aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,349 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1dc98cad27'
${ noResults }
Commit Graph

12349 Commits (1dc98cad27733171de0aa74b87a57a6ad5b968f8)
 

Author SHA1 Message Date
Victor Julien c1dfb619c4 http2: support per-tx file accounting 4 years ago
Victor Julien 1b3c3225cd nfs: add debug validation on file counts 4 years ago
Victor Julien 1d48601c25 nfs: support per-tx file accounting 4 years ago
Victor Julien 67759795c6 nfs: don't reuse file transactions 
After a file has been closed (CLOSE, COMMIT command or EOF/SYNC part of
READ/WRITE data block) mark it as such so that new file commands on that
file do not reuse the transaction.

When a file transfer is completed it will be flagged as such and not be
found anymore by the NFSState::get_file_tx_by_handle() method. This forces
a new transaction to be created.
 4 years ago
Victor Julien d74c18ee28 http: support per-tx file accounting 4 years ago
Victor Julien 56d3e28a3a filestore: track files getting stored per tx 
Avoid evicting a tx before the filedata logger has decided it is
done.
 4 years ago
Victor Julien ca124b033e filestore: store chunks in packet direction 
Storing too early can lead to files being considered TRUNCATED if the
TCP state is not yet CLOSED when logging is triggered. This has been
observed with FTP-DATA and might also be an issue with simple HTTP.
 4 years ago
Victor Julien c78f5ac316 app-layer/transactions: track files opens and logs 
To make sure a transaction is not evicted before all file logging is complete.
 4 years ago
Victor Julien 45dc4cdeec eve/files: log in packet direction only 
Bug: #3703.

Don't log files too soon.
 4 years ago
Vladimir Ivchenko e89e563eb4 GRE: Handling pptp without payload 
If one of the ppp peers sends a packet with an acknowledge flag,
the ppp payload will be empty and DecodePPP will return TM_ECODE_FAILED.
To handle this case, the packet_length field in the GRE extended header (https://tools.ietf.org/html/rfc2637#section-4.1) is used.
DecodeGRE no longer tries to parse PPP payload if packet_length is zero.
 4 years ago
Jason Ish 16a21d7839 scripts: bundle script for requirements 
Add a bundle.sh script to bundle the requirements of libhtp
and suricata-update. This uses a Python like requirements.txt
file to specify the URL to download for libhtp and suricata-update.
 4 years ago
Lukas Sismis 71196098a1 doc: Update public-data-sets.rst 
Replace dead link

Dataset on ll.mit.edu returns 404. Link updated with a search result of more datasets.
 4 years ago
Joshua Lumb cf9b2b5fd1 detect-dsize: Add ! operator for dsize matching 4 years ago
Philippe Antoine 9b8be5a650 smb: get file name in case of chained commands 4 years ago
Philippe Antoine 3e5f59e2cb smb: fix parsing of file deletion over SMB1 4 years ago
Philippe Antoine fde753d9d2 smb: recognizes file deletion over SMB2 
using set_info_level == SMB2_FILE_DISPOSITION_INFO
 4 years ago
Jason Ish 71679c6ad0 ike: use derive macro from app-layer events 4 years ago
Jason Ish eb55297876 modbus: use derive macro from app-layer events 4 years ago
Jason Ish d3bd008e33 app-layer template: use derived app-layer event 4 years ago
Jason Ish cef2832dcf http2: use derived app-layer event 4 years ago
Jason Ish e92cb36bb8 krb5: use derived app-layer event 4 years ago
Jason Ish 92561837f8 ntp: use derived app-layer event 4 years ago
Jason Ish 1f71fb2cde rfb: register None for get_event_info/get_event_info_by_id 
Implementations are not required if they're just going to return
-1. We allow None to be registered for that.
 4 years ago
Jason Ish 4fd6aa866f sip: use derived app-layer event 4 years ago
Jason Ish 18448f6ed6 snmp: use derived app-layer event 4 years ago
Jason Ish bb094b17db ssh: use derived app-layer event 4 years ago
Jason Ish 9c3f06d9b5 dhcp: use derived app-layer event 4 years ago
Jason Ish b9f10ba22f smb: use derived get_event_info/get_event_info_by_id 4 years ago
Jason Ish 8eac5fc221 mqtt: derive AppLayerEvent for MQTTEvent 4 years ago
Jason Ish 6ed827a4ef dns: use derive macro for DNSEvent 4 years ago
Jason Ish 9221f1d9d5 applayerevent: derive get_event_info and get_event_info_by_id 
Add generation of wrapper functions for get_event_info
and get_event_info_by_id to the derive macro. Eliminates
the need for the wrapper method to be created by the parser
author.
 4 years ago
Jason Ish 0fa7b5c2a2 rust/applayer: provide generic event info functions 
Provide generic functions for get_event_info and
get_event_info_by_id. These functions can be used by any app-layer
event enum that implements AppLayerEvent.

Unfortunately the parser registration cannot use these functions
directly as generic functions cannot be #[no_mangle]. So they
do need small extern "C" wrappers around them.
 4 years ago
Jason Ish 27d1ee98ce rust: derive crate: for custom derives 
Currently has one derive, AppLayerEvent to be used like:

  #[derive(AppLayerEvent)]
  pub enum DNSEvent {
      MalformedData,
      NotRequest,
      NotResponse,
      ZFlagSet,
  }

Code will be generated to:
- Convert enum to a c type string
- Convert string to enum variant
- Convert id to enum variant
 4 years ago
Jason Ish dbea7d636f rust/applayer: define AppLayerEvent trait 
The derive macro will implement this trait for app-layer
event enums.
 4 years ago
Victor Julien cd40fcdea7 macset: adjust test to pass after fix 4 years ago
Philippe Antoine 7fa3e8df61 ci: dummy git configuration for rebase 4 years ago
Eric Leblond 328bdf2c61 macset: fix memory size check 4 years ago
Eric Leblond d7468c55ca flow: be sure to check hash till the end 4 years ago
Eric Leblond e531530a67 flow: add comment on flow handling 4 years ago
Eric Leblond c1bffa9545 stream: increase memcap on memory errors 4 years ago
Eric Leblond 0e70958e67 util/streaming: improve error handling 
It differentiates memory error than regular ones.
 4 years ago
Eric Leblond cce7e4f4cb flow: fix a debug assert 
As the FlowBypassedTimeout function is interacting with the capture
method it is possible that the return changes between the call that
did trigger the timeout and the actual state (ie if packets arrive
in between the two calls). So we should not use the call to
FlowBypassedTimeout in the assert.
 4 years ago
Eric Leblond 9c89bc80d0 flow: document FlowBypassedTimeout 
Main point is to document it is interacting with the capture
layer.
 4 years ago
Eric Leblond 9a4ef6b8fc flow: more accurate flow counters 
Don't increment the flow timeout counter for flows that are not
really timeout (as use_cnt is non zero). And also don't take into
account bypassed flows in the counter for flow timeout in use.
 4 years ago
Victor Julien c51042e093 flow/worker: handle timeout edge case 
In the flow worker timeout path it is assumed that we can hand off
flows to the recycler after processing, implying that `Flow::use_cnt` is 0.
However, there was a case where this assumption was incorrect.

When during flow timeout handling the last processed data would trigger a
protocol upgrade, two additional pseudo packets would be created that were
then pushed all the way through the engine packet paths. This would mean
they both took a flow reference and would hold that until after the flow
was handed off to the recycler. Thread safety implementation would make
sure this didn't lead to crashes.

This patch handles this case returning these packets to the pool from
the timeout handling.
 4 years ago
Victor Julien c5556b5dd9 flow/worker: set proper end flag 4 years ago
Victor Julien 61f6fe037d flow/manager: set proper end flag 4 years ago
Philippe Antoine bbbb816ed6 detect: debug validation for list ids overflows 4 years ago
Victor Julien 86681c9d7c detect: move init only array to init data 4 years ago
Victor Julien 22dfcc928c detect/analyzer: use rule style pretty print for patterns 4 years ago