aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,401 Commits
7 Branches
161 Tags
209 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c99d93c257'
${ noResults }
Commit Graph

15401 Commits (c99d93c2574cfa0fe2b94c1ab3a2cacd5a15035c)
 

Author SHA1 Message Date
Philippe Antoine 2fb50598f2 detect: do not store state without flags 
If flags are zero, there is nothing to store and remember.

Stored signatures will be reused on a later packet, and
qsorted (which may be expensive), with newer matches candidates.

Avoiding to store, leads to avoid the call to qsort.
 2 years ago
Philippe Antoine 5bb8800588 detect: merge sorted lists instead of qsort 
Ticket: #6299

Simply because it is faster (just linear).

This is for merging match_array into tx_candidates
 2 years ago
Philippe Antoine 9240ae250c detect: avoids case of useless detection on txs 
When a TCP flow packet has not led to app-layer updates,
it is useless to run DetectRunTx, as there cannot be new
matches.

This happens for instance, when one side sends in a row multiple
packets which are not acked (and thus not parsed in IDS mode).

Doing so requires to move up the call to
AppLayerParserSetTransactionInspectId
so that it is run the same times DetectRunTx is run, and not in the
case where the transaction was not updated.

Ticket: 6299
 2 years ago
Jason Ish c3b3c11e30 requirements: use libhtp 0.5.x 
Move to libhtp to the 0.5.x branch instead of 0.5.45.
 2 years ago
Jason Ish 8bf8131c31 doc: note what version "requires" was added in 2 years ago
Jason Ish de3cbe4c90 detect/requires: reset sigerror flags for each rule 
"sigerror_ok" and "sigerror_requires" were not being reset after each
rule which could lead to a rule load error being incorrectly tracked
as skipped rather than failed.

Also initialize "skippedsigs" to 0 along with "goodsigs" and
"badsigs", while not directly related to this issue, could also throw
off some stats.

Ticket: #6710
 2 years ago
jason taylor 3cb7112aa5 detect: update smb.version keyword 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
jason taylor bfc0790d87 rust: fix rustfmt warnings for smb detect 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Eloy Pérez González a4901a1f70 smb: add smb.keyword documentation 2 years ago
Eloy Pérez González 415722dab2 smb: add smb.version keyword 
Ticket: #5075

Signed-off-by: jason taylor <jtfas90@gmail.com>
 2 years ago
Juliana Fajardini df6444822e userguide: clarify midstream exception policy 
The description of behavior when midstream is enabled and exception
policy is set to ignore wasn't descriptive enough.

Fix typos.
 2 years ago
Lukas Sismis 6e4cc79b39 doc: remove references to prehistoric versions 
Remove references that are mentioning Suricata 3 or less
As a note - only one Suricata 4 reference found:
(suricata-yaml.rst:"In 4.1.x")
Fast pattern selection criteria can be internally found by inspecting
SupportFastPatternForSigMatchList and SigTableSetup functions.

Ticket: #6570
 2 years ago
Lukas Sismis 2a2898053c dpdk: add interrupt (power-saving) mode 
When the packet load is low, Suricata can run in interrupt
mode. This more resembles the classic approach of processing
packets - CPU cores run low and only fetch packets
on interrupt.

Ticket: #5839
 2 years ago
Lukas Sismis ca6f7c2d00 dpdk: rework hugepage hints to use per-numa information 
Previous integration of hugepage analysis only fetched data
from /proc/meminfo. However this proved to be often
deceiving mainly for providing only global information and
not taking into account different hugepage sizes (e.g. 1GB
hugepages) and different NUMA nodes.

Ticket: #6419
 2 years ago
Stephen Donnelly c28cc93e23 source/erf-dag: compiler warnings 
Bug: #6667.

Fix compiler warnings for function pointer parameters missing const with --enable-dag
 2 years ago
Shivani Bhardwaj 26b81ca007 detect: make SigMatch.is_last bool 
It is used like bool so much so that nothing needs to be changed even
after changing its type.
 2 years ago
Shivani Bhardwaj 588af05565 detect: remove unneeded size in DetectEngineCtx 
sig_array_size can easily be calculated with length and is only used at
one place for debugging purposes. Remove it from the DetectEngineCtx
struct to avoid making it unnecessarily heavy.
 2 years ago
Shivani Bhardwaj 778820ba06 detect/alert: remove unnecessary else 2 years ago
Jeff Lucovsky 995f5fc8c5 htp/swf: Remove flash deprecation notice 
Issue: 6605

Flash decompression will remain so the deprecation notice is not needed.
 2 years ago
Jeff Lucovsky 58f882db94 doc/pcap-log: Remove squil documentation 
Issue: 6347
 2 years ago
Jeff Lucovsky 9101878e11 log/pcap: Remove sguil mode 
Issue: 6347

Remove sguil-mode pcap logging capability.
 2 years ago
Jeff Lucovsky ff609f5dc3 conf/log: Remove sguil mode 
Issue: 6347
 2 years ago
Jason Ish 90ae3a223f eve/schema: allow authorities in dns.answers in alert 
Factor out dns.authorities to a definition.
 2 years ago
Vincent Li f80d26db0b flow-bypass: Set bypass thread to running state 
When running Suricata in XDP bypass mode (bypass: yes),

Suricata started up with error:
Error: threads: thread "FB" failed to start in time: flags 0003

"FB" thread does not transition from THV_INIT_DONE to THV_RUNNING.

Set "FB" thread THV_RUNNING state in BypassedFlowManager().

Bug: #6254

Signed-off-by: Vincent Li <vincent.mc.li@gmail.com>
 2 years ago
Philippe Antoine 6896a93d87 rust: update test_case crate 
fixes unused_unit

warning: unneeded unit expression
   --> src/bittorrent_dht/parser.rs:590:5
    |
590 | /     #[test_case(
591 | |         b"",
592 | |         "Error: discovered Dict but expected EOF" ;
593 | |         "test parse bittorrent dht packet err 1"
594 | |     )]
    | |______^
 2 years ago
Philippe Antoine bedd48596f ci: run clippy on test code as well 2 years ago
Philippe Antoine 259cdf169e rust: fix single_binding 
error: this match could be written as a `let` statement
   --> src/nfs/nfs3_records.rs:747:9
    |
747 | /         match result {
748 | |             (r, request) => {
749 | |                 assert_eq!(r.len(), 0);
750 | |                 assert_eq!(request.handle, expected_handle);
751 | |                 assert_eq!(request.name_vec, br#"bln"#);
752 | |             }
753 | |         }
    | |_________^
 2 years ago
Philippe Antoine b141eb9f11 rust: fix single_match 
warning: you seem to be trying to use `match` for destructuring a single pattern. Consider using `if let`
   --> src/http2/parser.rs:882:17
    |
882 | /                 match ctx.value {
883 | |                     Some(_) => {
884 | |                         panic!("Unexpected value");
885 | |                     }
886 | |                     None => {}
887 | |                 }
    | |_________________^
 2 years ago
Philippe Antoine 9a84681bd9 rust: fix vec_init_then_push 
warning: calls to `push` immediately after creation
    --> src/pgsql/parser.rs:1179:9
     |
1179 | /         let mut database_param: Vec<PgsqlParameter> = Vec::new();
1180 | |         database_param.push(database);
     | |______________________________________^
help: consider using the `vec![]` macro: `let database_param: Vec<PgsqlParameter> = vec![..];`
 2 years ago
Philippe Antoine 85329f5351 rust: fix zero_prefixed_literal 
warning: this is a decimal constant
   --> src/mqtt/parser.rs:888:19
    |
888 |             0x00, 06, /* Topic Length: 6 */
    |                   ^^
    |
 2 years ago
Philippe Antoine a8199bf2ca rust: fix assertions_on_constants for assert!(false) 
using panic! instead with a string message
 2 years ago
Philippe Antoine c49463c86f rust: fix assertions_on_constants for assert!(true) 
Which will be optimized away by the compiler
 2 years ago
Gleb Smirnoff b239e88c93 ipfw: close(2) instead shutdown(2) of the divert(4) socket 
The shutdown(2) syscall would always return ENOTCONN for FreeBSD 11,
FreeBSD 12, FreeBSD 13 and FreeBSD 14.  It could do some action on the
socket in the kernel in FreeBSD 10 and before, did not test.
 2 years ago
Philippe Antoine adf5e6da7b detect: strip_pseudo_headers transform 
Ticket: 6546
 2 years ago
Victor Julien 1dcf69b211 eve/http: add location header independent of status availability 2 years ago
Victor Julien 9a14d7a723 eve/http: use numeric status code by default 
To avoid costly string operations.
 2 years ago
Victor Julien f5565f42e7 eve/email: improve logging binary data 
Use jb_append_string_from_bytes() as it works better than
BytesToString+jb_append_string when logging binary data.

Bug: #6664.
 2 years ago
Victor Julien 609cac58b7 flow: minor optimization 
Most of the time FlowGetFlowFromHash will succeed.
 2 years ago
Victor Julien 75c1b7fb10 detect: consolidate per rule group file loops 
Don't loop multiple times over the per group sig array.
 2 years ago
Victor Julien 3b8ed937d7 detect: remove DCERPC mask logic 
Added nothing over alproto check already in place.
 2 years ago
Victor Julien 44a8bf463e detect/rule-header: use bool type 
Update frame prototype as well, to match already returned true/false values.
 2 years ago
Victor Julien 72841be050 detect/rule-header: minor code cleanups 2 years ago
Victor Julien 5c6089f93f detect/address: refactor match array building 2 years ago
Victor Julien 7b2d6b6894 detect/address: minor cleanup 2 years ago
Victor Julien 96aee6434f mpm/ac: pointer hygene 2 years ago
Victor Julien aad403d87d mpm/hs: improve pointer hygene 2 years ago
Victor Julien 11bf60aa3a detect/mpm: minor cleanup 2 years ago
Victor Julien db2484276e detect: shrink sgh to have all runtime members on one cache line 2 years ago
Victor Julien 91f153fb1d detect: constify flow flags in tx rule inspect 2 years ago
Victor Julien e4550bee0a detect: minor cleanup for rule group get function 2 years ago