aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,670 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '3fbcacf9a8'
${ noResults }
Commit Graph

10670 Commits (3fbcacf9a884cdc647c5885be0b18b45645832f3)
 

Author SHA1 Message Date
Phil Young 3fbcacf9a8 napatech: documentation hardware based bypass support 
Napatech hardware bypass support enables Suricata to utilize
capabilities of Napatech SmartNICs to selectively bypass flow-based
traffic.
 5 years ago
Andreas Herz f1f3b03143 doxygen: update config from 1.8.4 to 1.8.17 5 years ago
Philippe Antoine 52970d8508 detect/parse: move spaces skip up the stack 
Switch to isspace() as well.
 5 years ago
Philippe Antoine 6663246563 parser: make rust probing parsers optional 5 years ago
Jeff Lucovsky 427ec4e739 decode: Fix typos/spelling 5 years ago
Jeff Lucovsky aec4e9a032 decode: Handle ERSPAN Type I 5 years ago
Victor Julien 99d48cc91f configure: update to match autoscan suggestions 5 years ago
Victor Julien a3ef1b307d configure: clean up func checks 5 years ago
Philippe Antoine af2a689a99 init: move main to a separate file 
so as to reuse code from suricata.c with fuzz targets
 5 years ago
Philippe Antoine bb42be7e08 fuzz: disable signal handlers while fuzzing 5 years ago
Philippe Antoine 47eba33110 init: make PostConfLoadedSetup global 
to be used by fuzz targets
 5 years ago
Philippe Antoine 913082941c init: fix PostConfLoadedSetup to use local suri ptr 5 years ago
Philippe Antoine d2b3668a68 init: InitGlobal function 
To be reused by fuzz targets
 5 years ago
Philippe Antoine f5190da67e util: UTHmemsearch to use memmem if defined 5 years ago
Philippe Antoine ce55d06569 check: Using const keyword for some arguments 
For ConfigSetLogDirectory and PrintRawLineHexBuf
 5 years ago
Philippe Antoine 12a3a24906 log: can use a file set from env variable 
Enables the redirection of log to a file set by an environment
variable SC_LOG_FILE when SC_LOG_OP_IFACE=file
 5 years ago
vanlink 2456f27d08 stream/reassembly: fix data overlap check 
Fix function CheckOverlap bug.
 5 years ago
Victor Julien aeefc82eb9 tls: fix missing extern logic for cert_id tracking 5 years ago
Victor Julien 62c0f3d2b4 stats: fix missing extern keyword 5 years ago
Victor Julien 903291f88a defrag: fix use of globals 5 years ago
Victor Julien 5c3c6c609c threading: fix queue handlers globals use 5 years ago
Victor Julien 3ae1854d2f htp: fix globals use for flags 5 years ago
Victor Julien 85289f3283 proto: fix globals use 5 years ago
Victor Julien 5e583f3a12 flow: fix global variable use 5 years ago
Victor Julien 29f54a34ae stream: fix global declaration of the config 5 years ago
Victor Julien 2436daccd9 threading/modules: fix global declarations 5 years ago
Victor Julien c5f4b41881 ippair: fix global declarations 5 years ago
Victor Julien 0a006d2258 host: fix global declarations 5 years ago
Victor Julien 29780d6164 mpm: fix global declarations 5 years ago
Victor Julien b89059bda7 detect: fix global declaration of sigmatch_table 5 years ago
Victor Julien 0118e07d57 spm: fix global declaration of spm_table 5 years ago
Victor Julien a12c0b499d threading: fix global declaration of threading_set_cpu_affinity 5 years ago
Victor Julien 45955d2e58 unix-socket: avoid using global variable w/o extern 5 years ago
Victor Julien a9a522fac3 decode: fix default-packet-size global variable 5 years ago
Victor Julien f68c255f09 nfs: implement post-GAP transaction cleanup 
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.
 5 years ago
Victor Julien 7709b90c16 detect/file-data: remove debug abort that wasn't reachable 5 years ago
Victor Julien ac8ceae9bf detect/file-data: fix function doc 5 years ago
Victor Julien 500e8da63a files: tracking flag update 
Improve flow file flags and file flags updates. Introduce a mask
that is set at start up to avoid lots of runtime checks.

Disable cocci flags check as it doesn't support the more dynamic
nature of the flag updates.
 5 years ago
Victor Julien a4a4d17ad0 app-layer/files: optimize GetFiles calls 
Remove FlowGetProtoMapping calls from the GetFiles wrapper and
get the alstate from the flow directly.
 5 years ago
Victor Julien d369e54f1d app-layer: all protocols are tx aware now 
So remove the runtime check for it.
 5 years ago
Timo Sigurdsson 1262ecbde0 init: Fix dropping privileges in nflog runmode 
Using the run-as configuration option with the nflog capture method
results in the following error during the startup of suricata:
[ERRCODE: SC_ERR_NFLOG_BIND(248)] - nflog_bind_pf() for AF_INET failed

This is because SCDropMainThreadCaps does not have any capabilities
defined for the nflog runmode (unlike other runmodes). Therefore, apply
the same capabilities to the nflog runmode that are already defined for
the nfqueue runmode. This has been confirmed to allow suricata start
and drop its privileges in the nflog runmode.

Fixes redmine issue #3265.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 5 years ago
Victor Julien 7810f22413 decode: remove pseudo packet checks 
Bug 1107 checks/hacks should not longer be needed, so remove them.
 5 years ago
Victor Julien 272a5f526b threading/queues: simplify error handling 5 years ago
Victor Julien dce227ec88 threading/queues: remove 256 queue limit 
Convert fixed size array to a dynamic TAILQ so we can
grow as needed.
 5 years ago
Victor Julien 0e3f27a87e threading: remove 'trans_q' array of packet queues 
Let the queues code set up PacketQueues on demand.
 5 years ago
Victor Julien efa8a69923 packet-queue: create alloc and free functions 5 years ago
Victor Julien 550cfdd98d threading: hide 'trans_q' from queue handlers 5 years ago
Victor Julien 45e5e19e6e threading/threadvars: optimize layout 
Make sure StatsPublicThreadContext is on its own cache line.
 5 years ago
Victor Julien e3fbdf1948 flowworker/stream: use no-lock packet queue 
Use smaller structure for temporary packet queues.
 5 years ago
Victor Julien f8aed4ce2d threading: change local packet queue logic 
Previously each 'TmSlot' had it's own packet queue that was passed
to the registered SlotFunc as an argument. This was used mostly for
tunnel packets by the decoders and by defrag.

This patch removes that in favor of a single queue in the ThreadVars:
decode_pq. This is the non-locked version of the queue as this is
only a temporary store for handling packets within a thread.

This patch removes the PacketQueue pointer argument from the API.
The new queue can be accessed directly through the ThreadVars
pointer.
 5 years ago