aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,987 Commits
8 Branches
171 Tags
221 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.5
suricata-7.0.16
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c83e3285ae'
${ noResults }
Commit Graph

15987 Commits (c83e3285ae6f5dfd01a750e83ccfd4d9e57b7d47)
 

Author SHA1 Message Date
Richard McConnell fc2e49f84a app-layer: Set sc_errno upon error return 
Bug: https://redmine.openinfosecfoundation.org/issues/6782

Callers to these allocators often use ``sc_errno`` to provide context of
the error. And in the case of the above bug, they return ``sc_errno``,
but as it has not been set ``sc_errno = 0; == SC_OK``.

This patch simply sets this variable to ensure there is context provided
upon error.
 2 years ago
Victor Julien 52a008e358 detect/http-host: clean up tests 2 years ago
Victor Julien 6c937a9243 pcap-log: use correct pkthdr size for limit enforcement 
The on-disk pcap pkthdr is 16 bytes. This was calculated using
`sizeof(struct pcap_pkthdr)`, which is 24 bytes on 64 bit Linux. On
Macos, it's even worse, as a comment field grows the struct to 280
bytes.

Address this by hardcoding the value of 16.

Bug: #7037.
 2 years ago
Victor Julien 9b980b18a8 pcap-log: minor cleanups 2 years ago
Victor Julien ea8c283dc7 pcap-log: minor cleanup 
Use same pointer to one location consistently.
 2 years ago
Victor Julien 8c4b96129f pcap-log: always pass 'comp' to PcapWrite 
The variable is always available.
 2 years ago
Victor Julien 5aa00aae0a pcap-log: rename connp to comp 
Matches other variable names for the compression settings.
 2 years ago
Victor Julien 3eb74c9992 pcap-log: don't check variable that is never set 
`rotate` was never modified.
 2 years ago
Victor Julien 5455799795 time: only consider packet threads 
In offline mode, a timestamp is kept per thread, and the lowest
timestamp of the active threads is used. This was also considering the
non-packet threads, which could lead to the used timestamp being further
behind that needed. This would happen at the start of the program, as
the non-packet threads were set up the same way as the packet threads.

This patch both no longer sets up the timestamp for non-packet threads
as well as not considering non-packet threads during timestamp
retrieval.

Fixes: 6f560144c1 ("time: improve offline time handling")

Bug: #7034.
 2 years ago
Shivani Bhardwaj 0aaec69303 flow: use debug validate macro 2 years ago
Shivani Bhardwaj d6b63b38ca flow: add defensive check on memuse 2 years ago
Shivani Bhardwaj 7144b9421d tcp: use bool wherever possible 2 years ago
Shivani Bhardwaj f4b8f706fa flow: use bool wherever possible 2 years ago
Shivani Bhardwaj 2c751dba73 flow: remove unneeded else 2 years ago
Shivani Bhardwaj 7bd9f88ecd flow: minor loop cleanups 2 years ago
Philippe Antoine fd262df457 http: fix nul deref on memcap reached 
HttpRangeOpenFileAux may return NULL in different cases, including
when memcap is reached.
But is only caller did not check it before calling HttpRangeAppendData
which would dereference the NULL value.

Ticket: 7029
 2 years ago
Shivani Bhardwaj f073cf2350 eve/schema: add tls.subjectaltname fields 
Feature 5234
 2 years ago
Shivani Bhardwaj 232c44eb4a output/json: log tls subjectaltname 
Feature 5234
 2 years ago
Shivani Bhardwaj 719fda3967 doc: add description about tls.subjectaltname 
Feature 5234
 2 years ago
Shivani Bhardwaj 83af42cc03 detect/tls-subjectaltname: add sticky buffer 
Add TLS SubjectAltName sticky buffer. It is implemented as multi-buffer.

Feature 5234
 2 years ago
Shivani Bhardwaj 3a1c12414a tls: store list of subject alternative names 
So far, the SANs were available as a part of IssuerDN via x509_parser
crate but SANs were not available to the SSLState* to be directly used
to setup and match against a sticky buffer.
Expose it to SSLStateConnp.

Feature 5234
 2 years ago
Jason Ish 8560564657 rust: rename .cargo/config to .cargo/config.toml 
Addresses this warning from the Rust compiler:

warning: `../rust/.cargo/config` is deprecated in favor of `config.toml`
note: if you need to support cargo 1.38 or earlier, you can symlink `config` to `config.toml`
 2 years ago
Jason Ish 6d2d8c26d3 detect-lua: small cleanups 
- remove unused headers
- cleanup/rename flags
 2 years ago
Jason Ish 224f55ba21 detect/lua: don't treat a crashed script as no match 
If a rule script crashed, the return value was treated as a no
match. This would make a negation of the rule match and alert.

Instead cleanup and exit early if the rule script crashed and don't
run negation logic.

A stat, detect.lua.errors has been added to count how many times a
script crashes.

Also consolidates the running of the Lua script and return value
handling to a common function.

Bug: #6940
 2 years ago
Philippe Antoine f2c39fc87b ftp: protocol detection avoiding FP on POP3 2 years ago
Philippe Antoine 2c305ba37e pop3: protocol detection 
Ticket: #6366
 2 years ago
Philippe Antoine ed895c04ff smtp: exit data mode if data command was rejected 
And the server was advertising pipelining.

Ticket: 6906
 2 years ago
Philippe Antoine dfdf2e2d1a detect: checks for space in http.protcol keyword 2 years ago
Philippe Antoine 7582b18a9f http: configures libhtp to allow spaces in uri 
Ticket: #2881
 2 years ago
Giuseppe Longo b728916ca6 decode/gre: decode arp packets 2 years ago
Giuseppe Longo 8a171c9d74 doc: add arp changes 2 years ago
Giuseppe Longo 01586d884d output-json/arp: implement logger 
This adds a logger for ARP, disabled by default.

Ticket #6827
 2 years ago
Giuseppe Longo a1c6328156 output/json: check 5-tuple values prior to logging 
This commit enhances the JSON output by introducing a feature for conditional port logging.
Now, port logging is dependent on the underlying protocol
(such as TCP, UDP, or SCTP), where port information is pertinent, while it
avoids unnecessary logging for protocols where a port is not utilized (e.g. ARP).

Furthermore, this update ensures that IP addresses and the protocol have
meaningful values set, rather than being logged as empty strings.

These changes will make each log entry more precise, eliminating cases where
5-tuple fields are empty or set to zero, indicating the absence of a field.
 2 years ago
Giuseppe Longo 987a27923d output/json: make JSONFormatAndAddMACAddr public 
This change exposes 'JSONFormatAndAddMACAddr' as a public function,
allowing it to be reused across modules, such as the ARP logger, for logging
MAC addresses extracted from ARP packets.
 2 years ago
Giuseppe Longo 5219a5da5f decode/arp: implement decoder 
This adds a decoder for ARP.

Ticket #6827
 2 years ago
Shivani Bhardwaj 12d027f6a2 base64: re-add the check for destination space 
Cover all the calls to DecodeBase64Block with the check for enough
space. Found by the recently introduced fuzz target.

Bug 7028

Fixes: c0bc43c393 ("util/base64: use decoder fns per RFC")
 2 years ago
Victor Julien d401082bba github-actions: set bpf to icmp for af-packet 2 years ago
Victor Julien 1240bdd914 github-actions: add pcap live test script and jobs 
Asan and coverage jobs.
 2 years ago
Victor Julien 27b6a31a0c github-actions: unix pcap coverage run 
To increase code coverage.
 2 years ago
Victor Julien ea95aac022 github-actions: add unix socket runmode script and job 
Runs with ASAN.
 2 years ago
Victor Julien 40b87bfd04 github-actions: add ASAN enabled Ubuntu 24.04 build of live tests 2 years ago
Philippe Antoine fcdd7f000a detect: add options to app-layer-protocol keyword 
Ticket: 4921

app-layer-protocol keyword accept an optional mode to precise
which protocol we want to match: toclient, toserver, final,
or original
 2 years ago
Philippe Antoine 3b5f1173ab Revert "rust: temporary: disable debug assertions" 
This reverts commit 14ab9aa763.
 2 years ago
Philippe Antoine 37a9003736 rust/probing: safety check for null input 
Ticket: 7013

Done consistently for all protocols

This may change some protocols behaviors which failed early
if they found there was not enough data...
 2 years ago
Philippe Antoine 5dc8dea869 rust: return empty slice without using from_raw_parts 
As this triggers rustc 1.78
unsafe precondition(s) violated: slice::from_raw_parts requires
the pointer to be aligned and non-null,
and the total size of the slice not to exceed `isize::MAX`

Ticket: 7013
 2 years ago
Philippe Antoine edd5507ea4 tests: do not bother to free a null pointer 
Ticket: #7013
 2 years ago
Victor Julien 4c33e64d56 github-actions: make sure unix socket is created in dpdk tests 2 years ago
Victor Julien 8e320449f6 github-actions: expand af-packet live test with more unix commands 2 years ago
Victor Julien d02c57bd1f hostbits: release use_cnt for unix (add|remove)-hostbit 
Commands would leave use_cnt incremented, never decrementing them. This
would lead to a asserting triggering at shutdown.

Bug: #7020.
 2 years ago
Victor Julien bc2dfe4c17 device: don't crash on unix command 'iface-bypassed-stat' 
In the default config iface bypass support is not enabled,
and storage API not initialized for it. Using it will lead to a crash.

This commit first checks if the device storage API is initialized.

Bug: #7022.
 2 years ago