aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,288 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd76a5bedbc'
${ noResults }
Commit Graph

4288 Commits (d76a5bedbc51a862e3a6722c3c05ae7bd8eb7c75)
 

Author SHA1 Message Date
Anoop Saldanha d76a5bedbc Update stream inline to use the improved app proto detection. 12 years ago
Anoop Saldanha 96d1ba9106 Cosmetic changes to app parser struct. 
Removed a flag parameter introuced earlier to indicate the data
that is first acceptable by the parser.  We now use a differently
named parameter to carry out the same activity.
 12 years ago
Anoop Saldanha 2cb5bdd3fa Cosmetic changes to code. Introduce human readabel flag values for some constants. Here the parameter in question is "data_first_seen_dir" for session context. 12 years ago
Anoop Saldanha e42905f3b9 indentation fix. 12 years ago
Anoop Saldanha 6bef5fda06 If we have proto mismatch from 2 directions, use one of the protos, instead of erroring out and not sending the data further to the parser. 
The logic we use currently is if we have already sent some data to
a parser before we figure out we have a proto mismatch, we use the
proto from the first direction from which we have already sent the
data to the parser, else we stick to the the to client direction.
 12 years ago
Anoop Saldanha 976a86def4 Introduce convenience macro to set Stream app proto completion flag. 12 years ago
Anoop Saldanha 16144fe38a Rename function pointer var to use the FuncPtr typing convention. Resupply "dns" as the alproto name for ALPROTO_DNS. 12 years ago
Anoop Saldanha 8ae92c7a5e Add unittest to test for http ambiguous host header. 
Previously we would not check the port part of the host from the uri
hostname, while we did use the port part from the host header, leading
to FPs.
 12 years ago
Anoop Saldanha d0c5f51293 Update rule engine relationship with regard to setting ip protocol between specifying protocol after action, ip_proto and app-layer-protocol. 
Now we can specify alproto, ip_proto combinations this way

alert dns (ip_proto:[tcp/udp];)
alert ip (app-layer-protocol:dns;)
alert ip (app-layer-protocol:dns; ip_proto:tcp;)
alert tcp (app-layer-protocol:dns:)

so on.  Neater than using dnstcp/dnsudp.

This is related to feature #424.
 12 years ago
Anoop Saldanha 6eb8f66f0a alert ipv4 and alert ipv6 specified proto rules should be treated and PROTO_ANY just like how we treat alert ip rules. 12 years ago
Anoop Saldanha f592c481dc Introduce a separate inspection engine for app events. 12 years ago
Anoop Saldanha 9e4eec200f Update htp event handler to both warning and error events regardless of any conditions. 12 years ago
Anoop Saldanha b1dffdfbe0 Add app layer protocol packet event detection support. 12 years ago
Anoop Saldanha 5e2d9dbdc3 Add and use EventGetInfo for getting info on an event. 
Also update existing parsers and app-layer-event Setup to use this.
 12 years ago
Anoop Saldanha 60a2b157b2 Fix duplicate packet decoder events. Add event entries that were missing as well. 12 years ago
Anoop Saldanha 1077acecd7 validate dns sigs that are reported as plain dns and not dnsudp or dnstcp. 12 years ago
Anoop Saldanha 6cb0014287 Move app event module registration as a part of app layer proto table. 12 years ago
Anoop Saldanha 64b0939b4a code cleanup. 12 years ago
Anoop Saldanha 0d7159b525 App layer protocol detection updated and improved. We now use 
confirmation from both directions and set events if there's a mismatch
between the 2 directions.

FPs from corrupt flows have disappeared with this.
 12 years ago
Anoop Saldanha 22c05da3cd Replace ssn appproto_detection_completed flag with individual stream ones. 12 years ago
Anoop Saldanha c044541b1c Provide convenience macros for setting flow flags on protocol matching by 
PM and PP phase.

Replace the areas of the code that would otherwise rely on setting/reading
these flags with these macros.

Other minor tweaks to some api calls.
 12 years ago
Anoop Saldanha 00f546e739 update pmp to return whole set of matches, rather than a single match. 12 years ago
Anoop Saldanha 4f7339c423 code cleanup. 12 years ago
Anoop Saldanha 8e8bc49063 Introduce detection parser function pointer. 12 years ago
Anoop Saldanha 94e40907e2 feature #727 - Add support for app-layer-protocol:<protocol> keyword 12 years ago
Anoop Saldanha 6f8cfd999f Allow detection ports for alproto to be specified via the conf file. 
To understand the option have a look at the option

app-layer.protocols.tls.detection-ports
 12 years ago
Anoop Saldanha ddde572fba Introduce new options into the conf file to enable/disable - 
1. Proto detection
2. Parsers

For app layer protocols.

libhtp has now been moved to the section under app-layer.protocols.http,
but we still provide backward compatibility with older conf files.
 12 years ago
Anoop Saldanha d9686fae57 Now supports accepting port addresses as strings, like the ones accepted in our rules. As a consequence we now accept port range, and other such combination. Support PP for ports based on ipproto as well. 12 years ago
Victor Julien 48b5513ed9 Properly clean up decoder event rules 
Addresses:
~~Dr.M~~ Error #3: LEAK 120 direct bytes 0x08a26ac8-0x08a26b40 + 1871 indirect bytes
~~Dr.M~~ # 0 replace_malloc                               [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 SigGroupHeadAlloc                            [/home/victor/dev/oisf/src/detect-engine-siggroup.c:144]
~~Dr.M~~ # 2 SigGroupHeadAppendSig                        [/home/victor/dev/oisf/src/detect-engine-siggroup.c:1014]
~~Dr.M~~ # 3 DetectEngineAddDecoderEventSig               [/home/victor/dev/oisf/src/detect.c:3026]
~~Dr.M~~ # 4 SigAddressPrepareStage2                      [/home/victor/dev/oisf/src/detect.c:3075]
~~Dr.M~~ # 5 SigGroupBuild                                [/home/victor/dev/oisf/src/detect.c:4311]
~~Dr.M~~ # 6 SigLoadSignatures                            [/home/victor/dev/oisf/src/detect.c:464]
~~Dr.M~~ # 7 LoadSignatures                               [/home/victor/dev/oisf/src/suricata.c:1706]
~~Dr.M~~ # 8 main                                         [/home/victor/dev/oisf/src/suricata.c:1994]
 12 years ago
Victor Julien c43e078db8 ipproto: improve cleanup 
To address:
~~Dr.M~~ Error #2: LEAK 16 direct bytes 0x08399688-0x08399698 + 2 indirect bytes
~~Dr.M~~ # 0 replace_malloc                      [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 SigMatchAlloc                       [/home/victor/dev/oisf/src/detect-parse.c:201]
~~Dr.M~~ # 2 DetectIPProtoSetup                  [/home/victor/dev/oisf/src/detect-ipproto.c:523]
~~Dr.M~~ # 3 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:510]
~~Dr.M~~ # 4 SigParseOptions                     [/home/victor/dev/oisf/src/detect-parse.c:523]
~~Dr.M~~ # 5 SigParse                            [/home/victor/dev/oisf/src/detect-parse.c:881]
~~Dr.M~~ # 6 SigInitHelper                       [/home/victor/dev/oisf/src/detect-parse.c:1309]
~~Dr.M~~ # 7 SigInit                             [/home/victor/dev/oisf/src/detect-parse.c:1456]
~~Dr.M~~ # 8 DetectEngineAppendSig               [/home/victor/dev/oisf/src/detect-parse.c:1728]
~~Dr.M~~ # 9 DetectLoadSigFile                   [/home/victor/dev/oisf/src/detect.c:334]
~~Dr.M~~ #10 SigLoadSignatures                   [/home/victor/dev/oisf/src/detect.c:422]
~~Dr.M~~ #11 LoadSignatures                      [/home/victor/dev/oisf/src/suricata.c:1706]
 12 years ago
Victor Julien 1006d905d0 Improve memory cleanup for decoder-events 
To address:

~~Dr.M~~ Error #1: LEAK 1 direct bytes 0x0892c108-0x0892c109 + 0 indirect bytes
~~Dr.M~~ # 0 replace_malloc                        [/work/drmemory_package/common/alloc_replace.c:2292]
~~Dr.M~~ # 1 DetectEngineEventParse                [/home/victor/dev/oisf/src/detect-engine-event.c:173]
~~Dr.M~~ # 2 _DetectEngineEventSetup               [/home/victor/dev/oisf/src/detect-engine-event.c:204]
~~Dr.M~~ # 3 DetectDecodeEventSetup                [/home/victor/dev/oisf/src/detect-engine-event.c:248]
~~Dr.M~~ # 4 SigParseOptions                       [/home/victor/dev/oisf/src/detect-parse.c:510]
~~Dr.M~~ # 5 SigParseOptions                       [/home/victor/dev/oisf/src/detect-parse.c:523]
~~Dr.M~~ # 6 SigParse                              [/home/victor/dev/oisf/src/detect-parse.c:881]
~~Dr.M~~ # 7 SigInitHelper                         [/home/victor/dev/oisf/src/detect-parse.c:1309]
~~Dr.M~~ # 8 SigInit                               [/home/victor/dev/oisf/src/detect-parse.c:1456]
~~Dr.M~~ # 9 DetectEngineAppendSig                 [/home/victor/dev/oisf/src/detect-parse.c:1728]
~~Dr.M~~ #10 DetectLoadSigFile                     [/home/victor/dev/oisf/src/detect.c:334]
~~Dr.M~~ #11 SigLoadSignatures                     [/home/victor/dev/oisf/src/detect.c:422]
 12 years ago
Victor Julien 1180f633e2 Add DrMemory suppress file 
The suppress file currently suppresses:
- bug #978
- bug #979

Plus a seemingly harmeless warning that happens during libmagic init.

DrMemory is a valgrind like memory checker: http://www.drmemory.org/
 12 years ago
Victor Julien 1be6a8a48b Fix small leak in ports validation at startup 12 years ago
Victor Julien 3601091952 flowint: further setup fixes and cleanups 12 years ago
Victor Julien 8080494e9a counters: consolidate counters after all ThreadInit functions of a thread have run. This prevents duplicate and overwriting memory allocations. 12 years ago
Victor Julien 7f8d256e7c Fix tests that didn't expect radix to be freed 12 years ago
Victor Julien d2d784e31a radix: actually free a tree in SCRadixReleaseRadixTree 12 years ago
Victor Julien c94b920874 flowint: fix compile warning 12 years ago
Victor Julien a8c416fc8b flowint: fix setup memory leaks 12 years ago
Victor Julien 16130cc974 ssh: fix memleaks during ssh.softwareversion init and cleanup 12 years ago
Victor Julien ec724a1e56 urilen: fix memory leak when freeing the rule 12 years ago
Anoop Saldanha cfa2cda42b fix for bug #973. 
An alternative solution for bug #970.

For chopped patterns, which in it's whole is a duplicate of another
pattern we assign an unique content id.
 12 years ago
Anoop Saldanha 4da2f29054 Unittest for bug #973. 12 years ago
Eric Leblond 013e7a0573 prscript: update code following buildbot upgrade 
The authentication scheme did change on the buildbot due to a
software upgrade. This patch update prscript.py to fix the build
submission.
 12 years ago
Eric Leblond fa861b09ac prscript: support bigger PR 
The script now looks for originan HEAD in 100 commits instead of 30.
It should be enough becasue a sane PR should not have 100 commits.
 12 years ago
Eric Leblond ad1546d59a prscript: display url where user can watch build 12 years ago
Victor Julien 0bfba8352d pcre: check for pcre_free_study, fall back to pcre_free if it unavailable 12 years ago
Victor Julien dd76e679fe mpm: clean up stream thread ctx 12 years ago
Victor Julien 6f450785fc profiling: properly clean up thread local memory. 12 years ago
Victor Julien eca1a8d73a profiling: don't alloc 0 bytes block if no rules are used 12 years ago