aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,879 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1745408c13'
${ noResults }
Commit Graph

9879 Commits (1745408c139214033396154215cbf24490e56bf5)
 

Author SHA1 Message Date
Eric Leblond 1745408c13 flow-manager: no force reassembly on bypassed flow 
When a bypassed flow is created we are forcing the reassembly so
we don't need to do it again when it timeout.
 6 years ago
Eric Leblond 4e94c2b8c2 suricata.yaml: fix path to ebpf and xdp doc 6 years ago
Shivani Bhardwaj 7c7e04487f detect/content: Message for escaping backslash 
So far, if the rule loaded had a backslash character ("\") in its
content field, the rule will fail to load but without giving a
descriptive error message. This patch tells the user to escape the
troubling character.

Before
```
9409] 7/6/2019 -- 16:12:22 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Backslash needs escaping msg"; flow:established,to_server; content:"MyBackslash\here"; sid:86; rev:1; )" from file /var/lib/suricata/rules/myrule.rules at line 1
```

After
```
[9409] 7/6/2019 -- 16:12:22 - (detect-content.c:155) <Error> (DetectContentDataParse) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - '\' has to be escaped
[9409] 7/6/2019 -- 16:12:22 - (detect-engine-loader.c:184) <Error> (DetectLoadSigFile) -- [ERRCODE: SC_ERR_INVALID_SIGNATURE(39)] - error parsing signature "alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg:"Backslash needs escaping msg"; flow:established,to_server; content:"MyBackslash\here"; sid:86; rev:1; )" from file /var/lib/suricata/rules/myrule.rules at line 1
```

Closes redmine ticket #2626
 6 years ago
Andreas Herz 30fd80b0ef doc: convert fancy quotes to straight quotes 6 years ago
Victor Julien 7513f6cae2 threads: minor code cleanups 6 years ago
Victor Julien 92d38683ce threads: improve flow timeout loop 
Improve thread safety and remove BUG_ON
 6 years ago
Victor Julien e6b633cf95 stats: walk tv_root under lock 6 years ago
Victor Julien 9474b84683 stats: more accurate time handling for wakeup thread 6 years ago
Victor Julien ab1268cfea stats: minor code cleanups 6 years ago
Jeff Lucovsky 1a1d32c6b2 make: Remove rust generated headers during clean 6 years ago
Philippe Antoine b5f3e03209 New app layer event for invalid http request line 
Handles logs from libhtp even if case of error
 6 years ago
Philippe Antoine 4a74e9edcc signature: error for rules with illegal port 
Fixes #2080
 6 years ago
Philippe Antoine 248f9c66cf warnings: fixes integer sizes in format strings 
Fixes #3009
 6 years ago
Philippe Antoine a3e38861b9 http: adds unit tests for HTPParseContentRange 6 years ago
Philippe Antoine 90ab0b0ec2 http: fix overflow in HTPParseContentRange 6 years ago
Pierre Chifflier c1b30fe9fd rust/snmp: fix libc deprecation warnings for int types 6 years ago
Pierre Chifflier bc07656ce7 rust/snmp: use snake_case when logging PDU types 6 years ago
Victor Julien 39cf5b0c8b snmp: fix 'defined but not used' warning 
Remove HAVE_RUST guards as well.
 6 years ago
Pierre Chifflier 8c61cfdca5 snmp.version: move unittests to tests/ 6 years ago
Pierre Chifflier 58d85b1460 snmp.pdu_type: move unittests to tests/ 6 years ago
Pierre Chifflier ff0ff6344f snmp.community: move unittests to tests/ 6 years ago
Pierre Chifflier 509a54281f detect/snmp: convert snmp.community keyword to v2, and MPM 6 years ago
Pierre Chifflier c60f2028e5 rust/snmp: fix missing IPPROTO_* declarations (use core) 6 years ago
Pierre Chifflier c67a53773b detect/snmp: rename keywords to snmp.<name>, and make rust mandatory 6 years ago
Pierre Chifflier 031cbbe868 rust/snmp: fix selection of v1/v2c parser 6 years ago
Pierre Chifflier 9dfec7e734 SNMP: add the "snmp.pdu_type" detection keyword 6 years ago
Pierre Chifflier e1dd19a0eb SNMP: add the "snmp.community" detection keyword 6 years ago
Pierre Chifflier aa608e0ca2 SNMP: add the "snmp.version" detection keyword 6 years ago
Pierre Chifflier ed4823bbe8 SNMP: add missing case for profiling enum 6 years ago
Pierre Chifflier 60324740e6 SNMP: use explicit references to support build with old rust compiler 6 years ago
Pierre Chifflier 57b233f462 SNMP: start looking for transactions from end of list 6 years ago
Pierre Chifflier 6fc7fc74cb SNMP: add logger 6 years ago
Pierre Chifflier 2df840a8b8 Add SNMP (v1/v2c/v3) application layer 6 years ago
Pierre Chifflier b65896c0de Rust: expose function AppLayerParserRegisterGetTxIterator 6 years ago
Victor Julien b1d4931842 rust: fix warnings about wrong type of comments 
"rustdoc does not generate documentation for macro expansions"
 6 years ago
Victor Julien bf1bd407dd rust: fix libc deprecation warnings for int types 6 years ago
Victor Julien cdd061ba37 ikev2: clean up c glue code 6 years ago
Victor Julien 3f36a6ce59 tftp: c glue code cleanup 6 years ago
Victor Julien 723f1586ca ikev2: remove excess new lines 6 years ago
Victor Julien adcbac1c77 tftp: properly implement tx handling 6 years ago
Victor Julien ade2b1e6cf output: get rid of BUG_ONs 6 years ago
Victor Julien 9ea6db3889 pool: don't call Cleanup after failed Init 
Stream reassembly memcap is regulated by the Init and Cleanup
callbacks. If Init fails due to memcap reached, Cleanup had no
way of knowing and it would decrease the memcap even if it hadn't
been increased by Init. This could lead to too much memory use and
memcap counter underflow.

This patch fixes the issue by not calling Cleanup in this case. It's
fair to see a failed Init the responsibility of Init.
 6 years ago
Victor Julien 597ff3c8e3 pool/thread: clean up tests 6 years ago
Victor Julien 025cc64f55 pool/thread: remove old grow function 6 years ago
Victor Julien 67ba132c10 stream: simplify segment and ssn pool inits 6 years ago
Victor Julien 0b02efdf01 pool/thread: introduce simpler way to grow thread pool 6 years ago
Victor Julien 6e6c1bad7d pool/thread: minor code cleanups 6 years ago
Victor Julien 924982e792 app-layer: minor cleanups 6 years ago
Victor Julien ce71bf1fff capture: check for flow packets on capture timeout 
The capture threads can receive packets from the flow manager in their
Threadvars::stream_pq packet queue. This mechanism makes sure the packets
the flow manager injects into the engine are processed by the correct
worker thread.

If the capture thread(s) would not receive packets for a long time, the
Threadvars::stream_pq would not be checked and processed. This could
lead to packet pool depletion in the flow manager. It would also lead
to flows not being timed out/logged until either packets started flowing
again or until the engine was shut down.

The scenario is more likely to happen in a test (e.g. replay) but could
also delay logging on low traffic sensors.
 6 years ago
Victor Julien 952cbb563c app-layer: mandatory tx registration checks 
All protocols now implement the TX API, so the runtime checks for
whether or not a protocol supports the TX API can be removed.
 6 years ago