1177d48920 
								
							
								 
							
						 
						
							
							
								
								lua: fix liblua use on OS X with macports  
							
							... 
							
							
							
							Set the correct lua pkg-config name used by macports. 
							
						 
						
							11 years ago  
				
					
						
							
							
								 
						
							
							
								27eb0f450a 
								
							
								 
							
						 
						
							
							
								
								defrag: fix timeout setting when config is missing  
							
							... 
							
							
							
							When the config is missing, DefragPolicyGetHostTimeout will default
to returning -1. This will effectively set no timeout at all, leading
to defrag trackers being freed too early. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								97ca02f0c5 
								
							
								 
							
						 
						
							
							
								
								defrag: fix reconstruction  
							
							... 
							
							
							
							This patch is fixing an issue in defragmentation code. The
insertion of a fragment in the list of fragments is done with
respect to the offset of the fragment. But the code was using
the original offset of the fragment and not the one of the
new reconstructed fragment (which can be different in the
case of overlapping segment where the left part is trimmed).
This case could lead to some evasion techniques by causing
Suricata to analyse a different payload. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								09fd7060ec 
								
							
								 
							
						 
						
							
							
								
								unix socket: fix valgrind issue  
							
							... 
							
							
							
							This patch fixes the following issue reported by valgrind:
 31 errors in context 1 of 1:
 Conditional jump or move depends on uninitialised value(s)
    at 0x8AB2F8: UnixSocketPcapFilesCheck (runmode-unix-socket.c:279)
    by 0x97725D: UnixCommandBackgroundTasks (unix-manager.c:368)
    by 0x97BC52: UnixManagerThread (unix-manager.c:884)
    by 0x6155F6D: start_thread (pthread_create.c:311)
    by 0x6E3A9CC: clone (clone.S:113)
The running field in PcapCommand was not initialized. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								a33d1e28e9 
								
							
								 
							
						 
						
							
							
								
								unix-manager: fix crash when client disconnect  
							
							... 
							
							
							
							This patch fixes an issue in unix socket handling. It is possible
that a socket did disconnect when analysing a command and because
the data treatment is done in a loop on clients this was leading
to a update of the list of clients during the loop. So we need
in fact to use TAILQ_FOREACH_SAFE instead of TAILQ_FOREACH.
Reported-by: Luigi Sandon <luigi.sandon@gmail.com>
Fix-suggested-by: Luigi Sandon <luigi.sandon@gmail.com> 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								6ebc20f6d8 
								
							
								 
							
						 
						
							
							
								
								Rework Tile CPU affinity setting to handle non-contiguous sets of CPUs.  
							
							... 
							
							
							
							It is possible to have a non-contiguous CPU set, which was not being
handled correctly on the TILE architecture.
Added a "rank" field in the ThreadVar to store the worker's rank separately
from the cpu for this case. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								1f3fbbc992 
								
							
								 
							
						 
						
							
							
								
								Fix bug  #1206  
							
							... 
							
							
							
							PF_RING ZC uses clusters in the same way as PF_RING DNA. Therefore,
this bug can be fixed as it was fixed for DNA (bug #598 ). 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								896b61452c 
								
							
								 
							
						 
						
							
							
								
								htp: make htp state handling function more robust  
							
							... 
							
							
							
							Also, fix wrong cast that worked only by luck. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								eff85aba5e 
								
							
								 
							
						 
						
							
							
								
								http: remove BUG_ON(1) statement  
							
							... 
							
							
							
							Remove BUG_ON(1) statement that was a leftover from debugging.
Bug #1189 
Bug #1212  
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								13448aca1c 
								
							
								 
							
						 
						
							
							
								
								Fix issue  #1214  
							
							... 
							
							
							
							When applying wildcard thresholds (with sid = 0 and/or gid = 0) it's wrong
to exit on the first signature already having an event filter. Indeed,
doing so results in the theshold not being applied to all subsequent
signatures. Change the code in order to skip signatures with event
filters instead of breaking out of the loop. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								f01027e972 
								
							
								 
							
						 
						
							
							
								
								Fix libcap-ng configure typo.  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								9de536efdb 
								
							
								 
							
						 
						
							
							
								
								Bug 1098: improve invalid pcre/R handling  
							
							... 
							
							
							
							When not using a file_data or similar 'sticky buffer', a pcre/R option
needs a content in the same buffer. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								8db3f214f0 
								
							
								 
							
						 
						
							
							
								
								nflog: fix memory leaks  
							
							... 
							
							
							
							This fixes the following memory leaks:
[src/source-nflog.c:222]: (error) Memory leak: ntv
[src/source-nflog.c:236]: (error) Memory leak: ntv
[src/source-nflog.c:253]: (error) Memory leak: ntv
[src/source-nflog.c:258]: (error) Memory leak: ntv 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								43c5b949d2 
								
							
								 
							
						 
						
							
							
								
								cygwin: fix lua configure  
							
							... 
							
							
							
							Fix lua configure for cygwin. Tested with lua 5.1.5. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								cc54250cf9 
								
							
								 
							
						 
						
							
							
								
								Fix live reload segv when startup isn't complete  
							
							... 
							
							
							
							If a live reload signal was given before the engine was fully started
up (e.g. pcap file thread waiting for a disk to spin up), a segv could
occur.
This patch only enables live reloads after the threads have been
started up completely. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								2c20c9d409 
								
							
								 
							
						 
						
							
							
								
								Fix Coverity 1220098 and 1220099  
							
							... 
							
							
							
							*** CID 1220098:  Missing unlock  (LOCK)
/src/log-droplog.c: 195 in LogDropLogNetFilter()
189         SCMutexLock(&dlt->file_ctx->fp_mutex);
190
191         if (dlt->file_ctx->rotation_flag) {
192             dlt->file_ctx->rotation_flag  = 0;
193             if (SCConfLogReopen(dlt->file_ctx) != 0) {
194                 /* Rotation failed, error already logged. */
>>>     CID 1220098:  Missing unlock  (LOCK)
>>>     Returning without unlocking "dlt->file_ctx->fp_mutex".
195                 return TM_ECODE_FAILED;
196             }
197         }
198
199         if (dlt->file_ctx == NULL) {
200             return TM_ECODE_FAILED;
*** CID 1220099:  Dereference before null check  (REVERSE_INULL)
/src/log-droplog.c: 199 in LogDropLogNetFilter()
193             if (SCConfLogReopen(dlt->file_ctx) != 0) {
194                 /* Rotation failed, error already logged. */
195                 return TM_ECODE_FAILED;
196             }
197         }
198
>>>     CID 1220099:  Dereference before null check  (REVERSE_INULL)
>>>     Null-checking "dlt->file_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
199         if (dlt->file_ctx == NULL) {
200             return TM_ECODE_FAILED;
201         }
202
203         char srcip[46] = "";
204         char dstip[46] = ""; 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								8a77e6bc8e 
								
							
								 
							
						 
						
							
							
								
								Fix Coverity 1220097  
							
							... 
							
							
							
							*** CID 1220097:  Missing unlock  (LOCK)
/src/log-file.c: 160 in LogFileWriteJsonRecord()
154             }
155         }
156
157         /* Bail early if no file pointer to write to (in the unlikely
158          * event file rotation failed. */
159         if (aft->file_ctx->fp == NULL) {
>>>     CID 1220097:  Missing unlock  (LOCK)
>>>     Returning without unlocking "aft->file_ctx->fp_mutex".
160             return;
161         }
162
163         FILE *fp = aft->file_ctx->fp;
164         char timebuf[64];
165         AppProto alproto = FlowGetAppProtocol(p->flow); 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								fc2014ab40 
								
							
								 
							
						 
						
							
							
								
								Unregister for file rotation notification when a context is  
							
							... 
							
							
							
							de-initialized.  Required for unix-socket mode where
contexts come and go. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								e1b97fed70 
								
							
								 
							
						 
						
							
							
								
								Add signal based file rotation for:  
							
							... 
							
							
							
							- alert debug log
- fast log
- stats log
- dns log
- drop log
- file log
- http log
- tls log
- eve/json log 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0a33e73417 
								
							
								 
							
						 
						
							
							
								
								Add macros for access to the underlying buffer and offset.  
							
							... 
							
							
							
							Useful for using passing the buffer through to another writer
such as LogFileCtx. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								c1b6894ce3 
								
							
								 
							
						 
						
							
							
								
								Add a rotation flag to LogFileCtx which loggers can use to register  
							
							... 
							
							
							
							for log rotation.  Have the LogFileCtx handle the log rotation. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								698a0f7f48 
								
							
								 
							
						 
						
							
							
								
								Registration for SIGHUP notification - for loggers interested  
							
							... 
							
							
							
							in file rotation on SIGHUP. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								25cbf36d40 
								
							
								 
							
						 
						
							
							
								
								lua/luajit: use HAVE_LUA mostly  
							
							... 
							
							
							
							Only use HAVE_LUAJIT if things are done differently from HAVE_LUA,
like in the states pool. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								7396237c2a 
								
							
								 
							
						 
						
							
							
								
								lua: deal with FreeBSD and OpenBSD  
							
							... 
							
							
							
							FreeBSD pkg-config lua-5.1.pc, lib liblua-5.1.so
OpenBSD pkg-config lua51.pc, lib liblua5.1.so
Default (linux) pkg-config: lua5.1.pc, lib liblua5.1.so 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								e366c62cf0 
								
							
								 
							
						 
						
							
							
								
								lua: support regular lua C library  
							
							... 
							
							
							
							Not all systems have luajit or a need for luajit. For low bandwidth
and offline support regular lua may be sufficient. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								a7118a4ff3 
								
							
								 
							
						 
						
							
							
								
								profiling: use wider columns in keyword output  
							
							... 
							
							
							
							Use wider columns in keyword output so that even on high end sensors
the stats tables remain readable. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								e873443adb 
								
							
								 
							
						 
						
							
							
								
								fix regression in 'make distclean' due to commit  cd305c3a 
							
							... 
							
							
							
							the files under scripts/suricatasc/src are actual sources and should not
be cleaned 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								dc1599e0dc 
								
							
								 
							
						 
						
							
							
								
								bugfix in debug mode:  
							
							... 
							
							
							
							removed function calls from SCReturnX macros 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0765bcc73e 
								
							
								 
							
						 
						
							
							
								
								nflog: set socket timeout  
							
							... 
							
							
							
							Set socket timeout so that we can exit if there is no traffic.
It would hang after the SIGINT signal, until packets arived. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								26c0915375 
								
							
								 
							
						 
						
							
							
								
								nflog: warn if buffer-size is larger than max-size  
							
							... 
							
							
							
							If buffer-size is larger than max size, give a warning and adjust
buffer-size to max-size. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								462f9de134 
								
							
								 
							
						 
						
							
							
								
								dns: unify type to string logging utility  
							
							... 
							
							
							
							Both DNS loggers had their own CreateTypeString. This patch unifies
them. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								5e87257845 
								
							
								 
							
						 
						
							
							
								
								dns: add names for common types  
							
							... 
							
							
							
							Add names for SRV, NAPTR, DS, RRSIG, NSEC, NSEC3 types. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0bbec75764 
								
							
								 
							
						 
						
							
							
								
								nflog: fix typo rising->raising  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0857a60fce 
								
							
								 
							
						 
						
							
							
								
								nflog: improve error handling on NOBUFS  
							
							... 
							
							
							
							Don't fall through to handle_packet on any NOBUFS condition. Make
sure we catch all NOBUFS. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								4d72911e17 
								
							
								 
							
						 
						
							
							
								
								This patch adds the fields into PacketVars struct to setup a packet from a nflog message  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								4dda018ede 
								
							
								 
							
						 
						
							
							
								
								Adds nflog option  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0368d5e4a4 
								
							
								 
							
						 
						
							
							
								
								Declare a wrapper to parse group option for nflog  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								c35432b265 
								
							
								 
							
						 
						
							
							
								
								Implements NFLOG runmode  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								2ad8a8e111 
								
							
								 
							
						 
						
							
							
								
								Bootstraping NFLOG capture mode  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								0162e7e809 
								
							
								 
							
						 
						
							
							
								
								Adds nflog error code  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								d213d89981 
								
							
								 
							
						 
						
							
							
								
								Updating the Tmm Id for declaration of nflog capture mode  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								62aaae24fd 
								
							
								 
							
						 
						
							
							
								
								Adds a configuration example for nflog support in suricata.yaml  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								4851568a41 
								
							
								 
							
						 
						
							
							
								
								Checks if libnetfilter_log is found on the system  
							
							... 
							
							
							
							and enable it if it's specified. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								db563ed4b0 
								
							
								 
							
						 
						
							
							
								
								tls: check SSL3/TLS version per record  
							
							... 
							
							
							
							Set event if SSL3/TLS record isn't within the acceptable range. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								8ddcf6a816 
								
							
								 
							
						 
						
							
							
								
								dns: add tests for TXT response parsing  
							
							... 
							
							
							
							Add valid and invalid examples. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								bddb2c3bdc 
								
							
								 
							
						 
						
							
							
								
								dns json: log TXT response data  
							
							... 
							
							
							
							Log TXT data in the rdata field. 
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								683d2d64e9 
								
							
								 
							
						 
						
							
							
								
								dns: parse and store TXT responses  
							
							... 
							
							
							
							This way the TXT data can be logged by the loggers.
Ticket #1158  
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								174a50554a 
								
							
								 
							
						 
						
							
							
								
								Update Changelog for 2.0.1  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								7e8f80b390 
								
							
								 
							
						 
						
							
							
								
								Update Changelog for 2.0.1rc1 changes  
							
							
							
						 
						
							12 years ago  
				
					
						
							
							
								 
						
							
							
								8ba8c0bf6f 
								
							
								 
							
						 
						
							
							
								
								json output: don't set 'unknown' for missing data  
							
							... 
							
							
							
							Instead of setting 'unknown' or '<unknown>' just pass NULL to json_*
function, which results in omitting the data. 
							
						 
						
							12 years ago