aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
18,014 Commits
8 Branches
165 Tags
218 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2030f0a527'
${ noResults }
Commit Graph

50 Commits (2030f0a527118840c20c3e281f1754c789ec80dc)

Author SHA1 Message Date
Victor Julien f332b3e571 defrag: improve thread safety in config logging 
CID 1554235: (#1 of 1): Data race condition (MISSING_LOCK)
missing_lock: Accessing defragtracker_spare_q.len without holding lock DefragTrackerStack_.m. Elsewhere, DefragTrackerStack_.len is written to with DefragTrackerStack_.m held 2 out of 2 times.
 5 months ago
Jason Ish 22b77b0c56 conf: prefix conf API with SC 8 months ago
Victor Julien 1190e426f9 defrag: remove trackers on lookup 
When looking up a tracker, remove any timed out / completed trackers.
 1 year ago
Victor Julien becc91c306 defrag: timeout check on look up; tag for removal 1 year ago
Victor Julien 83dc703d1f defrag: add various counters 1 year ago
Victor Julien 39876bf566 defrag: update exception policy counter: ptr can't be NULL 1 year ago
Victor Julien fc93a3875e defrag: turn queue into stack 
Only used by the spare tracker logic, which works better as a stack.
 1 year ago
Victor Julien 475c40f9c2 defrag: minor cleanups; dead code removal 1 year ago
Victor Julien 8b57545540 defrag: turn hash row into single linked list 1 year ago
Victor Julien 26a73503aa defrag: timeout/reuse start of list 1 year ago
Victor Julien 97705c94e4 defrag: simplify lookup/create loops 
Turn into a simpler do { } while loop like in the flow code.
 1 year ago
Philippe Antoine 20423fdd38 style: remove some useless return 
and remove empty line before end of function
 1 year ago
Victor Julien 2d5c381c3b decode/ipv4: prep for turning ip4h/ip6h into union 
Store IPv4 decoder vars in a new Packet::l3 section in the packet.

Use inline functions instead of the often multi-layer macro's for
various IPv4 header getters.

Ticket: #6938.
 2 years ago
Victor Julien eb3ca643c1 decode: reduce PKT_IS_IPV4/PKT_IS_IPV6 use 
Replace it with inline functions. Adds inline functions to
wrap PKT_IS_IPV4/PKT_IS_IPV6.

This is in preparation of removing the macro's, and cleaning up the
header pointers.

Ticket: #5517.
 2 years ago
Victor Julien 813147755d decode: rename IP_GET_IPPROTO to PacketGetIPProto 
To match function naming style.

Ticket: #5517.
 2 years ago
Philippe Antoine b113bdd9e3 src: remove unused headers-exported functions 
+ remove double definition of IPPairLock

Ticket: #4083
 2 years ago
Juliana Fajardini 485c0e1d9a defrag: add exception policy memcap stats counters 
Add defrag memcap stats counter.

Task #5816
 2 years ago
Jeff Lucovsky 193e0ea1a9 memory/alloc: Use SCCalloc instead of malloc/memset 2 years ago
Jeff Lucovsky a4ade056cc general/typo: Correct misc. typos 2 years ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 2 years ago
Victor Julien ca3c144ec8 defrag: spelling 3 years ago
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Victor Julien 8580499ded exceptions: initial exception-policy implementation 
Adds a framework for setting exception policies. These would be called
when the engine reaches some kind of exception condition, like hitting
a memcap or some traffic processing error.

The policy gives control over what should happen next: drop the packet,
drop the packet and flow, bypass, etc.

Implements the policy for:

    stream: If stream session or reassembly memcaps are hit call the
    memcap policy on the packet and flow.

    flow: Apply policy when memcap is reached and no flow could be
    freed up.

    defrag: Apply policy when no tracker could be picked up.

    app-layer: Apply ppolicy if a parser reaches an error state.

All options default to 'ignore', which means the default behavior
is unchanged.

Adds commandline options: add simulation options for exceptions. These
are only exposed if compiled with `--enable-debug`.

Ticket: #5214.
Ticket: #5215.
Ticket: #5216.
Ticket: #5218.
Ticket: #5194.
 3 years ago
Victor Julien 65f54024d3 defrag: minor code cleanups suggested by cppcheck 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 5 years ago
Shivani Bhardwaj 6f7d8e50c8 src: use FatalError whenever possible 
Replaces all patterns of SCLogError() followed by exit() with
FatalError(). Cocci script to do this:

@@
constant C;
constant char[] msg;
@@

- SCLogError(C,
+ FatalError(SC_ERR_FATAL,
  msg);
- exit(EXIT_FAILURE);

Closes redmine ticket 3188.
 5 years ago
Victor Julien c660757153 atomics: remove useless SC_ATOMIC_DESTROY 6 years ago
Shivani Bhardwaj 0e4f261224 Use StringParse* for all parsers and configurations 6 years ago
Victor Julien 903291f88a defrag: fix use of globals 6 years ago
Jason Ish fe6e96a8c1 defrag: use rb tree to store fragments 7 years ago
Victor Julien 11be9bd971 mingw: add SCNtohl and SCNtohs macro's 
On MinGW the result of ntohl needs to be casted to uint32_t and
the result of ntohs to uint16_t. To avoid doing this everywhere
add SCNtohl and SCNtohs macros.
 8 years ago
Giuseppe Longo 0839d06514 defrag: get/set memcap value 
This adds new functions that will be called
through unix-socket and permit to update
and show memcap value.

The memcap value needs to be handled in a
thread safe way, so for this reason it is
declared as atomic var.

Another function is added to gets
the memuse value since it will be shown
through unix-socket.
 8 years ago
Victor Julien ab1200fbd7 compiler: more strict compiler warnings 
Set flags by default:

    -Wmissing-prototypes
    -Wmissing-declarations
    -Wstrict-prototypes
    -Wwrite-strings
    -Wcast-align
    -Wbad-function-cast
    -Wformat-security
    -Wno-format-nonliteral
    -Wmissing-format-attribute
    -funsigned-char

Fix minor compiler warnings for these new flags on gcc and clang.
 9 years ago
Victor Julien c3b4dd5a7d qa: add --no-random commandline option 9 years ago
Victor Julien dd70b3fda0 random: improve random logic 
Improve random logic for hash tables.

Implement Windows random API if it is available.
 9 years ago
Victor Julien 618f351210 cleanup: get rid of %llu format specifiers 
Use more explicit types instead.
 9 years ago
Jason Ish 3ca1a29bbd defrag: fix argument used in macro to match signature 
"p" was being used in the macro but was not an argument to
the macro, but it worked due to the context of the macro.

Use the actual macro argument, d2, instead of p.

Results in no change to generated code.
 9 years ago
Jason Ish 4a04f814b1 defrag - take protocol into account during re-assembly 
The IP protocol was not being used to match fragments with
their packets allowing a carefully constructed packet
with a different protocol to be matched, allowing re-assembly
to complete, creating a packet that would not be re-assembled
by the destination host.
 9 years ago
Victor Julien b3bf7a5729 output: introduce config and perf output levels 
Goal is to reduce info output
 10 years ago
Victor Julien b2695600ba afl: add define to disable rand_r use 
The randomness affects AFL. It creates variable test cases, which
we need to avoid.
 10 years ago
Jason Ish 3aa7e38c14 defrag: tracker initialization cleanup 
Remove the old tracker reset macro which is no longer being used.
Clear last_seen and remove flags on initialization.
Remove extra call to DefragTrackerInit as it was being called 2x
for each new tracker.

Now that DefragTrackerNew is just a wrapper for DefragTrackerAlloc,
remove it and just call DefragTrackerAlloc directly.
 10 years ago
Jason Ish 69b4218afc defrag: don't use trackers marked for removal 
These trackers are likely for completed fragments, but have
not been cleaned up. If a packet on the same flow with an
already seen IP ID is seen, it could be reused prior to
being properly reinitialized.
 10 years ago
Ken Steele 8f1d75039a Enforce function coding standard 
Functions should be defined as:

int foo(void)
{
}

Rather than:
int food(void) {
}

All functions where changed by a script to match this standard.
 11 years ago
Giuseppe Longo f03278d132 feature #417: add support for configuration per host timeout value 12 years ago
Jason Ish 2953b3f640 Feature #901 - VLAN defrag support. 
Take VLAN IDs into account when re-assembling fragments.

Prevents fragments that would otherwise match, but on different
VLANs from being reassembled with each other.
 12 years ago
Victor Julien 16056d51f2 Coverity 1038094: remove dead code from defrag hash 12 years ago
Anoop Saldanha bed3f605fa Fix for #922. 
Add more relevant error message when we supply invalid value for
defrag.trackers and defrag.hash-size
 12 years ago
Victor Julien d1573a366d Fix GetUsed functions for Host, Flow and Defrag. 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Victor Julien 7a044a99ee Defrag engine 
Big rewrite of defrag engine to make it more scalable and fix some
locking logic flaws.

Now uses a hash of trackers similar to Flow and Host hashes.
 13 years ago