aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,861 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1e65324940'
${ noResults }
Commit Graph

12861 Commits (1e653249400ec6217af6d3f153f774ec133d5357)
 

Author SHA1 Message Date
Jason Ish 1e65324940 smb: rules for messages in the wrong direction 3 years ago
Jason Ish 2341f47755 smb: handle records in the wrong direction 
If an SMB record is seen in the wrong direction, set an event on the PDU
frame and don't process the record in the state.

No error is returned, so the next record will be processed.
 3 years ago
Jason Ish 09e2d3b216 smb: expose smb1 request/reply flags with a method 
Adds `.is_request()` and `.is_reply()` to check if a SMB record flags
say the message is a request or a reply.
 3 years ago
Jason Ish 7b659489c8 smb: fix smb2 header flag parsing 
The bits were being parsed in the order they're displayed in Wireshark,
rather than the order they were being seen on the wire, resulting in
direction and async being 0 more often than they should be.

Instead of bits, take the 4 bytes as an le_u32 and just use bit masks to
extract what we need into a struct, I think its easier to reason about
this way when comparing to the Microsoft documentation.
 3 years ago
Philippe Antoine c3a220647b detect: only apply ConfigApplyTx with app-layers 
Ticket: 4972

Otherwise, it makes no sense to look for a tx...
 3 years ago
Juliana Fajardini e5838b8193 applayer/frame: remove output from GetFrame funcs 
As these functions can be probed, having output there results in
misleading output.
 3 years ago
Modupe Falodun 44208010db detect-dce-iface: remove unittests 
These tests are reimplemented in Suricata Verify

Task: 4911
 3 years ago
Victor Julien 935ea745f5 detect/iponly: add tests for 5168 3 years ago
Victor Julien 053b2b3b5b detect/address: minor unittest cleanup 3 years ago
Victor Julien 79b7b7a0dd detect/iponly: validate netmask 
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
 3 years ago
Victor Julien 259bd8aa92 detect/address: validate netmasks 
Only accept netmask in dotted quad notation if they can be turned
into a CIDR.

According to rfc 4632, CIDR (compat) netmasks are all that should be
used.

Bug: #5168.
 3 years ago
Victor Julien 4020e2faa7 detect/iponly: break out range insert code 
So we can reuse it.
 3 years ago
Victor Julien a67b97e14c util/cidr: add util to convert netmask to cidr 3 years ago
Philippe Antoine eb189e805a src: use u8_tolower everywhere 
Ticket: 4516

Instead of basic to_lower to get the cast to avoid warning
about integer

Sames goes for u8_toupper
 3 years ago
Philippe Antoine 3fd8e908f8 range: better closing for out of order ranges 
Ticket: 5132

In case of a duplicate range, we can return early, because
there is no new data to process.

More importantly, this commit adds a check about wether the file
got closed meanwhile, so that this just completed out of order
range, even if it brings new data, is now irrelevant.
This can happen for instance if there was a gap...
 3 years ago
Philippe Antoine bfcd6cb46a range: validity check when end is bigger than size 
Ticket: 5132

Down the line, HttpRangeOpenFileAux assumes the range has a
valid value when doing buflen = end - start + 1;
 3 years ago
Modupe Falodun 14b21de306 detect-dnp3: remove dnp3_data unittests 
These tests are reimplemented in Suricata-Verify

Task: 4911
 3 years ago
Philippe Antoine ae6c416972 util/mime: fix integer warnings 
Ticket: 4516
 3 years ago
Victor Julien ec01a94a5f detect: minor debug fixup 3 years ago
Victor Julien b7526bf4e6 decode/vntag: don't leak memory in tests 3 years ago
Victor Julien 0437ca61ff unittests: clean up packet clear logic 3 years ago
Victor Julien f07d5b2d89 decode: release refs from PacketFree 
Mostly helps unittests.
 3 years ago
Victor Julien 49a36bb323 detect/iprep: fix host locking issues 
Separate the code paths between reusing a Packet stored host reference
and fetching a new reference from the host hash.

This addresses the issue where in some conditions use_cnt could get
desync'd.

Bug: #2802.
 3 years ago
Victor Julien 172d2b28a5 iprep: unify free handling 
Introduce a new util function to free a Hosts iprep code. It also
handles the Host use_cnt decrement.

This change makes sure we also decrement the use_cnt when cleaning
up when shutting down the host table.

Move the BUG_ON check for use_cnt into the HostClearMemory() func
to check it in more cases.
 3 years ago
Philippe Antoine a6a6f6d538 bytejump: fix ubsan warning 
Instead of checking the offset, we checked the pointer after
adding the offset ot it...
 3 years ago
Jeff Lucovsky 4f2f745bed detect/ipproto: Use builtin protocol table 
Issue 5072

This commit causes the built-in protocol table to be used for protocol
name and number validation.
 3 years ago
Jeff Lucovsky 3bd1d258a9 detect/tests: Register protoname tests 
Issue: 5072

This commit registers the proto-name unit tests.
 3 years ago
Jeff Lucovsky b524967257 detect/ipproto: Add init/release functions 
Issue: 5072

This commit insures that the protocol name hashtables are initialized
and released.
 3 years ago
Jeff Lucovsky ff0cf89738 util/proto: Protocol-name functions 
Issue: 5072

This commit adds utility functions handling protocol names.
 3 years ago
Jeff Lucovsky 1e2883602b error/hash: Add error code for hash add failures 
Issue: 5072
 3 years ago
Andreas Dolp d4144c04cd Doc: Fix typo in documentation of suricata.yaml. 3 years ago
Juliana Fajardini d38e294a43 build-info: add info about fuzztargets 
We were missing that information from the Development information
 3 years ago
Shivani Bhardwaj 015c9fe1e3 doc: add usage of flowbits OR op 
Ticket 5130
 3 years ago
Juliana Fajardini 6c616d84b1 devguide: clarify style guide for getframe funcs 
As the GetFrameIdByName can be probed, we must warn developers not to
leave any output in them, or misleading messages could be printed.

Task #5129
 3 years ago
Jeff Lucovsky 6232c94235 threads: Honor per-thread stack size setting 
Issue: 4550

This commit adjusts the per-thread stack size if a size has been
configured. If the setting has not been configured, the default
per-thread stack size provided by the runtime mechanisms are used.
 3 years ago
Jeff Lucovsky e4d60f451b config/thread: Use config'd per-thread stack size 
Issue: 4550

This commit checks if there's a config setting for threading.stack-size
and assigns the value to a global variable for use during thread
creation.
 3 years ago
Jeff Lucovsky d79a317cea suricata.yaml: Add per-thread stack size setting 
Issue: 4550
 3 years ago
Jeff Lucovsky deb49862cd config/debug: Debug probe for getattr_np 
This commit adds a probe for a non-portable function to be used in
diagnostic debug display of a thread's stack size.
 3 years ago
Jeff Lucovsky 117e11b0ae doc: Describe per-thread stack size config setting 
Issue: 4550

This commit documents the new per-thread stack-size setting. Some
systems have a small default value that is not suitable for Suricata's
multi-threaded architecture and adjustment may be required.
 3 years ago
Victor Julien 07b1100713 nfs: clean up partial record handling 
There should be no remaining data after parsing the partial
RPC record, so don't handle it but instead add a debug validation
bug on.

Successful processing for NFSv3 read/write records returns
AppLayerResult::ok() directly as all data is consumed.
 3 years ago
Victor Julien d85b77cad0 nfs3: improve read validation; fix partial handling 3 years ago
Victor Julien 4418fc1b02 nfs3: fix partial write record handling 3 years ago
Victor Julien 5baf94e40d nfs3: enforce more values 
Enforce values of a number of u32's that are used as bools or for
really low values.
 3 years ago
Victor Julien 1c57e3c18d rpc: enforce various field values 
Minimal frag_len. Correct msgtype and others.
 3 years ago
Victor Julien 64d8a1e16e nfs/rpc: update full record parsers to be more exact 
Instead of 'take'ing all data for the RPC prog_data and then
letting the higher level parsers figure out which part to use
take the exact amount.
 3 years ago
Victor Julien bfb5ae867e nfs: break out partial record handling 3 years ago
Victor Julien fe76ab1803 nfs/rpc: enforce length field limits 
Limits based on the Linux kernel limits. Then multiplied a few times
to allow for other implementations to have higher limits.
 3 years ago
Victor Julien 5ecb626e50 nfs4: verify bool fields 3 years ago
Victor Julien a0c0471f1f output: fix timestamp missing usecs 
On ARM 32bit with Musl `tv_usecs` is defined as `int64_t` which lead to
CreateIsoTimeString() printing all zeros on the usecs. Work around this
by first assigning to a `int64_t` and then updating the expected format
string to accept `int64_t`.

Bug: #5094.
 3 years ago
Jason Ish b1c09369af rust/derive: pin proc-macro-crate to v1.1.0. 
The just released proc-macro-crate v1.1.2 requires at least Rust 1.53.
Pin to the previous release for now.
 3 years ago