aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,553 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4464657ca2'
${ noResults }
Commit Graph

3553 Commits (4464657ca29fabb194a0b7430d22f30928453780)
 

Author SHA1 Message Date
Victor Julien 4464657ca2 remove reference to non-existing file from Makefile.am 13 years ago
Victor Julien a01130d2ed packet src: move pkt_src field up in the structure to fix in an existing hole (found with pahole -C Packet_ src/.libs/suricata). 13 years ago
Anoop Saldanha b33986c887 Add a packet src for every packet generated inside suricata. 13 years ago
Eric Leblond 58bf4ea4a4 nfq: fix detection of type nfq_get_payload function. 13 years ago
Eric Leblond 19756488ab nfq: close the queue when leaving acquisition. 
This patch adds a call to close the queue when the acquisition
loop is ending. This way the incoming packets will be accepted
during all the shutdown phase (if the queue-bypass option of
NFQUEUE is used). At the same time the currently processed packets
will be dropped but the time scale are different: suricata will
drop 20 ms of packets and the shutdown can take 0.5 seconds.

Patch based on an idea of Victor Julien.
 13 years ago
Victor Julien 75cddabd8a fast_pattern: don't consider http_method, http_stat_code and http_stat_msg when automatically giving preference to a HTTP pattern over a stream pattern. 13 years ago
Eric Leblond 928ade1d04 pf-ring: suppress unused variable. 13 years ago
Eric Leblond c3b9a5e97f pf-ring: add missing header. 13 years ago
Eric Leblond 7731cef782 pf-ring: protect definition of (un)likely 
This patch makes (un)likely declared if and only if they are not
declared before.
 13 years ago
Anoop Saldanha fd977601b6 fix for bug #574. 
More of a temporary solution to prevent any possible FPs.  Disable content
inspection bypass for mpm patterns.
 13 years ago
Anoop Saldanha 51c9955c79 fix for bug #577. 
If a pattern has matched on mpm, don't re-inspect it later, subject to certain
conditions met by the pattern - namely, not negated, right chop, no replacet
attached to it.
 13 years ago
Victor Julien 6e0f8a3cb5 htp: update version numbers of bundled htp 13 years ago
Victor Julien aa4ae98d37 http: fix multipart parsing leading to missing chunks of files in file extraction. 13 years ago
Anoop Saldanha 028c6c1782 Make available custom features of libhtp. 
The power of libhtp customisation now available to users.

Options available -

path-backslash-separators: yes
path-compress-separators: yes
path-control-char-handling: none
path-convert-utf8: yes
path-decode-separators: yes
path-decode-u-encoding: yes
path-invalid-encoding-handling: preserve_percent
path-invalid-utf8-handling: none
path-nul-encoded-handling: none
path-nul-raw-handling: none
set-path-replacement-char: ?
set-path-unicode-mapping: bestfit

You can use this for your libhtp customisation.  Options explained in our
wiki.

https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Advanced_libhtp_customization
 13 years ago
Anoop Saldanha 340542c44e refactor htpconfigure() 13 years ago
Victor Julien 33b0b07107 bug #572: make sure we use profiling fallback for all architectures except x86_64 and i386. 13 years ago
Victor Julien 50da0e80d5 Fix flow keyword compilation failure. 13 years ago
Anoop Saldanha 3d74fa964a Update all flow referencing to use the new FlowReference and FlowDeReference 
macros.
 13 years ago
Anoop Saldanha 6c68f86b8c fix for bug #557. 
In FFRv2, dereference flow from a packet using the new reference/dereference
util macros.  This allows the decr use_cnt for flow and reseting the flow
pointer to NULL for the pseudo pkt to happen simultaneously, in case there we
fail to retrieve a pseudo_packet and have to return the already obtained
pseudo packets, back to the packetpool.
 13 years ago
Anoop Saldanha 88e89d6302 Introduce utility flow macros to help referencing/dereferencing flows. 13 years ago
Anoop Saldanha 4d501778e9 fix for bug #557. 
Reset hhd buffers list len if we exit before allocating the buffer.
 13 years ago
Anoop Saldanha 855726f372 fix for bug #575. 
If sig has no_stream set, don't mask it as requiring flow.  Should get rid of
FNs any.
 13 years ago
Victor Julien 1598425a40 detect: properly store a stateful match if it happens at the start of inspection 13 years ago
Victor Julien c3f4f8d46a Dead code cleanup. Coverity 728047, 728048, 728049. 13 years ago
Victor Julien ee5d6fdb6f profiling: fix some profiling info missing from output 13 years ago
Eric Leblond ffbbff9d6c tm-thread: detect thread death 
When a thread is dead at init the THV_INIT_DONE flag is not set
and the spawn function can freeze (see bug #553 for an example).
In this case THV_RUNNING_DONE is set and we can also check on this
state for leaving the function. This should fix #bug553
 13 years ago
Victor Julien af7f4b347d threshold: improve comments of shipped threshold.config, add links to wiki. 13 years ago
Anoop Saldanha 4e3b206f7b fix http server/client body handling. Update body status based on tx state. 13 years ago
Victor Julien 82fc61770b threshold: allow threshold.config to override rule 
Allow threshold.conf to override rule thresholds in the following
cases:

- threshold.config rule uses threshold or event_filter AND
- threshold.config rule applies to a single signature (so no
  gid 0 or sid 0)

Confirmed to work with both threshold and detection_filter rule
keywords.

Part of bug #425.
 13 years ago
Victor Julien a0c43a8a1c Minor parsing cleanups in detect-engine options. 13 years ago
Victor Julien b6f573d9cb yaml: add addr and port vars commonly used by ET/ETpro 13 years ago
Eric Leblond 28ca36acf7 coccinelle: add test on malloc error check. 
This patch adds a coccinelle code check on SCMalloc, SCCalloc and
SCStrdup and other memory handling functions. It verifies that the
error checking is made.
 13 years ago
Eric Leblond 9f13572843 Fix indentation of win32 files. 13 years ago
Eric Leblond 710d237724 Add missing sctrdup test 13 years ago
Eric Leblond 3d2998a9cf coccinelle: don't test UNITTEST code 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Eric Leblond d292004880 Add some missing checks of SCStrdup return. 13 years ago
Eric Leblond 655577cbbc Add some missing checks of SCMalloc return. 13 years ago
Victor Julien d8667448c1 threshold: allow suppression for sigs with threshold set. Part of #425. 13 years ago
Anoop Saldanha f9a6c890d4 fix for #529 
Respect pcre's anchor during content inspection.
 13 years ago
Anoop Saldanha 19e8f82f25 Unittest to display #bug 529. pcre anchor not respected 13 years ago
Anoop Saldanha b0b4052860 detect-pcre.c cleanup. Delete old pcre functions that we no longer use. 13 years ago
Eric Leblond 680e941a8f af-packet: clean APFPacketVar before release. 
This patch resets the AFPPacketVar linked to a Packet in the release
function to avoid any side effect when the packet is reused. To do
so a new AFPV_CLEANUP macro has been introduced.
 13 years ago
Eric Leblond 775f379e2b decode: clean release function 13 years ago
Anoop Saldanha 21f92c0a89 Give priority to non stream content over stream content when selecting fast 
pattern.
 13 years ago
Victor Julien a08a0e9161 Minor output cleanup 13 years ago
Victor Julien abc3f903f9 Fix defrag compilation warning. 13 years ago
Victor Julien 525367113a Fix compilation if luajit is disabled. 13 years ago
Victor Julien d1abd552e9 luajit: correct offset passed to script for lua's array idx starting at 1. Add http.response_headers and http.response_headers.raw buffers. 13 years ago
Victor Julien 20d2db085e reintroduce pool free func for cases where block alloc is not used. 13 years ago