aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,251 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'fdbc2fe49c'
${ noResults }
Commit Graph

10251 Commits (fdbc2fe49c66c8927a7632438a0462b944192875)
 

Author SHA1 Message Date
Eric Leblond 1c4d214cdb doc: typo fixes on ebpf doc 6 years ago
Eric Leblond 6fdcb127e9 af-packet: fix the start when XDP is pinned 6 years ago
Eric Leblond 7e0ef4cec8 util-ebpf: change return of pinned maps loading 
The calling function needs to be able to see when this is a success
and XDP do not need to be reloaded.
 6 years ago
Eric Leblond b7560d7547 doc: document externally managed global switch 
This is currently implemented as an exposed map and it seems
a good way to do it.
 6 years ago
Eric Leblond d950a9f272 util-ebpf: conditional flow table loading 6 years ago
Eric Leblond 4777af213c ebpf: implement global switch bypass 
Add a switch to allow to bypass all traffic if the switch is on.
Concept is to use a persistant script and pinned maps, so an
external tool can be used to trigger global bypass in case Suricata
is dead.
 6 years ago
Eric Leblond d25e8dbfc7 af-packet: implement pinned-maps-name 6 years ago
Eric Leblond 36838017fe af-packet: fix build when eBPF not built-in 6 years ago
Eric Leblond b1769d5f8f util-ebpf: implement pinned maps loading 
Load flow tables at start if asked to.
 6 years ago
Eric Leblond 96f1454ebf util-ebpf: only unlink pinned maps in eBPF filter 6 years ago
Eric Leblond 4cf531008e af-packet: conditionaly remove XDP filter 
Only remove the XDP filter if we are in XDP mode and not using the
pinned maps.
 6 years ago
Eric Leblond 19c0a5edf5 doc: white space and typo fix 6 years ago
Eric Leblond 4f48c45727 util-ebpf: conditional pinning of maps 
Only pin maps if `pinned-maps` is set in the configuration. This
ensure backward compatibility.
 6 years ago
Eric Leblond 6d41a0ced0 doc: more eBPF and XDP capabilities 6 years ago
Eric Leblond 73a928fa0b util-ebpf: fix loop on maps 
We were missing the last element of the map by working on previous
key instead of current key.
 6 years ago
Eric Leblond 3ce69c446b util-ebpf: suppress spaces at end of line 6 years ago
Eric Leblond 954762a429 ebpf: add filter by maps on example filter 6 years ago
Eric Leblond 5d8ac36a49 util-ebpf: pin the maps 
By pinning the maps we are creating a file in /sys/fs/bpf that can
be used by external program to access the map. This has multiple
benefits such as handling list from an external program.

The pinned maps could be persistent accross Suricata reload but
this can be complicated in term of handling everything in the life
of Suricata.
 6 years ago
Eric Leblond bf4381b17b ebpf: document XDP iface redirect 6 years ago
Eric Leblond a37a7c4a21 ebpf: reduce counter size to allow netronome offload 6 years ago
Eric Leblond 2f579e6a4c ebpf: add VLAN support to loadbalancing 
This patchs adds VLAN support to eBPF load balancing by doing a
parsing of VLAN headers.
 6 years ago
Eric Leblond 315c29a8e6 ebpf: change the logic to avoid ktime usage 
Kernel time is not available (and/or costly) on NIC such as
Netronome so we update the logic to detect dead flows based on a
lack of update of packets counters. This way, the XDP filter will
be usable by network card.

This patch also updates the ebpf code to support per CPU and
regular mapping. Netronome is not supporting it and the structure
is using atomic for counter so the cost of simultaneous update
is really low.

This patch also updates the xdp_filter to be able to select if the
flow table is per CPU on shared. Second option will be used for
hardward offload. To deactivate the per cpu hash, you need to set
USE_PERCPU_HASH to 0.

This patch also adds an new option to af-packet named no-percpu-hash
If this option is set to yes then the Flow bypassed manager thread
will use one CPU instead of the number of cores. By doing that
we are able to handle the case where USE_PERCPU_HASH is unset (so
hardware offload for Netronome).

This patch also remove aligment indications in the eBPF filter. This
was not really needed and it seems it is causing problem with
some recent version of LLVM toolchain.
 6 years ago
Eric Leblond 1745408c13 flow-manager: no force reassembly on bypassed flow 
When a bypassed flow is created we are forcing the reassembly so
we don't need to do it again when it timeout.
 6 years ago
Eric Leblond 4e94c2b8c2 suricata.yaml: fix path to ebpf and xdp doc 6 years ago
Shivani Bhardwaj 7c7e04487f detect/content: Message for escaping backslash 
So far, if the rule loaded had a backslash character ("\") in its
content field, the rule will fail to load but without giving a
descriptive error message. This patch tells the user to escape the
troubling character.

Before
```
9409] 7/6/2019 -- 16:12:22 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Backslash needs escaping msg"; flow:established,to_server; content:"MyBackslash\here"; sid:86; rev:1; )" from file /var/lib/suricata/rules/myrule.rules at line 1
```

After
```
[9409] 7/6/2019 -- 16:12:22 - (detect-content.c:155) <Error> (DetectContentDataParse) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - '\' has to be escaped
[9409] 7/6/2019 -- 16:12:22 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Backslash needs escaping msg"; flow:established,to_server; content:"MyBackslash\here"; sid:86; rev:1; )" from file /var/lib/suricata/rules/myrule.rules at line 1
```

Closes redmine ticket #2626
 6 years ago
Andreas Herz 30fd80b0ef doc: convert fancy quotes to straight quotes 6 years ago
Victor Julien 7513f6cae2 threads: minor code cleanups 6 years ago
Victor Julien 92d38683ce threads: improve flow timeout loop 
Improve thread safety and remove BUG_ON
 6 years ago
Victor Julien e6b633cf95 stats: walk tv_root under lock 6 years ago
Victor Julien 9474b84683 stats: more accurate time handling for wakeup thread 6 years ago
Victor Julien ab1268cfea stats: minor code cleanups 6 years ago
Jeff Lucovsky 1a1d32c6b2 make: Remove rust generated headers during clean 6 years ago
Philippe Antoine b5f3e03209 New app layer event for invalid http request line 
Handles logs from libhtp even if case of error
 6 years ago
Philippe Antoine 4a74e9edcc signature: error for rules with illegal port 
Fixes #2080
 6 years ago
Philippe Antoine 248f9c66cf warnings: fixes integer sizes in format strings 
Fixes #3009
 6 years ago
Philippe Antoine a3e38861b9 http: adds unit tests for HTPParseContentRange 6 years ago
Philippe Antoine 90ab0b0ec2 http: fix overflow in HTPParseContentRange 6 years ago
Pierre Chifflier c1b30fe9fd rust/snmp: fix libc deprecation warnings for int types 6 years ago
Pierre Chifflier bc07656ce7 rust/snmp: use snake_case when logging PDU types 6 years ago
Victor Julien 39cf5b0c8b snmp: fix 'defined but not used' warning 
Remove HAVE_RUST guards as well.
 6 years ago
Pierre Chifflier 8c61cfdca5 snmp.version: move unittests to tests/ 6 years ago
Pierre Chifflier 58d85b1460 snmp.pdu_type: move unittests to tests/ 6 years ago
Pierre Chifflier ff0ff6344f snmp.community: move unittests to tests/ 6 years ago
Pierre Chifflier 509a54281f detect/snmp: convert snmp.community keyword to v2, and MPM 6 years ago
Pierre Chifflier c60f2028e5 rust/snmp: fix missing IPPROTO_* declarations (use core) 6 years ago
Pierre Chifflier c67a53773b detect/snmp: rename keywords to snmp.<name>, and make rust mandatory 6 years ago
Pierre Chifflier 031cbbe868 rust/snmp: fix selection of v1/v2c parser 6 years ago
Pierre Chifflier 9dfec7e734 SNMP: add the "snmp.pdu_type" detection keyword 6 years ago
Pierre Chifflier e1dd19a0eb SNMP: add the "snmp.community" detection keyword 6 years ago
Pierre Chifflier aa608e0ca2 SNMP: add the "snmp.version" detection keyword 6 years ago