aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,719 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3ab1458abf'
${ noResults }
Commit Graph

3719 Commits (3ab1458abf29e2b84b82f6f0e6af0dd77c29389b)
 

Author SHA1 Message Date
Victor Julien 3ab1458abf pcap: fix windows commandline mangling win device string 12 years ago
Victor Julien a698a7600d clang: fix warnings when debug is enabled 12 years ago
Victor Julien 40bbf96f22 reputation: don't give error if config is missing/commented out 12 years ago
Victor Julien 0f42f0e890 Minor fixes 12 years ago
Eric Leblond 6b3ebc810d unix runmode: improve JSON handling 
The jansson function with new in their name take care of ref
counting. The this patch fixes a memory leak.
 12 years ago
Eric Leblond 195b144daa unix-manager: fix error and JSON handling 12 years ago
Eric Leblond a05113a2b1 unix-manager: memory handling fixes. 
This patch adds unlikey() for memory error handling and fixes a few
error cases.
 12 years ago
Eric Leblond 028a37f6e7 unix runmode: use unlikely for memory error 12 years ago
Eric Leblond 547c55114e unix runmode: fix FIXME 12 years ago
Eric Leblond f38b8fe4eb unix runmode: fix JSON mem handling 
json_decref was not correctly used through the code. This patch
fixes it.
 12 years ago
Eric Leblond 13237b8af2 unix manager: add static 12 years ago
Eric Leblond ef45f7dac4 configure: fix indent 12 years ago
Eric Leblond 936c36d5f1 Disable 'reload-rules' command. 12 years ago
Eric Leblond d5457ad70e unix-manager: doc and whitespace fixes 12 years ago
Eric Leblond af16c418b7 unix-socket: fix build when jansson not present 12 years ago
Eric Leblond ef64648cf8 unix-command: add drop counter to iface-stat message 12 years ago
Eric Leblond 8d0260b27e Add atomic counter for iface drop. 12 years ago
Eric Leblond cc71c993f4 unix-command: add iface information command. 
This patch adds two commands to unix-command. 'iface-list' displays
the list of interface which are sniffed by Suricata and 'iface-stat'
display the available statistics for a single interface. For now,
this is the number of packets and the number of invalid checksums.
 12 years ago
Eric Leblond c78e112e3e af-packet: update runmode copyright date. 12 years ago
Eric Leblond 6f0a851087 unix-manager: fix error treatment in accept phase 12 years ago
Eric Leblond f2a17f47d3 unix-manager: implement multi client support 
This patch implements the support of multiple clients connected
at once to the unix socket.
 12 years ago
Eric Leblond 83f0af3630 suricatasc: improve reading when system is loaded 12 years ago
Eric Leblond a9cb8ce89f affinity: avoid to init structure twice 
In unix socket mode, suricata was doing multiple init of the
structure. This was not needed and caused a memory leak in
mutex creation.
 12 years ago
Eric Leblond 93f801b3a9 pcap-file: update affinity setting code 
The affinity setting code was using the old API. This patch updates
to the new API and also adds a call to RunModeInitiaze() which was
missing in Single running mode.
 12 years ago
Eric Leblond cfd80e7063 unix-mode: fix return of pcap-file command 12 years ago
Eric Leblond f8921d8a28 unix-socket: introduce API to add commands and tasks 
This patch transforms the unix socket into a flexible system to
add commands (triggered by user) and taks (run periodically).
It introduces two functions UnixManagerRegisterCommand and
UnixManagerRegisterBackroundTask to registed commands and tasks.

Other part of Suricata can then declare a new command via a simple
call of the function. In the case of a command the caller is
responsible of building the answer message using Jansson API. The
sending of the message is made by unix manager code.
 12 years ago
Eric Leblond 20a8b9dbe5 unix-manager: add unix command socket and associated script 
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
 * Client connects to the socket
 * It sends a version message: { "version": "$VERSION_ID" }
 * Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.

The format of command is the following:
 {
   "command": "pcap-file",
   "arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
 }
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
 {
   "return": "OK|NOK",
   "message": JSON_OBJECT or information string
 }

A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code.  The first command line argument of suricatasc is
used to specify the socket to connect to.

Configuration of the feature is made in the YAML under the 'unix-command'
section:
  unix-command:
    enabled: yes
    filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.

A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.

To start this mode, Suricata must be started with the --unix-socket
 option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.

THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.

This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.

Two other commands exists to get info on the remaining tasks:
 * pcap-file-number: return the number of files in the waiting queue
 * pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
 {
  'count': 2,
  'files': ['file1.pcap', 'file2.pcap']
 }
 12 years ago
Eric Leblond 6be63bdc4f tm-threads: add TM_ECODE_DONE state 
This patch adds a nex return state which can be used by threads
to warn that a task has been done. In this case, suricata does not
leave.
 12 years ago
Eric Leblond 412482f6b1 filestore: create file store directory if needed 
This patch modifies the file store system to have it create the
file store directory if needed. It dos not create the full
directory tree as the parent directory must have already been
created.
 12 years ago
Eric Leblond 7b1d346c22 counters: management cpu set was set twice 
Setting the management CPU set on perf threads is already done in
the TmThreadCreateMgmtThread() function used to create the threads.
 12 years ago
Eric Leblond 84f2645e3e pcap-file: free thread var at deinit. 12 years ago
Eric Leblond 28b4bed141 tm-threads: fix potential access to NULL pointer. 12 years ago
Eric Leblond 1b26660ac4 counter: defensive set to NULL in free. 12 years ago
Eric Leblond 09b79cb5bf stream-tcp: fix double call to debug print function 12 years ago
Last G 8ae11f73b2 Added parentheses to fix Eclipse static code analysis 
Fixed bug in action priority (REJECT_DST had lowest prio)
 12 years ago
Last G e236351c52 Fixed missing "|" in "||" operation 12 years ago
Last G edcb8fdb87 Added parenthesis for right operation order 12 years ago
Last G 8bb9c3af35 Added return value to non-void function with "forever"-loop to fit 
Eclipse static code analysis
 12 years ago
Last G 6dd7b27ffc Added right return values to non-void functions with "forever" loop 
to fix Eclipse static code analysis
 12 years ago
Last G 56e0ab35e9 Fixes with missing return value in main function 12 years ago
Eric Leblond 40891223e9 list-keyword: detect non built keyword 
This patch update the glafs list to be able to indicate that a
flag is not supported. This information is used by list-keyword to
display information to the user.
 12 years ago
Eric Leblond 819debdce5 configure: use pkg-config for luajit 
If luajit includes or libs is not set in configure, we fallback to
pkg-config output.
 12 years ago
Eric Leblond e125869d30 configure: exit if luajit header are not found but build ask 12 years ago
Eric Leblond 8f13694988 luajit: no link with HTTP when not build. 
Even when not built-in, luajit is not linked with HTTP.
 12 years ago
Eric Leblond 6842545331 Add documentation url in list-keyword output. 
The output of the list-keyword is modified to include the url to
the keyword documentation when this is available. All documented
keywords should have their link set.

list-keyword can be used with an optional value:
 no option or short: display list of keywords
 csv: display a csv output on info an all keywords
 all: display a human readable output of keywords info
 $KWD: display the info about one keyword.
 12 years ago
Eric Leblond a9ffd82116 yaml: fix typo 12 years ago
Eric Leblond fa900a9f6b suricata: add information about BPF filter usage 12 years ago
Eric Leblond 7e14fe62f5 suricata: add '-V' info to usage message. 12 years ago
Eric Leblond fd3a1346e4 suricata: add build-info command to usage message. 12 years ago
Eric Leblond 4e0f5b7f02 suricata: don't display msg in list-keyword mode. 
In list-keywords and list-app-layer mode, suricata now only
displays the messages linked with the feature. This allow users
to redirect the output and easily work on it. For exemple, the
csv output will be easily imported into a spreadsheet.
 12 years ago