aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,365 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9e54819121'
${ noResults }
Commit Graph

3365 Commits (9e54819121ea5c9982e015011c6514408dd00343)
 

Author SHA1 Message Date
Victor Julien 40ed10ab38 Minor flowq updates. 13 years ago
Anoop Saldanha 7115fa3e72 Introduce the address hash based flow q handler 13 years ago
Anoop Saldanha 5ffb050ada Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET 13 years ago
Anoop Saldanha 3faed5fe79 Support freeing flow q handler out ctx. Adapt unittests to use the same 13 years ago
Anoop Saldanha d01589c9d8 neaten flow q handler code 13 years ago
Anoop Saldanha 0fa14292c0 Enable unittests for flow q handler 13 years ago
Anoop Saldanha 4e417b72b5 support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well 13 years ago
Anoop Saldanha e252048900 support for custom flow qhandlers - round robin support added 13 years ago
Pierre Chifflier d866f38982 TLS: add variable to store the error code in the decoder 
Use a variable to store the decoding error code if required, and remove
the calls to SCLogInfo and SCLogDebug.
 13 years ago
Pierre Chifflier 218b5d3ba0 TLS app layer: misc fixes, reorder some fields to same memory 13 years ago
Pierre Chifflier 3df341dbeb Add TLS decode events 13 years ago
Pierre Chifflier 71fa4a5285 TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList 13 years ago
Eric Leblond a9bb17e097 tls-handshake: add sanity checks. 13 years ago
Eric Leblond 01c7e5bde6 tls-handshake: Add some missing free in error handling. 
When DecodeAsn1BuildValue function fails, it may be necessary to
do some clean-up in the calling functions.
 13 years ago
Eric Leblond 480db00fd7 tls-handshake: DecodeAsn1BuildValue should return -1 for error 
This patch modifies DecodeAsn1BuildValue to have it return -1 when
there is a too big number of bytes announced in the ASN.1 message.
 13 years ago
Eric Leblond 8f885ce810 TLS parser: add sanity checks on loop 
It was possible in some loop to read data placed after the buffer
resulting in invalid/unpredictable value. This patch fixes two of
this issues.
 13 years ago
Eric Leblond d1c56e810b TLS parser: add sanity check 13 years ago
Eric Leblond cb1a75fc9e TLS parser: modify OCTETSTRING 
This patch does on over allocation of 1 for the OCTETSTRING
to be able to add a 0 at the end. This will then
allow us to use the string in printf.
 13 years ago
Pierre Chifflier 5a65a17f00 TLS parser: add handing of UTF8STRING 
Some certificate contains UTF8STRING which is a subset of
OCTETSTRING. This patch adds support for this type of string.
 13 years ago
Pierre Chifflier 6c2c6cffac TLS keywords: fix match regex (remove extra space) 13 years ago
Pierre Chifflier 8457ce3b11 TLS app layer: rewrite decoder to handle multiple messages in records 
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
 13 years ago
Pierre Chifflier 4bb5e2a79d TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message. 
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Eric Leblond 38c213cb84 tls app layer: add missing free 
issuerdn was not freed at exit.
 13 years ago
Eric Leblond fce2437dc2 tls app layer: handle negation on subject and issuerdn. 
This patch adds negation support for tls.subject and tls.issuerdn
matches.
 13 years ago
Eric Leblond ad0e05a112 TLS app layer: Add tls.issuerdn keyword. 13 years ago
Eric Leblond afba81bb27 decode ASN.1: Factorize value reading 
This patch factorizes the reading of integer value and fix some
indentation. By convention, a value of 0xffffffff is returned
if the size of the integer is too big. In this case, the hexadecimal
value (which is also read) must be used.
 13 years ago
Pierre Chifflier 53e5421a24 TLS handshake: get TLS ciphersuite and compression 
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message 
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Pierre Chifflier f77fcdb3e8 Add ASN.1 parser for X509 certificates (in DER format) 
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 13 years ago
Victor Julien 0b3f6c464a Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config. 13 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 13 years ago
Anoop Saldanha 7511fa67cd Add BUG_ON to avoid overruning AppLayerDetectDirection map array 13 years ago
Eileen Donlon 9376967e65 reject rules with duplicate content modifiers 
reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.
 13 years ago
Eileen Donlon 0bb4ff34b8 added null checks for init_hash to all ac mpms 13 years ago
Eileen Donlon 617edf469c reject http_client_body with inconsistent flow dir 
reject http_client_body with flow: to_client or from_server
 13 years ago
Victor Julien feff6f7705 Clean up error message. 13 years ago
Eileen Donlon 85c364da09 disallow-use-of-configuration-file-with-unittests 13 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling 
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
 13 years ago
Victor Julien 41e9dba20b Profile pcap file callback. 13 years ago
Victor Julien ff8755af5c Make sure stream debug code is only used in debug mode. 13 years ago
Victor Julien 9696902b68 Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained. 13 years ago
Victor Julien e581ec7dff Fix 2 compilation issues. 13 years ago
Victor Julien c0a2cbd478 Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling. 13 years ago
Victor Julien a05df345de Introduce host table, make tag use it 
Add a host table similar to the flow table. A hash using fine grained
locking. Flow manager for now takes care of book keeping / garbage
collecting.

Tag subsystem now uses this for host based tagging instead of the
global tag hash table. Because the latter used a global lock and the
new code uses very fine grained locking this patch should improve
scalability.
 13 years ago
Victor Julien db24258acf Undo changes from 88b8f15663. Atomic stack implementation had a-b-a problem. 13 years ago
Victor Julien 88b8f15663 Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code. 13 years ago
Victor Julien 4a186bcf1d Fix invalid declaration of enable_nss and enable_nspr in configure.in. 13 years ago
Victor Julien 979edf0b97 Add way to profile mutex/spin locks per thread module. 13 years ago
Victor Julien fddaca6e8b Implement stream memcap enforcements using atomics instead of spinlocked counters. 13 years ago
Victor Julien d72b82fae0 Misc fixes. 13 years ago