aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,574 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0903536fd6'
${ noResults }
Commit Graph

14574 Commits (0903536fd66a98087bff3b9a1f235d7295710298)
 

Author SHA1 Message Date
Victor Julien 977c5ea719 detect: initialize empty buffers 2 years ago
Victor Julien abf1ac8e01 stream/regions: improve region shrinking 
Handle failure on shrink.

Keep size multiple of configured buf_size setting.
 2 years ago
Victor Julien d6b4c90225 streaming/sbb: propegate allocation errors 2 years ago
Victor Julien cdab91df8a streaming: remove unused function 2 years ago
Victor Julien 93c9594dd8 stream/tcp: allow tcp session reuse on null sessions 
When a "stream starter" packet finds an existing TCP flow, the flow will be
evaluated for reuse.

The following scenario wasn't handled well:

1. Suricata starts after a tool has just stopped using lots of connections
   (e.g. ab stress testing a webserver)
2. even though the client is closed already, the server is still doing
   connection cleanup sending many FINs and later RSTs
3. Suricata creates flows for these packets, but no TCP sessions
4. client resumes testing, creating flows that have the same 5 tuple as the
   flows created for the FIN/RST packets
5. Suricata refuses to "reuse" the flows as the condition "tcp flow w/o session"
   is not considered valid for session reuse
6. new TCP connection is not properly tracked and evaluated in parsing and
   detection

There may be other vectors into this, like a flow w/o session because of
memcap issues.

Bug: #5843.
 2 years ago
Victor Julien e8ce5f3430 streaming/regions: fix consolidation cornercases 
Incorrect "end" region for consolidation was selected if the "dst"
would be expanded to overlap with it.

Fix list handling when the first region to consider (src_start) was
not the list start.

Bug: #5833.
Bug: #5834.
 2 years ago
Victor Julien d5409a0b29 streaming: grow more conservatively 
Don't grow to next multiple of cfg->buf_size if size is already
a multiple of buf_size.
 2 years ago
Victor Julien 63ceb0567d streaming: minor debug logging improvement 2 years ago
Victor Julien 935dedf1e8 version: start development towards 7.0.0-rc2 2 years ago
Shivani Bhardwaj d9e6301af2 release: 7.0.0-rc1; update changelog 2 years ago
Jason Ish 79dfbcb788 requirements: use suricata-update 1.3.0rc1 2 years ago
Victor Julien f4fa51986e doc: warn IPS users on new exception policy default 2 years ago
Victor Julien 5e5da81cca exception/policy: add more info on defaults 
Be more informative where a exception value came from: defaults,
master switch or an explicit setting.
 2 years ago
Victor Julien a5547564b6 stream/midstream: add bug number to policy warning 2 years ago
Victor Julien 3fcc19e78c exception/policy: 'auto' sets IPS to 'drop-flow' 
In IPS mode set all exception policies to drop-flow by default, both
in the default yaml and if no `exception-policy` is defined.
 2 years ago
Victor Julien 0863544d83 exception/policy: fix formatting issues 2 years ago
Victor Julien 0303bb1f9c decoder: mention removal of udp.hlen_invalid sig 2 years ago
Shivani Bhardwaj 487f59df4c rules/decoder: fix sid for udp.len_invalid rule 2 years ago
Victor Julien a6723bca7c flow: enforce flow assumption 
Enforce assumption that packets in ThreadVars::decode_pq have no flow
attached to it because this is only true for packets while they are
in the FlowWorker.
 2 years ago
Victor Julien 66ed3ae6e4 flow/mgr: remove flows_timeout_inuse counter 2 years ago
Victor Julien 0592e57df5 flow: rearrange Flow struct to be more compact 2 years ago
Victor Julien 7951d8a14f flow: remove use_cnt 
Packets only ever reference the flow while holding its lock. This
means than any code possibly evicting the flow will have to wait
for the existing users to complete their work. Therefore the use_cnt
serves no function anymore and can be removed.
 2 years ago
Victor Julien a2dc9a40e7 flowworker: don't keep unnecessary flow reference 
Flow stream/detect/log flush packets, don't hold on to the flow
beyond the flow worker module.
 2 years ago
Victor Julien 3ca37008d7 stream: remove unused pseudo packet function 2 years ago
Jason Ish 2dc157ed9e github-ci: dump github context and pr body 
For debugging the parsing of suricata-verify-pr.
 2 years ago
Jason Ish 102a022898 github-ci: annotate job with s-v info 2 years ago
Jason Ish f15f092a69 rfb: remove duplicate logging of depth 
The "depth" field in the "pixel_format" object was being logged twice.

Issue: 5813
 2 years ago
Jason Ish 717e2b0248 smb: fix duplicate interface logging 
An array of interfaces was being logged without creating an array,
resulting in duplicate "interface" objects being logged. Instead put
these interfaces into an array like already done elsewhere.

Issue: 5814
 2 years ago
Jason Ish 59d9a51bad eve: remove dcerpc.interface from schema 
Looks like this was due to an error in the dcerpc logging where the
interfaces should have been logged to the "interfaces" array that was
already defined.

Issue: 5814
 2 years ago
Jason Ish 67baab573b smb: remove duplicate tree_id logging 
Remove the second occurrence of tree_id logging which appears to
always be a duplicate of the first tree_id logged, even though they
come from different data structures.

Issue: 5811
 2 years ago
Jason Ish 3d8130614e github-ci/rust: display clippy diff 2 years ago
Jason Ish e21ae88e05 rust: utility function to copy Rust strings to C strings 
As there are a few places where a Rust string is copied into a provided
C string buffer, create a utility function to take care of these
details.
 2 years ago
Jason Ish 6344501dba tls: fix date logging for dates before 1970 
The Rust time crate used by the x509-parser crate represents dates
before 1970 as negative numbers which do not survive the conversion to
SCTime_t and formatting with the current time formatting functions.

Instead of fixing our formatting functions to handle such dates,
create a Rust function for logging TLS dates directly to JSON using
the time crate that handles such dates properly.

Also add a FFI function for formatting to a provided C buffer for the
legacy tls-log.

Issue: 5817
 2 years ago
Jason Ish ef48c5064f schema: add regular expression for tls date format 2 years ago
Victor Julien 9e41075d5d detect/frames: improve IPS and GAP handling 
Inspect individual chunks in lossy traffic.

Don't use the frame idx as the inspection buffer idx. Engines are running
per frame, so multi inspection can be used for stream chunks instead.

Ticket: #4977.
 2 years ago
Victor Julien 6fcf48d09a detect/frames: handle duplicate sigs in candidates 
Prefilter engines run on each stream chunk in a lossy stream, so
we can get the same sid in the list multiple times.
 2 years ago
Victor Julien 8ff2543343 stream: add util to get absolute right edge of data 2 years ago
Victor Julien a95934b5ee detect/frames: reduce scope of private function 2 years ago
Victor Julien 652de0cc99 output: move function name in non-release output 2 years ago
Victor Julien f834377c5f detect/tls.certs: improve buffer init logic 2 years ago
Victor Julien aa4a128fb0 detect/quic: update buffer initialization logic 2 years ago
Victor Julien 6f1574276f detect/mqtt: update buffer initialization logic 2 years ago
Victor Julien 83e97a9283 detect/krb5.sname: update buffer initialization logic 2 years ago
Victor Julien d3675d5197 detect/krb5.cname: update buffer initialization logic 2 years ago
Victor Julien 849f1cf1b8 detect/ike.vendor: update buffer initialization logic 2 years ago
Victor Julien 158e648d87 detect/http2: update buffer initialization logic 2 years ago
Victor Julien 5e783a01fe detect/file.name: update buffer initialization logic 2 years ago
Victor Julien 576bfc6bf0 detect/file.magic: update buffer initialization logic 2 years ago
Victor Julien 50fd691efb detect/file.data: update buffer initialization logic 2 years ago
Victor Julien 9c34e82471 detect/http.uri: update buffer initialization logic 2 years ago