aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,331 Commits
8 Branches
163 Tags
185 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2295777691'
${ noResults }
Commit Graph

3122 Commits (22957776915bac6bbf204d98ac56f0109171453a)

Author SHA1 Message Date
Victor Julien 4cde2355bd Simplify flow resetting on de_ctx update. Detect ctx id starts at 1. So in a flow 0 means uninitialized (thus set) and if we detect flow is not equal to detect id, we reset the sgh storage and de_state. 14 years ago
Anoop Saldanha 6fa46d7526 If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main 14 years ago
Anoop Saldanha e5edcfaca8 add unittest for atomic operation with void * 14 years ago
Anoop Saldanha ecad4a24fa live rule support added 
To reload ruleset during engine runtime, send the USR2 signal to the engine, and the ruleset would be reloaded from the same yaml file supplied at engine startup
 14 years ago
Anoop Saldanha 83a8f6e03a cleanup threshold config de-init 14 years ago
Anoop Saldanha 5e02cb2365 slot_data updated as an atomic var no 14 years ago
Anoop Saldanha 5878d83174 byte_extract_id var now a non-global de_ctx specific var 14 years ago
Anoop Saldanha f4ce9011d2 make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API 14 years ago
Anoop Saldanha 7acf5ad38e clean reference config API 14 years ago
Anoop Saldanha 6003c7cb6b clean classification config API 14 years ago
Anoop Saldanha f5af4c9ceb util action api returns error code if it encounters wrong values parsing wrong action conf 14 years ago
Anoop Saldanha f2dd61868d variable names global vars, global no more. Moved to detection engine ctx, a place it belongs 14 years ago
Anoop Saldanha 946100845f fix replace unittets. Re-set modified global_var to orignial value when the test completes 14 years ago
Anoop Saldanha 55d4e9518e Kill engine during init stage if it fails to load valid value for sgh-mpm-context 14 years ago
Anoop Saldanha d7a93b6fcd clear root node during conf de-init. also create root_backup when the root is restored back using it 14 years ago
Victor Julien ab3fcb01f9 http: decode double decoded path and query string characters. Bug #464. 14 years ago
Victor Julien c6cac1ef48 build: Use expanded sysconfdir to pass as CONFIG_DIR to the code. 14 years ago
Victor Julien 108da566bc http: make client and server body inspection more robust in cases where realloc fails 14 years ago
Victor Julien 60c3af9303 detect: Only run mpm on HTTP buffers in the proper direction. Fixes a file_data FN. 14 years ago
Victor Julien 2055b509a3 dcerpc/smb/smb2: more robust error checking, cosmetic code updates. 14 years ago
Anoop Saldanha fc15cc7de1 some more mpm engine cleanup 14 years ago
Anoop Saldanha f9612f3b83 mpm engine cleanup. Remove unnecessary flags 14 years ago
Anoop Saldanha 5bb347106b cookie header now inspects Set-Cookie headers as well 14 years ago
Anoop Saldanha 593b0cb150 unittests that fail, displaying the issue that we don't inspect set-cookie headers against cookie keywords 
The next patch in the series will fix the issue and let the unittests pass as well.
 14 years ago
Victor Julien c0ac64e58c pcap: make sure thread count is 1 if config is missing for a device. 14 years ago
Anoop Saldanha bc6cf43840 #482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars 14 years ago
Anoop Saldanha 0d602d9cde we now support offset, depth inspection against all packet payloads and stream messages 14 years ago
Anoop Saldanha a34f91358d tests to highlight that 
- suricata treates sigs with offset/depth without any packet keywords as stream sigs
- as a consequence suricata will FN on such sigs

The tests introduced here will fail, displaying the issues.  The
next patch in the series would fix the said issues.
 14 years ago
Anoop Saldanha c5cc9d454d stream raw reassembly fix 14 years ago
Anoop Saldanha db8500bb26 fast pattern cleanup - Remove FastPatternSupportEnabledForSigMatchList() and all it's associated structures 14 years ago
Anoop Saldanha 988c92f71c http user agent keyword + mpm + inspection + fast pattern support added 14 years ago
Victor Julien bd3a655aeb Add pcap workers mode. 
Some cards like Napatech or Myricom support libpcap wrappers that allow for
multiple streams, queues, ringbuffers. The workers mode can be of use in
those cases.
 14 years ago
Anoop Saldanha 34fde4ed75 bug #471 - file_data fast pattern unittests added 14 years ago
Anoop Saldanha 90ccbfd80a bug #471 - http server body fast pattern unittests added 14 years ago
Victor Julien 850379552a rule analyzer: minor cleanups. Fix warning-only setting, allow true/yes/enabled for yaml option. 14 years ago
Victor Julien b210bf1290 Fix commandline supplied yaml path being ignored. 14 years ago
Eileen Donlon c81020e9a3 feature 349 rule analyzer v1 14 years ago
Eric Leblond 2d22f667c2 config: use config file in sysconfdir by default. 14 years ago
marcos 8dfddd0a0f Added -T switch to suricata output. 
Simply added the -T to be printed out when suricata is run without any
arguments.  The capability to test a configuration file has been in
suricata for some time, just doesn't show up as an option right now.
 14 years ago
Victor Julien b744708f28 filemd5: implement negated matching. 14 years ago
Victor Julien dbdab0cb1c Disable dce unittests that tick off clamav. #458. 14 years ago
Anoop Saldanha 1f5469fa5a bug #458 - unittest that uses clamav FPing payload disabled for now. Needs to be rewritten though with new payloads 14 years ago
Victor Julien 3df573219b Fix compilation warning. 14 years ago
Victor Julien e3764b90c3 tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event. 14 years ago
Anoop Saldanha f08fc8d7c5 ssl connection error message event added. Remove warning log for the same error alert 14 years ago
Anoop Saldanha 270ea253a2 ssl parser fix/updates 14 years ago
Anoop Saldanha edb48c1557 We have a new probing parser to detect sslv2 records. todos to be covered later 14 years ago
Victor Julien fa121a1dd4 filemd5: handle case where no md5 support is compiled it. 14 years ago
Victor Julien 9f7588a756 Add filemd5 keyword that loads a list of md5's to match a file's md5 against. 14 years ago
Victor Julien 8cfc23ee22 Add a new hash datatype to do speedy lookups of read only uniform data, like md5's. 14 years ago
Victor Julien 1bb0199dd7 pfring: protect pfring_set_bpf_filter with a lock as it's not thread safe. 14 years ago
Victor Julien 1906d317ec unified2: minor cleanups 14 years ago
Victor Julien 5e95524122 Improve error reporting in case of syntax errors in the address and port vars. 14 years ago
Victor Julien 5b457807e2 file: fix file length and md5 tracking when file storing is disabled 14 years ago
Victor Julien 086a934ca9 #449: fix md5 calculation in daemon mode. 14 years ago
Victor Julien 94c312512d pfring: move missing timestamp handling code to PfringProcessPacket. 14 years ago
Chris Wakelin a5f948f436 Fix missing timestamps in some flavours of PF_RING 14 years ago
Victor Julien f2f8dfd8d6 http: add test to make sure a missing space between header name and value is not a problem (ref #474). 14 years ago
Victor Julien 66856831fa unified2: big rewrite to clean up code that deals with tcp segment logging. 14 years ago
Eric Leblond a0e57f58e5 OpenBSD: introduce SCLocalTime function. 
This function is a wrapper to localtime_r. It is needed to avoid
a compilation warning on OpenBSD. I'm forced to type the function
to a non pointer first parameter. If not we will have to use two
differents functions in OpenBSD where tv->tv_sec is a long
(different from time_t).
 14 years ago
Victor Julien 00948c86d5 Add debug messages to HTTP error/warning handling. 14 years ago
Victor Julien ed3599b3d8 stream: improve error checking. 14 years ago
Victor Julien 5933cee2ff replace: add missing malloc return value check. 14 years ago
Eric Leblond dbf5d79e43 pfring: follow API change 
As pointed out in issue #459, pf_ring API has changed. Since
5.4.0 release pf_ring_open has one less argument.
 14 years ago
Victor Julien 48da3bb48b Make sure all fake packets have datalink type DLT_RAW. Make sure stream end packets set pkt size. 14 years ago
Victor Julien 02e19502c7 unified2: minor cleanups. 14 years ago
Eric Leblond 70b795e20a OpenBSD: don't close std* to avoid problem. 14 years ago
Victor Julien 3181b492f4 pcap: lock pcap_compile and pcap_setfilter calls as they are not thread safe. Fixes issues with bpf filters and multiple interfaces. 14 years ago
Victor Julien e3f66c52ec pcap: fix double free issue with bpf filter and multiple interfaces. 14 years ago
Victor Julien a3cbe2e1c2 alert-debuglog: add size info for stream chunks and fix a typo. 14 years ago
Anoop Saldanha 5f939412af debuglog now uses the new mem buffer API. Improve file ctx locking to just the file write 14 years ago
Victor Julien cae46ab5eb pcre: print filename and line number for JIT warning. 14 years ago
Anoop Saldanha 4689783342 bug #454 - rebase fix. Also use better error code to indicate invalid address var yaml entry 14 years ago
Anoop Saldanha b3660dc5db bug #454 - add unittests for the address/port conf var validation function 14 years ago
Anoop Saldanha 678763c3f4 bug #454 - global check to see if address and port vars are properly configured 14 years ago
Victor Julien ea0d172693 No longer pass StreamMsg to output for alert logging, instead use the same callback code as is used for state alerts. 14 years ago
Victor Julien 88a21456e3 stream: keep segments in memory until we are sure the stream/state is inspected. 14 years ago
Anoop Saldanha 64625675ce set stream_eof flag per stream, only when the stream initiates a close. Fix htp parser to close connection per direction based on this 14 years ago
Victor Julien b976ff228a ipv6: fix an AH header parsing issue. Add decoder event for non-null reserved fields. 14 years ago
Victor Julien 52044bb81b Improve error message for malformed urilen value. 14 years ago
Anoop Saldanha d39b7b72bd Add a nice error message when we exceeded address buffer limit for a rule 14 years ago
Anoop Saldanha 7495f59773 bug #451 fix for parsing address. Increase buffer size 14 years ago
Anoop Saldanha f204b52e10 bug #461 - http header shouldn't match on cookie header 14 years ago
Eric Leblond 59057e542e Openbsd: Fix some warning related to inline usage. 
gcc on OpenBSD does not support C99 inline functions. This patch
modify the build system to handle this. It also change the order
of declaration of some functions to avoid to use them before
declaring them as inline.
 14 years ago
Anoop Saldanha 3df3be0efc bug 418 - update http log to escape backslashes 14 years ago
Anoop Saldanha 5d22194299 fix failing rate filter unittest 14 years ago
Anoop Saldanha 7dec21be4c fix rate filters that reset the sig ctx data and handled action timeouts wrongly 14 years ago
Anoop Saldanha 85db868a83 indentation fix 14 years ago
Anoop Saldanha c34713321a fix rate filter alert suppression. Log error if rate filter has count of 0. Other minor fixes as well 14 years ago
Anoop Saldanha bff2866aed more coverity fixes 14 years ago
Anoop Saldanha 6c5b596ada coverity fixes 14 years ago
Eileen Donlon b22529d6f4 disallow pcre /P/I/U with flow:to_client/from_svr 14 years ago
Eileen Donlon c7807a21b6 disallow http_server_body with flow:to_server 
disallow http_server_body with flow:to_server or from_client
 14 years ago
Eileen Donlon 2c24eb9e76 allow only one flow option in a rule 14 years ago
Eileen Donlon f7879f81e8 disallow file_data with flow:to_server/from_client 14 years ago
Victor Julien 36c83f2651 Minor textual update. 14 years ago
Anoop Saldanha 0da93e84ca bug 454 - Provide better error message when the user supplies a NULL address range 14 years ago
Anoop Saldanha 09ec7ec728 bug 456 fix for byte_extract to have array of the right size to update values with 14 years ago
Anoop Saldanha d2738c851f fix failing fast pattern unittests 14 years ago
Eric Leblond 6784ec536d Fix OpenBSD compilation. 14 years ago