aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,553 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4464657ca2'
${ noResults }
Commit Graph

3553 Commits (4464657ca29fabb194a0b7430d22f30928453780)
 

Author SHA1 Message Date
Victor Julien 98484ffdcc luajit: prealloc lua states to increases chances of alloc success. Luajit requires them to be in memory <2GB. 12 years ago
Victor Julien f962e3de29 pool: only alloc one large block if it will actually be used. 12 years ago
Victor Julien 6f7e527e92 luajit: fix crash at shutdown / rule reload if lua script didn't properly init. 12 years ago
Eric Leblond 8192f6ce8c Add missing include in flow-manager 
DefragTimeoutHash was not declared before being used.
 12 years ago
Victor Julien 44b7d5551a luajit: fix crash if luaL_newstate fails 12 years ago
Victor Julien b29971bc92 luajit: buffer selection fixes 12 years ago
Victor Julien fcc21ae4cc http: fix multipart parsing bug 12 years ago
Victor Julien 8f337a3904 stream: never resend reassembled data to app layer. 12 years ago
Victor Julien 9a4b612126 app layer events: prefilter sigs that need an event 12 years ago
Victor Julien 575c87aeba engine events: prefilter sigs that need a event 12 years ago
Eric Leblond 5f12b23469 af-packet: little code cleaning 
This patch cleans the code were two almost identical treatment on
the packet we're made. It may be linked by a merge error I've done
or to a simple mistake on my side.
 12 years ago
Eric Leblond 0581a23f3c af-packet: fix IPS mode 
There was an inversion in code resulting as all sockets being seen
as non IPS mode when doing the peering. This resulted in a crash at
first packet because it has no peer.
 12 years ago
Eric Leblond 566674ae4a Fix logic operator. 
Previous patches on the same subject did not fixed this error as it
was undetected because the code was not compiled on my setup.
 12 years ago
Victor Julien 7a044a99ee Defrag engine 
Big rewrite of defrag engine to make it more scalable and fix some
locking logic flaws.

Now uses a hash of trackers similar to Flow and Host hashes.
 12 years ago
Victor Julien c91c359692 profiling: fix build on older systems 12 years ago
Eric Leblond 794bfc590c autotools: fix doc install on old systems. 12 years ago
Victor Julien 7babb35aeb profiling: remove obsolete unit test 12 years ago
Eric Leblond cdbc9be1c3 pf_ring: set cluster_id even if only one thread is used. 12 years ago
Victor Julien 1f92307517 profiling: minor cleanup 12 years ago
Victor Julien 3da3e3264c profiling: make sure counters are reset after a reload. 12 years ago
Victor Julien 2343ff8950 profiling: fix memory error in case of rule reload. 12 years ago
Victor Julien ec7e79c748 Rule profiling update 
- Remove usage of counters api.
- Store stats in detect engine thread ctx to remove locking
- Support rule reloads
 12 years ago
Victor Julien ba6f564296 luajit: add http.uri.raw, cookie, ua, headers, headers.raw buffers. 12 years ago
Eric Leblond 9c28cd40fd Fix build if luajit is not available. 12 years ago
Eric Leblond 937ba71491 defrag: don't return after a cleaning. 
This patch changes the policy of the timeout function by cleaning
every timeouted trackers.
Previous code was only freeing the first tracker and this was resulting
in calling the timeout function continuously. One of my previous patch
has modified the function to avoid to run it more than twice a second.
But as it was not taken into account the fact only the first tracker was
freed, the result was that a lot of tracker could not be allocated.
 12 years ago
Victor Julien b6834cb6b2 luajit: support http.request_body (http_client_body) and http.response_body (file_data/http_server_body). 12 years ago
Victor Julien 42646579a8 luajit: clean up initialization 12 years ago
Eric Leblond c55b618bd4 Install documentation with 'make install'. 12 years ago
Eric Leblond 619014a280 pool: rename Free function to Cleanup 
This patch renames Free functions to Cleanup as the free is made
by the pool system.
 12 years ago
Eric Leblond f241312a36 defrag: don't use message for repetitive error 
When nothing can be fetch from the pool, this can repeat frequently.
Thus displaying a message in the log will not help. This patch
uses a counter instead of a log message. As this is a sort of memcap
this is conformed to what is done for other issues of the same type.
 12 years ago
Eric Leblond 6303b5d987 SC_LOG_ERROR is not an error. 12 years ago
Eric Leblond d51dd6a30e Fix warning about unused return of SC_ATOMIC func. 12 years ago
Eric Leblond c4f9d0e0e1 Fix invalid usage of operator. 12 years ago
Eric Leblond 7af9fd7735 freebsd: fix warning about redeclaration. 12 years ago
Eric Leblond 4d2305c0a8 freebsd: fix warning 12 years ago
Eric Leblond 6d55446655 ipfw: avoid critical error for broadcast 
In some setup, suricata may receive broadcast packets and the call
to sendto may fail if the wrong interface is choosen by kernel.
This patch change the error treatment to avoid to leave when
this problem occurs.
 12 years ago
Eric Leblond 41cb365a39 ipfw: add missing include 12 years ago
Eric Leblond ec2445702c autotools: fix default path for magic file. 12 years ago
Eric Leblond e168824d80 freebsd: fix function usage. 
The unlock function was not correctly used in error treatment.
 12 years ago
Jason Ish ea020e2be6 Do not trim the FCS, pcaps converted to ERF will have have an FCS. 12 years ago
Eric Leblond 4a1a008009 af-packet: fix looping in ring buffer. 
A crash can occurs in the following conditions:
 * Suricata running in other mode than "workers"
 * Kernel fill in the ring buffer
Under this conditions, it is possible that the capture thread reads
a packet that has not yet released by one of the treatment threads
because there is no modification done on the ring buffer entry when
a packet is read. Doing, this it access to memory which can be
released to the kernel and modified. This results in a kind of memory
corruption.

This bug has only been seen recently and this has to be linked with the
read speed improvement recently made in AF_PACKET support.

The patch fixes the issue by modifying the tp_status bitmask in the
ring buffer. It sets the TP_STATUS_USER_BUSY flag when it is confirmed
that the packet will be treated. And at the start of the read, it exits
from the reading loop (returning to poll) when it reaches a packet with
the flag set. As tp_status is set to 0 during packet release the flag
is destroyed when releasing the packet.

Regarding concurrency, we've got a sequence of modification. The
capture thread read the packet and set the flag, then it passes the
queue and the packet get processed by other threads. The change on
tp_status are thus made at different time.

Regarding the value of the flag, the patch uses the last bit of
tp_status to avoid be impacting by a change in kernel. I will
propose a patch to have TP_STATUS_USER_BUSY included in kernel
as this is a generic issue for multithreading application using
AF_PACKET mechanism.
 12 years ago
Victor Julien 0d55950840 luajit: add http.uri and http.request_line buffers. 12 years ago
Victor Julien 597b6db8f2 luajit: fix filtering payload or pkt when not available yet 12 years ago
Victor Julien 69186cda12 luajit: force scripts to have 'init' function that returns a table of 'needs' such as packet or payload. 12 years ago
Victor Julien fca70730a9 Update changelog for 1.4beta1 12 years ago
Eric Leblond cd8d215724 pool: improve error handling 
Error handling during Pool creation was not perfect as a PoolBucket
could leak.
 12 years ago
Victor Julien 829d975d63 Make sure defrag pool sizes are not initialized to 0, see #540. 12 years ago
Eric Leblond 01d3c14449 tls: fix error handling 
Handling of error case was correct as pointed out by Coverity
717439.
 12 years ago
Eric Leblond 41c72a537a tls: avoid double close. 
This should fix issue 717441 reported by Coverity.
 12 years ago
Eric Leblond 4e6a4c65f6 defrag: be sure to output NULL tracker 
Coverity 720337 pointed out a use after free. We can't be dependent
to HashListTableAdd outputting a NULL tracker.
 12 years ago