass 
For flow bypass, the flow timeout handling is triggered which may
create up to 3 pseudo packets that hold a reference to the flow.
However, in the bypass case the code signaled to the timeout logic
that the flow can be freed unconditionally by returning 1. This
lead to packets going through the engine with a pointer to a now
freed/recycled flow.

This patch fixes the logic by removing the special bypass case,
which seemed redundant anyway. Effectively reverts 68d9677.

Bug #1928.
 8 years ago
Victor Julien d1d618a668 flow-manager: cleanups and comment improvements 8 years ago