aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,206 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '019f856442'
${ noResults }
Commit Graph

6206 Commits (019f85644251fc56ae12122ec0fc6279017d96b9)
 

Author SHA1 Message Date
Victor Julien 019f856442 profiling: fix lock profile compilation 9 years ago
Victor Julien ac476de5ed json: small improvement to log message wording 9 years ago
Eric Leblond 9930f447d2 output-json: fix regression on log prefix handling 
The log prefix option was not anymore honored due to a regression
caused by some recent code.
 9 years ago
Maurizio Abba 1291250c0f app-layer-smtp: support for multiline response 
Multiline response support is provided but not enforced. This patch
allow parsing multiline response when a reply is processed
 9 years ago
Victor Julien 737c99dd30 Update changelog for 3.0RC1 9 years ago
Victor Julien 84c4566a14 Update dev version to reflect we're doing 3.0 now 9 years ago
Victor Julien d77e403024 rule vars: fix compiler warning 9 years ago
Victor Julien a7f54d63b7 tls: fix compiler warnings 9 years ago
Victor Julien a1075ee2f2 http: add test for plain http over connect 9 years ago
Victor Julien cd81af0bc9 http: don't run unittests twice 9 years ago
Victor Julien e86e27bab7 http: test cleanups 9 years ago
Aaron Campbell 50f4fb2a72 Fix out-of-bounds memory access in DNS TXT record parser. 
The datalen variable is declared unsigned.  If txtlen and datalen are equal,
datalen will first be reduced to 0, and then the datalen-- line will cause its
value to wrap to 65535.  This will cause the loop to continue much longer than
intended, and eventually may crash on an out-of-bounds *tdata dereference.

Signed-off-by: Aaron Campbell <aaron@monkey.org>
 9 years ago
Victor Julien 4dfbc0effa multi-detect: fix and simplify config 
instead

mappings:
  - vlan:
    vlan-id: 1
    tenant-id: 2

we'll now use:

mappings:
  - vlan-id: 1
    tenant-id: 2

For YAML it pretty much means the same thing.

Ticket: 1517
 9 years ago
Victor Julien 07d8617b3e multi-detect: improve error handling 9 years ago
Victor Julien 906b95eed3 multi-detect: handle missing mappings 
Notify/warn user about missing mappings depending on other settings
like unix socket and init errors fatal.
 9 years ago
Victor Julien 27783f4c66 multi-detect: consider vlan tracking 
Refuse to use vlan selector if vlan tracking is disabled.
 9 years ago
Victor Julien 04889f154d multi-detect: validate vlan_id 9 years ago
Victor Julien d7d76e7b27 multi-detect: use default tenant 
The default detect engine can be used as 'default tenant'.
 9 years ago
Victor Julien dc3c1ef01e multi-detect: clean up output 9 years ago
Victor Julien adecf41720 base64: code style fixups 9 years ago
Jason Ish 6b15686fd1 base64_decode, base64_data: decode and match base64 9 years ago
Jason Ish 9375e8fb3c util-base64: strict mode - all characters must be valid 
Introduce a strict mode to base64 decode. If strict,
the function will fail when invalid input data is seen.
If not strict, what has been decoded will be returned.

This is in support of adding a Snort compatible base64_decode
rule option that uses whatever data can be decoded as a length
of data to decode is optional.
 9 years ago
Mats Klepsland 7281f6aaf3 lua: added function TlsGetSNI() 
Added function to get server name from TLS SNI extension.
 9 years ago
Mats Klepsland f363d11afe log-tls: added SNI field to extended output 
Added SNI field to extended tls log output.
 9 years ago
Mats Klepsland 285022fde9 output-json-tls: added SNI field to extended output 
Added SNI field to extended JSON output.
 9 years ago
Mats Klepsland 3ac1a3d9fe app-layer-ssl: get server name from SNI extension 
Decode client hello handshake to get server name from SNI extension.
 9 years ago
Victor Julien bec913b40c json: fix malformed output 
Even though the json output callback is called with a null terminated
string, it's not useable directly. The size parameter to the callback
might be a lot smaller than the string size. Libjansson gives the size
up to the first point that needs escaping.
 9 years ago
Victor Julien c80990fe10 output: cleanup JSON logging 9 years ago
Victor Julien ad5a753dde output-json: don't alloc for JSON to string 9 years ago
Victor Julien c1bf0e1b07 rule profiling: json output 9 years ago
Victor Julien b03c288d9a profiling: cleanup, remove MIN declaration 9 years ago
Eric Leblond a4089873c7 rules-reload: fix reload with -s or -S 
When using the -S or -s option, the reload was causing the specified
rules file to be forgotten and the default rules to be loaded at
reload time.
 9 years ago
Eric Leblond b85901a6b4 prscript: add rm command 
This command removes the container and the image allowing to
free the disk space allocated during the creation.
 9 years ago
Eric Leblond 35c1b681ee prscript: docker do not need sudo 
Usage is not to run docker command as root but to have the user
in the docker group to be able to run docker commands.
 9 years ago
Eric Leblond c199fdcbb9 handle MTU discovery in multi iface case 
This patch adds handling of multiple interface by using as
default-packet-size the maximum MTU + header length among the
live iface.
 9 years ago
Eric Leblond affb399cd9 config: don't use hardcoded path 
It is better to use a transformation to define the default
directory of output message instead of using an hardcoded value.
Same apply to the directory for the pid file.
 9 years ago
Eric Leblond 9672e16323 suricata: clean dump-config output 
When user asks for a configuration dump, it is useless to display
the version and CPU info. Also initializing the log system conduct
to overwrite the some log files and in particular suricata.log and
this is annoying as a command should not interfere with a running
daemon.
 9 years ago
cardigliano c06dfe6e26 pfring pkt acq: keep running on 'pfring_set_cluster' failure when cluster is not required 
Suricata creates a pfring cluster with a default ID = 1 when not explicitly configured,
unless the device has prefix 'dna' or 'zc'. Since pf_ring also supports other cards
implementing kernel-bypass (cluster not supported), this is preventing those cards from
running on top of this module. This patch stops suricata on 'pfring_set_cluster' failure
only when error code != PF_RING_ERROR_NOT_SUPPORTED or cluster ID has not been explicitly
configured.
 9 years ago
Victor Julien 7f8795c756 threading: avoid autofp deadlock 
When there are many threads and/or the packet pool (max-pending-packets) is
small, a potential dead lock exists between the packet pool return pool
logic and the capture threads. The autofp workers together can have all the
packets in their return pools, while the capture thread(s) are waiting at an
empty pool. A race between the worker threads and the capture thread, where
the latter signals the former, is lost by the capture thread. Now everyone
is waiting.

To avoid this scenario, this patch makes the previously hardcoded 'return
pool' threshold dynamic based on the number of threads and the packet pool
size.

It sets the threshold to the max pending packets value, divided by the number
of lister threads. The max value hasn't changed. Normally, in the autofp
runmode these are the stream/detect/log worker threads.

The max_pending_return_packets value needs to stay below the packet pool size
of the 'producers' (normally pkt capture threads but also flow timeout
injection) to avoid the deadlock.

As it's quite impossible at this time to learn how many threads will be
created before starting the runmodes, and thus spawning the threads and
already initializing the packet pools, this code sets a global variable
after runmode setup, but before the threads are 'unpaused'.
 9 years ago
Victor Julien 8d06d7bccc threads: add func to count running threads of types 9 years ago
Victor Julien ca3916881f threading: store thread module flags in threadvars 9 years ago
Victor Julien 77624701e7 htp: cleanup, remove unused declaration 10 years ago
cardigliano 86711a1332 pfring pkt acq: capture loop optimisation 
For each packet the capture module checks whether it is time to dump stats calling
TimeGet(). TimeGet() is an expensive function using gettimeofday() or SCSpinLock()
which affect performance. Since gettimeofday() is already called for setting packet
timestamp, it is more efficient to use the packet timestamp directly.
 10 years ago
cardigliano 70c98c1ff2 pfring pkt acq: removed reentrant flag 
PF_RING_REENTRANT is not needed as each pfring socket is used by a single thread.
 10 years ago
cardigliano c4850c1d8f pfring pkt acq: use zero-copy recv in workers runmode 
This patch removes packet copy when suricata is running in workers runmode,
packet copy is not needed in this case since packets are processed in sequence.
 10 years ago
Eric Leblond d88e133428 util-logopenfile: don't allocate redis command 
As we only have two different commands we don't need to allocate
it and can use pointer to global variables.
 10 years ago
Eric Leblond 2ea4bbc492 util-logopenfile: move sensor_name to filectx 
We will now output the sensor name independantly of the output
method if it is set in the YAML file. In the case of redis we are
using the hostname value if unset.
 10 years ago
Eric Leblond 7e3a5a0db2 util-logopenfile: log queued events at exit 
Do a redis query at exit to log possibly existing events.
 10 years ago
Eric Leblond 404e660410 util-logopenfile: don't lock syslog write 10 years ago
Eric Leblond c5d939834f util-logopenfile: cleaner free function 10 years ago