aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,570 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cba41207b3'
${ noResults }
Commit Graph

8570 Commits (cba41207b3f2d8251f7e0f7944683134d9cf8233)
 

Author SHA1 Message Date
Victor Julien b8428378ac changelog: update for 4.0.0 7 years ago
Victor Julien fc229430f8 doc: add rust and update version in install 7 years ago
Victor Julien 00d4ba5c9c dcerpc: improve stub buffer handling 
Stub data buffer could grow without limit depending on traffic.

This patch improves the handling. It honors the 'last frag' setting
and implements a hard limit of 1MB per buffer.

Bug #2186
 7 years ago
Victor Julien cd0fb1ab1a dcerpc: cleanup, remove unused field 7 years ago
Victor Julien 31daf43579 afl: add dcerpc entry points 
Add for requests and mix of request/responses.

Implement storing the files to disk and rereading them.
 7 years ago
Victor Julien e5eb0bbe32 stream/bypass: more liberal policy if no detection 
The reason the stream engine can't easily decide to bypass streams
is that there can be non-stream dependent rules that wouldn't match
if bypassing is done too aggressively.

However, if there is no detection engine, there is no reason to hold
back. In this case we can bypass as soon as the stream engine is done
with a session.
 7 years ago
Eric Leblond cc82ef065c af-packet: optimize BPF 
This patch turn on code optimization on BPF filter building by
libpcap. This allow to reduce the size of the BPF bytecode and
thus increase the size of BPF filter supported by Suricata.

Reported-by: Martijn van Oosterhout
 7 years ago
Eric Leblond 2979a0a2e1 app-layer-ssh: trigger bypass when done 
Trigger bypass when application layer will not inspect anymore.
 7 years ago
Jason Ish 6cfabb7863 autogen: cleanup rust strict warning 7 years ago
Jason Ish 7cc0067be0 Sample systemd unit file for Suricata. 
Create a sample systemd unit file based on the build time
configuration.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2138
 7 years ago
Jason Ish ddf6bce5d8 Sample logrotate configuration file. 
Create a sample logrotate configuration file with filenames
set for the configuration.
 7 years ago
Victor Julien dbd2d7c058 detect: more gracefully handle mpm prepare failure 
Exit with error instead of using the detection engine in a broken state.

Bug #2187
 7 years ago
Victor Julien e087d93883 detect: reject dsize rules that can't match 
Rules can contain conflicting statements and lead to a unmatchable rule.

2 examples are rejected by this patch:

1. dsize < content
2. dsize < content@offset

Bug #2187
 7 years ago
Sebastian Garcia d32ba60b51 Update public-data-sets.rst with stratosphere project 
Add the datasets of the Stratosphere project to the list.
 7 years ago
Victor Julien c02739e535 mingw: don't try to build unix socket 7 years ago
Victor Julien d1e839eabc windows: use wpcap instead of pcap 
Windows pcap libraries such as winpcap all use a library name of
wpcap instead of just pcap. Support this in configure.
 7 years ago
Victor Julien 8c31cd4bea win32: minor compile warning fixes 7 years ago
Victor Julien d1b6be99de mingw: fix random function 7 years ago
Victor Julien 5ea58fe3c4 cocci: add test to check for uint use 
uint is non-standard and not supported by MinGW. So ban it's use.

spatch file by Eric Leblond.
 7 years ago
Victor Julien afed6fe4a2 cleanup: remove all uint use 7 years ago
Victor Julien 90e612d3e4 cocci: ban memmem 7 years ago
Jason Ish 83c385a98f dnp3: use BasicSearch instead of memmem 
Mingw doesn't support memmem.
 7 years ago
Jason Ish fd025ba3f5 rust: require jansson for rust build 7 years ago
Jason Ish 16921b6b99 travis: enable strict rust; use rust 1.15.0 
Adds --enable-rust-strict to fail on warnings. Also update
the minimum Rust version from 1.7.0 to 1.15.0.
 7 years ago
Jason Ish 6a4cefb7c5 rust: --enable-rust-strict to turn warnings into errors 7 years ago
Jason Ish f715b0ae6b doc: add pid-file section to suricata.yaml doc 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 7 years ago
Jason Ish 95a781d4b2 suricata.yaml: better comment on pid-file option 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2104
 7 years ago
Jason Ish 59d69666ea doc: add more details to log rotation doc 7 years ago
Jason Ish 92f15b7ffb doc: move log rotation to output section 7 years ago
Jason Ish 3063851d85 rust/dns/tcp - probe even if payload is short 
As the DNS probe just uses the query portion of a response, don't
require there to be as many bytes as specified in the TCP DNS
header. This can occur in large responses where probe is called
without all the data.

Fixes the cases where the app proto is recorded as failed.

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/2169
 7 years ago
Victor Julien 74f4f6dd63 gcc7: format-truncation fix for lua 7 years ago
Victor Julien 57791bd670 changelog: update for 4.0.0-rc2 release 7 years ago
Victor Julien df3a3c7857 der/asn1: limit recursion 
Limit the number of recursive calls in the DER/ASN.1 decoder to avoid
stack overflows.

Found using AFL.
 7 years ago
Victor Julien a306ccfd34 rust/nfs: implement events 
Remove lots of panic statements in favor of setting non-fatal events.

Bug #2175.
 7 years ago
Victor Julien 3e9b583d47 radix: fix risky malloc call 
GCC7 said:
  CC       util-radix-tree.o
In file included from util-debug-filters.h:29:0,
                 from util-debug.h:34,
                 from suricata-common.h:421,
                 from util-radix-tree.c:26:
util-radix-tree.c: In function ‘SCRadixAddKey’:
util-mem.h:177:12: error: argument 1 range [18446744071562067968, 18446744073709551615] exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=]
     ptrmem = malloc((a)); \
     ~~~~~~~^~~~~~~~~~~~~
util-radix-tree.c:749:42: note: in expansion of macro ‘SCMalloc’
             if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                          ^~~~~~~~
In file included from suricata-common.h:69:0,
                 from util-radix-tree.c:26:
/usr/include/stdlib.h:443:14: note: in a call to allocation function ‘malloc’ declared here
 extern void *malloc (size_t __size) __THROW __attribute_malloc__ __wur;
              ^~~~~~

scan-build said:
util-radix-tree.c:749:42: warning: Call to 'malloc' has an allocation size of 0 bytes
            if ( (inter_node->netmasks = SCMalloc((node->netmask_cnt - i) *
                                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-mem.h:177:14: note: expanded from macro 'SCMalloc'
    ptrmem = malloc((a)); \
             ^~~~~~~~~~~
1 warning generated.
 7 years ago
Victor Julien 5b84c01cd3 gcc7: fix format-truncation warnings in runmodes 
Example:

util-runmodes.c: In function ‘RunModeSetIPSAutoFp’:
util-runmodes.c:496:40: error: ‘snprintf’ output may be truncated before the last format character [-Werror=format-truncation=]
         snprintf(qname, sizeof(qname), "pickup%d", thread+1);
                                        ^~~~~~~~~~
util-runmodes.c:496:9: note: ‘snprintf’ output between 8 and 17 bytes into a destination of size16
         snprintf(qname, sizeof(qname), "pickup%d", thread+1);
         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Solved by reducing 'thread' to a uint16_t and limiting the max
thread count to 1024.
 7 years ago
Victor Julien 7e72553ff8 gcc7: fix format truncation warning 
detect-rpc.c: In function ‘DetectRpcParse’:
detect-rpc.c:225:50: error: ‘%s’ directive argument is null [-Werror=format-truncation=]
                 SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]);
                                                  ^
util-debug.h:239:77: note: in definition of macro ‘SCLogErr’
             int _sc_log_ret = snprintf(_sc_log_msg, SC_LOG_MAX_LOG_MSG_LEN, __VA_ARGS__);   \
                                                                             ^~~~~~~~~~~
detect-rpc.c:225:17: note: in expansion of macro ‘SCLogError’
                 SCLogError(SC_ERR_INVALID_VALUE, "invalid rpc option %s",args[i]);
                 ^~~~~~~~~~
 7 years ago
Victor Julien 16845d8c92 pcap-log: fix path construct check 7 years ago
Victor Julien 96b2e8afc0 gcc7: fixes for format string warnings 
GCC 7.1.1 on Fedora gave several warnings with -Wimplicit-fallthrough
and -Wformat-truncation

This patch addresses the warnings.
 7 years ago
Victor Julien 82bd732f4e rust/nfs: improve proto detect 7 years ago
Victor Julien 6b4a04510a rust/nfs: remove debug rec_size check 
Records larger than 40k are perfectly valid.

Bug #2162.
 7 years ago
Victor Julien 1236578a7c proto detect: improve 'failed' handling 
Don't try to call parser for 'failed'. Also don't set one direction
warning if TS is failed and our direction is unknown/complete so failed
as well.
 7 years ago
Victor Julien 8dd077943c ssl: minor code reformatting 7 years ago
Eric Leblond 091290dd1c app-layer: increment flow counter if one sided 
In the case of protocol like SMTP, we detect application layer on
only one side.  Consequence was a missed increment in the flow
counter.
 7 years ago
Victor Julien 5afe1a9814 stream: don't reset state on syn/ack resend 
Bug #1958.

The reset was originally created for issue #523, but that works
well without the reset as well.
 7 years ago
Victor Julien 62b6f9fe25 decode: add config option to disable teredo 
Ticket #744.
 7 years ago
Victor Julien 52b39a41e0 stats: print alert count at shutdown 
Bug #1855.
 7 years ago
Victor Julien 3c05379cbd detect: fix mix of pass and noalert 
Noalert rules did not apply pass logic to the flow.

Bug #1888.
 7 years ago
Victor Julien d459d0b352 lua/alert: expose transaction if available 
Bug #1748.
 7 years ago
Victor Julien 5781c8fc78 pcre: fix \xHH issue for http_host 
The http_host keyword checks if the regex contains uppercase characters.
This check was rejecting valid syntax in the following format:

    content:"|2E|suricata"; http_host; pcre:"/\x2Esuricata$/W";

This patch addresses this case.

Bug #1957.
 7 years ago