aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,537 Commits
8 Branches
165 Tags
223 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2d16abcf8b'
${ noResults }
Commit Graph

2402 Commits (2d16abcf8bf379e0177d520ac89b19799ed177ef)

Author SHA1 Message Date
Eric Leblond b5a3e737c9 doc: comment link between Flow and application layer. 14 years ago
Eric Leblond b055a21d63 doc: create doxygen group for state detection. 14 years ago
Eric Leblond 0468dbd575 doc: doxygenise some comments. 14 years ago
Eric Leblond a64eea9628 Fix minor error message. 14 years ago
Eric Leblond 92d74fd480 doc: Add missing params in func description. 14 years ago
Eric Leblond fdfa85de37 Add comment to describe file content. 
The name of the file is not really explicit. This patch adds doxygen
to have an easy to use description in the generated documentation.
 14 years ago
Eric Leblond 830ca7c2c8 source-nfq: suppress insecable space. 
This patch supresses an insecable space and fixes an
indentation.
 14 years ago
Eric Leblond 01beefc1c9 pfring: improve error handling 
Treat TmThreadsSlotProcessPkt return.
 14 years ago
Eric Leblond 0d7f25580d pcap: improve error handling. 
Treat TmThreadsSlotProcessPkt return.
 14 years ago
Eric Leblond c469824bed af-packet: improve error handling 
The return of TmThreadsSlotProcessPkt function was not handled.
 14 years ago
Victor Julien 9ac51900f6 Fix broken macro call. 14 years ago
Eric Leblond 4071d3cf57 PACKET_INITIALIZE is enough for packet init. 14 years ago
Eric Leblond d296223ffe cuda: Suppress sprintf usage. 14 years ago
Eric Leblond 6bf15bac31 Fix various packet access. 
The coccinelle based tests have detected invalid uses of access to
Packet data. This patch fixes the detected problems.
 14 years ago
Eric Leblond eef3e28b17 invalid use of strncat. 
sltrlcat must be used instead.
 14 years ago
Eric Leblond 2be09b0c86 Fix Defrag unit test. 
This patch fixes the unittest for IPV4 defrag. The direct usage
of the pkt pointer in the Packet structure is not allowed. This
is fixed by using PacketCopyData function.
This modification was requiring some other fixes, like using
memcmp to compare data instead of an iteration on pkt pointer.
 14 years ago
Eric Leblond 324986694a decode: improve and fix comments. 14 years ago
Eric Leblond 24f15fa321 Don't warn about non enable non existing output module 
This patch modifies output module loading to only trigger alert
message for non existing modules when they are loaded. It also
warn about unified1 removal.
 14 years ago
Eric Leblond 3944357058 Remove unified related enum. 
This patch removes the enum related to unified1 output.
 14 years ago
Eric Leblond 391d813c82 Remove unified1 output module. 14 years ago
Victor Julien 047fcd6ade Add missing case sensitive to insensitive conversions for http_header, http_raw_header, http_method, http_cookie and http_raw_uri with 'nocase' set. 14 years ago
Victor Julien bde55578d6 Override HTP IDS personality normalizing the query string to lowercase. Bug #362. 14 years ago
Victor Julien 7ef34b7bcc Exlcude DSIZE LT case from setting the 'need payload' mask bit as it can include 0, which means no payload. 14 years ago
Victor Julien 09b5dca343 Consider signatures with the flags keyword to be packet inspecting only, not stream. 14 years ago
Victor Julien 30d84ab20d Unlock flow in StreamTcpSegmentForEach if there is no TCP session. 14 years ago
Eric Leblond 9aeadd5696 prelude: suppress unused variable. 14 years ago
Eric Leblond db17f3de6c prelude: add stream segment dump 
This patch should fix #355.
 14 years ago
Eric Leblond 2073b9db0c debuglog: uses state selection system. 14 years ago
Eric Leblond 1596241687 debuglog: fix segment logging. 
StreamSegmentForEach returns the number of segments or < 0 in case
of error. This patch synchronizes debuglog output module with this
behaviour.
 14 years ago
Victor Julien 3644e90a2c Don't set higher transaction id's in HTTP sessions than we have. 14 years ago
Victor Julien 67cea09911 Handle failing thread modules that are called by the Pcap file callback. 14 years ago
Victor Julien bfff14aa78 Improve error detection in the port and address parsing in signatures. Bug #295. 14 years ago
Anoop Saldanha ba6bada155 change rev field in Signature to u32 and use strotoul to extract the value. Cleanup some dead code/comments 14 years ago
Anoop Saldanha ed3b44b3b5 fix parsing content keywords. We are more strict now. All content keywords need to be enclosed in double quotes. Better validation for sid, priority and rev keywords 14 years ago
Victor Julien 18da4a8b73 Add missing cuda header file causing 'make distcheck' to fail. 14 years ago
Victor Julien c0bc83458c Bump version to 1.1beta3. 14 years ago
Eric Leblond 89c38b0ced prelude: fix compilation 
PrintInet was used without inclusion of 'util-print.h'. This was
causing a compilation failure.
 14 years ago
Victor Julien 39edb23ac4 Support stream.inline mode in unified2 tcp segments logging. 14 years ago
Victor Julien 2e2e80b812 Add packet alert flag to indicate a match happened (partly) in the app layer state. Make unified2 use this flag. 14 years ago
Eric Leblond 128261cb97 unified2: Fix event_id computation 
This patch fixes event_id computation which was not incremented
for each alert.
 14 years ago
Eric Leblond b3023643ec unified2: fix multiple alerts case 14 years ago
Eric Leblond 7fd1e9cacc unified2: synchronize IPv4 and IPv6 code 
IPv6 code was missing some points.
 14 years ago
Eric Leblond 839b0d9bfe unified2: switch to event->packet->packet mode. 
Attach multiple packets to an event instead of using one
event data per packet. This is currrently unsupported by
reporting frontend but at least we don't have multiple
alerts.
 14 years ago
Eric Leblond 316f2d7289 unified2: segment callback log raw packet. 
As we don't have any trustable information about the ethernet
header, we can simply log RAW packet to avoid to confuse the
analyst.
 14 years ago
Eric Leblond a03a402b83 unified2: set datalink to correct value. 
The value of datalink could have been modified if the logging
of segment was attempted. This patch restore it to a correct value.
 14 years ago
Eric Leblond 50ddd2df43 Restore old barnyard2 support. 
Some old version of barnyard2 were needing a workaround in the
packet header building. THis patch introduces a enable-old-barnyard2
configure flag which can be used to restore this behaviour.
 14 years ago
Eric Leblond 2f24987f15 unified2: improve packet logging logic. 
This patch improves packet logging logic and fix some place
regarding alert generation (event_id, ethernet header).
 14 years ago
Eric Leblond 628bfcc1b9 stream: Change return of StreamSegmentForEach 
The function now returns the number of segment where the callback
has ben runned successfully.
 14 years ago
Victor Julien c672bdd863 Improve atomic operation support detection. Fixes #342. 14 years ago
Anoop Saldanha 0edf053f31 if app layer inspection is disabled, immediately set the eof flag 14 years ago
Anoop Saldanha fe11e02f58 fix inspect id update bug. This should prevent unnecessary FPs for pipelined requests 14 years ago
Anoop Saldanha 4e44073c79 http logging module should log all txs in the list and not just the last complete tx available on EOF 14 years ago
Anoop Saldanha c13ad8c28a Provide a function to set the app layer tx eof flag. Use this in FFR code instead of diretly setting the flag. This cleans up the API as well 14 years ago
Anoop Saldanha b406af451b updates to http tx id vars. FFR now flags the app layer session for EOF when creating a pseudo packet for a flow 14 years ago
Anoop Saldanha 67be07bf15 fix threading issue in debug log. locked mutex isn't freed before returning. fixed 14 years ago
Anoop Saldanha d23e775ae2 fix threading bug. Main thread's restart TV code waiting on a failed TV. Now main thread sets the de_init flag before waiting on the failed thread. Thanks to Eric Leblond for reporting it 14 years ago
Anoop Saldanha 737122663c IPProto now doesn't accept sigs, which has both < and >, with < value being less than > value. Update affected unittests to reflect the change 14 years ago
Anoop Saldanha dae099893b more unittests for ipproto with multiple nots + some fixes 14 years ago
Anoop Saldanha 9887084370 support multiple ipprotos in the same sig + unittest 14 years ago
Anoop Saldanha a781fb9884 rewrite all ipproto keyword tests 14 years ago
Anoop Saldanha 8033a262a7 cleanup ipproto code 14 years ago
Anoop Saldanha caf450d325 fix ipproto keyword negation case - bug #340 14 years ago
Eric Leblond 79c329f81b alert-unified2: logging of stream segments. 
This patch adds the logging of stream segments. Among other
modifications, it uses a wrapper to fwrite to permit to update
file statistics in an automated manner. Some memcpy have also
been avoided by using pointer to the data.
 14 years ago
Eric Leblond 2fa837bcec alert-debuglog: Add logging of stream segments. 
This patch introduces logging of the stream segments in case of
a signature match on application layer.
 14 years ago
Eric Leblond 4f0cdf28a3 Introduce StreamSegmentForEach function 
This patch introduces a function called StreamMsgForEach which
can be used to run a callback on all segments of a stream. This
is currently only supported for TCP as this is the only streaming
aware protocol.
 14 years ago
Anoop Saldanha d68775d47d introduce bitmasks instead of alproto_masks for use by the probing parser. Remove all alproto_masks we had previouslys for PP 14 years ago
Victor Julien f5ef842752 Implement a counter for TCP packets with invalid checksums: tcp.invalid_checksum. Bug #311. 14 years ago
Anoop Saldanha d3989e7cee probing parser updated to always accept u32 buflens. Update all probing parser functions to accomodate this change 14 years ago
Anoop Saldanha 80d80000bb fix probing parser flag usage during protocol detection 14 years ago
Anoop Saldanha 432c3317d2 app layer probing parser updates 14 years ago
Anoop Saldanha d68f182ebd introduce SCPerfSyncCounters/SCPerfSyncCounters macro to synchronize counters 14 years ago
Anoop Saldanha f7b1972263 update broken stats.log. Use pktacqloop funcs in pcap-file, pfring, pcap-live, af-pkt to sync counters - bug #343 14 years ago
Victor Julien a1f68bf411 Fix detection engine informational message misrepresenting decoder only signatures. 14 years ago
Eric Leblond abddbe1c91 unitest helper: Fix copy of packet data. 
The copy of packet data was causing a memory corruption causing
weird crash.
 14 years ago
Victor Julien 7beb5cdf58 Add util-optimize.h to suricata-common.h so all code can use it. 14 years ago
Eric Leblond db42981a3d Fix suricata start when no interface is given. 
When no interface was specified on command line, the workers and
single mode where not able to start due to the fact there was no
registered interfaces.
 14 years ago
Eric Leblond 9aabf94c9f Suppress useless parameter in function 
ConfigParser is called in the parent function and it is thus not
necessary to send it to the per device function.
 14 years ago
Eric Leblond 58d7cb20eb pcap-info: fix compilation warning. 14 years ago
Eric Leblond 27f1d88374 Add pcap-info alert format. 
This patch adds a new alert format called pcap-info. It aims at
providing an easy to parse one-line per-alert format containing
the packet id in the parsed pcap for each alert. This permit to
add information inside the pcap parser.

This format is made to be used with suriwire which is a plugin for
wireshark. Its target is to enable the display of suricata results
inside wireshark.

This format doesn't use append mode per default because a clean file
is needed to operate with wireshark.

The format is a list of values separated by ':':
  Packet number:GID of matching signature:SID of signature:REV of signature:Flow:To Server:To Client:0:0:Message of signature
The two zero are not yet used values. Candidate for usage is the
part of the packet that matched the signature.
 14 years ago
Eric Leblond 1d1e7667ae util-runmode: rename mod_threads_conf to ModThreadsCount. 14 years ago
Eric Leblond 625a1e070f runmode: suppress printf 
This patch replaces printf by called to SCLogErroc.
 14 years ago
Eric Leblond 2596d3bcdd runmode: treat SCStrdup error. 14 years ago
Eric Leblond beaa909eb8 Add "workers" runmode. 
Previous commits have considerabily empowered the "single" mode which
could contain multiple threads. This behaviour was not a target for
this runmode and the following patch remedies to the situation by
introducing the "workers" mode where each thread do all the tasks
from acquisition to logging. This runmode is currently implemented
for af-packet and pf-ring.
 14 years ago
Eric Leblond 788fa1e5a1 pfring: Fix typo in help. 14 years ago
Eric Leblond 730a86e6b8 pfring: fix warning 
When PF_RING is disable this function is unused and thus trigger a
warning at compilation.
 14 years ago
Eric Leblond 3f75b10f79 Suppress useless code. 
This code was making a warning for some time now. This patch kills
it.
 14 years ago
Eric Leblond 45d5c3ca59 runmode: introduce configuration dereferencing. 
A devide configuration can be used by multiple threads. It is thus
necessary to wait that all threads stop using the configuration before
freeing it. This patch introduces an atomic counter and a free function
which has to be called by each thread when it will not use anymore
the structure. If the configuration is not used anymore, it is freed
by the free function.
 14 years ago
Eric Leblond 3261b814db Make SC_ATOMIC_[SUB|ADD] return result value 
This patch modifies the SC_ATOMIC_[SUB|ADD] to have them return
the value of the result. This permit to write test based on return
of the macro.
 14 years ago
Eric Leblond d3d99ffa13 Fix coding style and use SC* function. 
This patch fixes the coding style and uses Suricata function instead
of plain lic version.
 14 years ago
Eric Leblond f998fda4dd pfring: factorize iface and parser initialisation. 14 years ago
Eric Leblond cc7b80437a pfring: should not call free 14 years ago
Eric Leblond 93cf2b1690 pfring: add single mode. 14 years ago
Eric Leblond 77869a2df8 single runmode: add support for multiple capture threads 14 years ago
Eric Leblond c75fffe92d Improve help message 
Usage of command line has evolved with the introduction of long option.
This patch updates the description of the related options.
 14 years ago
Eric Leblond dc075a74a2 pcap: add --pcap option 
This patch adds a --pcap option which can be used to select or
an interface if an argument is provided or the interfaces defined
in the configuration file.
 14 years ago
Eric Leblond b2c281920f af-packet: should not call free 14 years ago
Eric Leblond 1aab2470db af-packet: factorise single mode. 14 years ago
Eric Leblond 63d614162c pcap: should not call free 14 years ago
Eric Leblond 491686c33e pcap: factorise single mode. 14 years ago
Eric Leblond abe99ee5f6 runmode: add factorisation function for single mode. 14 years ago