aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,131 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '413082afc0'
${ noResults }
Commit Graph

6131 Commits (413082afc0bedecc0bc0b6e49e12ee3571d59503)
 

Author SHA1 Message Date
sfd e58cfb6a05 Fix compile bad dereferences 
The src/source-erf-dag.c code was not compiling. It looks like some stats counters were added but not tested as the dereferences are incorrect.
 10 years ago
Alexander Gozman e028917955 In non interactive mode, print errors to stderr 10 years ago
Alexander Gozman a9176cf126 suricatasc: remove "u" prefix when printing JSON output. 
If we want to parse suricatasc's output, python's unicode prefix
should be removed to make JSON parsers happy.
 10 years ago
Zopieux cd038419fd stream_size operator comparison (fix issue #1488) 
`DetectStreamSizeParse` was first checking if mode[0] is '<', which is true for both '<' and '<=', thus '<=' (and resp. '>=') is never matched. This patch does the `strcmp` to '<=' (resp. '>=') within the if block of '<' (resp. '>') to fix #1488.
 10 years ago
Victor Julien 45fc619f79 logging: json output 
Make JSON output optional.

Cleanups.
 10 years ago
Victor Julien 126ecb3ebf logging: fix per output log formats 10 years ago
Victor Julien b51c4e608f logging: optional colors output 
Construct message per output method.
 10 years ago
Victor Julien b13de5bf08 logging: change newline handling 10 years ago
Victor Julien 1927b3000c output: cleanup 10 years ago
Victor Julien b30bdc21b5 logging: cleanup output API 
Make SCLogMessage master of the logging. Reduces complexity
of the SCLog macro's.
 10 years ago
Victor Julien d6fc6e874f log: reorganize SCLogOPIfaceCtx to make it more efficient 10 years ago
Victor Julien c2f4031a8c detect: fix settings override for reloads 10 years ago
Helmut Schaa 91efdadf8e Disable pcap-config use during cross compilation 
This allows cross compilation where the host system has pcap-config
installed and would create an invalid entry in the cross-CFLAGS.
 10 years ago
Alexander Gozman cd9cc2559e Issue 1491: fix capabilities for pf_ring mode when running under non-root account 10 years ago
Alexander Gozman d36eba4e5e Fix issues #1493 and #1494 10 years ago
Giuseppe Longo d592d57039 file_data: check for signature alproto and flow 
Currently the following rule can't be loaded:
alert tcp any any -> any 25 (msg:"SMTP file_data test"; flow:to_server,established; file_data; content:"abc";sid:1;)
and produces the error output:
"Can't use file_data with flow:to_server or from_client with http or smtp."

This checks if the alproto is not http in a signature,
so permits to use flow keyword also.

Issue reported by rmkml.
 10 years ago
Victor Julien e583de0582 Minor unittest cleanups 10 years ago
Victor Julien f4f53924bb app-layer: fix coverity warnings 10 years ago
Victor Julien 6c792cb4cc erspan: respect vlan.use-for-tracking setting 10 years ago
Victor Julien b8211e8c04 htp: hide BUG_ON's behind DEBUG_VALIDATION 10 years ago
Victor Julien bd73553027 smtp json: fix potential crash on malloc failure 
** CID 1298888:    (FORWARD_NULL)
/src/output-json-email-common.c: 117 in JsonEmailLogJson()
/src/output-json-email-common.c: 140 in JsonEmailLogJson()
 10 years ago
Victor Julien 1ed8d7b538 detect analizer: fix minor coverity warning 
** CID 1298889:  Integer handling issues  (NEGATIVE_RETURNS)
/src/detect-engine-analyzer.c: 102 in EngineAnalysisFP()
 10 years ago
Victor Julien dd2afd51f7 file_data smtp: fix minor coverity warning 
CID 1298891:  Null pointer dereferences  (REVERSE_INULL)
Null-checking "curr_file" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
 10 years ago
Victor Julien bcff35fd9f smb: fix coverity warning 
** CID 1298892:  Incorrect expression  (UNUSED_VALUE)
/src/app-layer-smb.c: 1486 in SMBProbingParser()
 10 years ago
Victor Julien aa095864d3 pfring runmode: remove set that is never read 10 years ago
Victor Julien 21db5ee691 counters: reduce global usage 10 years ago
Victor Julien a5168d5977 dce_opnum: improve memory handling on parsing error 10 years ago
Victor Julien b3b7625be5 htp: fix test 10 years ago
Victor Julien c0807c3df5 fast log: clean up tests 10 years ago
Victor Julien 29fbcce50d detect hsbd: simplify resize logic 10 years ago
Victor Julien 4e7cb7b863 app-layer: update all protocols to accept NULL+EOF 
Update all non-HTTP protocol parsers to accept a NULL+EOF input.
 10 years ago
Victor Julien cf9ff6adbd app-layer: improve EOF handling 
On receiving TCP end of stream packets (e.g. RST, but also sometimes FIN
packets), in some cases the AppLayer parser would not be notified. This
could happen in IDS mode, but would especially be an issue in IPS mode.

This patch changes the logic of the AppLayer API to handle this. When no
new data is available, and the stream ends, the AppLayer API now gets
called with a NULL/0 input, but with the EOF flag set.

This allows the AppLayer parser to call it's final routines still in the
context of a real packet.
 10 years ago
Victor Julien df79c1019f print: make PrintRawDataFp take a const arg 10 years ago
Victor Julien 7451d33396 stream: update StreamMsg to don't have fixed size 
StreamMsg would have a fixed size buffer. This patch replaces the buffer
by a dynamically allocated buffer.

Preparation of allowing bigger and customizable buffer sizes.
 10 years ago
Victor Julien 3ffa01d150 stream: remove STREAMTCP_STREAM_FLAG_CLOSE_INITIATED logic 10 years ago
Giuseppe Longo 32563d51d1 http: rework UT 
This reworks UT based on
commit 3203555708
 10 years ago
Victor Julien 573d082219 http: memcap HTTP server inspect body code 10 years ago
Victor Julien 3163a57577 smtp file_data: fix wrong free 10 years ago
Victor Julien 9f52bdd1e5 flow timeout: prevent dead locks 
The flow timeout mechanism called both from the flow manager at run time
and at shutdown creates pseudo packets. For this it has it's own packet
pool, which can be depleted if the timeout logic is faster than the packet
processing threads. In this case the flow timeout would enter a wait loop.
The problem however, is that this wait loop would happen while keeping a
flow locked. This could lead to a race condition when the packet thread(s)
are waiting for the lock that the flow manager has.

This patch introduces a new packet pool call 'PacketPoolWaitForN', meant
to make sure that the thread's packet pool has at least N available
packets. The flow timeout paths use this to make sure enough packets are
available *before* grabbing the flow lock. If there aren't enough packets
available yet, the wait happens before the lock as well.

This still means the wait can happen while the flow hash row is locked, so
we do make sure some more packets are available when entering that. But
perhaps in the future we need a more precise logic there as well.
 10 years ago
Victor Julien 423d5fd0de http: improve inline body tracking 
Rewrite the sliding window handling for IPS mode for the server body.

The buffer used will have the following properties:
    left edge: inspected data - window_size
    right edge: the most recent data

Due to handling of compressed bodies, the data can be much bigger than
the configured window size.
 10 years ago
Victor Julien 79d34f4575 http: body pruning update 
Take inspect limits into account. Consider per direction inspect settings.
 10 years ago
Giuseppe Longo 8f1998e35f hsbd: inspect buffer depending on the engine mode 
Currently, data is buffered up to response-body-minimal size
and response-body-inspect-window before being inspected.
With this, in IPS mode, inspect data as it comes in up.

The sliding window concept is used here,
some data chunks are copied into the window (buffer)
then it's inspected.
 10 years ago
Giuseppe Longo a459376d2e app-layer-htp: add http_body_inline setting 10 years ago
Victor Julien 80615f7d43 ips: move counters in common struct and funcs 10 years ago
Victor Julien 813930f027 nfq: add ips stats 10 years ago
Victor Julien 14466a803d decode: create util function for basic counter updates 10 years ago
Jason Ish e3ce29f694 json-stats: log deltas 
If "deltas" is yes, log delta values as the name of the value
suffixed with _delta.
 10 years ago
Victor Julien 3e14aa729a detect-state: remove/hide BUG_ON statements 10 years ago
Victor Julien b7f1e9e370 file extract: add app_proto to logging 10 years ago
Victor Julien 925aac854e alproto: improve AppProtoToString 
Make AppProtoToString compilation fail on missing 'case's.
 10 years ago