aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,706 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aee7838ce1'
${ noResults }
Commit Graph

14706 Commits (aee7838ce15c1368310686d43455f0d594134244)
 

Author SHA1 Message Date
Shivani Bhardwaj aee7838ce1 ftp: separate truncated line markers 
So far, we store one variable in state to hold whether we want to
discard a long line till LF irrespective of direction. This means that a
long command to the client followed by a regular command w LF can be
considered as one long line which is incorrect.

Bug 6054
 2 years ago
Jason Ish 03442a36ef windows: add -lntdll to Windows builds 
Rust 1.70 has introduced some possible issues between LLVM and gcc
causing link errors that are fixed by explicitly adding -lntdll.

Thanks to https://github.com/extendr/rextendr/pull/285 for the fix.
 2 years ago
Victor Julien de2c836363 streaming/buffer: handle and document slide errors 
Slide error may happen if the region we're sliding starts to overlap
with the next region. If we can't temporary grow the current region
to merge with the next region, keep the regions separate.
 2 years ago
Victor Julien 9e0017a073 streaming/buffer: minor debug fixup 2 years ago
Victor Julien f06a0ee836 streaming/buffer: fix buf_offset getting out of sync 
During consolidation of regions, buf_offset could get out of sync if
the region was grown on the left side.

To fix, reset it and let "sbb slide" logic correct it.

Bug: #6117.
 2 years ago
Victor Julien e69583da54 streaming/buffer: fix sliding region into next 
When sliding a region it could start to overlap with the next region.
This case wasn't handled, causing validation checks to trigger.

This patch adds support for this, where largest region will be expanded
to fit both region and both regions will be consolidated into it.

Bug: #6066.
 2 years ago
Victor Julien 1dcfc174b0 streaming/buffer: move util code for reusability 2 years ago
Philippe Antoine 0ec0d8de67 output/rfb: remove unused function parameters 2 years ago
Philippe Antoine 24c2702a05 output/mqtt: remove unused function parameters 2 years ago
Philippe Antoine 09d364b32f output/krb5: remove unused function parameters 2 years ago
Philippe Antoine 210ca32905 output/ftp: remove unused function parameters 2 years ago
Philippe Antoine 0fb75f081f output/dns: remove unused function parameters 2 years ago
Philippe Antoine 9afb16b134 output/smtp: remove unused function parameters 2 years ago
Philippe Antoine 82803d1b0e http: complete multipart data on open 
Take as much as we can when opening, by making sure that the
boundary is not present
 2 years ago
Lancer Cheng abc76e27de smb: fix data padding logic in writeAndX parser 
Bug: #6008
 2 years ago
Lancer Cheng 000eb91078 smb: fix wrong data offset when wct = 12 
Bug: #6008
 2 years ago
Philippe Antoine 7e725c650d flow: optionally use livedev for hash 
So that in a setup with different interfaces capturing different
networks, flows do not get mixed up

Ticket: #5270
 2 years ago
Philippe Antoine cc305da476 flow: make FlowGetExistingFlowFromHash static 
For easier reasoning about the code
 2 years ago
Philippe Antoine 92884b9f43 device: limit device id to uint16_t 
Meaning that we support 65535 live devices at the most
 2 years ago
Jeff Lucovsky a4ade056cc general/typo: Correct misc. typos 2 years ago
Jeff Lucovsky 0ff403fb60 decode/vlan: Remove unused macros/functions 
This commit removes unused functions and macros related to fetching VLAN
values.
 2 years ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 2 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 2 years ago
Philippe Antoine 6350736882 http2: avoid quadratic complexity in headers 
When adding an element to the dynamic headers table, the oldest
ones may get evicted. When multiple elements get evicted, they
should get evicted all at once with drain, instead of one by one
as there will be a massive move each time.

Ticket: #6103
 2 years ago
Philippe Antoine f346b3fc30 debug: fix list-x command line options with debug 
Debug validation checks that engine is either IPS or IDS.
But listing keywords does not care.
So, setting ids mode

Ticket: #6089
 2 years ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs 
Ticket: #6099
 2 years ago
Lukas Sismis c4b0c2888d dpdk: add support for DPDK Bond PMD 
Ticket: #6099
 2 years ago
Lukas Sismis fee79ff3c4 dpdk: add linker flag for DPDK Bond library 
Header checking (AC_CHECK_HEADER) did not work as
DPDK 19.11 included rte_eth_bond.h file even if net/bonding
driver was disabled. However, it was still not available in
ldconfig configuration. For this reason Bond PMD is checked with
ldconfig tool.
However when installing the DPDK library manually, the user needs to
update the entries in ldconfig to be able to find the Bond PMD.

Ticket: #6099
 2 years ago
Lukas Sismis bb2760d221 dpdk: add device name querying function 2 years ago
Lukas Sismis 2feece601a dpdk: add debug dump of RX offload capabilities 2 years ago
Lukas Sismis 540df3befe dpdk: separate i40e prestop actions from DPKD 19.11 
In DPDK 19.11 Suricata does not setup RSS on i40e driver
with rte_flow. As a result, it should not be deinitializing
RSS configuration with rte_flow as well.
 2 years ago
Lukas Sismis a9b2f79070 dpdk: refactor i40e RSS hash function 
Setting rss_conf->rss_key to NULL and rss_key_len
to zero avoids warnings about register changes
when setting up RSS configuration through RTE flows.
 2 years ago
Lukas Sismis adb427a15c dpdk: minor refactoring in error handling and variable declaration 2 years ago
Victor Julien 6154bab49f flow/worker: minor refactor for app-layer callsite 2 years ago
Victor Julien 8a535a0b89 detect: remove flow drop unittest 
Test broke after recent changes. Functionality is tested in
suricata-verify, so just remove the test.
 2 years ago
Victor Julien 95bf7248e8 detect: add check to validate drops 2 years ago
Victor Julien 418cc1fe94 detect: fix stateful drops for rate_filter 2 years ago
Victor Julien 2a95154712 flow/timeout: no pseudo packets for dropped flows 
When a flow is in the drop flow state, don't use pseudo packets
when it is timing out. There should be no work left to do at this
point.
 2 years ago
Victor Julien d91a1e8bc6 stream: simplify drop handling 
Remove logic to apply flow drop, as this is now handled in the
flow engine.

However, keep the logic that frees/cleans the session state.
 2 years ago
Victor Julien 77f49661fd app-layer: don't update UDP applayer for dropped packets 2 years ago
Victor Julien 85ddba63f6 detect: update/document drop flow logic 
Now that flow drop is applied to packets before other processing,
no drop has to be issued on a packet.
 2 years ago
Victor Julien 71a033ac62 flow: apply flow to packet on flow lookup 
Issue drop to packet as early as possible.
 2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject 
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
 2 years ago
Jason Ish f8c54bc7a4 github-ci: add workflow_dispatch 
A workflow dispatch allows us to manually a trigger a workflow with
arguments. This dispatch allows us to use the "gh" cli command to
trigger a workflow run with our libhtp/su/sv branch and repo variables
set. For example:

  gh run builds.yml -f SV_REPO=jasonish/suricata-verify -f SV_BRANCH=pr/10
 2 years ago
Victor Julien 5b160d274c flow: spare pool return optimization 
In case small blocks of flows are returned, try to merge
them with existing small list head. Add full block as second
in the list as with the rest of the code.
 2 years ago
Victor Julien afbd4162f2 flow/worker: don't double count flow.wrk.flows_evicted 
Since the queue isn't fully processed every run, double counting
could happen.

Fix by only counting actually processed flows from the queue.
 2 years ago
Victor Julien 73e665f42a flow/worker: batch return flows to spare pool 2 years ago
Victor Julien 91c59ce8f9 flow/manager: minor code cleanup 2 years ago
Victor Julien 1f3b35d048 flow/recycler: batch returns to spare pool 
To reduce locking overhead in the spare pool, batch returns per
100 (spare pool block size).
 2 years ago
Victor Julien 3803cbd0e5 flow/recycler: stats micro optimization 
Don't update stat from loop as it's not read until after the loop.
 2 years ago