suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	5fe2fba184	stream: fix TFO overlap detection with ECN/CWR flags	2 years ago
Victor Julien	277751051b	stream: flag zero window probe packets	2 years ago
Jason Ish	6ebb643b83	conf: deprecate multiple "include" statements at same level The YAML spec considers duplicate keys to be an error, as do some YAML implementations, most notably Rust's serde_yaml which would be nice to use in the future. Multiple include lines at the same level will still work, but a warning will be emitted. These can be fixed by moving to an "include" array: include: - file1.yaml - file2.yaml Ticket: #5939	2 years ago
Jason Ish	6e1cd7bbea	conf: fatal error if "include" is a mapping If a field named "include" is mapping it is not processed correctly. Instead return a fatal error. In our YAML, "include" has always been a reserved word, so this should not break any known configuration. Ticket: #5939	2 years ago
Jason Ish	67ce33a97e	conf: allow "include" to be a list of files In preparation for deprecating multiple "include" fields at the same level, allow "include" to be a list of filenames. Ticket: #5939	2 years ago
Juliana Fajardini	31066c7c3b	docs: clarify exception policy's supported values As flow.memcap-policy and defrag.memcap-policy do not support flow actions, clarify that in the documentation. Also fix some typos, and add missing values in some places where the exception policies were explained. Related to Bug #5940	2 years ago
Juliana Fajardini	d4333fb959	exception/policy: use pkt action if no flow support Defrag memcap and flow memcap do not support flow action for the exception policies, as there is no flow when the exception condition is hit. In such cases, the exception policy must be considered for the packet only, when that makes sense, or should be ignored, in case of `bypass`. Bug #5940	2 years ago
Philippe Antoine	d313b5d605	detect: bump detect engine version for tenant reload Because the engine version is used to free the old variables and not the new ones. As is done in DetectEngineReload. Ticket: #5866	2 years ago
Philippe Antoine	473ca6dcf4	detect: bytemath do not left shift more than 64 As it is undefined behavior by C standard. In this case, zeroes the value. Ticket: #5900	2 years ago
Jason Ish	60e67db452	rust: don't suppress vendor output There appears to be some errors happening in CI and this may be hiding the source of the error.	2 years ago
Jason Ish	6f14aed0e6	rust: bundle Cargo.lock Cargo.lock has to be provided as template, Cargo.lock.in so it can live beside Cargo.lock in out of tree automake builds, like distcheck. This will pin Rust dependencies even for git builds, updating Cargo.lock will now be a manual process that we'll have to take care of periodically.	2 years ago
Juliana Fajardini	754d2803dd	flow/manager: fix coverity divide_by_zero warning Updated all cases where flow_config.prealloc was used in a division. *** CID 1524506: Integer handling issues (DIVIDE_BY_ZERO) /src/flow-manager.c: 858 in FlowManager() 852 "flow_spare_q status: %" PRIu32 "%% flows at the queue", 853 spare_pool_len, flow_config.prealloc, 854 spare_pool_len * 100 / flow_config.prealloc); 855 856 /* only if we have pruned this "emergency_recovery" percentage 857 * of flows, we will unset the emergency bit / >>> CID 1524506: Integer handling issues (DIVIDE_BY_ZERO) >>> In expression "spare_pool_len 100U / flow_config.prealloc", division by expression "flow_config.prealloc" which may be zero has undefined behavior. 858 if (spare_pool_len * 100 / flow_config.prealloc > flow_config.emergency_recovery) { 859 emerg_over_cnt++; 860 } else { 861 emerg_over_cnt = 0; 862 } Related to Bug #5919	2 years ago
Jeff Lucovsky	f57c11df3f	content: Constrain distance/within values Ticket: 5740 This commit constrains the values for distance and limit to 1MB. The constraint is enforced while parsing the keyword values.	2 years ago
Jeff Lucovsky	35bbdf4124	doc/content: Add limits for distance/within Ticket: 5740	2 years ago
jason taylor	46d09a6ba6	profiling: updated switch block to fix gcc warning This fixes a warning emitted by Fedora 37 when compiling with gcc 12.2.1 Signed-off-by: jason taylor <jtfas90@gmail.com>	2 years ago
Victor Julien	94bb6dded6	profiling: minor reformatting	2 years ago
Juliana Fajardini	5baa6c0024	flow/manager: fix prealloc unhandled division by 0 If flow.prealloc was set to zero in our yaml config, this led to a floating point exception in the flow manager. Bug: #5919.	2 years ago
Philippe Antoine	4f7426fdcf	enip: optimized tx iterator As for SMTP, having a linked list. Ticket: #5927	2 years ago
Philippe Antoine	e15daf6a4b	dnp3: optimized tx iterator As for SMTP, having a linked list. Ticket: #5927	2 years ago
Philippe Antoine	f5f215dae7	smtp: optimized tx iterator To be more efficient with larger number of transactions. As was done for FTP. Ticket: #5927	2 years ago
Jason Ish	744759b0c9	source-xf-xdp: update for deprecated function in libbpf libbpf 0.8 deprecates bpf_get_link_xpd_id, and 1.0 removes it. Add ./configure check to see if this method is available and use it if so, otherwise use the deprecated method which is not available on older but still supported Linux distributions. Ticket: #5924	2 years ago
Jason Ish	d4418034d1	rust: update aes and aes-gcm crates Addresses RUSTSEC-2021-0059, RUSTSEC-2021-0060.	2 years ago
Victor Julien	ba7db2583b	detect/urilen: fix applying urilen as depth If urilen induced depth was set, later DetectContentPropagateLimits() would apply a wrong depth setting, leading to a false negative in some cases. Bug: #5929.	2 years ago
Victor Julien	50dba4665d	detect/urilen: support HTTP/2 Ticket: #5931.	2 years ago
Victor Julien	09348564f0	eve/drop: don't log drops unless packet is dropped In pass/drop combinations where the pass rule took precendence over the drop, a "drop" false positive could still be logged due to the storing of the drop record in the packet drop alert store. Bug: #5867.	2 years ago
Victor Julien	9b4fb63a7b	detect/mpm: minor code cleanups	2 years ago
Victor Julien	d518416f0d	detect: apply within as depth where possible The rule lang allows for within and distance to act as depth/offset, but internally this was not handle the same way. This patch converts within/distance w/o a prior pattern to depth/within.	2 years ago
Victor Julien	5254a88e1e	detect/offset: minor code cleanups	2 years ago
Victor Julien	33bee20d3d	detect/content: refactor limit propagation	2 years ago
Victor Julien	8831ae9be7	detect/distance: minor code cleanups	2 years ago
Victor Julien	c945eff66e	detect/within: minor code cleanups	2 years ago
Victor Julien	8de2948df8	detect/analyzer: fix lists names Simpler names that lead to cleaner json.	2 years ago
Victor Julien	325000ca2b	detect/analyzer: add byte_test/byte_jump detail	2 years ago
Victor Julien	105dd636cb	detect/analyzer: add content relative_next flag	2 years ago
Victor Julien	2b85ab0ba1	detect/analyzer: add more pcre detail	2 years ago
Victor Julien	e624328deb	detect: split mpm per alproto for file.data & others Instead of a shared mpm context for just "file.data" or "file.magic" use per alproto mpms. This way http file.data rules won't affect smb file.data performance. Ticket: #4378.	2 years ago
Victor Julien	a806445abf	mpm factory: include alproto In preparation of spliting out mpm's for keywords shared by multiple protocols, like file.data.	2 years ago
Philippe Antoine	416a780f69	jsonschema: do not enforce keys for alert metadata As this is a free field and can have any key based on a rule	2 years ago
Philippe Antoine	8f9cd8ff1a	doc: security.limit-noproc upgrade note Ticket: #5621	2 years ago
Lukas Sismis	4f3e1279f5	github-ci: Add Netmap build to GH actions Issue: #5803	2 years ago
Jason Ish	0533737726	smtp: apply suricata.yaml defaults to in-code defaults Currently the default suricata.yaml sets some values that do not reflect the default values in the code. As most users are probably using a default suricata.yaml, make the code have the same defaults as in suricata.yaml: - mime.decode-mime: false -> true - mime.decode-base64: false -> true - mime.decode-quoted-printable: false -> true - mime.extract-urls: false -> true Issue: #5823	2 years ago
Jason Ish	3a44197183	schema: add "message_id" to email	2 years ago
Jason Ish	3d92990c6f	conf: document ConfGetChildValueBool	2 years ago
Gabriel Lima Luz	b43357eb26	detect-lua: Convert unittests to FAIL/PASS API Ticket: 4051	2 years ago
Jason Ish	bdd889899f	source-xdp: only allow busy poll if headers support it Wrap the enabling of busy poll in a compile time conditional checking for the required defines to be set. While we have runtime support for kernels less than 5.11, we also need a compile time check as the headers may be old as well. Issue: 5855	2 years ago
Jason Ish	b734676617	github-ci: add Debian 11 builder with XDP	2 years ago
Jason Ish	bf079c9214	schema: fix optional "optional" is not part of jsonschema. Instead an array named "required" is used to list all field names that are required.	2 years ago
Jason Ish	49ba378d38	schema: fix engines section The definition of items is an object, not an array.	2 years ago
Jeff Lucovsky	2dbcbb2a2a	nflog/time: Fixup timestamp handling Issue: 5818 This commit corrects the timestamp handling for the packet to work with the SCTime_t struct.	2 years ago
Jason Ish	159b72c101	rust/clippy: allow derivable impls The latest Rust will automatically "fix" derivable default implementation, which is nice, but makes changes that don't meet our current MSRV, so allow derivable impls for now.	2 years ago

... 3 4 5 6 7 ...

14485 Commits (6ec3bc189a21dcca298e09ca329534fd6bc1fb3a) All Branches Search

14485 Commits (6ec3bc189a21dcca298e09ca329534fd6bc1fb3a)

All Branches