aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,091 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '343ba45916'
${ noResults }
Commit Graph

10091 Commits (343ba459169b85dbb1d6d3b11e82a31701f89773)
 

Author SHA1 Message Date
Victor Julien 343ba45916 ftp: reply code 150 doesn't end tx 6 years ago
Victor Julien b595da6c51 ftp: fix reply without request 
Permit picking up any reply w/o a request. Observed unsolicited server
messages before connection termination.

Previously the code assumed that this could only happen on connection
start when there was no previously recorded command.
 6 years ago
Victor Julien dc80d520af ftp: implement progress tracking 
Make sure FTP_STATE_FINISHED is returned for transactions that
are marked 'done'.

This is necessary for timely logging and inspection.
 6 years ago
Victor Julien 8ae691155d ftp: be more strict with tx type 6 years ago
Jeff Lucovsky fb019213e7 eve/ftp: minor cleanups and fixes 6 years ago
Zach Kelly 1588cd8735 eve/ftp: Bug fix and banner capture 
1. Correct off-by-one error in server response whitespace removal
2. Include banner response (before first command entered)
 6 years ago
Jeff Lucovsky a04b1c1664 eve/ftp: Log initial responses 
This changeset ensures that unknown commands are logged.
Unknown commands are either
- Banner responses when connecting to the FTP port
- Commands not includes in the FtpCommands descriptor table
 6 years ago
Jeff Lucovsky a66383569c userguide: formatting: remove tabs 6 years ago
Jeff Lucovsky c68510437f userguide: ftp formatting updates 6 years ago
Jeff Lucovsky 2149807bd6 eve/ftp: Transaction support for unmatched requests 
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
 6 years ago
Jeff Lucovsky 9b88ecb3c1 suricata.yaml: Add ftp logging option to eve-log 6 years ago
Jeff Lucovsky 1930b1f504 eve/ftp: Log FTP transactions 
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
 6 years ago
Philippe Antoine 2d217e6661 http: fixes overflow in range parsing 6 years ago
Victor Julien 5ddfc42b87 stream: fix midstream reverse flow handling 
When a TCP session is picked up from the response the flow is
reversed by the protocol detection code.

This would lead to duplicate logging of the response. The reason this
happened was that the per stream app progress tracker was not handled
correctly by the direction reversing code. While the streams were
swapped the stream engine would continue to use a now outdated pointer
to what had become the wrong direction.

This patches fixes this by making the stream a ptr to ptr that can be
updated by the protocol detection as well.

In addition, the progress tracking was cleaned up and the GAP error
handling in this case was improved as well.
 6 years ago
Eric Leblond 2c1b923500 ebpf: remove left over debug in lb.c 6 years ago
Philippe Antoine 94a976d47e ftp: removes one use of atoi 
Fixes only one small part of #3053
 6 years ago
Victor Julien 66d6196e9b pcap: code reformatting and minor cleanups 6 years ago
Victor Julien 255ab1528b flow: minor formatting updates 6 years ago
Max Fillinger bcc03f172a af-packet: Always fill in vlan_id 
The vlan tag will be filled in either from the extended header (for
kernel version >= 3.0) or from the packet itself.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger 09c54471e5 pfring: Always fill in vlan_id 
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger 44bea80d3c decode erspan: Always fill in vlan_id 
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
 6 years ago
Max Fillinger 8d3b04b0e3 decode vlan: Always fill in vlan_id 
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger cef9961f59 flow hash: Mask vlan_id if not used for tracking 
If vlan.use-for-tracking is disabled, set the vlan_id fields to 0 when
hashing or comparing flows. This is done using a bitmask as suggested by
Victor Julien in IRC, in order to avoid adding more branches to this
code.

Currently, suricata does not fill in vlan_id fields if
vlan.use-for-tracking is disabled and instead leaves them at the default
0 value, so this commit makes no functional change. This change is in
preparation for future commits where the vlan_ids will be always filled
in.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger 38731d30da flow hash: Make CMP_FLOW macro an inline function 6 years ago
Victor Julien 7ccf14bc60 runmodes: remove unused prototypes 6 years ago
Victor Julien c12252617c afl: fix afl-ftp causing FPE due to missing ippair 6 years ago
Victor Julien 9e70716d5a runmodes: remove no-Rust logic 6 years ago
Victor Julien 8c6251ea6c runmodes: simply default runmode logic 6 years ago
Victor Julien 3282fb4967 runmodes: code cleanups 6 years ago
Philippe Antoine feda5e7392 leak: Fixes leak in AppLayerProtoDetectPMRegisterPattern 
Fixes #3070
 6 years ago
Philippe Antoine 66c500eaac leak: Fixes leak in DetectAppLayerEventPrepare 6 years ago
Philippe Antoine 684f101710 log: use SCLogError instead of fprintf 6 years ago
Philippe Antoine 19ab85f17e leak: fixes leak in DetectAddressParse2 6 years ago
Victor Julien 8b87801b80 geoip: fix unittests w/o db present 6 years ago
Victor Julien a7d65668ae mem: avoid potential shadow vars with 'len' name 6 years ago
Bill Meeks d1525c6fb8 mem: add SCStrndup() function to wrap strndup(). 6 years ago
Bill Meeks a291209e47 detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 6 years ago
Victor Julien d6323ae33d detect/mpm: improve stats reporting 6 years ago
Victor Julien 24f0092b72 detect: add ipv6.hdr sticky buffer 
Inspects IPv6 header and extension headers.
 6 years ago
Victor Julien 3c9a557810 decode/ipv6: track length of ext hdrs 6 years ago
Victor Julien 9252400f68 decoder/ipv6: minor cleanups 
Remove unused field and macros.

Minor code style cleanups.
 6 years ago
Victor Julien 4ac327f5b5 detect/ipv4: add ipv4.hdr sticky buffer 6 years ago
Victor Julien 367e3e1895 detect/tcp/udp: minor cleanups 6 years ago
Victor Julien 4dff903b35 detect: introduce pkt mpm engines 
Instead of the hardcode L4 matching in MPM that was recently introduced,
add an API similar to the AppLayer MPM and inspect engines.

Share part of the registration code with the AppLayer.

Implement for the tcp.hdr and udp.hdr keywords.
 6 years ago
Victor Julien 14896365ef detect: remove Threadvars argument from API calls 
Remove it as it's (almost) never used. If it is really needed it can
be accessed through DetectEngineThreadCtx::tv as well.
 6 years ago
Victor Julien c1dd4534d9 detect/bsize: support transforms in case w/o content 6 years ago
Jason Ish 963abc961c python: fix parsing Suricata version from configure.ac 
If parsing the version fails, or no version is found, fail
instead of defaulting to a version of 0.0.0.
 6 years ago
Victor Julien 82de6e0659 decoder/vxlan: improvements and cleanups 
Implement port config handling. Also check both src port and dest
port for tunnels that only set the destination port to the VXLAN
port. At the point of the check we don't know the packet direction
yet.

Implement as Suricata tunnel similar to Teredo.

Cleanups.
 6 years ago
Henrik Lund Kramshoej 3519b011b7 decoder/vxlan: initial implementation of decoder 6 years ago
Victor Julien 35b88991c3 mem: fix shadow declaration warning 
Avoid clash by adding a leading underscore to the declaration in the
macro. These temporary vars should never clash with valid variables
from the code where they are called from.
 6 years ago