aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,173 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '68d9677eea'
${ noResults }
Commit Graph

7173 Commits (68d9677eea1fce8553223c49e7d808d0deee200c)
 

Author SHA1 Message Date
maxtors 88a6e79607 Fixed string copy and cat functions and made shortening safer. 
Changed out strcpy, strncpy to strlcat and strlcpy. Also added
checks to see if the shortening did work or if it would fail in
advance. Fixed code in util-device and util-runmodes.
 9 years ago
maxtors 10d1450e49 Added shortening of listening interface in util-runmodes 
Added function LiveSafeDeviceName in util-device that shortens an
NIC device name if the name is over a given length and turns
it in to Ex: longi...eeth1
 9 years ago
Eric Leblond 63937cd903 detect-msg: fix option parsing 
Code removing the space before the double quote at msg option start
was not working correctly for option starting with a space.
 9 years ago
Victor Julien 7f700a137c smtp: fix test 9 years ago
Victor Julien c4a9580fce detect file: improve multi file handling 
When multiple files were in a tx, the first one(s) closed/complete
and a new open one as well, a match in the former could lead to not
inspecting the latter.

This patch adds a workaround for this case, by allowing the file
inspection code to return a special code for 'match, but more files
available in tx'.

The stateful detection engine will then not make this match final for
the tx. It relies on the file pruning to kick in to make sure the
already complete files are removed from the tx before the next time
the detection engine is called on the tx.
 9 years ago
Victor Julien 8cd4405c21 detect file: cleanups 9 years ago
Victor Julien ea0067add8 debug: add various detect engine debug statements 9 years ago
Victor Julien 83e0529b2b http: flag destate about new files 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in http. For http it
should only apply to multipart bodies although the flag is set for
all files.
 9 years ago
Victor Julien aa4ad9d25b smtp: flag detect state that new files are available 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
 9 years ago
Victor Julien 807fe4ac9f detect state: fix issues with multiple files per tx 
Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.
 9 years ago
Victor Julien 19d112ba07 smtp/mime: allow unquoted name/filename fields 
Don't enforce that name/filename fields are quoted.

Reported-By: Blair Steven
 9 years ago
Victor Julien 5c514c904f smtp: fix file logging and matching 
When no rules with 'file content' keywords like filemd5 or filestore
were used, and non of the file outputs would force 'output' like
'force-md5' and 'force-magic', the file would not be tracked at all.

This meant that logging wouldn't work and neither would filename and
fileext inspection.

This patch removes the tracking bypass from the SMTP code and leaves
decisions to the file API.
 9 years ago
maxtors 9d3fd82849 Removed duplicate include statements. 9 years ago
maxtors 06d74b5775 Module specific error code for init ctx error. 9 years ago
maxtors 69863f7b1c Corrected and unified debugmessages for init data errors in *ThreadInit. 9 years ago
maxtors 7f2f7cc48d Added parsing and utilization of yaml defined payload buffer value. 9 years ago
maxtors c6bbd89251 Added payload-buffer-size option to yaml configuration 9 years ago
Victor Julien 554080cced lua: print lua script func/line/file in SCLog* funcs 
Instead of printing the func/line/file of the C code SCLog* wrappers,
print them from inside the lua script. They are not always available.
 9 years ago
Victor Julien 1c8775b340 QA: --afl-rules for faster rule fuzzing 9 years ago
Victor Julien c3efc4e072 pcap: small cleanups 9 years ago
Victor Julien 3f16ebe476 dns: don't read uninitialized memory in name parsing 
AFL+ASAN found that with certain input we used an uninitialized byte
in the length calculation. Probably harmless as the length was still
validated afterwards.
 9 years ago
Victor Julien c4575d1419 stream-tcp: improve test function cleanup 9 years ago
Victor Julien 3aea0bd4f3 stream-tcp: introduce stream cleanup function 9 years ago
Victor Julien 93fa291922 stream-tcp: unify ssn clean up functions 
There were 2 separate function doing ssn cleanup. To prevent issues
common with code duplication, unify them.
 9 years ago
Victor Julien 9b08cdae74 capture: only check for faster methods on -i 
Also, since we now default to AF_PACKET for -i if available, only check
for PF_RING and NETMAP.
 9 years ago
Victor Julien 053b96458f commandline: add -i arg check 9 years ago
Victor Julien f8852f4415 commandline: use afpacket for -i if available 9 years ago
Victor Julien a3a7d9b299 pcap: unify -i and --pcap parsing 9 years ago
Victor Julien b50111a5a7 commandline: move afpacket parsing into util func 9 years ago
Victor Julien 1fe09a38e0 commandline: move pcap parsing into util func 9 years ago
Victor Julien 7ac7f9cd55 instance: add progname as ptr to argv[0] 9 years ago
Victor Julien 65a3ff81ef readme: initial readme for github 9 years ago
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 9 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE 
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
 9 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file> 
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
 9 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 9 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 9 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API 
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
 9 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 9 years ago
Victor Julien 09242fb4a8 afl: optionally exit right after afl single runmode 
Exit right away if afl.exit_after_pcap is set to true. Safes time
as fuzzing the shutdown code may not be as interesting.
 9 years ago
Victor Julien d461837511 afl: add --afl-parse-rules to return 0 on any rule 
When fuzzing, AFL will create lots of malformed rules. We don't want
to error out on those. As we're fuzzing the parser any non-crash
should return 0. Crashes (ASAN or not) will return a non-0 code.
 9 years ago
Victor Julien e824a8be76 afl: special 'single' runmode 
To avoid threading, this 'single' mode doesn't run in it's own thread
but instead runs in the main thread.
 9 years ago
Victor Julien a42251d459 afl: add define to disable mgt threads 
The inherent non-deterministic nature of the management threads
creates variable test cases.
 9 years ago
Victor Julien b2695600ba afl: add define to disable rand_r use 
The randomness affects AFL. It creates variable test cases, which
we need to avoid.
 9 years ago
Victor Julien 4c1c13d110 detect reload: improve signal logic 9 years ago
Victor Julien c0294521dd startup: move more into PostConfLoadedSetup 9 years ago
Victor Julien 0ab83288ac startup: move RunUnittests to StartInternalRunMode 9 years ago
Victor Julien e67ae0f174 detect keywords: use parse regex util func 9 years ago
Victor Julien 4a2e816bea detect parser: add parse regex util function 
Add regex setup and free util functions. Keywords often use a regex
to parse rule input. Introduce a common function to do this setup.

Also create a list of registered regexes to free at engine shutdown.
 9 years ago
Victor Julien 167d94efff dns: improve handling of tx pick up on response 9 years ago