aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,438 Commits
8 Branches
165 Tags
220 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0eeccb4b17'
${ noResults }
Commit Graph

3218 Commits (0eeccb4b176b3a0a4c2717f14fd0bd668520e6fa)

Author SHA1 Message Date
Jean-Paul Roliers efdf96ccba tls: adding TLS Log support 
Creation of the log-tlslog file in order to log tls message.
Need to add some information into suricata.yaml to work.

  - tls-log:
      enabled: yes	# Log TLS connections.
      filename: tls.log # File to store TLS logs.
 13 years ago
Anoop Saldanha 3eb0fd878d Don't wait for packetpool to be back to full state before continuing with the shutdown process, on received shutdown signal 13 years ago
Anoop Saldanha 5f198e3a1d Suricata shutdown updates + minor cleanup 13 years ago
Anoop Saldanha 34581ce902 rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup 13 years ago
Ignacio Sanchez b057a20f10 Custom logging feature for log-httplog 13 years ago
Eric Leblond def0270de7 decode: decode IPv6-in-IPv6 
This patch adds decoding of IPv6-in-IPv6. It also adds some events
for invalid packets.

This patch should fix #514.
 13 years ago
Victor Julien 438dd61948 Update version number to reflect we're working towards 1.4 now. 13 years ago
Eric Leblond f9046d8284 Add teredo counter. 13 years ago
Eric Leblond 09d893127e defrag: prealloc more frags. 13 years ago
Eric Leblond fd32159464 defrag: add some events relative to defragmentation 13 years ago
Eric Leblond d2aa0407c4 defrag: Fix unittest logic. 
We've linked the size of hash with trackers. Thus calling DefragInit()
after setting the configuration variable is more logic.
 13 years ago
Eric Leblond 0fd2c93c96 defrag: link hash size with number of frags. 
We set defrag_hash_size by using the number of trackers. This is
effective to avoid collision.
 13 years ago
Eric Leblond f328e18d59 defrag: fix some integer type warning. 13 years ago
Eric Leblond b1b4cd2729 defrag: really use 'max-frags' variable. 
The 'max-frags' variable was not used and the 'trackers' variable was
not documented. This patch fixes the two issues.
 13 years ago
Eric Leblond 6480cd1b9c Teredo tunnel supports 
This patch should fix #480 by adding the support of Teredo tunnel.
The IPv6 content of the tunnel will be parsed in a similar way as
what is done the GRE tunnel. Signatures will then be matched on the
IPv6 content.
 13 years ago
Eric Leblond 09fa0b9542 Add support for IPv4-in-IPv6 
This patch adds support for IPv4-in-IPv6 and should fix #462.
 13 years ago
Eric Leblond 2c57275921 nfq: implement "fail-open" support. 
On linux >= 3.6, you can use the fail-open option on a NFQ queue
to have the kernel accept the packet if userspace is not able to keep
pace.

Please note that the kernel will not trigger an error if the feature is activated
in userspace libraries but not available in kernel.

This patch implements the option for suricata by adding a nfq.fail-open
configuration variable which is desactivated by default.
 13 years ago
Eric Leblond 452d3c4308 tm-thread: exit loop if suri want to quit 13 years ago
Eric Leblond f389a1201f tm-thread: run thread init function sequentially. 
On some setup you want to run each thread init function sequentially.
For example, if I use flow_cpu load balancing on AF_PACKET, my target
is to have CPU 0 (first socket in the group) to be link with the
thread 0 in detect cpu set (first thread to be initialised). A good
way to achieve this is to run only one thread init function at a time
to avoid any possible race condition.
 13 years ago
Victor Julien f1b6f7a9e6 rule analyzer: make analyzer aware of http_user_agent pcre flag /V. 13 years ago
Victor Julien e737e2dc56 http: after path double decoding, also normalize the path again. #504. 13 years ago
Victor Julien e839cea9e5 Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504. 13 years ago
Victor Julien e0bfcb7dde Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP. 13 years ago
Victor Julien bd6b865473 rule analyzer: fix fast pattern analyzer reporting wrong filename (same as rule analyzer). 13 years ago
Eric Leblond 11c3167583 stream-tcp: no checksum alert if validation is off 
This patch disables checksum alert if checksum-validation is set
to no in the configuration file. Without this patch, when parsing
a pcap which checksum offloading, it was not possible to get rid
of event caused by checksum validation.
 13 years ago
Victor Julien c51a3aad17 stream: handle case where Suricata sees 3whs-ACK but server doesn't. Bug #523. 13 years ago
Victor Julien 5cc8a09257 stream: fix unittest broken by new flags handling. 13 years ago
Victor Julien ad827ad030 http: add more decoding unittests. 13 years ago
Victor Julien 4c6fd7ad4c Bug #510. Produce error if max-pending-packets is higher than 65534. 13 years ago
Victor Julien 6841171882 profiling: fix 'match' counter sometimes not incrementing. #460. 13 years ago
Victor Julien f9cde717e7 Use SCFree instead of free in DER decoder. 13 years ago
Victor Julien c44f4c13fc stream: improve TCP flags handling 13 years ago
Eric Leblond 09e709d1c5 af-packet: fix reconnect code 
Reconnect code was in a "work by luck" stage as we did not update
the socket number after reconnect.
 13 years ago
Anoop Saldanha 64fad5b36e Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig. 
Noticing a good spike in perf with et_pro ruleset.

Thanks to Will Metcalf for the suggestion.
 13 years ago
Anoop Saldanha fe4c66461f bug #466 - Updated getticks() to serialize execution of rdtsc with cpuid 13 years ago
Anoop Saldanha 41bb3b95f9 bug 508 - List (ack | cwr | ecn) combination to be accepted by our stream engine. 
This isn't a perfect solution.  More like we have patched this for the case we
are in tcp's established state.  The right solution would be to accept states
based on the presence(using operator OR) of certain flags in the tcp header,
rather than list out all possible flag combinations.
 13 years ago
Anoop Saldanha 1c41672f5e invalidate sigs if depth > content_length 13 years ago
Eric Leblond 8ebc625711 tls: fix keyword regular expression 
Space, dash and comma are valid.
 13 years ago
Eric Leblond a369f8c359 af-packet: loop on ring if there is data to read. 
This patch should bring some improvements by looping on the
ring when there is some data available instead of getting back
to the poll. It also fix recovery in case of drops on the ring
because the poll command will not return correctly in this case.
 13 years ago
Eric Leblond 4df509f87a defrag: use IP ID in hash 
This patch fixes the collision issue observed on an intensive network
trafic. When there is fragmentation it is the case for all data
exchanged between two hosts. Thus using a hash func only involving
IP addresses (and protocol) was leading to a collision for all
exchanges between the hosts. At a larger scale, it was resulting in
a packet loss. By using the IP ID instead of the protocol family, we
introduce a real difference between the trackers.
 13 years ago
Victor Julien a5587fec2e flow: remove unused prune-flows option 13 years ago
Anoop Saldanha bf6cd48259 if a sig's set as stream sig only, don't updated it as both stream and pkt sig if offset/depth's present 
bug #495 - update rule analyzer to not warn on offset_depth-tcp_pkt update if sig is stream only

bug #497 - rule_warnings fixed
 14 years ago
Anoop Saldanha b2f589527a Set thread name Suricata-Main for main thread and LiveRuleSwap for live swap thread 14 years ago
Anoop Saldanha a0bce6362e bug 499 - update host os info enum map to use - instead of _ + add new unittests 14 years ago
Anoop Saldanha 7833883a8f bug #496 - don't warn about offset/depth for packet sigs 14 years ago
Victor Julien d8356c5ebd Windows build and other misc fixes. 14 years ago
Eric Leblond a3465fb971 Rename 'worker' running mode to 'workers' 
This patch renamed the 'worker' running mode into 'workers'. Thus,
there is only one name in Suricata for the same thing. Backward
compatibility is ensured by replacing "worker" by "workers" when
the old name is used. A warning is printed in the log when the old
name is used.
 14 years ago
Anoop Saldanha 34f0897163 check if all packets are processed before disabling detect threads + kill all threads <= detect after FFR + other minor fixes 14 years ago
Victor Julien be5fed869d conf api: remove dead code 14 years ago
Victor Julien c2e484ae88 rule analyzer: fix detecting stream match 14 years ago
Anoop Saldanha 946a9ece32 rule analyzer updated for sigs with offset/depth set + alproto set 14 years ago
Anoop Saldanha 960d421f9d Update SigValidate() to allow http keywords to be specified in the right flow direction 14 years ago
Victor Julien 9f3e079bcf Make live reloads optional and disabled by default. 14 years ago
Victor Julien 9d2e17fa98 stream: don't NULL dereference p->flow->protoctx in StreamTcpReassembleDepthReached 14 years ago
Victor Julien 43c7fd7585 file inspection: improve logging when stream.depth limit is reached. #493. 14 years ago
Victor Julien 79d5ef3707 Improve warning if prelude output is selected but support not compiled in. #320. 14 years ago
Victor Julien e7b36051de Improve pktvar keyword parsing and error handling. 14 years ago
Victor Julien 2179ac2595 Minor fixes for coverity issues. 14 years ago
Victor Julien c4e5e1482e Fix detect tag error handling. 14 years ago
Victor Julien d840308ae2 file detect: improve cleanup 14 years ago
Victor Julien 4a9fa35cf2 filemd5: free hash during cleanup 14 years ago
Anoop Saldanha b0b29fb85a ac-bs and ac-gfbs mem cleanup 14 years ago
Anoop Saldanha c1cc9188fd more mpm engine mem cleanup 14 years ago
Anoop Saldanha 0eaf0b0129 mpm engine and ac mem free fixes 14 years ago
Nikolay Denev 50aba06530 Fix SCSetThreadName() macros in threads.h Add FreeBSD thread naming implementation. 14 years ago
Anoop Saldanha cde31abe96 bug #455 - Warn users on signature event vars having precedence over threshold.conf ones 14 years ago
Victor Julien ab421978f0 Free all sig match structs when freeing a signature. 14 years ago
Victor Julien f4c7bd4e5b Fix memleak in tag parsing. 14 years ago
Victor Julien af97c36c08 Properly clean signature's ip only data. 14 years ago
Victor Julien c7af0589bc Fix a reload memleak in thread local detection engine ctx. 14 years ago
Victor Julien 19e3348cae Fix a reload memleak in the duplicate sig detection hash. 14 years ago
Victor Julien 728c4f9ea0 Clean up packet pool at shut down. 14 years ago
Anoop Saldanha ba5f757c47 sc_atomic_cas replaced with sc_atomic_set 14 years ago
Victor Julien 0c98980e21 http: add unittest to test \r in header line. 14 years ago
Victor Julien 3d12b74012 http_raw_header: add some debug code. 14 years ago
Victor Julien a6471cdb9c icmpv6: for ICMPv6 info messages set payload ptr and length to right after 4 byte hdr. 14 years ago
Victor Julien 4cf6bb3f4c afpacket: fix compilation in debug mode. 14 years ago
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 14 years ago
Eric Leblond 6efd37a388 af-packet: use counter for drop and accept 
This patch adds counters for kernel drops and accepts to af-packet
capture module. This information are periodically displayed in
stats.log:
capture.kernel_packets    | RxAFP1                    | 1792
capture.kernel_drops      | RxAFP1                    | 0
The statistic is fetch via a setsockopt call every 255 packets.
 14 years ago
Eric Leblond f2a6fb8a5a af-packet: add support for BPF filter. 
This patch adds support for BPF in AF_PACKET running
mode. The command line syntax is the same as the one
used of PF_RING.
The method is the same too: The pcap_compile__nopcap()
function is used to build the BPF filter. It is then
injected into the kernel with a setsockopt() call. If
the adding of the BPF fail, suricata exit.
 14 years ago
Eric Leblond c85ee1e3f6 af-packet: get datalink for each socket creation. 
This patch will allow us to use the datalink when computing the filter.
It also fixes a potential issue where an interface data type change
after the interface if going down/up.
 14 years ago
Victor Julien 59ec493f7c http body inspection: force body inspection on stream eof. 14 years ago
Victor Julien 2a4992e7a0 inline: fix unified2 alert direction selection 14 years ago
Victor Julien 87ec969b3d filemd5: fix compilation if libnss isn't available 14 years ago
Victor Julien c9e93ec52c filemd5: add support code for md5 handling for signatures. 14 years ago
Victor Julien 8cd460dde5 Don't display a warning when log-pcap tries to remove an already removed file. 14 years ago
Anoop Saldanha 7109a056a5 http header won't inspect set-cookie headers. Set-cookie part of cookie keyword now. Also update the http header inspection engine 14 years ago
Victor Julien 988f22ee2e Free pcre study structs for classification, threshold and reference parsing. 14 years ago
Anoop Saldanha 0c24bbab0c code cleanup for live swap 14 years ago
Victor Julien 452114a859 Fix compiler warning. 14 years ago
Anoop Saldanha 2bc7d0792d update clean up of old detection engine contexts for live rule swap 14 years ago
Anoop Saldanha eee33866df DetectEngineCtxFree() cleanup, also in main 14 years ago
Anoop Saldanha c3eab5cf4e Replace the old atomic sets using cas with the new sc_atomic_set macro 14 years ago
Anoop Saldanha 32183faa82 free flowvar entries in flow after live rule swap. Sync flowbits entries into packet struct to be used by alert debuglog when alert debuglog is enabled 14 years ago
Anoop Saldanha 8fb2040eee disable live rule swap when -s or -S option's used at startup 14 years ago
Anoop Saldanha 31eb5fa2f6 Introduce util-signal.[ch]. Move our signal setup functions here 14 years ago
Victor Julien 4cde2355bd Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 14 years ago
Anoop Saldanha 6fa46d7526 If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main 14 years ago
Anoop Saldanha e5edcfaca8 add unittest for atomic operation with void * 14 years ago
Anoop Saldanha ecad4a24fa live rule support added 
To reload ruleset during engine runtime, send the USR2 signal to the engine, and the ruleset would be reloaded from the same yaml file supplied at engine startup
 14 years ago