aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,506 Commits
7 Branches
161 Tags
176 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b32abea06b'
${ noResults }
Commit Graph

4506 Commits (b32abea06b70b4774f5127f4be2118a409318fe1)
 

Author SHA1 Message Date
Victor Julien b32abea06b flow/stream: use named values in flow timeout code 12 years ago
Victor Julien 8522da8ea5 stream: add option to disable raw reassembly 
Raw reassembly is used only by the detection engine. For users only
caring about logging it's a significant overhead, both in cpu and
memory usage.

The option is called 'raw' and lives under the stream.reassembly
options.

stream:
  memcap: 32mb
  checksum-validation: yes      # reject wrong csums
  inline: auto                  # auto will use inline mode in IPS mode, yes or no set it statically
  reassembly:
    memcap: 64mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560
    randomize-chunk-size: yes
    #randomize-chunk-range: 10
    raw: false # <- new option
 12 years ago
Eric Leblond 47b5fc0934 erf-dag: fix typo in header guard 
Spotted out by clang:
 source-erf-dag.h|25 col 9| warning: '__SOURCE_ERR_DAG_H__'
 is used as a header guard here, followed by #define of a different macro
 [-Wheader-guard]
 12 years ago
Eric Leblond 105182f582 yaml: remove no more present files 
emerging-virus.rules is not present anymore in ET ruleset downloaded
by 'make install-rules'. This patch removes it from the list to avoid
an error message.
 12 years ago
Eric Leblond f9f1a666f0 dns: rules files was not installed 
Installed dns-events.rules files in rules directory with install-rules.
 12 years ago
Eric Leblond a8fde0112e prscript: add support for pcap build 
Now also start a pcap test build.
 12 years ago
Jason Ish eaff01a57f Use the stack for temporary memory buffers. 12 years ago
Jason Ish ab7091927e When setting final configuration nodes, set the whole tree as final. 
Prevents benign log message of parent nodes of final values being
redefined (which ends up having no affect as the final nodes
are protected from being removed).
 12 years ago
Eric Leblond 729540673e htp: display info about randomization 
When randomizatin is used display a message about actual values.
 12 years ago
Eric Leblond ff784075a2 htp: randomization of htp inspection sizes 
This is an implementation of #940. It randomize libhtp request
and response size if the same way this has been done for stream
inspection.
 12 years ago
Victor Julien 81ee6f5aad lua: push correct length back through ScFlowvarGet, work around valgrind warning 12 years ago
Victor Julien 86b299d06c lua: clear stack after each script run 12 years ago
Victor Julien ae69a4a024 luajit: pass calling rule's sid,gid,rev to script as SCRuleSid, SCRuleGid, SCRuleRev. 12 years ago
Eric Leblond f76448c1e6 decode: fix failure in layered tunnel 
If we have multiple layer of tunnel, the decoding of initial
Packet will recurse in DecodeTunnel function called in
PacketTunnelPktSetup. If we are not setting the pseudo
packet root before calling DecodeTunnel (as done in previous
code), then the tunnel root will no be correct for the lower
layer packets. This result in an counter problem and a suricata
failure after some time.
 12 years ago
Jason Ish e9a4871077 Fix alignment in usage. 12 years ago
Giuseppe Longo ae9393987e Adds a defrag configuration example in suricata.yaml 12 years ago
Victor Julien 0a24ac0855 Fix Conf api usage after rebase 12 years ago
Jason Ish 8d29dfca59 Instead of exiting on memory failure, log a warning then return NULL 
to signify an error to the caller.
 12 years ago
Jason Ish 5f6705c4dc Better document ConfSet and ConfSetFinal. 12 years ago
Jason Ish b033acfb0c Subsequent configuration keys now override previous ones 
instead of merging.

The exception is final values, for example, values like
default-log-dir that may be set on the command line.
 12 years ago
Jason Ish c981a16579 Function to prune all non-final nodes from a configuration node. 12 years ago
Jason Ish b8e13d4bd6 More concise API for setting config values that 
can be overrided or not (final values).
 12 years ago
Jason Ish 0820ac9355 Cleanup ConfSet, ConfGet, make more concise. 
Removes ifdef's for readability by using strchr instead
of strtok.
 12 years ago
Victor Julien 6cd6caf3ea tls: allow matching for @ symbol in tls.subject 
Also in tls.issuerdn keyword.

Original patch by Chris Wakelin.

Fixes #1042.
 12 years ago
Anoop Saldanha 6ea8ac44ff FTP parser updated to not use the archaic App layer feature of AppLayerParserResultElmt. 
The parser otherwise remains pretty much the same.
 12 years ago
Anoop Saldanha 80c08f8642 Updated the ftp response handler to return without doing anything. 
Currently the processing happening inside the handler is not being used
anywhere else in the engine.
 12 years ago
Anoop Saldanha 8523cbadcf Restructured flow_proto mapping enums. 
Moved FLOW_PROTO_DEFAULT down the enum list.
 12 years ago
Anoop Saldanha a49cbf8a49 Code cleanup. 
Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context.

Also use MpmInitCtx() to init the mpm context.
 12 years ago
Anoop Saldanha 9c0456ebbe Removed unused function MpmMatcherGetMaxPatternLength. 12 years ago
Victor Julien cc61a190ce Reduce allocs in boyer moore prepare phase 12 years ago
Victor Julien 8344854a1f Don't alloc for hash lookup in SCClassConfGetClasstype 12 years ago
Victor Julien f04618c7ad Don't malloc temp var in SCRuleVarsGetConfVar 12 years ago
Victor Julien 941d5a1081 Don't use strdup in ip-only address parsing 12 years ago
Victor Julien a7a77e32ca Convert classtype keyword to pcre_copy_substring 12 years ago
Victor Julien 4dd605ae3b Convert reference keyword to pcre_copy_substring 12 years ago
Victor Julien 3f8947ff3d app layer: set event if proto detect disabled for a stream, but we see data anyway. 12 years ago
Victor Julien 7074ca373b proto detection: add limit for one sided sessions 
If a session only has data in one direction, like ftp data sessions,
protocol detection will only run in one direction. This led to a
situation where reassembly would hold all the segments as proto
detection was never flagged as complete.

This patch introduces a limit for protocol detection in this case.
If the limit is reached, detection will give up.
 12 years ago
Victor Julien abccbe13f3 stream: add size debug code 12 years ago
Victor Julien daedb6c557 stream: wait for protocol detection to complete 
Wait for protocol detection to complete before removing segments
from the list.
 12 years ago
Eric Leblond 0460b194b1 decode: clean DecodeThreadVars counter 
Speed counters are not compute anymore and can be removed from the
structure definition.
 12 years ago
Eric Leblond 1bdc39fe9b cmdline: add -k to specify checksum validation 
This patch adds a '-k' option to suricata to be able to specify
the checksum validation to use. If '-k all' is used, checksum
validation is forced. If '-k none' is used, no checksum validation
is made.

Message output in case of detection of a pcap file with a probable
cheksum issue has been updated to indicate that '-k' is a solution.
 12 years ago
Eric Leblond 8b5be26f49 pcap-file: add checksum-checks configuration variable 
This patch adds support for checksum-checks in the pcap-file running
mode. This is the same functionnality as the one already existing for
live interface.

It can be setup in the YAML:
  pcap-file:
    checksum-checks: auto

A message is displayed for small pcap to warn that invalid checksum
rate is big on the pcap file and that checksum-check could
be set to no.
 12 years ago
Eric Leblond b2c58b8d14 Set packet invalid flag during decoding. 
This patch set a new value in pkt->flag to signal that a packet is
invalid during decoding. The patch has been obtained via a coccinelle
transformation.
 12 years ago
Eric Leblond 3088b6ac34 Add invalid pkt counter. 
This patch adds and increments a invalid packet counter. It
does this by introducing PacketDecodeFinalize function

This function is incrementing the invalid counter and is also
signalling the packet to CUDA.
 12 years ago
Victor Julien 92568c3857 Fix parsing of 'custom' detect grouping values 
Also, add error checking

Bug 892
 12 years ago
Victor Julien ffe4a302a1 vars: optimize layout to reduce size requirements of flowbits and other vars 12 years ago
Victor Julien 3e604b8703 pcre: parsing cleanup 
Remove all flags indicating the buffer type. They were only used
at parse time.

Because of this the DetectPcreData_ structure could shrink to 32
bytes.
 12 years ago
Victor Julien ab22385083 stream: minor clean up of TcpSession structure 12 years ago
Victor Julien 866b3a1c5d content: reorder DetectContentData member, shrinking the struct from 64 to 48 bytes. 12 years ago
Victor Julien 277fb61c1d defrag: clean up 
Rename PacketDefragPktFinishSetup to PacketDefragPktSetupParent to
better refect it's function.
 12 years ago