aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,696 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '210ca32905'
${ noResults }
Commit Graph

14696 Commits (210ca32905bc3c01c188fe4e44fce9b53d420087)
 

Author SHA1 Message Date
Philippe Antoine 210ca32905 output/ftp: remove unused function parameters 2 years ago
Philippe Antoine 0fb75f081f output/dns: remove unused function parameters 2 years ago
Philippe Antoine 9afb16b134 output/smtp: remove unused function parameters 2 years ago
Philippe Antoine 82803d1b0e http: complete multipart data on open 
Take as much as we can when opening, by making sure that the
boundary is not present
 2 years ago
Lancer Cheng abc76e27de smb: fix data padding logic in writeAndX parser 
Bug: #6008
 2 years ago
Lancer Cheng 000eb91078 smb: fix wrong data offset when wct = 12 
Bug: #6008
 2 years ago
Philippe Antoine 7e725c650d flow: optionally use livedev for hash 
So that in a setup with different interfaces capturing different
networks, flows do not get mixed up

Ticket: #5270
 2 years ago
Philippe Antoine cc305da476 flow: make FlowGetExistingFlowFromHash static 
For easier reasoning about the code
 2 years ago
Philippe Antoine 92884b9f43 device: limit device id to uint16_t 
Meaning that we support 65535 live devices at the most
 2 years ago
Jeff Lucovsky a4ade056cc general/typo: Correct misc. typos 2 years ago
Jeff Lucovsky 0ff403fb60 decode/vlan: Remove unused macros/functions 
This commit removes unused functions and macros related to fetching VLAN
values.
 2 years ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 2 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 2 years ago
Philippe Antoine 6350736882 http2: avoid quadratic complexity in headers 
When adding an element to the dynamic headers table, the oldest
ones may get evicted. When multiple elements get evicted, they
should get evicted all at once with drain, instead of one by one
as there will be a massive move each time.

Ticket: #6103
 2 years ago
Philippe Antoine f346b3fc30 debug: fix list-x command line options with debug 
Debug validation checks that engine is either IPS or IDS.
But listing keywords does not care.
So, setting ids mode

Ticket: #6089
 2 years ago
Lukas Sismis 11c3aa868d doc: add DPDK Bond PMD docs 
Ticket: #6099
 2 years ago
Lukas Sismis c4b0c2888d dpdk: add support for DPDK Bond PMD 
Ticket: #6099
 2 years ago
Lukas Sismis fee79ff3c4 dpdk: add linker flag for DPDK Bond library 
Header checking (AC_CHECK_HEADER) did not work as
DPDK 19.11 included rte_eth_bond.h file even if net/bonding
driver was disabled. However, it was still not available in
ldconfig configuration. For this reason Bond PMD is checked with
ldconfig tool.
However when installing the DPDK library manually, the user needs to
update the entries in ldconfig to be able to find the Bond PMD.

Ticket: #6099
 2 years ago
Lukas Sismis bb2760d221 dpdk: add device name querying function 2 years ago
Lukas Sismis 2feece601a dpdk: add debug dump of RX offload capabilities 2 years ago
Lukas Sismis 540df3befe dpdk: separate i40e prestop actions from DPKD 19.11 
In DPDK 19.11 Suricata does not setup RSS on i40e driver
with rte_flow. As a result, it should not be deinitializing
RSS configuration with rte_flow as well.
 2 years ago
Lukas Sismis a9b2f79070 dpdk: refactor i40e RSS hash function 
Setting rss_conf->rss_key to NULL and rss_key_len
to zero avoids warnings about register changes
when setting up RSS configuration through RTE flows.
 2 years ago
Lukas Sismis adb427a15c dpdk: minor refactoring in error handling and variable declaration 2 years ago
Victor Julien 6154bab49f flow/worker: minor refactor for app-layer callsite 2 years ago
Victor Julien 8a535a0b89 detect: remove flow drop unittest 
Test broke after recent changes. Functionality is tested in
suricata-verify, so just remove the test.
 2 years ago
Victor Julien 95bf7248e8 detect: add check to validate drops 2 years ago
Victor Julien 418cc1fe94 detect: fix stateful drops for rate_filter 2 years ago
Victor Julien 2a95154712 flow/timeout: no pseudo packets for dropped flows 
When a flow is in the drop flow state, don't use pseudo packets
when it is timing out. There should be no work left to do at this
point.
 2 years ago
Victor Julien d91a1e8bc6 stream: simplify drop handling 
Remove logic to apply flow drop, as this is now handled in the
flow engine.

However, keep the logic that frees/cleans the session state.
 2 years ago
Victor Julien 77f49661fd app-layer: don't update UDP applayer for dropped packets 2 years ago
Victor Julien 85ddba63f6 detect: update/document drop flow logic 
Now that flow drop is applied to packets before other processing,
no drop has to be issued on a packet.
 2 years ago
Victor Julien 71a033ac62 flow: apply flow to packet on flow lookup 
Issue drop to packet as early as possible.
 2 years ago
Philippe Antoine 9287cbc33a http: logs custom headers in a subobject 
This subobject is request_headers or response_headers

This especially avoids json keys collisions.

Ticket: #5320

Also fixes typo referrer/referer
 2 years ago
Jason Ish f8c54bc7a4 github-ci: add workflow_dispatch 
A workflow dispatch allows us to manually a trigger a workflow with
arguments. This dispatch allows us to use the "gh" cli command to
trigger a workflow run with our libhtp/su/sv branch and repo variables
set. For example:

  gh run builds.yml -f SV_REPO=jasonish/suricata-verify -f SV_BRANCH=pr/10
 2 years ago
Victor Julien 5b160d274c flow: spare pool return optimization 
In case small blocks of flows are returned, try to merge
them with existing small list head. Add full block as second
in the list as with the rest of the code.
 2 years ago
Victor Julien afbd4162f2 flow/worker: don't double count flow.wrk.flows_evicted 
Since the queue isn't fully processed every run, double counting
could happen.

Fix by only counting actually processed flows from the queue.
 2 years ago
Victor Julien 73e665f42a flow/worker: batch return flows to spare pool 2 years ago
Victor Julien 91c59ce8f9 flow/manager: minor code cleanup 2 years ago
Victor Julien 1f3b35d048 flow/recycler: batch returns to spare pool 
To reduce locking overhead in the spare pool, batch returns per
100 (spare pool block size).
 2 years ago
Victor Julien 3803cbd0e5 flow/recycler: stats micro optimization 
Don't update stat from loop as it's not read until after the loop.
 2 years ago
Philippe Antoine 7d3aa91bf4 mqtt: fix quadratic complexity 
get_tx_by_pkt_id loops only over the last transactions
in case there is a transaction flood

Ticket: #6100
 2 years ago
Haleema Khan 8e19906afa mqtt: rustfmt mqtt.rs 2 years ago
Haleema Khan e474858e25 mqtt: add mqtt frames 
Adds PDU, Header and Data frame to the MQTT parser.
Ticket: 5731
 2 years ago
Victor Julien fd93f002a0 windivert: fix compile warnings 2 years ago
Jason Ish 5af73b3879 doc/userguide: document include files 
Document how to use include files, plus add a deprecation notice on
the use of multiple "include" statements.
 2 years ago
Jason Ish a71dee5516 doc/userguide: merge logging changes in 7.0 upgrade notes 
Two "Logging changes" sections existed, merge.
 2 years ago
Jason Ish e7d3904c3f suricata.yaml: use include list for example 
For 7.0 multiple includes are allowed, but marked as
deprecated. Update the example to show the new way of pulling in
multiple includes.
 2 years ago
Jason Ish f8620d0ed2 docs: update url to docs.suricata.io 2 years ago
Jason Ish 33827beae5 jsonbuilder: check buffer growth 
Use try_reserve before growing the internal buffer, and the internal
state vector. This allows allocation errors to be caught and an error
returned instead of just aborting the process.

Ticket: #6057
 2 years ago
Jason Ish 95cfc2b34f jsonbuilder: rustfmt 
Some very minor changes to formatting.
 2 years ago