aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,613 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2fbb28ece6'
${ noResults }
Commit Graph

3613 Commits (2fbb28ece62c8e9a29bdd4e1665a62ece315fd42)
 

Author SHA1 Message Date
Eric Leblond 2fbb28ece6 build: error on implicit function declaration 
This patch modifies gcc options to error in case of implicit
declaration. Bug #612 has shown this kind of bugs can be very
costly.
 13 years ago
Eric Leblond 4542cd0eec ipfw: suppress non loop receive function 13 years ago
Eric Leblond e3a38810b6 nfq: suppress non loop receive function 13 years ago
Victor Julien 966c731e73 flow: fix crash when flow engine under extreme stress, and unable to force free any existing flow 13 years ago
Victor Julien 76f0838a9f libhtp: harden code against malloc failures. Bug #587. 13 years ago
Victor Julien da7f1d22cc http: don't assume http tx to have header alloc'd. Can happen in OOM conditions. Bug #587. 13 years ago
Victor Julien 18ecd4b287 Don't use SCStrdup in SCLogMessage as we call it on OOM condition, leading to endless recursion. SCStrdup failure calling SCLogMessage... 13 years ago
Victor Julien 70bc9e2494 filestore: fix logic flag in continued stateful detection 13 years ago
Eric Leblond 8957113550 pf-ring: fix build 13 years ago
Victor Julien d386606b80 Remove pcre jit warning. Bug #579. 13 years ago
Eric Leblond d3195b0f70 pf_ring: don't set cluster for DNA interface. 13 years ago
Anoop Saldanha 7a7cd6999e feature #558. 
Print FP info in rule analysis + other cleanup.
 13 years ago
Eric Leblond ac5bab8838 OpenBSD: no support for profiling 
Local thread storage are not available so profiling is not supported.
 13 years ago
Eric Leblond 7c85bee4aa OpenBSD: magic.mc path has changed in OpenBSD 5.1 13 years ago
Victor Julien a3f963f630 filestore: fix a case where a matching non-filestore sig could trigger the store of a partially matching filestore sig. 13 years ago
Victor Julien 3156407746 http: fix client and server body sometimes being inspected in wrong order 13 years ago
Eric Leblond b12967534a stream.inline: add 'auto' mode 
stream.inline YAML configuration variable now support the 'auto' value.
In this case, inline mode is activated for IPS running mode (NFQ and
IPFW) and is deactivated for IDS mode. This patch should fix bug #592.
 13 years ago
Eric Leblond b26ec60398 af-packet: fix possible infinite loop. 
If no packet arrives to a capture thread, it is possible that the
AFPReadLoop() function goes into an infinite loop. This could cause
suricata to hang at exit on non busy system.
This patch adds a counter to detect when Suricata start looping in
the ring to stop when it reaches this point.
 13 years ago
Eric Leblond e8a4a4c47c af-packet: dump counter every seconds. 
This patch updates to kernel counters handling to be almost sure to
update at least once per second.
 13 years ago
Eric Leblond 3acdd4da1d pf-ring: add counter for kernel drop and packets 
This patch adds a counter for kernel drop and packets by using the
same strategy as the one used in af-packet.
 13 years ago
Victor Julien 80d62b59ec Fix drop (and other actions) not being applied to thresholded packets. Bug #613. 13 years ago
Anoop Saldanha bca1b7c52a change default mpm to ac. Also default sgh-mpm-context is full. 13 years ago
Victor Julien fd6df00684 Bug 585: use per detect thread libmagic ctx 13 years ago
Victor Julien ea6fcb355b magic: add test showing payload resulting in libmagic invalid read as reported by valgrind. 13 years ago
Anoop Saldanha fdab6f2ab1 fix flow deadlock issue in detection engine state introduced by tx api. 
Issue discovered by coverity.
 13 years ago
Eric Leblond 00b95c69c0 suricata: list-keywords does not depend on unittest 13 years ago
Victor Julien 83ffd1f743 luajit: suppress compiler warning 13 years ago
Anoop Saldanha 2ab62920aa fix segv in hcbd and hsbd buffering. 
Increase bufffers_list_len, only we open up a space for a new tx.
 13 years ago
Anoop Saldanha b359bc03a9 unittest to reveal a bug/segv in our hsbd buffering code. 13 years ago
Victor Julien 4fab8ea6d6 http: fix http header reassembly bug causing some headers to be left out of the inspected buffer 13 years ago
Victor Julien 5cd46433d3 http: now that htp_state has a cfg reference, use it for body limits 13 years ago
Victor Julien 2763a61213 http: allow configuration of request and response body inspection limits. Issue #560. 13 years ago
Anoop Saldanha b99f9fe890 New app inspection engine introduced. Moved existing inspecting engines to use it. 13 years ago
Anoop Saldanha 7b4eac3e8d Change all inspect callbacks to accept TV and a tx_id param. 13 years ago
Anoop Saldanha 10a6e6a3eb Engine cleanup. Remove all old engine inspection and mpm functions. 13 years ago
Anoop Saldanha b0e20a486c update client/server/http_header to use a different form of 
buffering/buffer_retrieval.

Now it happens per tx, based on tx id.  Also notice a perf improvement with
this.
 13 years ago
Victor Julien e1321f9ae6 stream: change how retransmissions are handled and detected. 13 years ago
Victor Julien b621ed8423 stream: fix retransmission on closewait being considered out of window 13 years ago
Victor Julien a25629b250 stream: detect retransmissions on timewait state 13 years ago
Victor Julien 6326390120 stream: accept ack with next_seq + 1 on last_ack state 13 years ago
Victor Julien 3f6ecff260 stream: disable retransmission packet before last ack sig as it is fairly common in regular traffic 13 years ago
Victor Julien bc37cb6b8e stream: detect retransmissions on closewait and finwait2 states 13 years ago
Victor Julien 305ed3f23b stream: don't flag zero window probe packets as out of window. Bug #604. 13 years ago
Victor Julien 13e60c0040 stream: detect keep-alive packets so we don't consider those invalid 13 years ago
Victor Julien 9094eb4783 stream: ignore ack value if ack flag is not set. Add stream.pkt_broken_ack event for when ack value is not 0 and ack flag not set. 13 years ago
Victor Julien a5d9442c2d stream: handle retransmission of lost data packet on TIME_WAIT state 13 years ago
Victor Julien 037d67cc66 stream: go from FIN_WAIT_1 to CLOSING on simultaneous close. 13 years ago
Victor Julien 6544475670 stream: don't reject RST as response to SYN because of ACK 13 years ago
Victor Julien 6f76ac176d stream: add option to match on overlapping data 
Set event on overlapping data segments that have different data.

Add stream-events option stream-event:reassembly_overlap_different_data and
add an example rule.

Issue 603.
 13 years ago
Victor Julien 0b68da0b31 libhtp: don't use internal iterator 
It violates thread safety. #601.

Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create.  A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.

The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.

This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.
 13 years ago