aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,619 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'da3e8ad8f6'
${ noResults }
Commit Graph

5619 Commits (da3e8ad8f6e77583cc7998057d41959a85758868)
 

Author SHA1 Message Date
Victor Julien da3e8ad8f6 detect-state: split flow and tx state 
Use separate data structures for storing TX and FLOW (AMATCH) detect
state.

- move state storing into util funcs
- remove de_state_m
- simplify reset state logic on reload
 10 years ago
Victor Julien 840efe17fe modbus: tx de_state 10 years ago
Victor Julien e984a57203 smtp: tx de_state 10 years ago
Victor Julien 2a23627a82 dns: implement tx de_state 10 years ago
Victor Julien 774bb90351 http: clean up tx destate at tx destroy 10 years ago
Victor Julien 6279da0fbd http: support per TX destate storage 10 years ago
Victor Julien 1cf02560c8 app-layer: per tx destate 
Add API calls for storing detection state in the TX.
 10 years ago
Victor Julien 866d9684ea detect-state: fix profiling 10 years ago
Victor Julien 7e75279977 detect-state: various cleanups 10 years ago
Victor Julien eec22ce19b detect-state: rip per sig detect out of ContinueDetect 10 years ago
Victor Julien bf818b8fb2 detect-state: remove DeStateResetFileInspection 
It was effectively unused.
 10 years ago
Victor Julien 206f9d4010 detect-state: remove redundant code 10 years ago
Victor Julien e390e24a7c detect-state: add helper to test state 
Add little helper function StateIsValid() to test if the state
can be inspected safely.

Cleans up stateful detection loops.
 10 years ago
Victor Julien 072ae12771 detect-state: add helper to indicate last tx 
Add little helper to indicate current tx is that last we have.
 10 years ago
Victor Julien b710f2dd59 detect-state: cleanup ContinueDetection 
Only lock f->de_state->m when we start to access it. So after
declaration and initialization of local vars.
 10 years ago
Victor Julien 54cb2b6877 detect-state: cleanup retvals 
Use DETECT_ENGINE_INSPECT_SIG_* instead of 0, 1, 2 and 3.
 10 years ago
Victor Julien 97cab030d7 modbus: shrink data structure 10 years ago
Victor Julien 9f1b417660 file: don't 'close' file if we need to track it 10 years ago
Victor Julien 6723d03c7e http: add inspection engine for http request line 
No MPM though.
 10 years ago
Victor Julien c0f265fd82 http: fix stat_msg and stat_code state tracking 10 years ago
Victor Julien 5b8c94db30 Remove spinning PacketPoolWait 
PacketPoolWait in autofp can wait for considerable time. Until now
it was essentially spinning, keeping the CPU 100% busy.

This patch introduces a condition to wait in such cases.

Atomically flag pool that consumer is waiting, so that we can sync
the pending pool right away instead of waiting for the
MAX_PENDING_RETURN_PACKETS limit.
 10 years ago
Victor Julien 2d7f79a62b drop json log: log out 'drop' signature 
If no normal sig was logged as the 'drop' reason, try the stored
drop signature instead, this will also log out 'noalert' sigs.
 10 years ago
Victor Julien 2e754ca6fa drop json: make alerts logging optional 
Make logging out alerts that caused the drop optional.
 10 years ago
Victor Julien 6b172bb010 drop json: add sids (if applicable) 
If a drop is caused by a SID match, add it to the drop record.
 10 years ago
Victor Julien 8a97bb0d04 alert json: move alert info into function 
Move adding the alert info (sid,rev,gid,etc) into it's own function,
so it can be called from other outputs as well.
 10 years ago
Victor Julien e9857200b3 detect: set action from utility function 
Set actions that are set directly from Signatures using the new
utility function DetectSignatureApplyActions. This will apply
the actions and also store info about the 'drop' that first made
the rule drop.
 10 years ago
Victor Julien c914f7bcdc detect: cleanup, remove unused order_id 
No longer used, so remove.
 10 years ago
Eric Leblond b8e7d3a259 flow-timeout: fix init of pseudo packet 
The code was not checking if we had enough room in the direct
data. In case default_packet_size was set really small, this was
resulting in data being written over the data and causing a crash.

The patch fixes the issue by forcing an allocation if the direct
data size in the Packet is to small.
 10 years ago
Eric Leblond e138a2ac1e decode: introduce PacketCallocExtPkt function 
In flow timeout handling we need a function that allocate and blank
a place that will be used to put constructed packet data. This new
function has no other goal.
 10 years ago
Jason Ish ab1d69fc4e When re-opening a log file on HUP, always append. 
This will prevent log files that have not been rotated by some
external tool from being deleted, but log files that were
rotated (moved out of the way) will be re-opened.

This is a better default behaviour, especially when not all
log files are rotated at the same time.

Thanks to iro on IRC.
 10 years ago
Jason Ish 6ed246c041 Don't attempt to load the rule files if the rule-files configuration 
node is not a sequence.  Instead log a warning as this is usually
a configuration error.
 10 years ago
Jason Ish a243a42bdf New function to test if a configuration node is a sequence or not. 10 years ago
Eric Leblond 290b01f95e af-packet: don't unlock twice the bpf mutex 10 years ago
Eric Leblond 47d9c7b211 json-alert: use getter for appstate 10 years ago
Eric Leblond 54b13851cc flow: constify getters param 
Some potential callers are already using constified values so it
is good to do it.
 10 years ago
Eric Leblond 881f32cc02 json-alert: add SSH fields in alert logging 10 years ago
Eric Leblond c1970a3655 json-ssh: export logging function 
It will be use in alert logging to display SSH information.
 10 years ago
Eric Leblond 180faece7c json-alert: log tls info in alert 
This patch adds the capabilities to log the TLS information the
same way it is currently possible to do with HTTP. As it is
quite hard to read ASN.1 directly in the stream, this will help
people to understand why suricata is firing on alert relative
to TLS.
 10 years ago
Eric Leblond 22182e7a84 json-tls: refactor to export logging function 
To be able to add TLS data in alert we need to do the same as what
is done with HTTP ie export the logging functions.
 10 years ago
Ken Steele fb0ecaba05 Inject pseudo packet periodically when there is not traffic in mPIPE. 
To prevent pseudo packets from not being processed when there is no traffic,
inject a pseudo packet if no traffic is seen by a thread for ~100ms.
 10 years ago
Jason Ish 972037248d Define _DEFAULT_SOURCE. Its the replacement for _BSD_SOURCE which 
which has been deprecated as of glibc 2.20.
 10 years ago
Eric Leblond 5f4b745f92 build: don't link with libnfnetlink 
Don't link suricata with libnfnetlink when we don't have support
for NFQUEUE or NFLOG. Previously, suricata was linked with this
library without reason.
 10 years ago
Victor Julien 20b9849999 util-magic: make unittests less specific 
So they pass on CentOS 5.11 as well.
 10 years ago
Victor Julien ec2be2643b app-layer: init flow in tests 10 years ago
Eric Leblond ee7422de0a pcap-file: add missing atomic init 
It is mandatory to init all atomic to avoid problem on system
without atomic support.
 10 years ago
Eric Leblond ed147d3b91 runmode-pcap-file: suppress useless include 10 years ago
Victor Julien ae6ef9acb4 flow-manager: init global atomics 10 years ago
Victor Julien ae8f2a4e62 stream: fix unittests wrt flow 10 years ago
Victor Julien 784690b89a Fix make distcheck on CentOS 5.11 
datarootdir was undefined. Define it.
 10 years ago
Victor Julien 256388325d Fix compiler warning on CentOS 5.11 
cc1: warnings being treated as errors
app-layer-smtp.c: In function ‘SMTPParseCommandBDAT’:
app-layer-smtp.c:908: warning: dereferencing type-punned pointer will break strict-aliasing rules
 10 years ago