aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,973 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'beb45c564e'
${ noResults }
Commit Graph

10973 Commits (beb45c564ec3ed8891189c15ec93195b3e3d87d8)
 

Author SHA1 Message Date
Jeff Lucovsky c92975e22b mime: Test cases for filename length limit 5 years ago
Jeff Lucovsky 9a33b5d5de smtp/mime: Fix typos 5 years ago
Jeff Lucovsky 130b8d26e7 smtp/mime: Set event when name exceeds limit 5 years ago
Jeff Lucovsky d0d20bd874 smtp/mime: Restrict file name lengths 
This commit places restrictions on the length of the file name specified
in attachments (`name=` or `filename=`) to `NAME_MAX`. Names exceeding
these limits will be truncated and processing will continue with the
truncated name.
 5 years ago
Victor Julien 072c421e46 pcap/file: improve time handling 
This patch addresses two problems.

First, various parts of the engine, but most notably the flow manager (FM),
use a minimum of the time notion of the packet threads. This did not
however, take into account the scenario where one or more of these
threads would be inactive for prolonged times. This could lead to the
time used by the FM could get stale.

This is addressed by keeping track of the last time the per thread packet
timestamp was updated, and only considering it for the 'minimum' when it
is reasonably current.

Second, there was a minor race condition at start up, where the FM would
already inspect the hash table(s) while the packet threads weren't active
yet. Since FM gets the time from the packet threads, it would use a bogus
time of 0.

This is addressed by adding a wait loop to the start of the FM that waits
for 'time' to get ready.
 5 years ago
Victor Julien 4977daec32 threads/time: rename ts to pktts to make purpose clear 5 years ago
Victor Julien ae4137937e pcap/file: fix race during pcap processing start 
A race condition during the start of pcap file processing could cause
missed alerts and logged events. This race happens between the packet
threads and the flow manager. It was observed on slower hardware, but in
theory could happen on any machine. It required the 'autofp' runmode.

In commit 6f560144c1 ("time: improve offline time handling") the logic
was added to make the flow manager use a minimum of all the packet threads
perception of time.

The race condition was that the flow manager may become active _before_
all of the packet threads have started processing packets and thus setting
their timestamp. The threads that had not yet initialized their timestamp
would not be considered when calculating the minimum.

As a result of this, older packets timestamps would not yet be registered.
This would give the Flow Manager a timestamp too far in the future. While
the FM was running, the packet processing would start and a flow would
be created. This flow would then immediately be considered 'timed out' by
the FM, due to the timestamp too far in the future.

In the observed case, the thread processing packet 1 from the pcap had not
yet started processing while other threads had already started. The FM was
also already active. Due to the timestamps in the pcap this meant that the
time the FM used was about 500 seconds in the future compared to packet 1.

This patch fixes the issue by initializing all of the threads timestamps
with the timestamp value of the first packet. This way the minimum will
always consider this timestamp.
 5 years ago
Victor Julien 1b1855c3bd time: remove unused time structure 5 years ago
Victor Julien 13b4ece11d time: minor code cleanup 5 years ago
Victor Julien 6176338d0b time: fix function name typo 5 years ago
Victor Julien 227e2812f6 pcap/file: fix function ptr naming 5 years ago
Victor Julien 95e7246b75 rust: bump minimum supported version to 1.34.2 5 years ago
Victor Julien 74305c0486 rust/nfs: minor code cleanups 5 years ago
Victor Julien 576e92983e rust/rpc: add partial data tests 5 years ago
Pierre Chifflier 442500678b rust: use the streaming version of combinators to fix incomplete reads 5 years ago
Pierre Chifflier df9a4fd635 rust/rdp: use the streaming version of combinators to fix incomplete reads 5 years ago
Pierre Chifflier 2561da89c0 rust/rdp: fix regression introduced during nom 5 upgrade 5 years ago
Pierre Chifflier f3ddd7127c rust: Add types annotation when required 
Unfortunately, the transition to nom 5 (and functions instead of macros)
has side-effects, one of them being requiring lots of types annotations
when using a parsing, for ex in a match instruction.
 5 years ago
Pierre Chifflier 62e31396ae rust/ftp: upgrade to nom 5 
CompleteByteSlice type has been removed, and replaced by combinators
under the nom::character::complete namespace.
 5 years ago
Pierre Chifflier 1a505ccd11 rust/rdp: add custom error handling 5 years ago
Pierre Chifflier d1bf34a427 rust/smb: add custom error handling 5 years ago
Pierre Chifflier 1ab8c5763c rust: add SecBlobError custom error type for the Kerberos parser 5 years ago
Pierre Chifflier 030c9a3d86 rust: add take_until_and_consume replacement function 5 years ago
Pierre Chifflier 8664a55ee7 rust/dns: remove unneeded calls to closure! 5 years ago
Pierre Chifflier 5b809f77f1 rust: upgrade all parsers to nom 5 5 years ago
Jason Ish a2d91d9bf5 log-pcap: fix log message: unified2 -> pcap 
Likely a result of copy and pasted code.
 5 years ago
Jason Ish 13635dba57 unified2: not supported message if configured 5 years ago
Jason Ish d86973b386 unified2: remove deprecated output unified2 
Ticket 2385:
https://redmine.openinfosecfoundation.org/issues/2385
 5 years ago
Jason Ish bfe3c0105d wirefuzz: removed unified2 file removal 5 years ago
Jason Ish d3f6a95b56 doc: removed unified2 output 5 years ago
Jeff Lucovsky e73aec150b pcre: Sticky buffer check 
This commit adds logic checking if the sticky buffer in effect provides
the required content.

If the sticky buffer doesn't, the rule will not load and a diagnostic
message with follow-on steps is displayed.
 5 years ago
Jeff Lucovsky 8279bab8dc general: Wordsmith "no rules loaded" message 5 years ago
William Stearns 7e47fc58af rules: fix files.rules typo 5 years ago
Sascha Steinbiss efaa1755c6 snmp-version: make comment more clear 5 years ago
Sascha Steinbiss f02a18e557 snmp: do not set SIGMATCH_NOOPT 5 years ago
Jeff Lucovsky 6d94b096a9 spelling: Fix spelling error 5 years ago
Jeff Lucovsky 6c3503932f detect/ssl_state: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
 5 years ago
Jeff Lucovsky 9fe51a8bd2 detect/flowvar: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
 5 years ago
Jeff Lucovsky c2071e1c4e detect/filestore: Fix memory leaks from pcre_get_substring 
This commit replaces usages of pcre_get_substring with
pcre_copy_substring to avoid leaking memory on error conditions.
 5 years ago
Jeff Lucovsky 8c132c0b87 doc: Correct RST quote usage 
Corrects misplaced backticks preventing proper formatting of `mpm-algo`
section.
 5 years ago
Jeff Lucovsky bcea730266 util-error: define SC_ERR_PCRE_COPY_SUBSTRING 5 years ago
Jeff Lucovsky be4c6b85de general: Convert _Bool to bool 
This commit addresses task 3167 and changes usages of '_Bool` to `bool`.
The latter is included from `suricata-common.h`
 5 years ago
Jeff Lucovsky 3385859176 doc/userguide: Update for dump-features 5 years ago
Jeff Lucovsky 1519c1f006 detect/feature: Support --dump-features 5 years ago
Jeff Lucovsky 5e08e6bccf detect: update version comment 5 years ago
Jeff Lucovsky 1cddbc085b detect: Fix typos/spelling errors. 5 years ago
Jeff Lucovsky 8f6e133497 main: feature init and release 5 years ago
Jeff Lucovsky 9631808b04 output/filestore: announce provided features 5 years ago
Jeff Lucovsky cf840c37b3 detect/filestore: Warn if req'd feature missing 5 years ago
Jeff Lucovsky 31e2cff9cb detect/analysis: Warn if required feature missing 5 years ago