aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,904 Commits
7 Branches
155 Tags
191 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7691fc4f9e'
${ noResults }
Commit Graph

10904 Commits (7691fc4f9e797444e3509ecde404847aad26be80)
 

Author SHA1 Message Date
Victor Julien 7691fc4f9e configure: check for u_int and friends 5 years ago
Victor Julien cb4b5296da fuzz: include pcap headers through suricata-common.h 5 years ago
Victor Julien d4f86e3709 threads: remove u_long usage 5 years ago
Victor Julien 3ba4afd40b threads: make thread local storage manadatory 
Support either the __thread GNUism or the C11 _Thread_local.

Use 'thread_local' to point to the one that is used. Convert existing
__thread user to 'thread_local'.

Remove non-thread-local code from the packet pool code.
 5 years ago
Victor Julien 32cfd71f1a atomics: stdatomics.h version of SC_ATOMIC_* wrappers 5 years ago
Victor Julien 7553937a22 detect-engine/tags: avoid confusion over data type 5 years ago
Victor Julien 5b9d17b485 atomics: remove unused macros 5 years ago
Victor Julien c83a607b6a atomics: add SC_ATOMIC_INITPTR macro 
Until now both atomic ints and pointers were initialized by SC_ATOMIC_INIT
by setting them to 0. However, C11's atomic pointer type cannot be
initialized this way w/o causing compiler warnings.

As a preparation to supporting C11's atomics, this patch introduces a
new macro to initialize atomic pointers and updates the relevant callers
to use it.
 5 years ago
Victor Julien 531ff3ddec atomics: change SC_ATOMIC_ADD to 'fetch_add' 
Until this point the SC_ATOMIC_ADD macro pointed to a 'add_fetch'
intrinsic. This patch changes it to a 'fetch_add'.

There are 2 reasons for this:

1. C11 stdatomics.h has only 'atomic_fetch_add' and no 'add_fetch'
   So this patch prepares for adding support for C11 atomics.

2. It was not consistent with SC_ATOMIC_SUB, which did use 'fetch_sub'
   and not 'sub_fetch'.

Most callers are not using the return value, so these are unaffected.
The callers that do use the return value are updated.
 5 years ago
Victor Julien 109b2ae551 atomics: avoid unnecessary (direct) CAS use 5 years ago
Victor Julien c660757153 atomics: remove useless SC_ATOMIC_DESTROY 5 years ago
Victor Julien 1cb7eec52d atomics: remove spinlocked fallback 5 years ago
Victor Julien 967340e901 fuzz: fix applayer eof check segv 5 years ago
Philippe Antoine 4fda7ed4bd fuzz: stop app layer target as Suricata 
Before being overwhelmed by successive errors
 5 years ago
Philippe Antoine fe1d36ec7e conf: returns instead of exiting in ConfYamlParse 
So that we can keep on fuzzing even on too much recursion
 5 years ago
Victor Julien dfdf2eb050 fuzz: add missing debug validation to configure 5 years ago
Victor Julien c76f98073e fuzz: add configure wrapper for oss-fuzz 5 years ago
Victor Julien 5e13816380 includes: don't include sys/types.h twice 5 years ago
Victor Julien df79613fb5 privs: include headers in suricata-common.h 5 years ago
Victor Julien 61c9e01f87 conf/yaml: include yaml.h after suricata-common.h 5 years ago
Sascha Steinbiss 5598ff5bb3 doc/install: refer to buster as Debian stable 5 years ago
Victor Julien f6bf86f136 fuzz/sigpcap: enable all of eve 5 years ago
Victor Julien 4d50eb1647 detect/iponly: fix parsing of '0' valued netmask 5 years ago
Victor Julien d4613e5c70 util/mem: reduce scope of win32 specific include 5 years ago
Victor Julien 415c992909 util/mem: cleanup by moving atomic from mem hdr 5 years ago
Victor Julien 3b877929e3 util/mem: move most logic to functions 
Reduce macro use and simplify code. Also reduces compiled code
size.
 5 years ago
Victor Julien 48bb26abe7 util/mem: remove old debug code for counting allocs 5 years ago
Victor Julien 481a1923b4 logging: turn SCLog and SCLogErr into funcs 
Reduces compiled code size.
 5 years ago
Victor Julien 64e307936e common: add ATTR_FMT_PRINTF wrapper 
Wraps around __attribute__((format(printf, (x), (y))))
 5 years ago
Victor Julien a8c8e2d5c9 common: use suricata-common.h in more places 5 years ago
Victor Julien b856caad94 common: use WARN_UNUSED macro 5 years ago
Victor Julien f903766849 detect/mpm: don't process empty store 5 years ago
Victor Julien a95fa3c156 dns/tests: comment typo fixes 5 years ago
Victor Julien d5712efc91 decode: return bool network layer 
So that the caller can set the correct event type on error.
 5 years ago
Victor Julien 328a94206e decode/hdlc: initial support 5 years ago
Victor Julien 136d351e40 decode: single network layer entrypoint 
This way new layers can be added in a single place.
 5 years ago
Victor Julien 88bccfb80e decode: create linklayer entry point 
Make AF_PACKET and PCAP mode use it.
 5 years ago
Victor Julien 685d490d07 decode/ieee8021ah: fix possible packet truncation 5 years ago
Victor Julien 5404dc7f6d fuzz/siginit: cleanup detect engine every 1024 runs 5 years ago
Andreas Herz aaa604b4c6 app-layer-template: fix log typo 5 years ago
Jason Ish 4dc80a6e6f conf/yaml: limit recursion depth while paring YAML 
A deeply nested YAML file can cause a stack-overflow while
reading in the configuration to do the recursive parser. Limit
the recursion level to something sane (128) to prevent this
from happening.

The default Suricata configuration has a recursion level of 128
so there is still lots of room to grow (not that we should).

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3630
 5 years ago
Victor Julien fc6ada8541 detect/parse: properly free bidir sigs in error path 5 years ago
Victor Julien 5abead9325 detect/parse: fix minor memory leak in error path 
Only reachable on SCMalloc so should be unlikely to be reached.
 5 years ago
Victor Julien 27186778b8 fuzz: allow uninitialized stats api 5 years ago
Victor Julien 794d9eeb83 fuzz: remove UNITTEST dependency 
Expose UTH flow builder to new 'FUZZ' define as well. Move UTHbufferToFile
as well and rename it to a more generic 'TestHelperBufferToFile'.

This way UNITTESTS can be disabled. This leads to smaller code size
and more realistic testing as in some parts of the code things
behave slightly differently when UNITTESTS are enabled.
 5 years ago
Philippe Antoine edcb784f1a dns: improve probe_tcp handling of incomplete data 5 years ago
Jason Ish 4639dd7932 source/erf: validate record length before read 
Check the ERF record length before attempting to read it as
a record length less than the size of the record header
is invalid.

Redmine ticket:
https://redmine.openinfosecfoundation.org/issues/3593
 5 years ago
Victor Julien 960c52d7ff fuzz/sigpcap: initialize empty packet pool 
Fixes runs with --enable-debug-validation. The target did not init a
packet pool, so for a tunnel packet would try to get a packet from
an uninitialized pool. In non-debug mode, this silently works by
falling back to a packet from alloc.

    (gdb) bt
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff35a6801 in __GI_abort () at abort.c:79
    #2  0x00007ffff359639a in __assert_fail_base (fmt=0x7ffff371d7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555557fe7260 "!(pool->initialized == 0)",
        file=file@entry=0x555557fe7220 "tmqh-packetpool.c", line=line@entry=253, function=function@entry=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:92
    #3  0x00007ffff3596412 in __GI___assert_fail (assertion=0x555557fe7260 "!(pool->initialized == 0)", file=0x555557fe7220 "tmqh-packetpool.c", line=253,
        function=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:101
    #4  0x00005555577e24be in PacketPoolGetPacket () at tmqh-packetpool.c:253
    #5  0x0000555556914ecd in PacketGetFromQueueOrAlloc () at decode.c:183
    #6  0x00005555569161e1 in PacketTunnelPktSetup (tv=0x555559863980 <tv>, dtv=0x614000068e40, parent=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=72, proto=DECODE_TUNNEL_IPV4) at decode.c:286
    #7  0x00005555569de694 in DecodeIPv4inIPv6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", plen=72) at decode-ipv6.c:59
    #8  0x00005555569e60b5 in DecodeIPV6ExtHdrs (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=112) at decode-ipv6.c:522
    #9  0x00005555569e846f in DecodeIPV6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-ipv6.c:641
    #10 0x0000555556a032f9 in DecodeRaw (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-raw.c:70
    #11 0x0000555557659ba8 in DecodePcapFile (tv=0x555559863980 <tv>, p=0x61e0000fc080, data=0x614000068e40) at source-pcap-file.c:412
    #12 0x0000555556573401 in LLVMFuzzerTestOneInput (data=0x613000000047 "\241\262\315\064", size=339) at tests/fuzz/fuzz_sigpcap.c:158
    #13 0x0000555557a4dc66 in main (argc=2, argv=0x7fffffffdfa8) at tests/fuzz/onefile.c:51

That line:

    BUG_ON(pool->initialized == 0);
 5 years ago
Todd Mortimer 6b4d32c6bb doc: Update documentation for by_rule and by_both thresholds. 5 years ago
Todd Mortimer 944209592f detect/threshold: Add tests for thresholding by_rule and by_both. 5 years ago