aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,553 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ecce116117'
${ noResults }
Commit Graph

10357 Commits (ecce116117cf3ea2d74c3916602dee40ee1c64fd)

Author SHA1 Message Date
Victor Julien ecce116117 detect/fast_pattern: allow for rule time registration 
In preparation of more dynamic logic in rule loading also doing
some registration, allow for buffers to be registered as fast_patterns
during rule parsing.

Leaves the register time registrations mostly as-is, but copies the
resulting list into the DetectEngineCtx and works with that onwards.
This list can then be extended.
 4 years ago
Victor Julien db27244379 detect: add buffer helper functions 4 years ago
Victor Julien 707b75ccda detect: split register time and detect load time buffer funcs 4 years ago
Victor Julien 5bcaae0a01 detect: use hashes for all buffer to id 
Instead of a map that is constantly realloc'd, use 2 hash tables for
DetectBufferType entries: one by name (+transforms), the other by
id. Use these everywhere.
 4 years ago
Victor Julien 51dcf3d76a detect: increase SigMatch type from u8 to u16 4 years ago
Victor Julien bb3d49d5bf detect: use bool for uint16_t used as bool 4 years ago
Victor Julien 6d7c1519ed common: fix missing ; in header 4 years ago
Philippe Antoine c9d222a483 detect: allows <> syntax for uint ranges 4 years ago
Philippe Antoine 5af4ef4532 detect: use prefilter values for modes 4 years ago
Philippe Antoine 3f15b2492c detect: errors for rule with impossible conditions 
Such as >255 for an uint8 field
 4 years ago
Philippe Antoine f4449d3fb3 fuzz: restrict flags passed to AppLayerProtoDetectGetProto 
Completes commit 05f9b3ffc6
 4 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 4 years ago
Philippe Antoine 86f5d33f75 enip: fix int warnings 
There seems to fix a real bug when an ENIP connection
has more than 65k transactions
 4 years ago
Philippe Antoine 86b5c81ea2 dnp3: fix int warnings 
There is a hack to know the type of an integer
and do an explicit cast in the python script
generating the C file

Also extends some bounds check against negative values
 4 years ago
Philippe Antoine 53fc70a9a7 protodetect: fix int warnings 
There is actually a real evasion with AppLayerProtoDetectPMGetProto
using u16 instead of u32 for buflen
 4 years ago
Philippe Antoine 46981ccd98 warning: explicit casts to double 4 years ago
Philippe Antoine b88f015bfb source/pcap: remove unused code 4 years ago
Philippe Antoine 05f9b3ffc6 fuzz: restrict flags passed to AppLayerProtoDetectGetProto 
So that rust does not panic with an unhandled value
 4 years ago
Victor Julien 39bf623fdd af-packet: add send error counter 4 years ago
Victor Julien 373278438d packetpool: ReleasePacket callback check on getter 
Any packet coming from the pool should have `PacketPoolReturnPacket`
as its callback. Check that this is the case.
 4 years ago
Victor Julien 8a5b945c7b af-packet: only ref mpeer if needed in tpacket v2 
We only use it in autofp mode, for reference counting purposes.

Removes 2 atomic operations per packet in the more common workers
runmode.
 4 years ago
Victor Julien d272075da0 af-packet: minor output updates 4 years ago
Victor Julien e9c6ad19b3 af-packet: optimize packet setup 
Don't set fields we don't use in V3.
 4 years ago
Victor Julien cad0ff9ebb af-packet: add counters on how poll() works 
Use `capture.afpacket.*` counter name space.
 4 years ago
Victor Julien c7ad3f8d30 af-packet: don't check ifstate per send call in IPS 
Instead just accept that the socket state leads to `sendto` errors.
So print at most one error per socket.
 4 years ago
Victor Julien dab036727f af-packet: simplify AFPWritePacket 
Since return code was ignored by all callers, we can just turn it into a
void function and slightly simplify the logic.
 4 years ago
Victor Julien 3f79f452ad af-packet: use BUG_ON for 'impossible' condition 4 years ago
Victor Julien 2fab3ff0e8 af-packet: refactor VLAN hdr handling 
Update the packet payload after decode, instead of during IPS send.

This means the updates happen in the capture thread, and the VLAN header
is available to logging as well.

Ticket: #4805.
 4 years ago
Victor Julien b9189946f9 af-packet: remove tpacket-v1 support 
Ticket: #4796.

V2 (for IDS and IPS) and V3 (for IDS) are widely supported. V2 was introduced
in 2008, so we can safely assume that all systems can run V2+.
 4 years ago
Jason Ish 1f6a15cdf3 app-layer/template: don't always enable if unittests built 
314ec77f88 had the unintended side affect
of enabling the template parser and detection buffer if unittests were
enabled.

Fix this by using the new `Default` method for registering parsers.
However, the buffer still needs an explicit configuration check.

Also convert Notice debug messages to Debug to reduce output when in
unittest mode.  If we feel stronly this should still be Notice in the
template, that is a conversion we can make in the generation script when
generating a new parser.
 4 years ago
Jeff Lucovsky 6a470a84e7 tftp: Change references to echo 
This commit changes the references to the "echo" protocol to tftp. The
references to echo are part of the template parser code.
 4 years ago
Jeff Lucovsky ca7d097225 netmap: V14 API changes 
This commit modifies the Netmap packet handling to use API version 14.

@bmeeks8 contributed many changes instrumental to this effort.
 4 years ago
Jeff Lucovsky 3496e543af util: Add sys/ioctl.h to common include 
This commit adds another system include file based on autoconf to the
common Suricata include file for convenience.
 4 years ago
Jeff Lucovsky 84ee01dbe9 util/log: Include device name with thread count 4 years ago
Philippe Antoine c023116857 range: prevents memory leak of file from HTTP2 
If a HTTP2 transaction gets freed before the end of the range
request, we need to have the files container which is in
the state, to transfer owernship of this file to the files
container.

Ticket: 4811
 4 years ago
Philippe Antoine 15649424a7 conf: avoid quadratic complexity 
Ticket: 4812

When adding many sequence nodes
 4 years ago
Modupe Falodun c33cfed704 detect-fragoffset: convert unittests to FAIL/PASS APIs 
Bug: #4040
 4 years ago
Jason Ish 52b9c12f41 smtp: log transaction even if no email present 
The SMTP transaction logger was not writing the log if the email
portion of the logger failed, such as in the case of STARTTLS
where this is no email decoded.

Ticket #4817
 4 years ago
Sam Muhammed fcf399b02c detect/proto: convert unittests to FAIL/PASS APIs 
Task #4027
 4 years ago
Modupe Falodun 2a800d572c detect-icode: convert unittests to FAIL/PASS APIs 
Bug: #4045
 4 years ago
Modupe Falodun 97801c795b detect-id: convert unittests to FAIL/PASS APIs 
Bug: #4046
 4 years ago
Sam Muhammed 4076c8b762 detect/siggroup: convert unittests to FAIL/PASS APIs 
Task #4028
 4 years ago
Benjamin Wilkins e21a50fee6 lua: Fix SCRule functions for match scripts 
Save Signature structure to lua register so SCRule functions can work
in match scripts, where no PacketAlert is present

Resolves Feature #2450
 4 years ago
Jason Ish 9b71f56728 modbus: free eve thread context on deinit 
Was triggering ASAN leak detection.
 4 years ago
Jason Ish 55ff912ee7 app-layer: remove IsTxEventAware: never used 
The function AppLayerParserProtocolIsTxEventAware is not used so
remove.
 4 years ago
Jason Ish 1ad71b96da app-layer: remove tx detect state setter and getter 
Instead access detect state through AppLayerParserGetTxData.
 4 years ago
Jason Ish 9c67c634c1 app-layer: include DetectEngineState in AppLayerTxData 
Every transaction has an existing mandatory field, tx_data. As
DetectEngineState is also mandatory, include it in tx_data.

This allows us to remove the boilerplate every app-layer has
for managing detect engine state.
 4 years ago
Eric Leblond 6d5f59696d profiling: fix profiling with sample rate 
Rules profiling was returning invalid results when used with sample
rate. The problem was that the sample condition was run twice in the
packet flow. As a result, the second pass was not initializing the
variable storing the initial CPU ticks and the resulting performance
counters were reporting invalid values.

Bug: #4836.
 4 years ago
Philippe Antoine 16f4e5f31c detect: file_data keyword works on nfs protocol 
Ticket: #4839
 4 years ago
Philippe Antoine 6cb6225b28 tcp: rejects FIN+SYN packets as invalid 
Ticket: #4569

If a FIN+SYN packet is sent, the destination may keep the
connection alive instead of starting to close it.
In this case, a later SYN packet will be ignored by the
destination.

Previously, Suricata considered this a session reuse, and thus
used the sequence number of the last SYN packet, instead of
using the one of the live connection, leading to evasion.

This commit errors on FIN+SYN so that they do not get
processed as regular FIN packets.
 4 years ago