aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,936 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '765b05f139'
${ noResults }
Commit Graph

14936 Commits (765b05f1391a68b0be7a530542f953e52757e7b3)
 

Author SHA1 Message Date
Jeff Lucovsky 0ff403fb60 decode/vlan: Remove unused macros/functions 
This commit removes unused functions and macros related to fetching VLAN
values.
 2 years ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 2 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 2 years ago
Philippe Antoine 6350736882 http2: avoid quadratic complexity in headers 
When adding an element to the dynamic headers table, the oldest
ones may get evicted. When multiple elements get evicted, they
should get evicted all at once with drain, instead of one by one
as there will be a massive move each time.

Ticket: #6103
 2 years ago
Philippe Antoine f346b3fc30 debug: fix list-x command line options with debug 
Debug validation checks that engine is either IPS or IDS.
But listing keywords does not care.
So, setting ids mode

Ticket: #6089
 2 years ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs 
Ticket: #6099
 2 years ago
Lukas Sismis c4b0c2888d dpdk: add support for DPDK Bond PMD 
Ticket: #6099
 2 years ago
Lukas Sismis fee79ff3c4 dpdk: add linker flag for DPDK Bond library 
Header checking (AC_CHECK_HEADER) did not work as
DPDK 19.11 included rte_eth_bond.h file even if net/bonding
driver was disabled. However, it was still not available in
ldconfig configuration. For this reason Bond PMD is checked with
ldconfig tool.
However when installing the DPDK library manually, the user needs to
update the entries in ldconfig to be able to find the Bond PMD.

Ticket: #6099
 2 years ago
Lukas Sismis bb2760d221 dpdk: add device name querying function 2 years ago
Lukas Sismis 2feece601a dpdk: add debug dump of RX offload capabilities 2 years ago
Lukas Sismis 540df3befe dpdk: separate i40e prestop actions from DPKD 19.11 
In DPDK 19.11 Suricata does not setup RSS on i40e driver
with rte_flow. As a result, it should not be deinitializing
RSS configuration with rte_flow as well.
 2 years ago
Lukas Sismis a9b2f79070 dpdk: refactor i40e RSS hash function 
Setting rss_conf->rss_key to NULL and rss_key_len
to zero avoids warnings about register changes
when setting up RSS configuration through RTE flows.
 2 years ago
Lukas Sismis adb427a15c dpdk: minor refactoring in error handling and variable declaration 2 years ago
Victor Julien 6154bab49f flow/worker: minor refactor for app-layer callsite 2 years ago
Victor Julien 8a535a0b89 detect: remove flow drop unittest 
Test broke after recent changes. Functionality is tested in
suricata-verify, so just remove the test.
 2 years ago
Victor Julien 95bf7248e8 detect: add check to validate drops 2 years ago
Victor Julien 418cc1fe94 detect: fix stateful drops for rate_filter 2 years ago
Victor Julien 2a95154712 flow/timeout: no pseudo packets for dropped flows 
When a flow is in the drop flow state, don't use pseudo packets
when it is timing out. There should be no work left to do at this
point.
 2 years ago
Victor Julien d91a1e8bc6 stream: simplify drop handling 
Remove logic to apply flow drop, as this is now handled in the
flow engine.

However, keep the logic that frees/cleans the session state.
 2 years ago
Victor Julien 77f49661fd app-layer: don't update UDP applayer for dropped packets 2 years ago
Victor Julien 85ddba63f6 detect: update/document drop flow logic 
Now that flow drop is applied to packets before other processing,
no drop has to be issued on a packet.
 2 years ago
Victor Julien 71a033ac62 flow: apply flow to packet on flow lookup 
Issue drop to packet as early as possible.
 2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject 
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
 2 years ago
Jason Ish f8c54bc7a4 github-ci: add workflow_dispatch 
A workflow dispatch allows us to manually a trigger a workflow with
arguments. This dispatch allows us to use the "gh" cli command to
trigger a workflow run with our libhtp/su/sv branch and repo variables
set. For example:

  gh run builds.yml -f SV_REPO=jasonish/suricata-verify -f SV_BRANCH=pr/10
 2 years ago
Victor Julien 5b160d274c flow: spare pool return optimization 
In case small blocks of flows are returned, try to merge
them with existing small list head. Add full block as second
in the list as with the rest of the code.
 2 years ago
Victor Julien afbd4162f2 flow/worker: don't double count flow.wrk.flows_evicted 
Since the queue isn't fully processed every run, double counting
could happen.

Fix by only counting actually processed flows from the queue.
 2 years ago
Victor Julien 73e665f42a flow/worker: batch return flows to spare pool 2 years ago
Victor Julien 91c59ce8f9 flow/manager: minor code cleanup 2 years ago
Victor Julien 1f3b35d048 flow/recycler: batch returns to spare pool 
To reduce locking overhead in the spare pool, batch returns per
100 (spare pool block size).
 2 years ago
Victor Julien 3803cbd0e5 flow/recycler: stats micro optimization 
Don't update stat from loop as it's not read until after the loop.
 2 years ago
Philippe Antoine 7d3aa91bf4 mqtt: fix quadratic complexity 
get_tx_by_pkt_id loops only over the last transactions
in case there is a transaction flood

Ticket: #6100
 2 years ago
Haleema Khan 8e19906afa mqtt: rustfmt mqtt.rs 2 years ago
Haleema Khan e474858e25 mqtt: add mqtt frames 
Adds PDU, Header and Data frame to the MQTT parser.
Ticket: 5731
 2 years ago
Victor Julien fd93f002a0 windivert: fix compile warnings 2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
 2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes 
Two "Logging changes" sections existed, merge.
 2 years ago
Jason Ish e7d3904c3f suricata.yaml: use include list for example 
For 7.0 multiple includes are allowed, but marked as
deprecated. Update the example to show the new way of pulling in
multiple includes.
 2 years ago
Jason Ish f8620d0ed2 docs: update url to docs.suricata.io 2 years ago
Jason Ish 33827beae5 jsonbuilder: check buffer growth 
Use try_reserve before growing the internal buffer, and the internal
state vector. This allows allocation errors to be caught and an error
returned instead of just aborting the process.

Ticket: #6057
 2 years ago
Jason Ish 95cfc2b34f jsonbuilder: rustfmt 
Some very minor changes to formatting.
 2 years ago
Victor Julien c6d3b461a6 detect/analyzer: add the type 
Per rule type record properties of the type.

Example output:

    {
        "raw": "alert udp any any -> any any (msg:\"UDP with flow direction\"; flow:to_server; sid:1001;)",
        "id": 1001,
        "gid": 1,
        "rev": 0,
        "msg": "UDP with flow direction",
        "app_proto": "unknown",
        "requirements": [],
        "type": "pkt",
        "flags": [
            "src_any",
            "dst_any",
            "sp_any",
            "dp_any",
            "toserver"
        ],
        "pkt_engines": [],
        "frame_engines": [],
        "lists": {}
    }

Ticket: #6085.
 2 years ago
Victor Julien 2696fda041 detect: use explicit rule types 
Instead of using flags to indicate a rule type, use an explicit `type`
field.

This will make it more clean in code paths what paths a rule is taking,
and will allow easier debugging as well as analyzer output.

Define the following fields:

- SIG_TYPE_IPONLY: sig meets IP-only criteria and is handled by the IP-only
  engine.
- SIG_TYPE_PDONLY: sig inspects protocol detection results only.
- SIG_TYPE_DEONLY: sig inspects decoder events only.
- SIG_TYPE_PKT:    sig is inspected per packet.
- SIG_TYPE_PKT_STREAM: sig is inspected against either packet payload or
  stream payload.
- SIG_TYPE_STREAM: sig is inspected against the reassembled stream
- SIG_TYPE_APPLAYER: sig is inspected against an app-layer property, but not
  against a tx engine.
- SIG_TYPE_APP_TX: sig is inspected the tx aware inspection engine(s).

Ticket: #6085.
 2 years ago
Victor Julien f6f2c22574 detect/pcre: remove redundant applayer flag set 2 years ago
Victor Julien 681b4c3a23 detect: minor cleanup 2 years ago
Philippe Antoine afef35b9dc http: fix leak of normailzed uri 
if tx_ud == NULL, still need to free alloced normailzed uri
 2 years ago
Jason Ish 039c27789b rust: use 2021 edition 
With the MSRV being bumped to 1.62 for 7.0, we can move the edition up
to 2021.
 2 years ago
Victor Julien ebe0a7bdc0 streaming: minor guards cleanup 2 years ago
Victor Julien b401fe5259 streaming: fix region buf_offset update 
If region wasn't the first region, the buf_offset could get out of
sync.

Bug: #6041.
 2 years ago
Victor Julien facdbca95b streaming: stricter validation check 2 years ago
Victor Julien cf7cca4950 streaming: fix intersect detection 
Update logic to always use data right edge.

Bug: #5834.
 2 years ago