aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,414 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a87c7e5c08'
${ noResults }
Commit Graph

12414 Commits (a87c7e5c08b027d104bfa00c6f7858398c2d63a6)
 

Author SHA1 Message Date
Philippe Antoine 7fa3e8df61 ci: dummy git configuration for rebase 4 years ago
Eric Leblond 328bdf2c61 macset: fix memory size check 4 years ago
Eric Leblond d7468c55ca flow: be sure to check hash till the end 4 years ago
Eric Leblond e531530a67 flow: add comment on flow handling 4 years ago
Eric Leblond c1bffa9545 stream: increase memcap on memory errors 4 years ago
Eric Leblond 0e70958e67 util/streaming: improve error handling 
It differentiates memory error than regular ones.
 4 years ago
Eric Leblond cce7e4f4cb flow: fix a debug assert 
As the FlowBypassedTimeout function is interacting with the capture
method it is possible that the return changes between the call that
did trigger the timeout and the actual state (ie if packets arrive
in between the two calls). So we should not use the call to
FlowBypassedTimeout in the assert.
 4 years ago
Eric Leblond 9c89bc80d0 flow: document FlowBypassedTimeout 
Main point is to document it is interacting with the capture
layer.
 4 years ago
Eric Leblond 9a4ef6b8fc flow: more accurate flow counters 
Don't increment the flow timeout counter for flows that are not
really timeout (as use_cnt is non zero). And also don't take into
account bypassed flows in the counter for flow timeout in use.
 4 years ago
Victor Julien c51042e093 flow/worker: handle timeout edge case 
In the flow worker timeout path it is assumed that we can hand off
flows to the recycler after processing, implying that `Flow::use_cnt` is 0.
However, there was a case where this assumption was incorrect.

When during flow timeout handling the last processed data would trigger a
protocol upgrade, two additional pseudo packets would be created that were
then pushed all the way through the engine packet paths. This would mean
they both took a flow reference and would hold that until after the flow
was handed off to the recycler. Thread safety implementation would make
sure this didn't lead to crashes.

This patch handles this case returning these packets to the pool from
the timeout handling.
 4 years ago
Victor Julien c5556b5dd9 flow/worker: set proper end flag 4 years ago
Victor Julien 61f6fe037d flow/manager: set proper end flag 4 years ago
Philippe Antoine bbbb816ed6 detect: debug validation for list ids overflows 4 years ago
Victor Julien 86681c9d7c detect: move init only array to init data 4 years ago
Victor Julien 22dfcc928c detect/analyzer: use rule style pretty print for patterns 4 years ago
Victor Julien 5703aec44e detect/content: generalize pattern pretty printing 4 years ago
Victor Julien e7a74348d7 detect/profile: add support for tx inspection 
Add 'inspect_type' "packet" and "tx" for the two record types. Add more metadata
when available.
 4 years ago
Victor Julien a2e37522bb detect/analyze: dump patterns facility 
Dump all patterns to `patterns.json`, with the pattern, a total count (`cnt`),
count of how many times this pattern is the mpm (`mpm`) and some of the flags.

Patterns are listed per buffer. So payload, http_uri, etc.
 4 years ago
Victor Julien 84872ecc54 detect/content: add some more dsize tests 4 years ago
Victor Julien af104dd223 detect/dsize: set depth flag when applying dsize as depth 4 years ago
Victor Julien 36d3c3cb8e detect/analyzer: count mpm with depth, endswith 4 years ago
Victor Julien de4addbc48 detect/analyzer: show payload separately in group dumping 4 years ago
Victor Julien ef89643107 detect/analyzer: add icmp to rule group output 4 years ago
Victor Julien f49c181ceb detect/analyzer: display per rule prefilter details 4 years ago
Victor Julien 16ea200846 detect/analyzer: count prefilter per rule group 4 years ago
Victor Julien 1c5842df12 detect/analyzer: add per rule mpm block to rules.json 4 years ago
Victor Julien 3660b8f829 detect/analyzer: support buffer names in sgh dump 4 years ago
Victor Julien 0ee7159d1d flow: determine packet direction once per packet 4 years ago
Victor Julien 4c7eb64411 decode: convert 'action' macros to inline funcs 
Make sure most common branch is handled first to assist branch
prediction.

Macros still play a small role to please our 'action' cocci check.
 4 years ago
Victor Julien 2d1580233e detect/mpm: turn factory array into list 4 years ago
Victor Julien b48ccb8d1f detect/stream: don't run mpm on packet if stream is available 4 years ago
myr463 755124763d doc: escape dot in pcre 4 years ago
Michael Smith a64783b3e2 unix-socket: Avoid spurious logs on close 
Avoid spurious logs when suricatasc closes connection.

Use SCLogDebug for control connection EOF, and SCLogError for an error.

As Chandan Chowdhury described in redmine 3685. This makes the logging
consistent with the older `if (client->version <= UNIX_PROTO_V1)` block
about 20 lines above, and avoids polluting the logs with
`Unix socket: lost connection with client`.
 4 years ago
Philippe Antoine 3e81d20a71 ci: rebase specified s-v pr 
So that CI does not fail, if suricata PR got upgraded in a new
version, but S-V PR did not get upgraded, and S-V changed
in master
 4 years ago
Philippe Antoine 44bd3169eb dnp3: regenerate object decoding code 
Ticket: #4558
So as to avoid intra-structure overflow
 4 years ago
Philippe Antoine 126a7dcb4f dnp3: adds bounds check for prefix chararray 
Ticket: #4558
Avoids intra structure overflow
 4 years ago
Philippe Antoine 5ec9688f03 dnp3: use base64 macro in gen script 
As is done already in C
cf commit ea0936199d
 4 years ago
Victor Julien 9551cd0535 threading: don't pass locked flow between threads 
Previously the flow manager would share evicted flows with the workers
while keeping the flows mutex locked. This reduced the number of unlock/
lock cycles while there was guaranteed to be no contention.

This turns out to be undefined behavior. A lock is supposed to be locked
and unlocked from the same thread. It appears that FreeBSD is stricter on
this than Linux.

This patch addresses the issue by unlocking before handing a flow off
to another thread, and locking again from the new thread.

Issue was reported and largely analyzed by Bill Meeks.

Bug: #4478
 4 years ago
Jason Ish cf21694ba6 rust(lint): suppress clippy lints that we should fix 
Suppress all remaining clippy lints that we trip. This can be
fixed on a per-lint basis.
 4 years ago
Jason Ish 91402f9fba rust(lint): remove manual implement of map method 
Using `if let` expressions in these cases is better expressed
by the map method, and considered idiomatic Rust for this usage.
 4 years ago
Jason Ish b021726a0d rust(lint): map the error instead of using or_else 
This is the preffered style and easier to understand the meaning
of the code.
 4 years ago
Jason Ish dcf57ecd96 rust(lint): replace push_str of single char to push(<char>) 4 years ago
Jason Ish d5c0962299 rust(lint): fix some usages of references 
- ref is discouraged for top level variables
- the other borrow is not required
 4 years ago
Jason Ish d0772e04b1 rust(lint): replace checked_mul with saturating_mul 
When defaulting checked_mul to u64::max, Rust has a method
that does the same thing called saturating_mul.
 4 years ago
Jason Ish d0be7541e9 rust(lint): removed unused unit () return 
This is code that is not needed and is a bit confusing to see.
 4 years ago
Jason Ish 4abbfd0d97 rust(lint): remove extra parens around bitwise or 
This is a readability fix, as on first look they almost look
like a Rust tuple.
 4 years ago
Jason Ish ac3a20b6e0 rust(lint): remove useless conversions and clones 
These add complexity and may not be optimized out by the compiler.
 4 years ago
Jason Ish 8bb6dab69d rust(lint): remove useless format calls 
In these simple cases to_string() is recommended and likely
performs better as the formatter is not called.
 4 years ago
Jason Ish 5bf5de3350 rust(lint): don't use unwrap_or for function calls 
Calling a function in unwrap_or causes that function to always
be called even when not needed. Instead use unwrap_or_else with
a closure which will only be called when needed.
 4 years ago
Jason Ish 602bb05e75 rust(lint): fix redundant closures 
This lint checks for a closure where a function can be directly
supplied.  Runtime performance is unchanged, but this makes
less work for the compiler.
 4 years ago