aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,530 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6378db89f6'
${ noResults }
Commit Graph

4530 Commits (6378db89f6aa12ecba6635c3492eb5e5cceb3ae0)
 

Author SHA1 Message Date
Eric Leblond 6378db89f6 coccinelle: add option to continue on errors 
When a script has been updated or introduced, it is interesting to
detect all errors at once. With this patch it is now possible to
do so by using:
   NOT_TERMINAL=1 CONCURRENCY_LEVEL=12  qa/coccinelle/run_check.sh
 11 years ago
Eric Leblond 28c5c68192 error checking: add missing alloc error treatment 
The return of some malloc like functions was not treated in some
places of the code.
 11 years ago
Victor Julien f6e37dcc90 Bug 1061: fix multiple vars per sig in ordering 
In sigordering rules that had multiple vars doing the same operation,
like setting multiple flowbits, would not be considered correctly.

Bug 1061.
 11 years ago
Victor Julien b770fd2981 http header: improve realloc failure checking. Bug #1062. 11 years ago
Victor Julien 90cf8d4c6e port parsing: improve memory handling 11 years ago
Victor Julien b79b2fff25 cppcheck: add special BUG_ON so cppcheck understands we exit 11 years ago
Victor Julien d5db0cc033 port: don't lead memory on port parsing failure 
[src/detect-engine-port.c:1354]: (error) Memory leak: gh
 11 years ago
Victor Julien 435f99409f Fix small memleak in runmode setup 
[src/runmodes.c:338]: (error) Memory leak: custom_mode
 11 years ago
Victor Julien 86aad660a2 threading setup: fix small mem leak on failure 
[src/tm-threads.c:1058]: (error) Memory leak: slot
 11 years ago
Victor Julien b4631794a8 Fix realloc error handling in threshold.config file parsing. Bug #1062. 11 years ago
Victor Julien 35298a0146 Use %u for unsigned int in (console) output 11 years ago
Victor Julien a9d754c23d Use %u for unsigned ints in checksum warning 11 years ago
Victor Julien 76d3cb557b htp: minor cleanup to silence cppcheck warning 
[src/app-layer-htp.c:1967] -> [src/app-layer-htp.c:1978]: (warning) \
    Possible null pointer dereference: tx - otherwise it is redundant \
    to check it against null.
 11 years ago
Victor Julien 5ba898b738 cppcheck: don't use likely/unlikely when -DCPPCHECK is passed to the checker 11 years ago
Victor Julien b2c4a50e39 Fix small memory leak in classtype parsing 11 years ago
Victor Julien fe46c26e4e cppcheck: improve reporting cppcheck when passing -DCPPCHECK to the checker. 11 years ago
Victor Julien afb48cfcb5 log-http: fix error check leading to null-deref on malloc failure during setup 11 years ago
Victor Julien 4165bf8951 log-http: enforce hostname print limit 11 years ago
Victor Julien 1476db44d9 Convert Flow macros to inline functions 
Convert FlowReference and FlowDeReference to inline functions for
better readability and to aid static code analyzers.
 11 years ago
Victor Julien b4e6bbe4bc flowvar: initialize new memory to prevent issues on error handling 11 years ago
Victor Julien 0beb7ed781 pcap: fix stats dump logic 
pcap has a callback function that is called for each packet. Once a
second, it's meant to 'dump stats'. However, the timing logic was
broken, so it would actually dump stats for each packet.

By moving the stats second timer into the thread vars, next calls of
the callback will be able to use the stored time.
 11 years ago
Victor Julien 9e85b8d35e flow timeout: remove now unused code 11 years ago
Victor Julien 85b1a8ff26 flow: fix typo in function name 
FlowForceReassemblyNeedReassmbly -> FlowForceReassemblyNeedReassembly
 11 years ago
Victor Julien 3b3dce8328 flow timeout cleanup and fix 
Flow timeout code worked by luck when checking if a flow still needed
reassembly for app layer inspection or logging. It would check for a
part of raw reassembly (smsg list) to determine if detection was
needed. In this case it would also process app layer cleanup,
including logging.

Introduced AppLayerTransactionGetActive which returns the lowest tx_id
in a direction that still needs some work.

FlowForceReassemblyNeedReassmbly now uses it to determine if the
applayer still needs work.

Converted FlowForceReassemblyForHash to use the checking function
FlowForceReassemblyNeedReassmbly as well, so that checking if a flow
needs work is now unified.
 11 years ago
Victor Julien b32abea06b flow/stream: use named values in flow timeout code 11 years ago
Victor Julien 8522da8ea5 stream: add option to disable raw reassembly 
Raw reassembly is used only by the detection engine. For users only
caring about logging it's a significant overhead, both in cpu and
memory usage.

The option is called 'raw' and lives under the stream.reassembly
options.

stream:
  memcap: 32mb
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  reassembly:
    memcap: 64mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes
    #randomize-chunk-range: 10
    raw: false # <- new option
 11 years ago
Eric Leblond 47b5fc0934 erf-dag: fix typo in header guard 
Spotted out by clang:
 source-erf-dag.h|25 col 9| warning: '__SOURCE_ERR_DAG_H__'
 is used as a header guard here, followed by #define of a different macro
 [-Wheader-guard]
 11 years ago
Eric Leblond 105182f582 yaml: remove no more present files 
emerging-virus.rules is not present anymore in ET ruleset downloaded
by 'make install-rules'. This patch removes it from the list to avoid
an error message.
 11 years ago
Eric Leblond f9f1a666f0 dns: rules files was not installed 
Installed dns-events.rules files in rules directory with install-rules.
 11 years ago
Eric Leblond a8fde0112e prscript: add support for pcap build 
Now also start a pcap test build.
 11 years ago
Jason Ish eaff01a57f Use the stack for temporary memory buffers. 11 years ago
Jason Ish ab7091927e When setting final configuration nodes, set the whole tree as final. 
Prevents benign log message of parent nodes of final values being
redefined (which ends up having no affect as the final nodes
are protected from being removed).
 11 years ago
Eric Leblond 729540673e htp: display info about randomization 
When randomizatin is used display a message about actual values.
 11 years ago
Eric Leblond ff784075a2 htp: randomization of htp inspection sizes 
This is an implementation of #940. It randomize libhtp request
and response size if the same way this has been done for stream
inspection.
 11 years ago
Victor Julien 81ee6f5aad lua: push correct length back through ScFlowvarGet, work around valgrind warning 11 years ago
Victor Julien 86b299d06c lua: clear stack after each script run 11 years ago
Victor Julien ae69a4a024 luajit: pass calling rule's sid,gid,rev to script as SCRuleSid, SCRuleGid, SCRuleRev. 11 years ago
Eric Leblond f76448c1e6 decode: fix failure in layered tunnel 
If we have multiple layer of tunnel, the decoding of initial
Packet will recurse in DecodeTunnel function called in
PacketTunnelPktSetup. If we are not setting the pseudo
packet root before calling DecodeTunnel (as done in previous
code), then the tunnel root will no be correct for the lower
layer packets. This result in an counter problem and a suricata
failure after some time.
 11 years ago
Jason Ish e9a4871077 Fix alignment in usage. 11 years ago
Giuseppe Longo ae9393987e Adds a defrag configuration example in suricata.yaml 11 years ago
Victor Julien 0a24ac0855 Fix Conf api usage after rebase 11 years ago
Jason Ish 8d29dfca59 Instead of exiting on memory failure, log a warning then return NULL 
to signify an error to the caller.
 11 years ago
Jason Ish 5f6705c4dc Better document ConfSet and ConfSetFinal. 11 years ago
Jason Ish b033acfb0c Subsequent configuration keys now override previous ones 
instead of merging.

The exception is final values, for example, values like
default-log-dir that may be set on the command line.
 11 years ago
Jason Ish c981a16579 Function to prune all non-final nodes from a configuration node. 11 years ago
Jason Ish b8e13d4bd6 More concise API for setting config values that 
can be overrided or not (final values).
 11 years ago
Jason Ish 0820ac9355 Cleanup ConfSet, ConfGet, make more concise. 
Removes ifdef's for readability by using strchr instead
of strtok.
 11 years ago
Victor Julien 6cd6caf3ea tls: allow matching for @ symbol in tls.subject 
Also in tls.issuerdn keyword.

Original patch by Chris Wakelin.

Fixes #1042.
 11 years ago
Anoop Saldanha 6ea8ac44ff FTP parser updated to not use the archaic App layer feature of AppLayerParserResultElmt. 
The parser otherwise remains pretty much the same.
 11 years ago
Anoop Saldanha 80c08f8642 Updated the ftp response handler to return without doing anything. 
Currently the processing happening inside the handler is not being used
anywhere else in the engine.
 11 years ago