aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,734 Commits
7 Branches
161 Tags
186 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f77bc5195c'
${ noResults }
Commit Graph

6205 Commits (f77bc5195cb7c81214a57f3c0e06993923f82b3a)

Author SHA1 Message Date
Mats Klepsland c4b918b6c4 tx: do not store ProgressCompletionStatus per ipproto 
Change AppLayerParserRegisterGetStateProgressCompletionStatus to
only store one ProgressCompletionStatus callback function for each
alproto, instead of storing one for each ipproto.

This enables us to use AppLayerParserGetStateProgressCompletionStatus
in functions where we do not know the ipproto used.
 9 years ago
Mats Klepsland e4f03b18ba tls: make TX aware 9 years ago
Mats Klepsland a422ae9f3c tls-sni: fix alignment issues 9 years ago
Victor Julien 8dc477f85a sources: fix netmap compilation and pcap setup 9 years ago
Victor Julien be714a2f02 flow queue handler: use int16_t 
Use int16_t instead of int to store the autofp queue id. We should
not easily get to 32k threads so 2 bytes per flow is sufficient.
 9 years ago
Victor Julien ba64069b35 flow: remove unused debug code 9 years ago
Victor Julien 2c7cd1c22a flowint: redo tests 9 years ago
Victor Julien 3a36dea358 detect: add missing sigorder case 9 years ago
DIALLO David 271bd04539 modbus: fix AddressSanitizer error (segmentation fault) 
In case of Mask Write register or Write single register request with
no data (malformed packet), app-layer-modbus checks response content
(data) with the none stored request content. That causes the segmentation
fault.

Before accessing to request content, app-layer-modbus checks now if
content has been previously stored. 4 unitests have been adding, 2 of them
to test the management of Mask Write register and Write single register requests,
and the 2 others to check invalid Mask Write register and Write single register
requests.
 9 years ago
Victor Julien 79c1904ab2 ipv6: fix alignment issue in address to string code 9 years ago
Victor Julien 3979cb0e57 ac-ks: fix integer handling issue 9 years ago
Victor Julien 8db7b70e93 unittests: don't call memcpy on NULL-ptr 9 years ago
Victor Julien 4875040dca pcre: initialize var before use 9 years ago
Victor Julien e13f956100 yaml: minor cleanup 9 years ago
Victor Julien 542492d6c2 yaml: initialize var to prevent uninitialized read 9 years ago
Victor Julien d79208d93b tcp sack: fix alignment issues 9 years ago
Victor Julien 055f8bea10 smb: improve integer handling 9 years ago
Victor Julien ed5a01e8dd dcerpc: improve integer handling 9 years ago
Victor Julien 9235dd498f detect port: fix integer handling in hashing 9 years ago
Victor Julien 001e87310d decode: don't call memcpy on NULL-ptr on pseudo packets 9 years ago
Victor Julien 35d081a797 ippair: fix alignment issues 9 years ago
Victor Julien 31b632a17d host: fix alignment issues 9 years ago
Victor Julien b112af817d flow: fix alignment issues 9 years ago
Victor Julien 76c8c077c5 tcp: fix alignment issues with tcp timestamps 9 years ago
Victor Julien c64815e4a8 decode-mime: don't call memcpy on NULL pointer 9 years ago
Jason Ish aa8e747e4d sources: allow interface definitions to be reordered 
For af-packet, pf-ring, netmap, and pcap use a generic
lookup function to find the configuration node for an
interface.

The new lookup function does not depend on the ordering
of the items inside the device configuration.
 9 years ago
Eric Leblond e29e9056cb config-test: fix memory leak detect by ASAN 
NSS library was not deinit at exit resulting in memory leak. As
it is useless for a config test, the patch updates the code so it
is not initialized.

Patch also calls MagicDeinit to free memory used by libmagic.
 9 years ago
maxtors bf551ace4e Use ConfValIsTrue for parseing util-logfile append value. 9 years ago
maxtors 3c15c1f8d5 Use ConfValIsTrue for parsing TILE PCIE logging append value. 9 years ago
maxtors a81796654f Use ConfValIs* for parsing pf-ring.checksum-checks. 9 years ago
maxtors 70b864d06b Use ConfValIs* for parsing pcap.checksum-checks. 9 years ago
maxtors b28ebae088 Use ConfValIs* for parsing netmap.checksum-checks. 9 years ago
maxtors d18e2f6e9a Use ConfValIs* for parsing af-packet.checksum-checks. 9 years ago
maxtors 3d4cdd1117 Use ConfValIs* for parseing mpipe.checksum-checks. 9 years ago
maxtors 524c627194 Use ConfValIs* for parsing pcap-file.checksum-checks. 9 years ago
Victor Julien c742a818d5 profiling: suppress inferior version of UtilCpuGetTicks warning 9 years ago
Victor Julien db4ec46f18 coverty: fix dead code warning 9 years ago
Jason Ish dd86ac07f7 smb: check that there is enough input data 
Conditional was checking the word count, but indexing
much further into the input data.
 9 years ago
maxtors 0e5bbe8564 Reordering of RRTYPE switch case for performance. 9 years ago
maxtors 387919e203 Added more DNS Resource Record Types. 9 years ago
maxtors 16e4c92b69 Changed "enabled" parsing to use ConfValIs(true|false) 9 years ago
maxtors 2b80da424b Update ASN1_MAX_FRAMES to reflect default in suricata.yaml.in 9 years ago
Victor Julien 9818557369 stats: fix stats.log ignoring null-values for threads 9 years ago
Victor Julien d9639fba60 cppcheck: fix harmless warnings 
[src/detect-engine-loader.c:272]: (error) Buffer is accessed out of bounds.
[src/flow-manager.c:742]: (error) Buffer is accessed out of bounds.
[src/flow-manager.c:906]: (error) Buffer is accessed out of bounds.
 9 years ago
Zachary Rasmor dbbca37a94 Remove free operation on thread name field. 
Name field is now  a pre-allocated array - free is no longer necessary.
Fix issue leading to segfault during interface shortening in Single runmode.
 9 years ago
Victor Julien 71018cd2ce runmodes: constify names 9 years ago
Zachary Rasmor f211fa48f4 Update unit test to account for 'name' type change. 9 years ago
Zachary Rasmor 68cfa009a0 Update thread creation and threads to use global thread names. 
Thread name is now stored as a static string buffer,
string duplication and alloc/de-alloc is no longer required.
 9 years ago
Zachary Rasmor 10d3d90f06 Change thread name from pointer to buffer. Remove pointer free. 9 years ago
Zachary Rasmor 885747218b Update shortening algorithm to account for addition of #. 9 years ago
Zachary Rasmor 8c8759c189 Add global threadnames. 
Update thread naming convention to follow: W#01-eth0.
Add interface name where applicable, add #.
 9 years ago
Zachary Rasmor f8a40dd906 Update pcap-file runmode to adhere to new thread standard. 9 years ago
Zachary Rasmor 41c768ce28 Update threads to use global thread names. 
Update FlowManager/Recycler to use global name.
Also add # into thread number.
Update af-packet to use global threadnames.
Update pcap to use global threadnames.
Update pfring to use global threadnames.
Update erf-dag to use global threadnames.
Update nflog to use global threadnames.
Update netmap to use global threadnames.
Update napatech to use global threadnames.
 9 years ago
Zachary Rasmor 1bfebae8c4 Update IPS thread names to new name standard. 9 years ago
Zachary Rasmor 19bc6c1f9f Update thread naming convention for all IDS modes. 
- Change 'Detect' to 'W'
- Enforce 2 digit numbering in thread names with leading zero
- Add 01 after W for single mode: W01
 9 years ago
maxtors a6adb5dbbf Changed naming of flowmanager/recycler. 
- Changed FlowManagerThread to FM-
- Changed FlowRecyclerThread to FR-
- Changed use of strcasecmp to strncasecmp. This was used in the
  killing and disabling of FM/FR Threads.
 9 years ago
maxtors a17ac21077 Reworked how shortening should be performed. 
The shortening of the interfacenames is now dependent on the
size of the destination buffer, so that this can be easily
changed in the future. The process uses snprintf and strlcat.

Also changed the buffer sizes in the util-runmodes to 12
so that they can hold 11 chars + null terminator.
 9 years ago
maxtors 88a6e79607 Fixed string copy and cat functions and made shortening safer. 
Changed out strcpy, strncpy to strlcat and strlcpy. Also added
checks to see if the shortening did work or if it would fail in
advance. Fixed code in util-device and util-runmodes.
 9 years ago
maxtors 10d1450e49 Added shortening of listening interface in util-runmodes 
Added function LiveSafeDeviceName in util-device that shortens an
NIC device name if the name is over a given length and turns
it in to Ex: longi...eeth1
 9 years ago
Eric Leblond 63937cd903 detect-msg: fix option parsing 
Code removing the space before the double quote at msg option start
was not working correctly for option starting with a space.
 10 years ago
Victor Julien 7f700a137c smtp: fix test 10 years ago
Victor Julien c4a9580fce detect file: improve multi file handling 
When multiple files were in a tx, the first one(s) closed/complete
and a new open one as well, a match in the former could lead to not
inspecting the latter.

This patch adds a workaround for this case, by allowing the file
inspection code to return a special code for 'match, but more files
available in tx'.

The stateful detection engine will then not make this match final for
the tx. It relies on the file pruning to kick in to make sure the
already complete files are removed from the tx before the next time
the detection engine is called on the tx.
 10 years ago
Victor Julien 8cd4405c21 detect file: cleanups 10 years ago
Victor Julien ea0067add8 debug: add various detect engine debug statements 10 years ago
Victor Julien 83e0529b2b http: flag destate about new files 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in http. For http it
should only apply to multipart bodies although the flag is set for
all files.
 10 years ago
Victor Julien aa4ad9d25b smtp: flag detect state that new files are available 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
 10 years ago
Victor Julien 807fe4ac9f detect state: fix issues with multiple files per tx 
Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.
 10 years ago
Victor Julien 19d112ba07 smtp/mime: allow unquoted name/filename fields 
Don't enforce that name/filename fields are quoted.

Reported-By: Blair Steven
 10 years ago
Victor Julien 5c514c904f smtp: fix file logging and matching 
When no rules with 'file content' keywords like filemd5 or filestore
were used, and non of the file outputs would force 'output' like
'force-md5' and 'force-magic', the file would not be tracked at all.

This meant that logging wouldn't work and neither would filename and
fileext inspection.

This patch removes the tracking bypass from the SMTP code and leaves
decisions to the file API.
 10 years ago
maxtors 9d3fd82849 Removed duplicate include statements. 10 years ago
maxtors 06d74b5775 Module specific error code for init ctx error. 10 years ago
maxtors 69863f7b1c Corrected and unified debugmessages for init data errors in *ThreadInit. 10 years ago
maxtors 7f2f7cc48d Added parsing and utilization of yaml defined payload buffer value. 10 years ago
Victor Julien 554080cced lua: print lua script func/line/file in SCLog* funcs 
Instead of printing the func/line/file of the C code SCLog* wrappers,
print them from inside the lua script. They are not always available.
 10 years ago
Victor Julien 1c8775b340 QA: --afl-rules for faster rule fuzzing 10 years ago
Victor Julien c3efc4e072 pcap: small cleanups 10 years ago
Victor Julien 3f16ebe476 dns: don't read uninitialized memory in name parsing 
AFL+ASAN found that with certain input we used an uninitialized byte
in the length calculation. Probably harmless as the length was still
validated afterwards.
 10 years ago
Victor Julien c4575d1419 stream-tcp: improve test function cleanup 10 years ago
Victor Julien 3aea0bd4f3 stream-tcp: introduce stream cleanup function 10 years ago
Victor Julien 93fa291922 stream-tcp: unify ssn clean up functions 
There were 2 separate function doing ssn cleanup. To prevent issues
common with code duplication, unify them.
 10 years ago
Victor Julien 9b08cdae74 capture: only check for faster methods on -i 
Also, since we now default to AF_PACKET for -i if available, only check
for PF_RING and NETMAP.
 10 years ago
Victor Julien 053b96458f commandline: add -i arg check 10 years ago
Victor Julien f8852f4415 commandline: use afpacket for -i if available 10 years ago
Victor Julien a3a7d9b299 pcap: unify -i and --pcap parsing 10 years ago
Victor Julien b50111a5a7 commandline: move afpacket parsing into util func 10 years ago
Victor Julien 1fe09a38e0 commandline: move pcap parsing into util func 10 years ago
Victor Julien 7ac7f9cd55 instance: add progname as ptr to argv[0] 10 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE 
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
 10 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file> 
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
 10 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 10 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 10 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API 
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
 10 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 10 years ago
Victor Julien 09242fb4a8 afl: optionally exit right after afl single runmode 
Exit right away if afl.exit_after_pcap is set to true. Safes time
as fuzzing the shutdown code may not be as interesting.
 10 years ago
Victor Julien d461837511 afl: add --afl-parse-rules to return 0 on any rule 
When fuzzing, AFL will create lots of malformed rules. We don't want
to error out on those. As we're fuzzing the parser any non-crash
should return 0. Crashes (ASAN or not) will return a non-0 code.
 10 years ago
Victor Julien e824a8be76 afl: special 'single' runmode 
To avoid threading, this 'single' mode doesn't run in it's own thread
but instead runs in the main thread.
 10 years ago
Victor Julien a42251d459 afl: add define to disable mgt threads 
The inherent non-deterministic nature of the management threads
creates variable test cases.
 10 years ago
Victor Julien b2695600ba afl: add define to disable rand_r use 
The randomness affects AFL. It creates variable test cases, which
we need to avoid.
 10 years ago
Victor Julien 4c1c13d110 detect reload: improve signal logic 10 years ago
Victor Julien c0294521dd startup: move more into PostConfLoadedSetup 10 years ago