aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,805 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1d9f37a60e'
${ noResults }
Commit Graph

10805 Commits (1d9f37a60e7fde720768f41e5680ee2e02b78ffc)
 

Author SHA1 Message Date
Philippe Antoine 12a3a24906 log: can use a file set from env variable 
Enables the redirection of log to a file set by an environment
variable SC_LOG_FILE when SC_LOG_OP_IFACE=file
 5 years ago
vanlink 2456f27d08 stream/reassembly: fix data overlap check 
Fix function CheckOverlap bug.
 5 years ago
Victor Julien aeefc82eb9 tls: fix missing extern logic for cert_id tracking 5 years ago
Victor Julien 62c0f3d2b4 stats: fix missing extern keyword 5 years ago
Victor Julien 903291f88a defrag: fix use of globals 5 years ago
Victor Julien 5c3c6c609c threading: fix queue handlers globals use 5 years ago
Victor Julien 3ae1854d2f htp: fix globals use for flags 5 years ago
Victor Julien 85289f3283 proto: fix globals use 5 years ago
Victor Julien 5e583f3a12 flow: fix global variable use 5 years ago
Victor Julien 29f54a34ae stream: fix global declaration of the config 5 years ago
Victor Julien 2436daccd9 threading/modules: fix global declarations 5 years ago
Victor Julien c5f4b41881 ippair: fix global declarations 5 years ago
Victor Julien 0a006d2258 host: fix global declarations 5 years ago
Victor Julien 29780d6164 mpm: fix global declarations 5 years ago
Victor Julien b89059bda7 detect: fix global declaration of sigmatch_table 5 years ago
Victor Julien 0118e07d57 spm: fix global declaration of spm_table 5 years ago
Victor Julien a12c0b499d threading: fix global declaration of threading_set_cpu_affinity 5 years ago
Victor Julien 45955d2e58 unix-socket: avoid using global variable w/o extern 5 years ago
Victor Julien a9a522fac3 decode: fix default-packet-size global variable 5 years ago
Victor Julien f68c255f09 nfs: implement post-GAP transaction cleanup 
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.
 5 years ago
Victor Julien 7709b90c16 detect/file-data: remove debug abort that wasn't reachable 5 years ago
Victor Julien ac8ceae9bf detect/file-data: fix function doc 5 years ago
Victor Julien 500e8da63a files: tracking flag update 
Improve flow file flags and file flags updates. Introduce a mask
that is set at start up to avoid lots of runtime checks.

Disable cocci flags check as it doesn't support the more dynamic
nature of the flag updates.
 5 years ago
Victor Julien a4a4d17ad0 app-layer/files: optimize GetFiles calls 
Remove FlowGetProtoMapping calls from the GetFiles wrapper and
get the alstate from the flow directly.
 5 years ago
Victor Julien d369e54f1d app-layer: all protocols are tx aware now 
So remove the runtime check for it.
 5 years ago
Timo Sigurdsson 1262ecbde0 init: Fix dropping privileges in nflog runmode 
Using the run-as configuration option with the nflog capture method
results in the following error during the startup of suricata:
[ERRCODE: SC_ERR_NFLOG_BIND(248)] - nflog_bind_pf() for AF_INET failed

This is because SCDropMainThreadCaps does not have any capabilities
defined for the nflog runmode (unlike other runmodes). Therefore, apply
the same capabilities to the nflog runmode that are already defined for
the nfqueue runmode. This has been confirmed to allow suricata start
and drop its privileges in the nflog runmode.

Fixes redmine issue #3265.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 5 years ago
Victor Julien 7810f22413 decode: remove pseudo packet checks 
Bug 1107 checks/hacks should not longer be needed, so remove them.
 5 years ago
Victor Julien 272a5f526b threading/queues: simplify error handling 5 years ago
Victor Julien dce227ec88 threading/queues: remove 256 queue limit 
Convert fixed size array to a dynamic TAILQ so we can
grow as needed.
 5 years ago
Victor Julien 0e3f27a87e threading: remove 'trans_q' array of packet queues 
Let the queues code set up PacketQueues on demand.
 5 years ago
Victor Julien efa8a69923 packet-queue: create alloc and free functions 5 years ago
Victor Julien 550cfdd98d threading: hide 'trans_q' from queue handlers 5 years ago
Victor Julien 45e5e19e6e threading/threadvars: optimize layout 
Make sure StatsPublicThreadContext is on its own cache line.
 5 years ago
Victor Julien e3fbdf1948 flowworker/stream: use no-lock packet queue 
Use smaller structure for temporary packet queues.
 5 years ago
Victor Julien f8aed4ce2d threading: change local packet queue logic 
Previously each 'TmSlot' had it's own packet queue that was passed
to the registered SlotFunc as an argument. This was used mostly for
tunnel packets by the decoders and by defrag.

This patch removes that in favor of a single queue in the ThreadVars:
decode_pq. This is the non-locked version of the queue as this is
only a temporary store for handling packets within a thread.

This patch removes the PacketQueue pointer argument from the API.
The new queue can be accessed directly through the ThreadVars
pointer.
 5 years ago
Victor Julien b8c2b66d33 packet-queue: introduce a non-locked version 
Works exactly like PacketQueue, just does not contain a mutex
and cond var, leading to much reduced memory size.
 5 years ago
Victor Julien 9ed260c489 threading: more efficient TmSlot layout 5 years ago
Victor Julien 18e652309f threading: remove 'id' field from TmSlot 
Field was now unused.
 5 years ago
Victor Julien d7cb0774dd detect: cleanup reload thread handling 5 years ago
Victor Julien 786e697590 threading: simplify flow timeout loop 5 years ago
Victor Julien 261b77742e threading: shrink and reorganize TmSlot 5 years ago
Victor Julien 87c9b11d8c threading/threadvars: rearrange for better cache behavior 5 years ago
Victor Julien 071b753e84 threading/threadvars: remove unused 'prev' field 5 years ago
Victor Julien f53f004917 threading: remove unused 'TmThreadRemove' function 5 years ago
Victor Julien 569a5d985b threading: remove handler names to shink struct 
Shrink ThreadVars by removing the queue handler names that are only
used at shutdown. Since this is not performance critical, we can use
the id's to look up the queue handler.
 5 years ago
Victor Julien 74a6f8d4dd threading/queues: add way to lookup by ID 
In preparation of doing runtime operations by ID instead of by name,
add functions to look up by ID and to convert name to ID.
 5 years ago
Victor Julien d0218696ba threading: shrink threadvars struct size 5 years ago
Victor Julien c029599515 threading: remove unused threadvars field 5 years ago
Victor Julien f1ee176111 threading: clarify threadvars fields 5 years ago
Victor Julien d50492cb20 threading: cleanup packet thread shutdown loop 5 years ago