aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,143 Commits
8 Branches
165 Tags
231 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1d59324a68'
${ noResults }
Commit Graph

2953 Commits (1d59324a68695f3e591645b8f658ca74d6242c38)

Author SHA1 Message Date
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message 
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 14 years ago
Pierre Chifflier f77fcdb3e8 Add ASN.1 parser for X509 certificates (in DER format) 
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 14 years ago
Victor Julien 0b3f6c464a Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config. 14 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 14 years ago
Anoop Saldanha 7511fa67cd Add BUG_ON to avoid overruning AppLayerDetectDirection map array 14 years ago
Eileen Donlon 9376967e65 reject rules with duplicate content modifiers 
reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.
 14 years ago
Eileen Donlon 0bb4ff34b8 added null checks for init_hash to all ac mpms 14 years ago
Eileen Donlon 617edf469c reject http_client_body with inconsistent flow dir 
reject http_client_body with flow: to_client or from_server
 14 years ago
Victor Julien feff6f7705 Clean up error message. 14 years ago
Eileen Donlon 85c364da09 disallow-use-of-configuration-file-with-unittests 14 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling 
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
 14 years ago
Victor Julien 41e9dba20b Profile pcap file callback. 14 years ago
Victor Julien ff8755af5c Make sure stream debug code is only used in debug mode. 14 years ago
Victor Julien 9696902b68 Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained. 14 years ago
Victor Julien e581ec7dff Fix 2 compilation issues. 14 years ago
Victor Julien c0a2cbd478 Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling. 14 years ago
Victor Julien a05df345de Introduce host table, make tag use it 
Add a host table similar to the flow table. A hash using fine grained
locking. Flow manager for now takes care of book keeping / garbage
collecting.

Tag subsystem now uses this for host based tagging instead of the
global tag hash table. Because the latter used a global lock and the
new code uses very fine grained locking this patch should improve
scalability.
 14 years ago
Victor Julien db24258acf Undo changes from 88b8f15663. Atomic stack implementation had a-b-a problem. 14 years ago
Victor Julien 88b8f15663 Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code. 14 years ago
Victor Julien 979edf0b97 Add way to profile mutex/spin locks per thread module. 14 years ago
Victor Julien fddaca6e8b Implement stream memcap enforcements using atomics instead of spinlocked counters. 14 years ago
Victor Julien d72b82fae0 Misc fixes. 14 years ago
Victor Julien 8448333bdd Remove trailing zero's from some counters output. 14 years ago
Victor Julien 0150e66ede flow engine: improve scalability 
Major redesign of the flow engine. Remove the flow queues that turned
out to be major choke points when using many threads. Flow manager now
walks the hash table directly. Simplify the way we get a new flow in
case of emergency.
 14 years ago
Victor Julien da5087a0c0 Fix broken unittest. 14 years ago
Eileen Donlon aae7ea5e67 add null checks to fix bugs in StreamTcpTest23 14 years ago
Eileen Donlon 1a46d7a53a fix more invalid content unittests 
fix invalid unittests with mixed relative and non-relative content modifiers and other issues; DetectContentParse19 still contains some failing dce_stub tests which are commented out.
 14 years ago
Eileen Donlon 9b2bd9280a fix invalid unittests with mixed content modifiers 
Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.
 14 years ago
Eileen Donlon 0bcbd23343 reject mixed relative and non-relative keywords 
reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)
 14 years ago
Eileen Donlon 0b09416a48 reject invalid combinations of pcre modifiers 
don't allow /B with normalized buffers, and don't mix modifiers for normalized and raw buffers
 14 years ago
Victor Julien 8350fdd9be Do not assume the include dir for nss to be nss. On F16 it's nss3. 14 years ago
Victor Julien 705417434b Fix json output typo. 14 years ago
Victor Julien fe9258f0fb Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness. 14 years ago
Victor Julien 6019ae3dcb Fix minor memleak in case af-packet init fails. 14 years ago
Victor Julien 385f1dcd25 Fix UTHBuildFlow setup using wrong address. 14 years ago
Victor Julien e3935a2af2 Improve http filename parsing. 14 years ago
Victor Julien e237841a8e Fix compilation with profiling enabled. Minor unittest fixes. 14 years ago
Victor Julien de5c1d1491 Fix minor fgetc issue. 14 years ago
Victor Julien 0d6f33a15b Move PACKET_RECYCLE outside of flow lock in FlowForceReassemblyForQ as it confuses static code checkers. 14 years ago
Victor Julien e21d8cdf01 file extract: improve multipart parsing and set events on some error conditions. 14 years ago
Victor Julien bfb3f1b7cf flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic. 14 years ago
Victor Julien 372ab9c433 Another batch of minor fixed for issues found by Coverity. 14 years ago
Victor Julien 11bdf4838f Various improvements to error handling found by Coverity. 14 years ago
Anoop Saldanha d6af843860 code cleanup 14 years ago
Victor Julien cdba2f50d1 Various fixes and improvements based on feedback by Coverity analyzer. 14 years ago
Victor Julien 4b2d94a841 Add line number to warning about mangled yaml parameters. Limit number of warnings to 10. 14 years ago
Nikolay Denev fb05edeeee Convert underscores to dashes in thread affinity type names. 14 years ago
Nikolay Denev 7fce226bb8 Fix some warning message still using underscored config vars. 14 years ago
Nikolay Denev 139768dd58 Do not use underscored config vars internally. 14 years ago
Nikolay Denev 6819ec8b54 Remove the underscored "sguil_base_dir" compatibility option. 14 years ago
Nikolay Denev 32e898f2e3 Convert config entries using underscores to dashes and emit deprecation warnings. 14 years ago
Victor Julien 2197f1a625 file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records. 14 years ago
Victor Julien 8b1333a277 Add more flow lock assertions to the debug validation code. 14 years ago
Victor Julien 5ba41c7890 Fix locking error in filestore handling. Add debug validate check for asserting a flow is locked. 14 years ago
Victor Julien 28d88746e4 Fix compiler warning and silence complaining unittests. 14 years ago
Victor Julien 860971eca0 Misc afpacket changes. 14 years ago
Victor Julien 8e48a2edfd Fix NULL dereference in PacketPatternSearchWithStreamCtx code. 14 years ago
Eric Leblond 34b3f19465 af-packet: Implement zero copy 
This patch adds support for zero copy to AF_PACKET running mode.
This requires to use the 'worker' mode which is the only one where
the threading architecture is simple enough to permit this without
heavy modification.
 14 years ago
Eric Leblond 3593cb051e decode: add PacketSetData funtion 
This patch adds a function which can be used to set the payload
of a packet when a zero copy mode is used.
 14 years ago
Eric Leblond 49b7b00fcf af-packet: mmap support 
This patch adds mmap support for af-packet. Suricata now makes
use of the ring buffer feature of AF_PACKET if 'use-mmap' variable
is set to yes on an interface.
 14 years ago
Victor Julien 3702a33ae9 file-inspection: support POST requests that do not use multipart. 14 years ago
Victor Julien 64827e3864 file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests. 14 years ago
Victor Julien 6585cb89d3 Fix UtilMiscParseSizeStringTest01 unittest on 32 bit. 14 years ago
Anoop Saldanha 35435f3284 All http_http_stat_code modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_CODE. Also remove dummy match/free functions for stat code and stat msg 14 years ago
Anoop Saldanha 507e1b66e0 All http_http_stat_msg modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_MSG 14 years ago
Anoop Saldanha 059ee217ff All http_http_raw_uri modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_URI 14 years ago
Anoop Saldanha b1a0d35106 All http_http_cookie modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_COOKIE 14 years ago
Anoop Saldanha 49bdad9345 All http_http_method modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_METHOD 14 years ago
Anoop Saldanha 97d8fc9cba All http_http_raw_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_HEADER 14 years ago
Anoop Saldanha 97308674ee All http_http_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_HEADER 14 years ago
Anoop Saldanha 1acb7cdc7d All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY 14 years ago
Anoop Saldanha a5b46e727c All http_client_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_CLIENT_BODY 14 years ago
Anoop Saldanha 4810ee9c5f All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns 14 years ago
Anoop Saldanha 93d7a6e671 code cleanup. Remove unused functions 14 years ago
Anoop Saldanha eb07c345b8 code cleanup - replace SigMatchAppendThreshold with SigMatchAppendSMToList 14 years ago
Anoop Saldanha dd7e710f35 code cleanup - replace SigMatchAppendPostMatch with SigMatchAppendSMToList 14 years ago
Anoop Saldanha a4638fb0ad code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList 14 years ago
Anoop Saldanha ff38d42bf1 code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList 14 years ago
Anoop Saldanha ac68c3f893 code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha 6cab663bf0 code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha c4cb37b8da code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList 14 years ago
Anoop Saldanha c9af50ea0c code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList 14 years ago
Anoop Saldanha bbb9f35f26 code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists 14 years ago
Anoop Saldanha ab35b98f76 code cleanup - remove DetectContentGetLastPattern. Replace it with SigMatchGetLastSMFromLists 14 years ago
Anoop Saldanha d85ab5ab1f code cleanup - remove DetectContentFindNextApplicableSM 14 years ago
Anoop Saldanha 802350f65a code cleanup - remove DetectContentHasPrevSMPattern 14 years ago
Anoop Saldanha 9652c3672d code cleanup - remove SigMatchGetLastPattern 14 years ago
Anoop Saldanha e851804c92 code cleanup - remove DetectUricontentGetLastPattern 14 years ago
Anoop Saldanha dcb2afb02f Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type 14 years ago
Anoop Saldanha 83d9439877 DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent 14 years ago
Victor Julien 154af56b45 Add a print function specially for json output that escapes all characters json requires to be escaped. 14 years ago
Victor Julien 740ee3e7ab Add referer header to .meta and json file logs. 14 years ago
Victor Julien 337f7861a4 Make sure that if not built against libnss, we still compile. Only no md5 for you then\! 14 years ago
Victor Julien 6752ccae2a Add line based log file to log-file module that logs each stored file's meta data in json records. 14 years ago
Victor Julien 12e8ce6545 In PrintRawUriFp, consider " unprintable. 14 years ago
Victor Julien 69b3df96fb Initial on the fly MD5 calculation for extracted files using libnss. 14 years ago
Anoop Saldanha 2f7717a1a7 delete detect-recursive.[ch] 14 years ago
Anoop Saldanha e682796d03 feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it 14 years ago
Anoop Saldanha 603d4a719a remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine 14 years ago
Anoop Saldanha d1d5507679 remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy 14 years ago
Anoop Saldanha 35f1f7e8d9 unify payload detection engines + fix other bugs in pcre init 14 years ago
Anoop Saldanha 9287cce674 raw urilen inspection moves to raw uri list. Won't make any difference wrt inspection 14 years ago
Anoop Saldanha 0677190960 rebase commit for hscd and hsmd patches 14 years ago
Anoop Saldanha 22b1f5b22b fix seg fault due to wrong sm list access in hscd 14 years ago
Anoop Saldanha 2e2398147c fast pattern unittests added for http server body 14 years ago
Anoop Saldanha 09313cf9bd Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S 14 years ago
Anoop Saldanha 2007c2711c Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword 14 years ago
Victor Julien 9dc153c8f4 Fix path handling for including rule files on win32. 14 years ago
Victor Julien 489b8b8bcc Allow other yaml files to be included in the main yaml. 14 years ago
Victor Julien adb5d05fb5 Fix a FP with negated filemagic inspection. 14 years ago
Victor Julien 0b9038b971 Add atomics to ticks unittests. 14 years ago
Victor Julien f77c475c85 Minor layout fixes. 14 years ago
Victor Julien e1a309a6b2 Napatech code formatting fixes. 14 years ago
Victor Julien 95a5bebb6a Fix compilation without napatech tech support enabled. 14 years ago
Victor Julien 1d9f6ff8f2 Initial Napatech support by Randy Caldejon / nPulse. 14 years ago
Anoop Saldanha 60553f3753 fix compilation error for the new http response header mpm feature 14 years ago
Anoop Saldanha 716afac5a2 fix debug messages that have references to the old mpm contexts 14 years ago
Anoop Saldanha 9a665e035b code cleanup over last 2 commits 14 years ago
Anoop Saldanha 55c4e419fd if a signature is non-tcp, it's always a packet sig 14 years ago
Anoop Saldanha 419cdc8558 support splitting mpm ctxs based on direction v2 14 years ago
Anoop Saldanha 0a91d824bf Fix bug in ac-bs search function 14 years ago
Anoop Saldanha db859cc56e treate ac-bs auto as single context 14 years ago
Anoop Saldanha 199288309d Support for new MPM ac-bs added 14 years ago
Victor Julien e244934566 Disable unittest that fails without libnet support. 14 years ago
Anoop Saldanha c2d47718c1 bug #411 - fix failing unittest 14 years ago
Anoop Saldanha 6556b4c62b bug #411 - don't modify within/distance at setup time 14 years ago
Anoop Saldanha 37329f85d4 bug #412 - rebase commit. Remove the previous references to SigInitReal() with SigInit() 14 years ago
Anoop Saldanha 3b5d95547d bug #412 - Remove the commented out SigInitReal() 14 years ago
Anoop Saldanha 6cbd3a1046 bug #412 - Unify SigInit() and SigInitReal(). Remove any use of SigInitReal() 14 years ago
Anoop Saldanha acccf3a5a5 Add function declaration for SigInitReal 14 years ago
Anoop Saldanha 88ad3691d1 bug #405 - fix bug where raw uri inspection sigs were not treated as stateful sigs 14 years ago
Anoop Saldanha 0b43f2a5fd Use SigInitReal() instead of SigInit() in raw uri tests. This should show that we have unittests failing, thus highlighting bug 411. The next commit is the fix for this bug 14 years ago
Victor Julien 6aa0ad1c5f Remove unused definitions in pcre code. 14 years ago
Victor Julien bb6f93e675 Fix unittest missing a flow direction in the rule. 14 years ago
Eileen Donlon 39b8cc2f8b fixed relative handling for pcre cookie and method 14 years ago
Eileen Donlon d55fef2d75 Cleaned up some error messages for detect distance and offset. 14 years ago
Victor Julien b16a71020d Make 'make check' happy in a ipproto unittest. 14 years ago
Anoop Saldanha 5b3c8566dd bug #403 - add unittests 14 years ago
Anoop Saldanha a19a249230 Set the packet protocol only if it can parsed without error 14 years ago
Anoop Saldanha 2fa55a86fa Fix csum validation functions to not carry out csum calculation if respective headers are not present 14 years ago
Anoop Saldanha b8997b415c bug #403 - fix setting ip proto for ipv6 packets 14 years ago
Anoop Saldanha 87c2dae010 bug #403 - fix setting ip proto for packets 14 years ago
Victor Julien 18d458870f 1.3 branch has opened 14 years ago
Victor Julien 706b046966 Convert missing coredump config to debug. 14 years ago
Victor Julien 2d9449d060 Make code default for pcre match limit match the suricata.yaml default. 14 years ago
Victor Julien c8c4a76dc6 Move threshold to it's own sig match list. 14 years ago
Victor Julien 0983f1d0a6 Only force a pseudo packet inspection cycle for TCP streams in a state >= established. 14 years ago
Victor Julien eba3cecc5d Fix unified2 records generated based on reassembled stream data. 14 years ago
Victor Julien 93d121bf21 Update app layer events for HTTP now that libhtp has fixes for some response errors. 14 years ago
Victor Julien 87e6be610a Issue warning if libhtp version used is not up to date. 14 years ago