aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,171 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '07ef451c2b'
${ noResults }
Commit Graph

7171 Commits (07ef451c2b89f6785047b4855003895e002b9fcb)
 

Author SHA1 Message Date
Jason Ish aaa65f3d16 logging: convert json tls output to non-thread module 8 years ago
Jason Ish 31663f1627 logging: convert prelude output to non-thread module 8 years ago
Jason Ish dedda33f01 logging: convert eve http to non-thread module 8 years ago
Jason Ish 687602c0ca logging: convert eve dns logging to non-thread module 8 years ago
Jason Ish b1200dba54 logging: convert fast log to a non-thread module 8 years ago
Jason Ish 637aa34610 logging: convert dns log to a non-thread module 8 years ago
Victor Julien 99dce740ef detect: mark alproto in keyword reg deprecated 
No existing code uses it, and it had been useless for some time.
 8 years ago
Victor Julien e173016ded gitignore: update to hide more local files 8 years ago
Victor Julien 9030e89c94 detect: don't set alproto while registering keyword 
The field is not used except for some printing, and is wrong for
many keywords.
 8 years ago
Victor Julien c957c62824 detect file: enable HTTP inspection from validate func 8 years ago
Victor Julien 621860f5b2 detect file: enforce protocol in single place 
Instead of trying to enforce the app layer protocol in each file
function, enforce it in the generic validation function.
 8 years ago
Victor Julien bcfa484bce app-layer: add function to check if app-layer supports files 8 years ago
Victor Julien 85db260eed threads: remove EngineKill & SURICATA_KILL 
EngineStop and EngineKill were effectively doing the same, so
removed the kill variant.
 8 years ago
Victor Julien 045c10db43 threads: failed thread is a fatal error now 8 years ago
Victor Julien fb655d5f15 threading: remove thread restart logic 
Thread restarts never worked well and the rest of the engine was
never really expecting errors to lead to thread restarts. Either
and error is recoverable in the thread, or not at all.

So this patch removes the functionality completely.
 8 years ago
Victor Julien 54503ef310 Open Suricata 3.2 development branch 8 years ago
Victor Julien 471b61a0e1 magic: fix broken tests after CentOS6 update 8 years ago
Victor Julien 82282a9e68 mpls: add missing event type + rule 8 years ago
Victor Julien 71c8d1f46c bpf: fix file parsing memory handling 
Fix improper fread string handling. Improve error handling.

Skip trailing spaces for slightly more pretty printing.

Coverity CID 400763.

Thanks to Steve Grubb for helping address this issue.
 8 years ago
Victor Julien 519b2970ec detect: don't print (null) in --list-keywords=all 8 years ago
Eric Leblond ed90a16e89 detect: fix setup for some keywords 
Fix problems found by siginit.cocci.
 8 years ago
Eric Leblond 4324805478 coccinelle: add siginit test 
Add a test that check an inversion during keyword setup where
we add a sigmatch to a signature and then do error handling on it.
This was causing a double free of some elements and ultimately a
segfault.

Proposed-by: Victor Julien <victor@inliniac.net>
 8 years ago
Jason Ish 17e70483c5 detect-flowbits: more unittest macro usage 
Also cleanup some tests by removing extra code after a test was
determined to fail.
 8 years ago
Jason Ish 3c5d8e65d4 hostbits: use new unittest macros 8 years ago
Jason Ish c4945607e3 hostbits: fail parse on unexpected trailing data 
Address issue https://redmine.openinfosecfoundation.org/issues/1889
for hostbits. This involves updating the regular expresssion
to capture any trailing data as the regex already keeps
spaces out of the name.

A unit test was converted to new macros to find out which
line it was failing at after updating regex.
 8 years ago
Jason Ish 24f2387b23 flowbits: validate that there are no spaces in the name 
Fixes issue: https://redmine.openinfosecfoundation.org/issues/1889

To catch the issue where the ';' is missing we have to expand the
regex to capture the whole name string, not just the leading
valid stuff. Then verify that there are no spaces in the name
(Snort has the same restriction) and fail if there is.
 8 years ago
Eric Leblond 1cdd062dc6 unix-manager: fix output of version command 
Make it consistent with the output of version command line flag.
 8 years ago
Andreas Herz 65fd09a399 rule-parsing: reject unescaped double quote within content section 8 years ago
Victor Julien ae116871ad Update Changelog for 3.1.2 8 years ago
Victor Julien 2997d086be eve-drop: allow logging all drops 
- drop:
    alerts: yes      # log alerts that caused drops
    flows: all       # start or all: 'start' logs only a single drop
                     # per flow direction. All logs each dropped pkt.
 8 years ago
Victor Julien 1cc5f9825d dns: use nonnull attr for log functions 8 years ago
Victor Julien bbcc22d2ad dns: fix coverity warning 
** CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
/src/output-json-dns.c: 532 in OutputAnswer()

________________________________________________________________________________________________________
*** CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
/src/output-json-dns.c: 532 in OutputAnswer()
526             }
527         }
528
529         /* reset */
530         MemBufferReset(aft->buffer);
531         json_object_set_new(djs, "dns", js);
>>>     CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "entry".
532         if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) {
533             OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer);
534         }
535         json_object_del(djs, "dns");
536
537         return;

Move checks to the top of the functions. Should be more efficient too.
 8 years ago
Victor Julien b4565004c7 detect-template: modernize 8 years ago
Jason Ish e878dd2231 app-layer templates: cleanups 
- cleanup file headers
- add todo section
- convert unit tests to new macros
- add markers to remove disabled by default behaviour
 8 years ago
Jason Ish 3cf8b4629f decode-icmpv6: use FAIL macros in tests 8 years ago
Jason Ish 2a42e8be03 unittest: FAIL macro to unconditionally fail a test 8 years ago
Jason Ish af4085b77b icmpv6: fix checksum verification if fcs present 
Calculate the length of the ICMPv6 packet from decoded information
instead of off the wire length. This will provide the correct
length if trailing data like an FCS is present.

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/1849
 8 years ago
Victor Julien 120f59386b affinity: fix compilation on SunOS 8 years ago
Victor Julien a2c9b86cdf byteswap: fix compilation on SunOS 8 years ago
Victor Julien 7847c4f8ee configure: detect SunOS and link against required libs 8 years ago
Victor Julien ef1acdfaee threads: provide SCGetThreadIdLong for SunOS 8 years ago
Victor Julien 4271d57157 decode: declare IPPROTO_IPIP if OS doesn't have it 8 years ago
Victor Julien 6956c1c749 decode: fix int types 8 years ago
Victor Julien ec87123339 configure: check for strings.h: used by SunOS 8 years ago
Victor Julien 8600872e02 logfile: resolve name clash on SunOS 8 years ago
Victor Julien b81ea0d7db eve: reduce flow_id to 51 bits 
Evebox & ELK couldn't handle the large integers. It looks like (partly)
a javascript limitation that doesn't treat 64bit ints as real ints.
 8 years ago
Victor Julien 5db322045e configure: fix Ubuntu lua pkg suggestion 8 years ago
Victor Julien 9ca34fa5c9 eve: output more unique flow_id 8 years ago
Victor Julien 78b4db8a95 flow: introduce function to generate flow id 
The flow id itself is not stored in the flow, but generated based on
properties that do not change during the lifetime of the flow.

As it's meant for use with the json output, it is limited to a signed
64 bit integer (int64_t) because that is the time json_integer_t uses.
 8 years ago
Victor Julien 666bba8121 detect: implement continue detect for dcepayload 
Also fix a corner case in start detection.

Bug 1853.
 8 years ago