aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,446 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3bea3b39df'
${ noResults }
Commit Graph

3446 Commits (3bea3b39df4c1fe1306662f506b659e6e750539d)
 

Author SHA1 Message Date
Eric Leblond c36aa041f3 Update coccinelle script to match syntax evolution. 13 years ago
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 13 years ago
Eric Leblond 6efd37a388 af-packet: use counter for drop and accept 
This patch adds counters for kernel drops and accepts to af-packet
capture module. This information are periodically displayed in
stats.log:
capture.kernel_packets    | RxAFP1                    | 1792
capture.kernel_drops      | RxAFP1                    | 0
The statistic is fetch via a setsockopt call every 255 packets.
 13 years ago
Eric Leblond f2a6fb8a5a af-packet: add support for BPF filter. 
This patch adds support for BPF in AF_PACKET running
mode. The command line syntax is the same as the one
used of PF_RING.
The method is the same too: The pcap_compile__nopcap()
function is used to build the BPF filter. It is then
injected into the kernel with a setsockopt() call. If
the adding of the BPF fail, suricata exit.
 13 years ago
Eric Leblond c85ee1e3f6 af-packet: get datalink for each socket creation. 
This patch will allow us to use the datalink when computing the filter.
It also fixes a potential issue where an interface data type change
after the interface if going down/up.
 13 years ago
Victor Julien 59ec493f7c http body inspection: force body inspection on stream eof. 13 years ago
Victor Julien 4d4671c470 default config: add engine-analysis.rules directive. 13 years ago
Victor Julien 2a4992e7a0 inline: fix unified2 alert direction selection 13 years ago
Victor Julien 87ec969b3d filemd5: fix compilation if libnss isn't available 13 years ago
Victor Julien c9e93ec52c filemd5: add support code for md5 handling for signatures. 13 years ago
Victor Julien 8cd460dde5 Don't display a warning when log-pcap tries to remove an already removed file. 13 years ago
Anoop Saldanha 7109a056a5 http header won't inspect set-cookie headers. Set-cookie part of cookie keyword now. Also update the http header inspection engine 13 years ago
Victor Julien 988f22ee2e Free pcre study structs for classification, threshold and reference parsing. 13 years ago
Anoop Saldanha 0c24bbab0c code cleanup for live swap 13 years ago
Victor Julien 452114a859 Fix compiler warning. 13 years ago
Anoop Saldanha 2bc7d0792d update clean up of old detection engine contexts for live rule swap 13 years ago
Anoop Saldanha eee33866df DetectEngineCtxFree() cleanup, also in main 13 years ago
Anoop Saldanha c3eab5cf4e Replace the old atomic sets using cas with the new sc_atomic_set macro 13 years ago
Anoop Saldanha 32183faa82 free flowvar entries in flow after live rule swap. Sync flowbits entries into packet struct to be used by alert debuglog when alert debuglog is enabled 13 years ago
Anoop Saldanha 8fb2040eee disable live rule swap when -s or -S option's used at startup 13 years ago
Anoop Saldanha 31eb5fa2f6 Introduce util-signal.[ch]. Move our signal setup functions here 13 years ago
Victor Julien 4cde2355bd Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 13 years ago
Anoop Saldanha 6fa46d7526 If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main 13 years ago
Anoop Saldanha e5edcfaca8 add unittest for atomic operation with void * 13 years ago
Anoop Saldanha ecad4a24fa live rule support added 
To reload ruleset during engine runtime, send the USR2 signal to the engine, and the ruleset would be reloaded from the same yaml file supplied at engine startup
 13 years ago
Anoop Saldanha 83a8f6e03a cleanup threshold config de-init 13 years ago
Anoop Saldanha 5e02cb2365 slot_data updated as an atomic var no 13 years ago
Anoop Saldanha 5878d83174 byte_extract_id var now a non-global de_ctx specific var 13 years ago
Anoop Saldanha f4ce9011d2 make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API 13 years ago
Anoop Saldanha 7acf5ad38e clean reference config API 13 years ago
Anoop Saldanha 6003c7cb6b clean classification config API 13 years ago
Anoop Saldanha f5af4c9ceb util action api returns error code if it encounters wrong values parsing wrong action conf 13 years ago
Anoop Saldanha f2dd61868d variable names global vars, global no more. Moved to detection engine ctx, a place it belongs 13 years ago
Anoop Saldanha 946100845f fix replace unittets. Re-set modified global_var to orignial value when the test completes 13 years ago
Anoop Saldanha 55d4e9518e Kill engine during init stage if it fails to load valid value for sgh-mpm-context 13 years ago
Anoop Saldanha d7a93b6fcd clear root node during conf de-init. also create root_backup when the root is restored back using it 13 years ago
Victor Julien ab3fcb01f9 http: decode double decoded path and query string characters. Bug #464. 13 years ago
Victor Julien c6cac1ef48 build: Use expanded sysconfdir to pass as CONFIG_DIR to the code. 13 years ago
Victor Julien 108da566bc http: make client and server body inspection more robust in cases where realloc fails 13 years ago
Victor Julien 60c3af9303 detect: Only run mpm on HTTP buffers in the proper direction. Fixes a file_data FN. 13 years ago
Victor Julien 2055b509a3 dcerpc/smb/smb2: more robust error checking, cosmetic code updates. 13 years ago
Anoop Saldanha fc15cc7de1 some more mpm engine cleanup 13 years ago
Anoop Saldanha f9612f3b83 mpm engine cleanup. Remove unnecessary flags 13 years ago
Anoop Saldanha 5bb347106b cookie header now inspects Set-Cookie headers as well 13 years ago
Anoop Saldanha 593b0cb150 unittests that fail, displaying the issue that we don't inspect set-cookie headers against cookie keywords 
The next patch in the series will fix the issue and let the unittests pass as well.
 13 years ago
Victor Julien c0ac64e58c pcap: make sure thread count is 1 if config is missing for a device. 13 years ago
Anoop Saldanha bc6cf43840 #482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars 13 years ago
Anoop Saldanha 0d602d9cde we now support offset, depth inspection against all packet payloads and stream messages 13 years ago
Anoop Saldanha a34f91358d tests to highlight that 
- suricata treates sigs with offset/depth without any packet keywords as stream sigs
- as a consequence suricata will FN on such sigs

The tests introduced here will fail, displaying the issues.  The
next patch in the series would fix the said issues.
 13 years ago
Anoop Saldanha c5cc9d454d stream raw reassembly fix 13 years ago