aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,565 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1cce207c05'
${ noResults }
Commit Graph

4565 Commits (1cce207c0502c4122282db366c54ed95bbd342b2)
 

Author SHA1 Message Date
Anoop Saldanha e8cd15c823 Support for feature #983. 
Provide support for icmvp4 and icmpv6 as well.  You can now use

alert icmpv4 and
alert icmpv6 as well, apart from the existing

alert icmp, which created a rule that applied to both icmpv4 and icmpv6.
 12 years ago
Nelson Escobar cf9f1e3191 Build cuda kernel for capability 3.5 devices. 12 years ago
Victor Julien 3f8b9dde04 Dead code removal 12 years ago
Victor Julien 84af1ee277 storage: fix and small optimization 12 years ago
Victor Julien 77ae8b8878 flow: set correct family in FLOW_COPY_IPV6_ADDR_TO_PACKET 12 years ago
Victor Julien 2a4f821284 Fix 2 unittests 12 years ago
Victor Julien 8516000208 Minor code cleanup/fixes to fast pattern unittests 
cppcheck:
[detect-fast-pattern.c:1183] -> [detect-fast-pattern.c:1183]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1217] -> [detect-fast-pattern.c:1217]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1449] -> [detect-fast-pattern.c:1449]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1479] -> [detect-fast-pattern.c:1479]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1509] -> [detect-fast-pattern.c:1509]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1539] -> [detect-fast-pattern.c:1539]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1570] -> [detect-fast-pattern.c:1570]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1686] -> [detect-fast-pattern.c:1686]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1716] -> [detect-fast-pattern.c:1716]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1746] -> [detect-fast-pattern.c:1746]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1776] -> [detect-fast-pattern.c:1776]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1806] -> [detect-fast-pattern.c:1806]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1836] -> [detect-fast-pattern.c:1836]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1866] -> [detect-fast-pattern.c:1866]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1896] -> [detect-fast-pattern.c:1896]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:1926] -> [detect-fast-pattern.c:1926]: (style) Same expression on both sides of '&'.
[detect-fast-pattern.c:2022] -> [detect-fast-pattern.c:2022]: (style) Same expression on both sides of '&'.
 12 years ago
Victor Julien af311aee4e Minor fix for detection engine setup error check 
cppcheck said:
[detect-engine-mpm.c:2075] -> [detect-engine-mpm.c:2075]: (style) Same expression on both sides of '||'.
 12 years ago
Victor Julien 974e86e450 Minor pppoe cleanup 
cppcheck said:
[decode-pppoe.c:58] -> [decode-pppoe.c:60]: (performance, inconclusive) Variable 'pppoedh' is reassigned a value before the old one has been used if variable is no semaphore variable.
 12 years ago
Victor Julien 209946b07c Fix broken check in stream.max-synack-queued parsing (coverity 1038103) 12 years ago
Victor Julien bec59f426e Fix sanity check in AppInspectionEngine registration code 12 years ago
Jason Ish 2953b3f640 Feature #901 - VLAN defrag support. 
Take VLAN IDs into account when re-assembling fragments.

Prevents fragments that would otherwise match, but on different
VLANs from being reassembled with each other.
 12 years ago
Ken Steele 2d3dc23026 Correct indentation and wording of comments. 12 years ago
Ken Steele a63b87df9e Clean up function syntax 
Remove space before ( in function names. Put { on new line.
Make tests static.
 12 years ago
Anoop Saldanha 619414c59e Add a /* fall through */ comment for all switch case fall throughs. 
This should server as a message to coverity that the fall through is
intentional.
 12 years ago
Victor Julien b6efaeb0c0 storage: fix freeing storage 
Fix freeing storage. Also add workaround for unittests that don't
(fully) setup storage.

Bug #991.
 12 years ago
Victor Julien 37669bfdd2 threshold: register threshold host storage. Related to bug #991 12 years ago
Victor Julien 1b11165864 Reset both sides of the de_state on rule reload. Bug #998. 12 years ago
Victor Julien 74d8d95f83 Don't initialize threshold before rules on delayed detect. Bug #999. 12 years ago
Victor Julien 64203be3ba iprep: fix reputation loading and reloading 
When an IP is listed in multiple categories, each new "load" would clear the
previous loads for that IP.

Bug #976
 12 years ago
Victor Julien c583c9e205 tag: fix session seconds tracking 
Fix bug #995. Tag time setting was initialized using "usec" field
instead of "sec" field. This led to immediate timing out of tag.

Added proper matching unittests for all tagging types.

Bug #995.
 12 years ago
Victor Julien 1822a897ff tag: add some debug statements 12 years ago
Victor Julien a26243a23c Clean up rule reload logging 12 years ago
Anoop Saldanha b24fb72247 fix for bug #987. 
We don't support jabber protocol detection atm.  Disable the code check
inside suricata to check if jabber protocol detection is enabled in the
yaml file.

Also updated an error log message for app layer.
 12 years ago
Anoop Saldanha 83a72d50dd API renaming/beautification. 12 years ago
Anoop Saldanha 1ea5d27508 Fix for bug #989. 
In case of recursive call to protocol detection from within protocol
detection, and the recursively invoked stream still hasn't been ack'ed
yet, protocol detection doesn't take place.  In such cases we will end up
still calling the app layer with the wrong direction data.  Introduce a
check to not call app layer with wrong direction data.

When sockets are re-used reset all relevant vars correctly.

This commit fixes a bug where we were not reseting app proto detection
vars.

While fixing #989, we discovered some other bugs which have also been
fixed, or rather some features which are now updated.  One of the feature
update being if we recieve wrong direction data first, we don't reset the
protocol values for the flow.  We let the flow retain the detected
values.

Unittests have been modified to accomodate the above change.
 12 years ago
Anoop Saldanha 836bad85a4 Reset app layer processed flag for segments that have been sent for proto 
detection, but we failed to figure out the proto.

Updated a unittest to reflect the above change.
 12 years ago
Anoop Saldanha 87edd2ade9 Inside PP parser, we were using the return value from DetectPortParse as 
the ip_proto value,  which is wrong.  We have fixed this now.
 12 years ago
Anoop Saldanha 73be9d3ef7 Update ssl parser protocol detection pattern strings. 12 years ago
Victor Julien 1d18155a16 XFF: use per alert tx id 
Use the tx id stored for each alert to find the correct XFF address
to add to the extra-data field.

In overwrite mode we still only grab the first available XFF addr,
as this address is set in the header preceeding the individual alerts.

Issue #904.
 12 years ago
Victor Julien e7df53b136 Display TX id in alert debuglog. 12 years ago
Victor Julien edeeb7ed44 Store TX id with alerts 
When generating an alert and storing it in the packet, store the tx_id
as well. This way the output modules can log the tx_id and access the
proper tx for logging.

Issue #904.
 12 years ago
Victor Julien 51c2e1eaf6 htp: for apache and apache_2_2 personalities, that are no longer supported by libhtp, fall back to apache_2 with a warning. 12 years ago
Victor Julien 958938bf01 Bug 640: add more tests to validate that issue is fixed 12 years ago
Eric Leblond 2be194d03f suricata: add -v[v] option to increase verbosity 
This patch adds a -v option to suricata. It increases the log level
defined in the YAML.
 12 years ago
Eric Leblond 4a4600539d suricata: info message after log init 
This patch moves version display after log init so we can have an
homogeneous display.
 12 years ago
Eric Leblond fdc1757e34 suricata: reorder start 
Initalizing output just after configuration file parsing allow to
log almost all messages accordingly to configuration.
 12 years ago
Eric Leblond 7bcacc712a log: change default log level to notice 
This patch updates the log level of meaningful start messages to
notice. It also sets the default log level to notice.
 12 years ago
Victor Julien c1190545cf Revert change in queue handler wait logic. Bug #988. 12 years ago
Victor Julien 8d6bca72f7 Improve 'host-mode' info message 12 years ago
Victor Julien 57abba2e64 Coverity 1100842: add missing return statement 12 years ago
Victor Julien afaa10b37d Coverity 1100843: remove unnecessary check 12 years ago
Victor Julien cb15000387 http: add new events for invalid host header and host part of uri 12 years ago
Victor Julien 43b39d333f http: fix some decoder events 
Some events we retrieved from error messages are flag now, so check
those. Not all can be converted though. These are no longer set:

HTTP_DECODER_EVENT_INVALID_TRANSFER_ENCODING_VALUE_IN_RESPONSE
HTTP_DECODER_EVENT_INVALID_AUTHORITY_PORT

Part of Bug #982.
 12 years ago
Victor Julien 85f13c4e28 http: update http rules 12 years ago
Victor Julien 636791751e http: fix field too long events 12 years ago
Victor Julien 5d10bafdba http: don't call HTPHandleWarning before HTPHandleError as the latter handles warnings and errors. 12 years ago
Victor Julien 129b6a65ca http: add test for HTTP_DECODER_EVENT_UNKNOWN_ERROR event as a result of a too long request 12 years ago
Eric Leblond 2c50e41153 reject: try to fail more gracefully 
In the case of reject both, a failure in sending one way do not lead to
abort the reset procedure.
 12 years ago
Eric Leblond 10b05a6361 reject: clean respond-reject code. 12 years ago