aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,105 Commits
8 Branches
165 Tags
229 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3d22713b09'
${ noResults }
Commit Graph

160 Commits (3d22713b09f850b7be97dc0f24aa325b297819e7)

Author SHA1 Message Date
Victor Julien 8999de2f93 Add proper RST handling to all TCP states. 15 years ago
Victor Julien 1578ef1e3e Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST. 15 years ago
Victor Julien 14ad853b94 Process a stream end pseudo packet when going from TIME_WAIT to CLOSED. 15 years ago
Victor Julien d0374ced38 Implement SACK in the stream engine. 15 years ago
Victor Julien 892a8a4985 Make stream inline use the chunk size settings. 15 years ago
Victor Julien 2dc057d1b1 Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record. 15 years ago
Victor Julien 4f5aad1476 Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates. 15 years ago
Victor Julien 936b34ddf6 Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet. 15 years ago
Victor Julien bc7e21aee6 Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic. 15 years ago
Eric Leblond 9be1f1a31c Use GET_PKT macros. 15 years ago
Victor Julien 174db08567 Force reassembly of unack'd data on receiving a valid RST packet. 15 years ago
Victor Julien b9429ecec1 Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set. 15 years ago
Victor Julien cb67d61ab5 Fix broken setup of end of stream pseudo packet. 15 years ago
Eric Leblond a8417377e7 Don't use direct pkt access 
pkt field in Packet needs to be accessed via macro. This
patch supress some direct access.
 15 years ago
Victor Julien 00e4dde6a6 Fix PKT_STREAM_EOF never being set, resulting in some raw stream chunks never being inspected. Improve debug output. 15 years ago
Victor Julien 1dca88fe69 Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine. 15 years ago
Victor Julien 3a774165fa Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly. 15 years ago
Victor Julien 8cacd5fe50 Fix the stream.inline config option. Set PKT_STREAM_EST flag also for packets that are part of a session in a state beyond TCP_ESTABLISHED. 15 years ago
Victor Julien a8bb98836b Don't handle and validate the TCP timestamp at the same time. Instead validate first, then later when all other validation has been done as well, handle. 15 years ago
Victor Julien 8d3f9c53a9 Minor cleanups. 15 years ago
Victor Julien 0f072648e6 Another iteration of the reassembly depth enforcement, now considering retransmissions. 15 years ago
Victor Julien 935958219d Rename RST validation function to match convention 15 years ago
Victor Julien 94fe0d5fa2 Add ACK validation to Reset/RST validation code. 15 years ago
Victor Julien 7af9c58af7 Improve ACK value validation, timestamp checking code. Overall layout. 15 years ago
Victor Julien 6ffb9da9be Better support ack/psh data packets on several states. Updates to ack validation code. 15 years ago
Victor Julien 25f5589078 First round of adding 'stream events'. Basic stream tracking events added. 15 years ago
Victor Julien 2849d2b1d3 Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data. 15 years ago
Victor Julien 3857154f4b Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state. 15 years ago
Gurvinder Singh 55a863359c support for pseudo packet creation from reassembled stream segments 15 years ago
Gurvinder Singh 2beb7af7f8 support for validating the ACK before updating the last_ack field and also update next_seq if we missed the last packet 15 years ago
Victor Julien c955254b4e Adapt stream code to packet memory allocation changes. 15 years ago
Victor Julien fadd6d6361 Add pseudo packet counter. 15 years ago
Victor Julien f606621e8c Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state. 15 years ago
Victor Julien 6482c34909 Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets. 15 years ago
Victor Julien 2072ad80af Never create a pseudo packet based on a pseudo packet. 15 years ago
Victor Julien 61a9936d55 Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected. 15 years ago
Gurvinder Singh 00f21f34e8 support for pseudo packet creation from reassembled stream segments 15 years ago
Victor Julien 8fa5a2c025 Split applayer and raw stream reassembly 
Split stream reassembly in 2 parts: a part that sends ack'd data to the app
layer parsers as soon as it's available, and another part that queues up
data into larger chunks for raw inspection.
 15 years ago
Victor Julien b5a5ef14b9 Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple. 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Eric Leblond 8471626916 Fix error message and adds information to config 
This patch fixes a typo in an error message and add some
information to the checksum verification option.
 15 years ago
Victor Julien c64b9362cf Remove unused stream flag. 15 years ago
Anoop Saldanha e47a9b59e9 accept tcp packets with syn+urg+push 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Victor Julien 0eb0d48f35 Disable broken unittests and fix one. 15 years ago
Victor Julien f1e6e80a1e Properly set tmp_ra_base_seq in streams. By Gurvinder. 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Victor Julien c25921edf0 Add config output for new stream settings. 16 years ago