aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,161 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1bc738fbe4'
${ noResults }
Commit Graph

10161 Commits (1bc738fbe4f58c3b0b58032790b6e2d8fbbe4310)
 

Author SHA1 Message Date
Victor Julien 1bc738fbe4 doc: typo fixes 
By @espritlibre and @Zeal0us
 6 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 6 years ago
Fabrice Fontaine 9b05db7db0 fix build on m68k with uclibc 
uclibc on m68k defines _POSIX_SPIN_LOCKS but does not define
pthread_spin_unlock so check for this function before using
pthread_spin_xxx functions

Fixes:
 - http://autobuild.buildroot.org/results/ed923bcc1454ce90444b8dac7c064b5f4ea4a0a5

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 6 years ago
Jeff Lucovsky 86fabef093 ftp: address review comments 6 years ago
Jeff Lucovsky f79316d71a ftp: remove RUST guards 6 years ago
Jeff Lucovsky cc5e9ca179 eve/ftp: Modifications for MPM-enabled command descriptor table 6 years ago
Jeff Lucovsky bc68ef4657 app-layer: Invoke FTP parser cleanup function 6 years ago
Jeff Lucovsky 09ab032a8d ftp: Use MPM for command lookup 6 years ago
Jeff Lucovsky 4f2a485c55 ftp: Remove LIBJANSSON guards 6 years ago
Jeff Lucovsky 3df2b3437c eve/ftp: Move "get next line" into app-layer-ftp.c 6 years ago
Victor Julien f43584661c stream: support debug notice message in tfo 6 years ago
Eric Leblond cc28d24e9a doc: install eBPF files in share directory 
Following proposal by Sascha Steinbiss, let's use /usr/share/suricata
to store the eBPF files.
 6 years ago
Eric Leblond 5366f80941 bypass: fix build on Windows 
For the sake of unittests, we need to build capture bypass so we
end up with a Windows build of flow bypass.
 6 years ago
Eric Leblond 3cf49ae868 doc: fix English and some typos 6 years ago
Eric Leblond 4be6701836 doc: pointer to bpfctrl 
As bpfctrl is currently the easiest way to manage pinned maps,
let's point to it. We will switch doc to suricatacl once support
has been added.
 6 years ago
Eric Leblond 8f1a7de791 doc: improve doc on compiling with eBPF support 6 years ago
Eric Leblond f1ab27b7cb doc: improve XDP cpu redirect documentation 6 years ago
Eric Leblond e0e3cc7cc2 ebpf: add tunnel aware load balancing 
This patch decapsulates GRE tunnel in xdp_lb
 6 years ago
Eric Leblond a536852526 ebpf: add XDP load balancing code 
This patch uses CPU redirect map to do load balancing. This is a
simplified version of xdp_filter that includes code for bypass.
 6 years ago
Eric Leblond 6d9ac64f7b doc: only balance by ip pair 
As there is some issue with defrag, let's recommend to only do
IP pair load-balacing for RSS
 6 years ago
Eric Leblond a1d3835b86 doc: document filter.bpf changes 
Also adds some info to explain maps.
 6 years ago
Eric Leblond 53a62953e9 bypass: introduce CAPTURE_OFFLOAD 
This define is used to remove reference to capture bypass in case
no capture method implementing this is active.

This patch also introduces CAPTURE_OFFLOAD_MANAGER that is defined
if we need the flow bypass manager code.
 6 years ago
Eric Leblond 094d28d40e flow-hash: generalize function 
THis patch generalizes the function to get a flow by its flowkey
by removing the call setting it to capture bypassed state.
 6 years ago
Eric Leblond 9f016f8ba1 ebpf: improve parsing in filter.bpf 
Parse VLAN and only filter on IPv4. This patch also change the type
of the counter to get a per CPU hash.
 6 years ago
Victor Julien 7384744c3e detect: fix FP on ICMP unreachable errors 
ICMP unreachable errors are linked to the flow they send an error for.
This would lead to the detection engine calling the TX inspection
engines on them.

The stream inspect engine would default to a match for non-UDP
and non-TCP as for ICMP we're not expected to use a TX inspect engine
for stream data.

This all would lead to a false positive match.

This patch fixes this by making sure the TX engines are not called if
the packet protocol and flow protocol are not the same.

Bug #2769.
 6 years ago
Jeff Lucovsky 240520a3cc main: fix typo in output 6 years ago
Jeff Lucovsky ef327ab194 stream/tcp: correct spelling typos 6 years ago
Victor Julien bc2267f131 stream/tcp: support TCP fast open 6 years ago
Victor Julien 8f8581beda decode/tcp: TCP fast open option decoding 
Support both regular TFO and TFO as part of the experimental
options support.
 6 years ago
Philippe Antoine c775a4af43 signature: fixes leak with duplicate signatures 6 years ago
Philippe Antoine 63deb8862f boyermoore: optimization with one alloc less 
Fixes #1220
 6 years ago
Philippe Antoine 5ff50773bd detectproto: adding missing probing parsers 
In direction TO_CLIENT for symetric protocols
 6 years ago
Eric Leblond cf98b0223e detect-geoip: add info for list keywords 6 years ago
Eric Leblond 08397e07f1 doc: fix typos in geoip doc 6 years ago
Eric Leblond 0d5608bab2 doc: fix display of icmp code and type array 6 years ago
Eric Leblond 0c84591afe doc: use a table to list direction filter in geoip 6 years ago
Eric Leblond c01cadbade doc: fix geoip syntax 
Spaces are not allowed before country code.
 6 years ago
Shivani Bhardwaj 9d6f1d318a unix/socket: Add rev date to version info 6 years ago
Vinjar Hillestad 4c18fee3c6 Documenting base64_decode and base64_content 
base64 doc changes based on #4027 pull feedback
 6 years ago
Hilko Bengen 36998ab4cd Add documentation for --with-clang parameter 6 years ago
Hilko Bengen f105bb724a ebpf: Use $(CLANG) to build eBPF programs 
This change makes it possible to generate the eBPF programs even if
Suricata itself is built a different C compiler. It also simplifies
how the correct llc program is detected.

Implements Feature https://redmine.openinfosecfoundation.org/issues/2789
 6 years ago
Hilko Bengen e3f00c3d30 configure: Introduce CLANG variable 6 years ago
Jeff Lucovsky be22b23d2e cleanup: eliminate warnings/errors with debug build on macos 6 years ago
Andreas Herz c0bddff078 userguide: remove old reference to rule-reload option 6 years ago
Shivani Bhardwaj 26bc0d6e1d src/detect: check DetectBufferSetActiveList return code 
Make sure to always check the return codes of DetectBufferSetActiveList.
Also, force this warning on function prototype.

Closes redmine ticket #3005.
 6 years ago
Philippe Antoine 15783fb322 signature: avoids overflow from VariableNameHash 6 years ago
Jeff Lucovsky 140bfd7b0c detect/analyzer: remove HAVE_LIBJANSSON cpp guards 6 years ago
Jeff Lucovsky 87bfce025d spelling: correct spelling typo 6 years ago
Jeff Lucovsky dcf5e247ca detect/analyzer: add support for http_content_type 6 years ago
Shivani Bhardwaj 6d39f6fd7d rust: Fix deprecation warnings 
Fix the following warnings by compiler,
(1) warning: use of deprecated item 'take_until_s': Please use `take_until` instead
(2) warning: `...` range patterns are deprecated

For the second warning, the builtin lint
"ellipsis_inclusive_range_pattern" has been added which causes the
following warning to show up with rustc 1.24.

warning: unknown lint: `ellipsis_inclusive_range_patterns`
  --> /home/travis/build/OISF/suricata/suricata-5.0.0-dev/rust/src/lib.rs:18:10
   |
18 | #![allow(ellipsis_inclusive_range_patterns)]
   |          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   |
   = note: #[warn(unknown_lints)] on by default

Since there is no other way to fix this, the above warning shall stay.
We need to take care of modifying this if and when the support for 1.24
as MSRV is dropped.
 6 years ago