aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,939 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b48049c51c'
${ noResults }
Commit Graph

100 Commits (b48049c51c2d99c4679e2c44f82e4530b8145367)

Author SHA1 Message Date
Jeff Lucovsky d3a65fe156 detect: Provide `de_ctx` to free functions 
This commit makes sure that the `DetectEngineCtx *` is available
to each detector's "free" function.
 5 years ago
Victor Julien cb4b5296da fuzz: include pcap headers through suricata-common.h 5 years ago
Victor Julien 967340e901 fuzz: fix applayer eof check segv 5 years ago
Philippe Antoine 4fda7ed4bd fuzz: stop app layer target as Suricata 
Before being overwhelmed by successive errors
 5 years ago
Victor Julien dfdf2eb050 fuzz: add missing debug validation to configure 5 years ago
Victor Julien c76f98073e fuzz: add configure wrapper for oss-fuzz 5 years ago
Victor Julien f6bf86f136 fuzz/sigpcap: enable all of eve 5 years ago
Victor Julien 5404dc7f6d fuzz/siginit: cleanup detect engine every 1024 runs 5 years ago
Victor Julien 794d9eeb83 fuzz: remove UNITTEST dependency 
Expose UTH flow builder to new 'FUZZ' define as well. Move UTHbufferToFile
as well and rename it to a more generic 'TestHelperBufferToFile'.

This way UNITTESTS can be disabled. This leads to smaller code size
and more realistic testing as in some parts of the code things
behave slightly differently when UNITTESTS are enabled.
 5 years ago
Victor Julien 960c52d7ff fuzz/sigpcap: initialize empty packet pool 
Fixes runs with --enable-debug-validation. The target did not init a
packet pool, so for a tunnel packet would try to get a packet from
an uninitialized pool. In non-debug mode, this silently works by
falling back to a packet from alloc.

    (gdb) bt
    #0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51
    #1  0x00007ffff35a6801 in __GI_abort () at abort.c:79
    #2  0x00007ffff359639a in __assert_fail_base (fmt=0x7ffff371d7d8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=assertion@entry=0x555557fe7260 "!(pool->initialized == 0)",
        file=file@entry=0x555557fe7220 "tmqh-packetpool.c", line=line@entry=253, function=function@entry=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:92
    #3  0x00007ffff3596412 in __GI___assert_fail (assertion=0x555557fe7260 "!(pool->initialized == 0)", file=0x555557fe7220 "tmqh-packetpool.c", line=253,
        function=0x555557fe7500 <__PRETTY_FUNCTION__.21181> "PacketPoolGetPacket") at assert.c:101
    #4  0x00005555577e24be in PacketPoolGetPacket () at tmqh-packetpool.c:253
    #5  0x0000555556914ecd in PacketGetFromQueueOrAlloc () at decode.c:183
    #6  0x00005555569161e1 in PacketTunnelPktSetup (tv=0x555559863980 <tv>, dtv=0x614000068e40, parent=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=72, proto=DECODE_TUNNEL_IPV4) at decode.c:286
    #7  0x00005555569de694 in DecodeIPv4inIPv6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", plen=72) at decode-ipv6.c:59
    #8  0x00005555569e60b5 in DecodeIPV6ExtHdrs (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc470 "LL", len=112) at decode-ipv6.c:522
    #9  0x00005555569e846f in DecodeIPV6 (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-ipv6.c:641
    #10 0x0000555556a032f9 in DecodeRaw (tv=0x555559863980 <tv>, dtv=0x614000068e40, p=0x61e0000fc080, pkt=0x61e0000fc420 "cLL", len=255) at decode-raw.c:70
    #11 0x0000555557659ba8 in DecodePcapFile (tv=0x555559863980 <tv>, p=0x61e0000fc080, data=0x614000068e40) at source-pcap-file.c:412
    #12 0x0000555556573401 in LLVMFuzzerTestOneInput (data=0x613000000047 "\241\262\315\064", size=339) at tests/fuzz/fuzz_sigpcap.c:158
    #13 0x0000555557a4dc66 in main (argc=2, argv=0x7fffffffdfa8) at tests/fuzz/onefile.c:51

That line:

    BUG_ON(pool->initialized == 0);
 5 years ago
Philippe Antoine 240df05af5 fuzz: limit input size for protocol detection consistency check 5 years ago
Jeff Lucovsky 0ae6b0b250 tests/bsize: Fuzzing test case added 
This commit adds a test case to validate the issue found during fuzz
testing.
 5 years ago
Victor Julien 1e71eecf47 fuzz/siginit: fix leak in case of bidir sig 5 years ago
Victor Julien 5430141f7a fuzz/siginit: minor improvements 
Enable detect engine 'quiet' mode to generate less output.

Set a fake filename so that datarep doesn't hit a reachable assert.
 5 years ago
Victor Julien 8cbae1371f fuzz/sigpcap: fix FPs due to missing pkt cleanup 5 years ago
Shivani Bhardwaj c4c734541a Use appropriate ByteExtractString* functions 5 years ago
Philippe Antoine 440bb4d600 fuzz: remove decodeder fuzz target 
As we removed decodeder function
 5 years ago
Philippe Antoine f51d7d8947 fuzz: check tcp splitting evasions in protocol detection 5 years ago
Philippe Antoine 9eddaa038e fuzz: enable AFLFUZZ_PERSISTANT_MODE for libfuzzer targets 5 years ago
Philippe Antoine ac35118ebe fuzz: use env variable to restrict app layer 5 years ago
Philippe Antoine 600b0d7c55 fuzz: adds eight fuzz targets 
And ways to compile them with enable-fuzztargets at configure time
Adds utility function in util-unittest-helper
 5 years ago
Philippe Antoine 1cd314c500 detect: adds icmpv6.mtu keyword 5 years ago
Philippe Antoine 8396333493 detect: adds icmpv6.hdr keyword 5 years ago
Victor Julien f8aed4ce2d threading: change local packet queue logic 
Previously each 'TmSlot' had it's own packet queue that was passed
to the registered SlotFunc as an argument. This was used mostly for
tunnel packets by the decoders and by defrag.

This patch removes that in favor of a single queue in the ThreadVars:
decode_pq. This is the non-locked version of the queue as this is
only a temporary store for handling packets within a thread.

This patch removes the PacketQueue pointer argument from the API.
The new queue can be accessed directly through the ThreadVars
pointer.
 5 years ago
Victor Julien 44d7f636f2 threading: remove post_pq argument from 'SlotFunc' 
This was not in use anywhere.
 5 years ago
Victor Julien dbbdfedb98 lzma: make mandatory 
Libhtp is starting to use it as well, so its safe to make it mandatory
here.

Remove guards for flash file decompression code.
 6 years ago
Philippe Antoine 8d4cbb3f7b http: fixes stream flags for http tests 6 years ago
Philippe Antoine c775a4af43 signature: fixes leak with duplicate signatures 6 years ago
Victor Julien 24f0092b72 detect: add ipv6.hdr sticky buffer 
Inspects IPv6 header and extension headers.
 6 years ago
Victor Julien 4ac327f5b5 detect/ipv4: add ipv4.hdr sticky buffer 6 years ago
Victor Julien ac694b089a detect: add udp.hdr sticky buffer 6 years ago
Victor Julien 35be8385eb detect: tcp.hdr sticky buffer 
Sticky buffer to inspect the TCP header.
 6 years ago
Victor Julien 66648df099 detect: add tcp.mss keyword 
Allows matching on TCP option MSS.

Syntax:

    tcp.mss:<value>;
    tcp.mss:<value1>-<value2>;
    tcp.mss:<op><value>;

Operator can be: >, <.
 6 years ago
Philippe Antoine a3e38861b9 http: adds unit tests for HTPParseContentRange 6 years ago
Pierre Chifflier 8c61cfdca5 snmp.version: move unittests to tests/ 6 years ago
Pierre Chifflier 58d85b1460 snmp.pdu_type: move unittests to tests/ 6 years ago
Pierre Chifflier ff0ff6344f snmp.community: move unittests to tests/ 6 years ago
Mats Klepsland f634da61c9 ja3s-string: move unittests to tests/ 6 years ago
Mats Klepsland 736d35f36e ja3s-hash: move unittests to tests/ 6 years ago
Mats Klepsland a4471987ba app-layer-ssl: generate JA3S fingerprints 
Generate JA3S fingerprints based on fields in the ServerHello record.
 6 years ago
Mats Klepsland 3c57ac144c detect-ssl-version: move unittests to tests/ 6 years ago
Mats Klepsland 238797cc66 detect-ssl-state: move unittests to tests/ 6 years ago
Mats Klepsland 479e73b98e detect-tls-version: move unittests to tests/ 6 years ago
Mats Klepsland 767bde5e74 detect-tls-cert-validity: move unittests to tests/ 6 years ago
Mats Klepsland a260a57b68 detect-tls-sni: move unittests to tests/ 6 years ago
Mats Klepsland adb4da3975 detect-tls-ja3-string: move unittests to tests/ 6 years ago
Mats Klepsland 74a7b7e3cf detect-tls-ja3-hash: move unittests to tests/ 6 years ago
Mats Klepsland 5d3b94b3e4 detect-tls-cert-subject: move unittests to tests/ 6 years ago
Mats Klepsland 0d728ee4c6 detect-tls-cert-serial: move unittests to tests/ 6 years ago
Mats Klepsland e125e58c97 detect-tls-cert-issuer: move unittests to tests/ 6 years ago