aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,570 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cba41207b3'
${ noResults }
Commit Graph

8570 Commits (cba41207b3f2d8251f7e0f7944683134d9cf8233)
 

Author SHA1 Message Date
Jason Ish c0ffe4055a create directory: final arg to control full path or prefix 
Give SCCreateDirectoryTree a new argument, final. If true the
full path will be created as a directory. If false, the last
component will not be created as a directory (current
behaviour).
 7 years ago
Jason Ish 0d558ddc27 create directory: fix strlcpy usage 
The final character was being cut off.
 7 years ago
Jason Ish de2fffca5e util: move SCCreateDirectoryTree to util-path 
Renames SCLogCreateDirectoryTree to SCCreateDirectoryTree
and move into a util module for re-use.

Also moves SCMkDir from suricata-common.h to the more
appropriately names util-path.h.

I would have prefered to use util-file for file related options
but that is already used by file store utilities. util-path
is close enough for file related operations.
 7 years ago
Jason Ish 00e6cd4ced output: introduce init return type 
The new OutputInitResult is a struct return type that allows
logger init functions to return a NULL context without
raising error.

Instead of returning NULL to signal error, the "ok" field will
be set to false. If ok, but the ctx is NULL, then silently
move on to the next logger.

Use case: multiple versions of a specific logger, and one
implementation decides the configuration is not for that
implemenation. It can return NULL, ok.
 7 years ago
Victor Julien 50a762bfd1 thresholds: fix issues with host based thresholds 
The flow manager thread (that also runs the host cleanup code) would
sometimes free a host before it's thresholds are timed out. This would
lead to misdetection or too many alerts.

This was mostly (only?) visible on slower systems. And was caused by a
mismatch between time concepts of the async flow manager thread and the
packet threads, resulting in the flow manager using a timestamp that
was before the threshold entry creation ts. This would lead to an
integer underflow in the timeout check, leading to a incorrect conclusion
that the threshold entry was timed out.

To address this,  check if the 'check' timestamp is not before the creation
timestamp.
 7 years ago
Victor Julien 4b24d965b8 stream/midstream: be more liberal with window 
Use the wscale setting when updating the window, even if it's very
high.
 7 years ago
Victor Julien 38e6901c34 threads: don't crash in slow shutdown 
If TmThreadDrainPacketThreads would take more than 60 seconds, the wait
loop that follows it would reach 'timeout' condition immediately. This
would lead to a null ptr deref of 'tv'.

Fix by not counting the TmThreadDrainPacketThreads and also not doing
the null ptr deref in any case.
 7 years ago
Maurizio Abba 62ac13523a time: Force init cached_minute_start array 
In offline mode, if the starting timestamp is 0 suricata will never
initialize cached_minute_start array. This cause the timestamp to be
ignored when needed (e.g., in fast.log).

This commit will force the initialization of this array.
 7 years ago
Pierre Chifflier 4b6555588f NTP: ensure parser name is not freed after registration 7 years ago
Danny Browning aae50f8a7e util-time: Add function to convert timespec to epoch millis 7 years ago
Victor Julien e41acd3d05 destate: test cleanups 7 years ago
Victor Julien 56b1df1b4d http: clean up & improve unittests 7 years ago
Eric Leblond ba0899a77f conf: add function to get child with default 7 years ago
Eric Leblond 4bfa3aeaf9 af-packet: synchronize flags sizes 
They are passed from config to threads so they need to be of the
same size.
 7 years ago
Maurizio Abba 7266c12b4f print: Escape backslash in PrintRawUriFp 
PrintRawUriFp does not properly escape backslash. This causes confusion
between a \ character and an hex-encoded character. PrintRawUriBuffer,
instead, correctly does backslash-encoding.
Adding proper escaping of backslash to PrintRawUriFp.
 7 years ago
Pierre Chifflier ec62eedc87 Rust: remove deprecated functions LoggerFlags::get_logged/set_logged 7 years ago
Pierre Chifflier 5c6868b327 NTP: update logger to use new API 7 years ago
Victor Julien 044e7b8e20 output: add missing dnp3 profiling labels 7 years ago
Victor Julien d634140fa2 logging: unique id's per log direction 
For loggers that register once per direction, use unique id's per
direction.

Reshuffle id's to keep tx log id's low so we can use u32 for tracking
logged loggers.
 7 years ago
Victor Julien bca0cd71ae app-layer: use logger bits to avoid looping 
Avoid looping in transaction output.

Update app-layer API to store the bits in one step
and retrieve the bits in a single step as well.

Update users of the API.
 7 years ago
Victor Julien 01724f04fa app-layer: register per proto logger bits 
Create a bitmap of the loggers per protocol. This is done at runtime
based on the loggers that are enabled. Take the logger_id for each
logger and store it as a bitmap in the app-layer protcol storage.

Goal is to be able to use it as an expectation later.
 7 years ago
Victor Julien 40986b1f61 detect: put inspect code for MATCH-list into func 
Introduce DetectRunInspectRulePacketMatches to inspect the signatures
match list.
 7 years ago
Victor Julien 70597066e0 detect: move detect cleanup into util func 7 years ago
Victor Julien 01f9d0076c detect: move packet hdr inspect into util func 7 years ago
Eric Leblond 9ecd60c7a2 detect-ftpdata: register keyword 
Keyword registration was missing so the keyword was not existing.
 7 years ago
Maurizio Abba 204474de39 runmodes: fix single runmode bug with pcap 
Fix crash for suricata running with pcap option and single runmode.

Ticket: https://redmine.openinfosecfoundation.org/issues/2403
 7 years ago
Victor Julien e1e9ada9df rust/nfs: improve file close handling 7 years ago
Nick Price 350b5d99ce rust/nfs: don't panic on malformed NFS traffic 
Instead set events.
 7 years ago
Eric Leblond ce59ec5d13 af-packet: free ring buffer at exit 7 years ago
Victor Julien 485663583a rust/mingw: fix linker issues on mingw 7 years ago
Victor Julien 746638b220 cuda: remove 
Remove CUDA support as it has been broken for a long time.

Ticket #2382.
 7 years ago
Victor Julien 282dad79ca scan-build: fix memleak warning in port parsing 7 years ago
Victor Julien f342b11277 detect/tos: minor cleanups 7 years ago
Victor Julien 0c36ea64c2 detect/tos: fix memleak in error path 7 years ago
Victor Julien 2a4b5adce8 scan-build: simplify FatalErrorOnInit macro 7 years ago
Victor Julien 8aab6016cb scan-build: don't use memory wrappers 7 years ago
Victor Julien c563c1fcab scan-build: fix warning in radix tree 7 years ago
Victor Julien 50a5b2e458 scan-build: fix warning in streaming buffer 7 years ago
Victor Julien f2cacca9f8 threads: avoid NULL-ptr deref in thread init wait 
** CID 1426745:  Null pointer dereferences  (FORWARD_NULL)
/src/tm-threads.c: 2135 in TmThreadWaitOnThreadInit()

________________________________________________________________________________________________________
*** CID 1426745:  Null pointer dereferences  (FORWARD_NULL)
/src/tm-threads.c: 2135 in TmThreadWaitOnThreadInit()
2129         struct timeval cur_ts;
2130         gettimeofday(&start_ts, NULL);
2131
2132     again:
2133         gettimeofday(&cur_ts, NULL);
2134         if ((cur_ts.tv_sec - start_ts.tv_sec) > 120) {
>>>     CID 1426745:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "tv".
2135             SCLogError(SC_ERR_THREAD_INIT, "thread \"%s\" failed to "
2136                     "initialize in time: flags %04x", tv->name,
2137                     SC_ATOMIC_GET(tv->flags));
2138             return TM_ECODE_FAILED;
2139         }
2140
 7 years ago
Pierre Chifflier f5b27ae767 Rust: fix probing function prototype: change sign and add Flow 7 years ago
Victor Julien 28ddf48899 mingw: improve ipaddress parsing 7 years ago
Victor Julien d62a212fa2 mingw: fix issues in pcap directory code 
Fix issues with 'stat' and explicitly skip . and ..
 7 years ago
Victor Julien 6c7d485bf8 mingw: wrapper for usleep in threads 
usleep on MinGW doesn't behave as expected. Added replacement
wrapper around 'Sleep(msec)'. As that has msec resolution and
not a usec resolution, change the various thread init and stop
functions to test for the actual time waited instead of counting
the usecs passed to usleep.
 7 years ago
Victor Julien 1261d30df0 mingw/cygwin: explicitly disable unix socket 7 years ago
Victor Julien 6b75162194 mingw: use c:\Program Files\Suricata for w64 7 years ago
Victor Julien 650e6b316d ipv6: add string validation function 7 years ago
Victor Julien 13477d60ee ipv4: add string validation function 7 years ago
Victor Julien aa2eddfb98 decode/mime: improve ip address validation 
inet_pton on Windows/MinGW is very liberal, so do manual validation
of IP address formatting.
 7 years ago
Victor Julien d6a7f6b53f mingw: work around mingw more liberal ip parsing 7 years ago
Victor Julien 269cd03a43 console: no color for native windows build 7 years ago