aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,091 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '343ba45916'
${ noResults }
Commit Graph

10091 Commits (343ba459169b85dbb1d6d3b11e82a31701f89773)
 

Author SHA1 Message Date
jason taylor 7ea269a212 configure: fix nspr check logic 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien f7d8401c2e eve/smb: minor cleanup now Rust is mandatory 6 years ago
Victor Julien c2cb155ebb rust/smb: rename files and code from RustSMB to SMB 6 years ago
Victor Julien e572324c5a detect/dcerpc: cleanup now Rust is mandatory 6 years ago
Victor Julien 50709144f9 detect/app-layer-event: cleanup test 6 years ago
Victor Julien f30c05e684 smb: remove C implementation 
Now that Rust is mandatory it is obsolete.

Ticket: #2849
 6 years ago
Victor Julien 8a2b94c6f4 openbsd: fix rust linking 6 years ago
Jason Ish 67b2692d34 dns: remove as much C DNS code as possible 
As some of the C code is still used it can't all be removed.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2850
 6 years ago
Jason Ish 355d125c4f userguide: remove dns-log 6 years ago
Jason Ish 78b82ce6a5 dns-log: remove, not supported now that Rust is required 
The non-json line based DNS log is not supported with Rust only
builds and has been scheduled for removal in Suricata 5.0.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2297
 6 years ago
Jason Ish 75a018ead2 doc: remove autoconf replacement var for Rust 
Set to yes as Rust is always enabled now.
 6 years ago
Jason Ish fc3191dc2d config: enable all things requiring Rust 
Instead of only enabling them if Rust is enabled, as Rust is
always enabled now.
 6 years ago
Jason Ish b2fedc9ed2 travis-ci: enable Rust for all builds 6 years ago
Jason Ish 75429bbe3e autoconf: make Rust required in configure 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2507
 6 years ago
Jason Ish 832270c1d3 travis-ci: test that configure fails without jansson 
Update the no-jansson test to fail out if configure
passes.

The script needed to be converted into a single list item
for the early exit to work on Travis.
 6 years ago
Jason Ish e49c40428e autoconf: jansson is now required 
Jansson is required by the Suricata Rust support which
will also be mandatory.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/1970
 6 years ago
Phil Young 6cfc39d7c9 napatech: auto-config documentation update 
Added documentation describing how to configure suricata to automaticly
configure sreams and host buffers without using NTPL.  I.e. from
suricata.yaml.
 6 years ago
Phil Young 05271bfbe5 napatech: simplify integration with Napatech cards 
- There is now an option to automatically create streams on the
  correct NUMA node when using cpu affinity.

- When not using cpu affinity the user can specify streams to be
  created in the suricata.yaml file.  It is no longer required to
  use NTPL to create streams before running suricata.

- The legacy usage model of running NTPL to create streams is still
  available. This can be used for legacy configurations and complex
  configurations that cannot be satisfied by the auto-config option.
 6 years ago
Victor Julien fd9f64d00f byte: suppress errors in byte extraction utils 6 years ago
Victor Julien a496c8be0c detect/bytejump: suppress runtime error messages 6 years ago
Victor Julien 5703ce371e detect/byteextract: suppress runtime error messages 6 years ago
jason taylor 7f63ec185a pfring: update PfringThreadVars_ for gcc 4.x 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Emmanuel Roullit 00917a0415 init: use pledge(2) after suricata initialization. 
pledge(2) can be used on OpenBSD to restrict suricata possible
operation on the system once initialization is completed.
The process promises to only make use of:
- "stdio" to allow read(2) on IPS rules and write(2) on log file
- "rpath wpath cpath" to allow log rotation
- "unix" to operate the control unix socket and log unix sockets
- "dns" to retrieve DNS from recvfrom(2)/sento(2) in IPFW mode
- "bpf" as suricata uses libpcap, which uses the BIOCGSTATS operation

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@cognitix.de>
 6 years ago
Emmanuel Roullit 8b75e69165 log: output file mode in octal on chmod warning 
The mode input in chmod is an octal integer. However when the warning is logged,
the file mode is printed in decimal which is confusing.

Signed-off-by: Emmanuel Roullit <emmanuel.roullit@cognitix.de>
 6 years ago
Jeff Lucovsky 8e464530ef decode: Change return type of IPv4 and TCP options decode 
The return value from the options decoder in TCP and IPv4 is ignored.
This commit changes the return type of the function to `void` and
modifies existing return points to return without a value.

When an error occurs, the packet state is being set to indicate whether
it's valid or not and the existing return value is never used.
 6 years ago
Jeff Lucovsky 03b0e4272b parse: Improve unknown protocol parse message 
The message associated with unknown protocols during parsing is incomplete.
This commit improves the message readability.
 6 years ago
Jeff Lucovsky 9856c5533a doc: ssh.{proto,software} documentation update 6 years ago
Jeff Lucovsky b10125af07 sticky: Convert ssh_software to new format 6 years ago
Jeff Lucovsky ceba8c89e9 sticky: Convert ssh_proto to new format 
This changest converts the 'ssh_proto' sticky buffer
into the v2 framework.
 6 years ago
Jeff Lucovsky 80be07a534 detect/http: Use v2 inspect and mpm engines 
This changeset updates the http stub detect logic to use the v2 inspect
and npm engines.
 6 years ago
Victor Julien aaf502d383 stream: suppress noisy debug info messages 6 years ago
Victor Julien 63569aeb57 pcap: suppress info messages 6 years ago
Victor Julien ee128c7460 detect/disable-detect: suppress info message 
The message would be displayed even when level was higher than
info.
 6 years ago
Victor Julien d00950be81 log/file: use default-log-dir for suricata.log 
Default to just suricata.log instead of the full path, so that
in user mode we can log in the user mode location.
 6 years ago
Victor Julien a36482e924 user mode: use CWD as logdir 
Introduce util func for handling user mode settings.
 6 years ago
Victor Julien c72dd84ade logopenfile: remove duplicate ifdefs 6 years ago
Victor Julien 56e4c348e1 runmodes: improve error messaging 6 years ago
Victor Julien 1a7e93f4a6 startup: log system mode with version 6 years ago
Victor Julien 86ed5815cb instance: set system vs user mode 6 years ago
Victor Julien 231496f165 rust/mingw: enable in appveyor 6 years ago
Victor Julien 24d6a16459 rust/mingw: build fixes 
Fix path passed to cargo by using 'cygpath' if available.
 6 years ago
Victor Julien 968e613037 list-keywords: don't load yaml 
Avoids a useless warning if the file is not found.
 6 years ago
Jeff Lucovsky 1b1fc9fee2 rule-analyzer: Ensure content counts are accurate 
Fix for issue 2605.  Make sure that content is counted,
even if none of the specific content types are matched.
 6 years ago
Giuseppe Longo 1c97423adf source-nflog: fix memleaks 
This fixes two memleaks found with ASAN.

Direct leak of 96 byte(s) in 1 object(s) allocated from:
   #0 0x7f59cf4a4d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
   #1 0xd7f92f in ReceiveNFLOGThreadInit /home/glongo/suricata/src/source-nflog.c:221
   #2 0xe9c8eb in TmThreadsSlotPktAcqLoop /home/glongo/suricata/src/tm-threads.c:293
   #3 0x7f59cd7aa4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

Indirect leak of 70000 byte(s) in 1 object(s) allocated from:
   #0 0x7f59cf4a4d28 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.3+0xc1d28)
   #1 0xd814ea in ReceiveNFLOGThreadInit /home/glongo/suricata/src/source-nflog.c:324
   #2 0xe9c8eb in TmThreadsSlotPktAcqLoop /home/glongo/suricata/src/tm-threads.c:293
   #3 0x7f59cd7aa4a3 in start_thread (/lib/x86_64-linux-gnu/libpthread.so.0+0x74a3)

SUMMARY: AddressSanitizer: 70096 byte(s) leaked in 2 allocation(s).
 6 years ago
Emmanuel Roullit 4b4bb31c30 log: add NULL ptr guard on fclose when reopening. 
Signed-off-by: Emmanuel Roullit <emmanuel.roullit@cognitix.de>
 6 years ago
Victor Julien f84667ceb7 nfs: small cleanups 6 years ago
Victor Julien 884ca0cd3a detect/ftp: small ftpdata_command cleanups 6 years ago
Victor Julien 834d579f7e detect/uricontent: suggest http.uri as alternative 6 years ago
Victor Julien 6974eb3116 detect/dns: add dns.query for dns_query keyword 
Improve error checking.

Part of #2283.
 6 years ago
Victor Julien 822a434036 nfs: implement midstream reverse flow support 
Register special midstream version of protocol detection that
can indicate the flow is the wrong direction based on the record
properties.
 6 years ago