aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,083 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '405baa3cb2'
${ noResults }
Commit Graph

5083 Commits (405baa3cb2e7864171e1568584d560e99521935c)
 

Author SHA1 Message Date
Alexander Gozman 405baa3cb2 Fix compile-time error on old kernels and ethtool.h 11 years ago
sxhlinux 546ae9737b Update log-file.c 
test whether tx_ud is NULL
 11 years ago
Victor Julien 7ee2aa9c90 Add initial travis-ci integration. 11 years ago
Victor Julien 3beaa80aa2 Fix __thread configure check on Clang 
AC_TRY_COMPILE puts the code in a function already, and Clang didn't like
the function within the function declaration. This lead to test failure.

Clang now properly detects __thread support.
 11 years ago
Victor Julien a9282ed7f7 valgrind/magic: add suppression for known issue 
Add suppression for Ubuntu 14.04 64bit.
 11 years ago
Ken Steele f2e777e3a5 Fix lowercase table initialization (bug 1221) 
The for loop needed to check for < 256, not < 255.
 11 years ago
Victor Julien 1419e400a1 Update Changelog for 2.0.2 release 11 years ago
Victor Julien 1177d48920 lua: fix liblua use on OS X with macports 
Set the correct lua pkg-config name used by macports.
 11 years ago
Victor Julien 27eb0f450a defrag: fix timeout setting when config is missing 
When the config is missing, DefragPolicyGetHostTimeout will default
to returning -1. This will effectively set no timeout at all, leading
to defrag trackers being freed too early.
 11 years ago
Eric Leblond 97ca02f0c5 defrag: fix reconstruction 
This patch is fixing an issue in defragmentation code. The
insertion of a fragment in the list of fragments is done with
respect to the offset of the fragment. But the code was using
the original offset of the fragment and not the one of the
new reconstructed fragment (which can be different in the
case of overlapping segment where the left part is trimmed).

This case could lead to some evasion techniques by causing
Suricata to analyse a different payload.
 11 years ago
Eric Leblond 09fd7060ec unix socket: fix valgrind issue 
This patch fixes the following issue reported by valgrind:
 31 errors in context 1 of 1:
 Conditional jump or move depends on uninitialised value(s)
    at 0x8AB2F8: UnixSocketPcapFilesCheck (runmode-unix-socket.c:279)
    by 0x97725D: UnixCommandBackgroundTasks (unix-manager.c:368)
    by 0x97BC52: UnixManagerThread (unix-manager.c:884)
    by 0x6155F6D: start_thread (pthread_create.c:311)
    by 0x6E3A9CC: clone (clone.S:113)

The running field in PcapCommand was not initialized.
 11 years ago
Eric Leblond a33d1e28e9 unix-manager: fix crash when client disconnect 
This patch fixes an issue in unix socket handling. It is possible
that a socket did disconnect when analysing a command and because
the data treatment is done in a loop on clients this was leading
to a update of the list of clients during the loop. So we need
in fact to use TAILQ_FOREACH_SAFE instead of TAILQ_FOREACH.

Reported-by: Luigi Sandon <luigi.sandon@gmail.com>
Fix-suggested-by: Luigi Sandon <luigi.sandon@gmail.com>
 11 years ago
Ken Steele 6ebc20f6d8 Rework Tile CPU affinity setting to handle non-contiguous sets of CPUs. 
It is possible to have a non-contiguous CPU set, which was not being
handled correctly on the TILE architecture.

Added a "rank" field in the ThreadVar to store the worker's rank separately
from the cpu for this case.
 11 years ago
Mats Klepsland 1f3fbbc992 Fix bug #1206 
PF_RING ZC uses clusters in the same way as PF_RING DNA. Therefore,
this bug can be fixed as it was fixed for DNA (bug #598).
 11 years ago
Victor Julien 896b61452c htp: make htp state handling function more robust 
Also, fix wrong cast that worked only by luck.
 11 years ago
Victor Julien eff85aba5e http: remove BUG_ON(1) statement 
Remove BUG_ON(1) statement that was a leftover from debugging.

Bug #1189
Bug #1212
 11 years ago
Alessandro Guido 13448aca1c Fix issue #1214 
When applying wildcard thresholds (with sid = 0 and/or gid = 0) it's wrong
to exit on the first signature already having an event filter. Indeed,
doing so results in the theshold not being applied to all subsequent
signatures. Change the code in order to skip signatures with event
filters instead of breaking out of the loop.
 11 years ago
Victor Julien f01027e972 Fix libcap-ng configure typo. 11 years ago
Victor Julien 9de536efdb Bug 1098: improve invalid pcre/R handling 
When not using a file_data or similar 'sticky buffer', a pcre/R option
needs a content in the same buffer.
 11 years ago
Giuseppe Longo 8db3f214f0 nflog: fix memory leaks 
This fixes the following memory leaks:

[src/source-nflog.c:222]: (error) Memory leak: ntv
[src/source-nflog.c:236]: (error) Memory leak: ntv
[src/source-nflog.c:253]: (error) Memory leak: ntv
[src/source-nflog.c:258]: (error) Memory leak: ntv
 11 years ago
Victor Julien 43c5b949d2 cygwin: fix lua configure 
Fix lua configure for cygwin. Tested with lua 5.1.5.
 11 years ago
Victor Julien cc54250cf9 Fix live reload segv when startup isn't complete 
If a live reload signal was given before the engine was fully started
up (e.g. pcap file thread waiting for a disk to spin up), a segv could
occur.

This patch only enables live reloads after the threads have been
started up completely.
 11 years ago
Victor Julien 2c20c9d409 Fix Coverity 1220098 and 1220099 
*** CID 1220098:  Missing unlock  (LOCK)
/src/log-droplog.c: 195 in LogDropLogNetFilter()
189         SCMutexLock(&dlt->file_ctx->fp_mutex);
190
191         if (dlt->file_ctx->rotation_flag) {
192             dlt->file_ctx->rotation_flag  = 0;
193             if (SCConfLogReopen(dlt->file_ctx) != 0) {
194                 /* Rotation failed, error already logged. */
>>>     CID 1220098:  Missing unlock  (LOCK)
>>>     Returning without unlocking "dlt->file_ctx->fp_mutex".
195                 return TM_ECODE_FAILED;
196             }
197         }
198
199         if (dlt->file_ctx == NULL) {
200             return TM_ECODE_FAILED;

*** CID 1220099:  Dereference before null check  (REVERSE_INULL)
/src/log-droplog.c: 199 in LogDropLogNetFilter()
193             if (SCConfLogReopen(dlt->file_ctx) != 0) {
194                 /* Rotation failed, error already logged. */
195                 return TM_ECODE_FAILED;
196             }
197         }
198
>>>     CID 1220099:  Dereference before null check  (REVERSE_INULL)
>>>     Null-checking "dlt->file_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
199         if (dlt->file_ctx == NULL) {
200             return TM_ECODE_FAILED;
201         }
202
203         char srcip[46] = "";
204         char dstip[46] = "";
 11 years ago
Victor Julien 8a77e6bc8e Fix Coverity 1220097 
*** CID 1220097:  Missing unlock  (LOCK)
/src/log-file.c: 160 in LogFileWriteJsonRecord()
154             }
155         }
156
157         /* Bail early if no file pointer to write to (in the unlikely
158          * event file rotation failed. */
159         if (aft->file_ctx->fp == NULL) {
>>>     CID 1220097:  Missing unlock  (LOCK)
>>>     Returning without unlocking "aft->file_ctx->fp_mutex".
160             return;
161         }
162
163         FILE *fp = aft->file_ctx->fp;
164         char timebuf[64];
165         AppProto alproto = FlowGetAppProtocol(p->flow);
 11 years ago
Jason Ish fc2014ab40 Unregister for file rotation notification when a context is 
de-initialized.  Required for unix-socket mode where
contexts come and go.
 11 years ago
Jason Ish e1b97fed70 Add signal based file rotation for: 
- alert debug log
- fast log
- stats log
- dns log
- drop log
- file log
- http log
- tls log
- eve/json log
 11 years ago
Jason Ish 0a33e73417 Add macros for access to the underlying buffer and offset. 
Useful for using passing the buffer through to another writer
such as LogFileCtx.
 11 years ago
Jason Ish c1b6894ce3 Add a rotation flag to LogFileCtx which loggers can use to register 
for log rotation.  Have the LogFileCtx handle the log rotation.
 11 years ago
Jason Ish 698a0f7f48 Registration for SIGHUP notification - for loggers interested 
in file rotation on SIGHUP.
 11 years ago
Victor Julien 25cbf36d40 lua/luajit: use HAVE_LUA mostly 
Only use HAVE_LUAJIT if things are done differently from HAVE_LUA,
like in the states pool.
 11 years ago
Victor Julien 7396237c2a lua: deal with FreeBSD and OpenBSD 
FreeBSD pkg-config lua-5.1.pc, lib liblua-5.1.so
OpenBSD pkg-config lua51.pc, lib liblua5.1.so

Default (linux) pkg-config: lua5.1.pc, lib liblua5.1.so
 11 years ago
Victor Julien e366c62cf0 lua: support regular lua C library 
Not all systems have luajit or a need for luajit. For low bandwidth
and offline support regular lua may be sufficient.
 11 years ago
Victor Julien a7118a4ff3 profiling: use wider columns in keyword output 
Use wider columns in keyword output so that even on high end sensors
the stats tables remain readable.
 11 years ago
Noam Meltzer e873443adb fix regression in 'make distclean' due to commit cd305c3a 
the files under scripts/suricatasc/src are actual sources and should not
be cleaned
 11 years ago
jeka dc1599e0dc bugfix in debug mode: 
removed function calls from SCReturnX macros
 11 years ago
Victor Julien 0765bcc73e nflog: set socket timeout 
Set socket timeout so that we can exit if there is no traffic.

It would hang after the SIGINT signal, until packets arived.
 11 years ago
Victor Julien 26c0915375 nflog: warn if buffer-size is larger than max-size 
If buffer-size is larger than max size, give a warning and adjust
buffer-size to max-size.
 11 years ago
Victor Julien 462f9de134 dns: unify type to string logging utility 
Both DNS loggers had their own CreateTypeString. This patch unifies
them.
 11 years ago
Victor Julien 5e87257845 dns: add names for common types 
Add names for SRV, NAPTR, DS, RRSIG, NSEC, NSEC3 types.
 11 years ago
Victor Julien 0bbec75764 nflog: fix typo rising->raising 11 years ago
Victor Julien 0857a60fce nflog: improve error handling on NOBUFS 
Don't fall through to handle_packet on any NOBUFS condition. Make
sure we catch all NOBUFS.
 11 years ago
Giuseppe Longo 4d72911e17 This patch adds the fields into PacketVars struct to setup a packet from a nflog message 11 years ago
Giuseppe Longo 4dda018ede Adds nflog option 11 years ago
Giuseppe Longo 0368d5e4a4 Declare a wrapper to parse group option for nflog 11 years ago
Giuseppe Longo c35432b265 Implements NFLOG runmode 11 years ago
Giuseppe Longo 2ad8a8e111 Bootstraping NFLOG capture mode 11 years ago
Giuseppe Longo 0162e7e809 Adds nflog error code 11 years ago
Giuseppe Longo d213d89981 Updating the Tmm Id for declaration of nflog capture mode 11 years ago
Giuseppe Longo 62aaae24fd Adds a configuration example for nflog support in suricata.yaml 11 years ago
Giuseppe Longo 4851568a41 Checks if libnetfilter_log is found on the system 
and enable it if it's specified.
 11 years ago