aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,951 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3b13008c1b'
${ noResults }
Commit Graph

12951 Commits (3b13008c1b6b994df0ae3f702c24780fd253ec32)
 

Author SHA1 Message Date
Philippe Antoine 3b13008c1b mqtt: fix consumed bytes computation for truncated msg 
Ticket: 5268
 3 years ago
Victor Julien 3a7d09edfc detect/frame: get data using stream callback 
Inspect only data that has already been consumed by the
app-layer parser. This allows for simpler progress tracking.
 3 years ago
Victor Julien ffe036e881 frame: introduce entry for getting stream data for frame 3 years ago
Victor Julien 96bc11d0d0 stream: make raw data handling more generally usable 
Move raw detection logic out of main StreamReassembleRawDo() so that
it can be reused for other parts of the engine.

The caller now has to specify a right edge of the data.
 3 years ago
Victor Julien afb97d1dee stream: add offset to raw stream callback 
This gives the called function to understand where it is in the
stream.
 3 years ago
Victor Julien 205bc1e288 app-layer: disable stream app tracking on no parser 
If protocol has no parser enabled or implemented, disable the app
progress tracking in the stream engine to reduce the workload in
the stream engine.
 3 years ago
Philippe Antoine 8ecf7e403e source: pcap timestamp microsecond consistency 
That is it should be less than 1 000 000.
Have the same for fuzz targets where the bug came from.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44177
 3 years ago
Philippe Antoine 704bc878ea dcerpc: store consumed_bytes as i32 
As it can grow bigger than u16
 3 years ago
Philippe Antoine dfd17e9acc ike: fix integer underflow in parse_proposal 
By not restricting a usize to i16
 3 years ago
Philippe Antoine dccf2e4c30 detect: config checks alstate before getting tx 
Ticket: 4972

As is done in detect-lua-extensions.
We can have a flow with alproto unknown, no state, and therefore
cannot run AppLayerParserGetTx which could try to run a NULL
function
 3 years ago
Philippe Antoine 45d1a9ae77 detect: faster linked list copy 
In DetectAppLayerInspectEngineCopyListToDetectCtx
Avoid quadratic complexity by remembering last element
of the linked list we are inserting into
 3 years ago
Philippe Antoine 2a22b4ca1f flow: fix integer warnings 
Ticket: 4516
 3 years ago
Philippe Antoine 1cc9762b6a host/ippair: fix integer warnings 
Ticket: 4516
 3 years ago
Philippe Antoine b1eaa1e8cd util: using size_t len for byte utils 
Ticket: 4516

Like ByteExtractStringUint64, because most of their inputs come
from strlen which returns a size_t
 3 years ago
Philippe Antoine f30975fb16 app-layer: fix integer warnings 
Ticket: 4516
 3 years ago
Victor Julien 1c8559b3ab debug: support %m output format again 
Use thread local storage to avoid the previous dead lock issues.
 3 years ago
Victor Julien ce4e543719 threading: simplify thread name logic 3 years ago
Victor Julien 93d5bce0aa rust: update regex & memchr dependencies 
Bug: #5260.
 3 years ago
Victor Julien 053a9d2e68 smb/ntlmssp: add stricter len/offset validation 3 years ago
Philippe Antoine 3e48881b78 smb: prevents integer underflow 
Ticket: 5246

If msg_id is 0, we cannot find the previous request
 3 years ago
Philippe Antoine e72036f12f smb: ntlmssp domain_blob_offset underflow check 
Ticket: 5246
 3 years ago
Philippe Antoine 817a5001a5 smb: check on param parsing 
Ticket: 5246

so as not to overflow u16
 3 years ago
Victor Julien 013fb2dde3 frames: remove dead condition in eof check 3 years ago
Victor Julien 86e8611f5e app-layer: don't switch dir if proto already known 3 years ago
Victor Julien 7b55f8b2e3 fuzz/sigpcap_aware: set pkt_src to wire 
Avoids an assert if DEBUG is compiled in:

fuzz_sigpcap_aware: source-pcap-file.c:420: TmEcode DecodePcapFile(ThreadVars *, Packet *, void *): Assertion `!(p->pkt_src != PKT_SRC_WIRE && p->pkt_src != PKT_SRC_FFR)' failed.
 3 years ago
Victor Julien 61df4120da detect/frame: improve assert accuracy 
Handle frames of unknown size correctly.

Bug: #5226.
 3 years ago
Victor Julien c824804e2b eve: allow /dev/null in threaded mode 
Avoids creation of actual files called /dev/null.N which take
up space in /dev/ which lives in memory.
 3 years ago
Victor Julien 5deb479f4c flow: cleanup locking debug leftovers 3 years ago
Victor Julien 57533d3e47 flow: fix and simplify locking 
Since:

9551cd0535 ("threading: don't pass locked flow between threads")

`MoveToWorkQueue()` unconditionally unlocks the flow. This allows simpler
locking handling, including of tcp reuse flows.

The simpler logic also fixes a scenario where TCP reuse flows got "unlocked"
twice, once in `FlowGetFlowFromHash()` and once in `MoveToWorkQueue()`.

Bug: #5248.
Coverity: 1494354.
 3 years ago
Sascha Steinbiss 7eb279ac53 mqtt: remove redundant "where" keyword 3 years ago
Sascha Steinbiss d63e5b8c51 mqtt: make some functions non-public 3 years ago
Sascha Steinbiss 2a3ed9a6ae mqtt: rustfmt 3 years ago
Sascha Steinbiss 1ba62993d5 mqtt: raise event on parse error 3 years ago
Sascha Steinbiss 5618273ef4 mqtt: ensure we do not request extra data after buffering 
This addresses Redmine bug #5018 by ensuring that the parser
never requests additional data via the Incomplete error, but to
raise an actual parse error, since it is supposed to have all
the data as specified by the message length in the header already.
 3 years ago
Philippe Antoine e3180e3248 output: fix integer warnings 
Ticket: 4516
 3 years ago
Philippe Antoine acbe6a33a2 ssh: install app-layer events rules 3 years ago
Philippe Antoine 0cba561fec detect: not an iponly signature if it needs app-layer 
Ticket: 4972

This may happen with `config` keyword which is postmatch,
but may require a transaction
 3 years ago
William Harding f0528afc2d doc/userguide: sphinx syntax correction 3 years ago
Juliana Fajardini a6bda3596b unittests: alloc Packet with PacketGetFromAlloc 
Some unittests used SCMalloc for allocating new Packet the unittests.
While this is valid, it leads to segmentation faults when we move to
dynamic allocation of the maximum alerts allowed to be triggered by a
single packet.

This massive patch uses PacketGetFromAlloc, which initializes a Packet
in such a way that any dynamic allocated structures within will also be
initialized.

Related to
Task #4207
 3 years ago
Shivani Bhardwaj 6d2a2a0731 detect/dataset: fix space condition in rule lang 
If there is a space following a keyword that does not expect a value,
the rule fails to load due to improper value evaluation.
e.g. Space after "set" command
alert http any any -> any any (http.user_agent; dataset:set  ,ua-seen,type string,save datasets.csv; sid:1;)

gives error
[ERRCODE: SC_ERR_UNKNOWN_VALUE(129)] - dataset action "" is not supported.

Fix this by handling values correctly for such cases.
 3 years ago
Shivani Bhardwaj 7366396011 detect/dataset: cleanup dead code 3 years ago
Victor Julien 2b5eeab7d4 detect/urilen: don't pass null pointer to pcre2 free 
Bug #5228.
 3 years ago
Victor Julien 087151ddc3 detect/mpm: initialization micro optimization 3 years ago
Victor Julien 54a6dd09dd detect: pattern id assignment through hash table 
Only consider active part of the pattern for mpm (so consider chop).

Move data structure to hash list table over the custom array logic.
 3 years ago
Victor Julien a14854bce9 detect: keyword list to hash to improve perf 
Since the switch to pcre2 this was much more heavily used, which
would lead to measurable time spent in list handling.
 3 years ago
Victor Julien 9e6370ae2e detect: optimize mpm-engine setup 
Instead of a loop over the rules in a group *per engine* do a single
loop in which all the engines are prepared in parallel.
 3 years ago
Victor Julien 3352c0bee4 detect: initialization optimization 
A lot of time was spent in `SigMatchListSMBelongsTo` for the `mpm_sm`.

Optimize this by keeping the value at hand during Signature parsing and
detection engine setup.
 3 years ago
Victor Julien b804a84c93 hash: constify data input 3 years ago
Victor Julien 4b0e3d79bb detect/analyzer: support frames in pattern dump 3 years ago
Victor Julien 47629b7aeb detect/filemagic: don't pass unused pointer 3 years ago