aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,122 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '36998ab4cd'
${ noResults }
Commit Graph

10122 Commits (36998ab4cde0b69b76952cda38e68fec45ad6283)
 

Author SHA1 Message Date
Max Fillinger 09c54471e5 pfring: Always fill in vlan_id 
Previously, source-pfring.c would copy the vlan_id from the extended
header only if vlan.use-for-tracking was enabled. This commit removes
that check.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger 44bea80d3c decode erspan: Always fill in vlan_id 
Fill in the vlan_id fields unconditionally. We can now remove the check
for the vlan.use-for-tracking setting in decode.c. The debug log message
is moved to suricata.c.
 6 years ago
Max Fillinger 8d3b04b0e3 decode vlan: Always fill in vlan_id 
Since the vlan.use-for-tracking setting is now handled in flow-hash.c,
we can fill in the vlan_id fields unconditionally. This makes the vlanh
fields unnecessary.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger cef9961f59 flow hash: Mask vlan_id if not used for tracking 
If vlan.use-for-tracking is disabled, set the vlan_id fields to 0 when
hashing or comparing flows. This is done using a bitmask as suggested by
Victor Julien in IRC, in order to avoid adding more branches to this
code.

Currently, suricata does not fill in vlan_id fields if
vlan.use-for-tracking is disabled and instead leaves them at the default
0 value, so this commit makes no functional change. This change is in
preparation for future commits where the vlan_ids will be always filled
in.

Related to https://redmine.openinfosecfoundation.org/issues/3076
 6 years ago
Max Fillinger 38731d30da flow hash: Make CMP_FLOW macro an inline function 6 years ago
Victor Julien 7ccf14bc60 runmodes: remove unused prototypes 6 years ago
Victor Julien c12252617c afl: fix afl-ftp causing FPE due to missing ippair 6 years ago
Victor Julien 9e70716d5a runmodes: remove no-Rust logic 6 years ago
Victor Julien 8c6251ea6c runmodes: simply default runmode logic 6 years ago
Victor Julien 3282fb4967 runmodes: code cleanups 6 years ago
Philippe Antoine feda5e7392 leak: Fixes leak in AppLayerProtoDetectPMRegisterPattern 
Fixes #3070
 6 years ago
Philippe Antoine 66c500eaac leak: Fixes leak in DetectAppLayerEventPrepare 6 years ago
Philippe Antoine 684f101710 log: use SCLogError instead of fprintf 6 years ago
Philippe Antoine 19ab85f17e leak: fixes leak in DetectAddressParse2 6 years ago
Victor Julien 8b87801b80 geoip: fix unittests w/o db present 6 years ago
Victor Julien a7d65668ae mem: avoid potential shadow vars with 'len' name 6 years ago
Bill Meeks d1525c6fb8 mem: add SCStrndup() function to wrap strndup(). 6 years ago
Bill Meeks a291209e47 detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 6 years ago
Victor Julien d6323ae33d detect/mpm: improve stats reporting 6 years ago
Victor Julien 24f0092b72 detect: add ipv6.hdr sticky buffer 
Inspects IPv6 header and extension headers.
 6 years ago
Victor Julien 3c9a557810 decode/ipv6: track length of ext hdrs 6 years ago
Victor Julien 9252400f68 decoder/ipv6: minor cleanups 
Remove unused field and macros.

Minor code style cleanups.
 6 years ago
Victor Julien 4ac327f5b5 detect/ipv4: add ipv4.hdr sticky buffer 6 years ago
Victor Julien 367e3e1895 detect/tcp/udp: minor cleanups 6 years ago
Victor Julien 4dff903b35 detect: introduce pkt mpm engines 
Instead of the hardcode L4 matching in MPM that was recently introduced,
add an API similar to the AppLayer MPM and inspect engines.

Share part of the registration code with the AppLayer.

Implement for the tcp.hdr and udp.hdr keywords.
 6 years ago
Victor Julien 14896365ef detect: remove Threadvars argument from API calls 
Remove it as it's (almost) never used. If it is really needed it can
be accessed through DetectEngineThreadCtx::tv as well.
 6 years ago
Victor Julien c1dd4534d9 detect/bsize: support transforms in case w/o content 6 years ago
Jason Ish 963abc961c python: fix parsing Suricata version from configure.ac 
If parsing the version fails, or no version is found, fail
instead of defaulting to a version of 0.0.0.
 6 years ago
Victor Julien 82de6e0659 decoder/vxlan: improvements and cleanups 
Implement port config handling. Also check both src port and dest
port for tunnels that only set the destination port to the VXLAN
port. At the point of the check we don't know the packet direction
yet.

Implement as Suricata tunnel similar to Teredo.

Cleanups.
 6 years ago
Henrik Lund Kramshoej 3519b011b7 decoder/vxlan: initial implementation of decoder 6 years ago
Victor Julien 35b88991c3 mem: fix shadow declaration warning 
Avoid clash by adding a leading underscore to the declaration in the
macro. These temporary vars should never clash with valid variables
from the code where they are called from.
 6 years ago
Victor Julien 034555644b doc: add tcp.hdr and udp.hdr 6 years ago
Philippe Antoine e30a77c5a1 warnings : Fixes integer sizes in format strings 6 years ago
Andreas Herz 0795dc1e14 configure: update configure.ac to reflect modern autoconf syntax 6 years ago
Pierre Chifflier af7d245a31 rust/snmp: add event when expected/received PDU versions mismatch 6 years ago
Pierre Chifflier 1880f6945c rust/snmp: use generic parsing function, for all SNMP versions 
Do no restrict parsing to the version seen in the first packet, but
use a generic function, independent of the version.
 6 years ago
Jason Ish 577c8cb0c0 dns-log: remove from config 
dns-log has been removed from the code.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2297
 6 years ago
Victor Julien ba5679de0f profiling: fix undefined profiling code use 6 years ago
Victor Julien ac694b089a detect: add udp.hdr sticky buffer 6 years ago
Victor Julien bdf53f449c detect/tcp: rename tcp keyword files 6 years ago
Victor Julien 47919fd0e4 detect/tcp: add tcp.<field> notation variants 6 years ago
Victor Julien 0cecb1c3b2 detect/prefilter: minor error handling cleanup 6 years ago
Victor Julien 35be8385eb detect: tcp.hdr sticky buffer 
Sticky buffer to inspect the TCP header.
 6 years ago
Victor Julien 47ef8f5822 detect/mpm: add l4-header support 
Prepare MPM part of the detection engine for a new type of per
packet matching, where the L4 header will be inspected.

Preparation for TCP header inspection keyword.
 6 years ago
Victor Julien 0965afd661 detect: pkt inspect engines 
Instead of hard coded calls to the inspection logic for
payload inspection and 'MATCH'-list inspection use a callback
approach. This will register a callback per 'sm_list' much like
how app-layer inspect engines are registered.

This will allow for adding more types later without adding
runtime overhead.

Implement the callback for the PMATCH and MATCH logic.
 6 years ago
Victor Julien 2a778e439a detect/build: minor code cleanups 6 years ago
Victor Julien a01df4b86b doc: document tcp.mss keyword 6 years ago
Victor Julien 66648df099 detect: add tcp.mss keyword 
Allows matching on TCP option MSS.

Syntax:

    tcp.mss:<value>;
    tcp.mss:<value1>-<value2>;
    tcp.mss:<op><value>;

Operator can be: >, <.
 6 years ago
Jeff Lucovsky d2fdbc7d6f output/json: Avoid use of uninitialized value 
In JsonPacket, a Base64Decode error could cause an uninitialized
variable to be used because its return value is ignored.
 6 years ago
Jeff Lucovsky 6911cc01ad rust/snmp: Support get-info-by-id 6 years ago