aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,372 Commits
12 Branches
155 Tags
192 MiB
dependabot/github_actions/actions/upload-artifact-4.6.1
dependabot/github_actions/codecov/codecov-action-5.4.0
dependabot/github_actions/github/codeql-action-3.28.10
dependabot/github_actions/actions/download-artifact-4.1.9
dependabot/github_actions/ossf/scorecard-action-2.4.1
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4c7f55e636'
${ noResults }
Commit Graph

11372 Commits (4c7f55e636e2c08f8d96c5e02b1a1f5c4045fd8f)
 

Author SHA1 Message Date
Shivani Bhardwaj 4c7f55e636 dcerpc: handle gap for TCP streams 5 years ago
Jason Ish 6cff558663 dns: add tailing data to split tcp unit test 
Add trailing data to the complete payload to test the case
where data is consumed, but still incomplete.
 5 years ago
Jason Ish cc154ce152 dns: fix subtraction overflow in debug message 
The math for the return value wasn't updated in the debug log
to match the logic and could lead to a subtraction overflow
 5 years ago
Philippe Antoine 80ccbff28a dns: return status from parsing tcp request 5 years ago
Philippe Antoine 1296740471 dns: fix incomplete results 
and messages parsing whose length is >= 32768
 5 years ago
James Dutrisac 8d5e54c046 pcap: recusively reading pcaps / documentation 
Changes to doc/userguide/partials/options.rst for feature 2363
   (reading pcaps recursively)
 5 years ago
James Dutrisac db5b73d9d6 pcap: read directories recursively 
Describe Changes
- Added ability to recursively read pcap directories
- src/suricata.c: addition of new command line parameter
    --pcap-file-recursive
- src/source-pcap-file.c: parsing of the command line argument
- src/source-pcap-file-directory-helper.h: two thread vars tracking
    directory depth and should recurse
- src/util-error.c / src/util-error.h:
   Added new warning code "SC_WARN_PATH_READ_ERROR"
- Redmine ticket: https://redmine.openinfosecfoundation.org/issues/2363

Ticket: #2363
 5 years ago
James Dutrisac 5a92d0a704 path: introduce path handling util funcs 
This commit provides changes to util-path.c and util-path.h
to support the recursive reading of directories. It adds
4 functions.
- SCIsRegularFile to provide OS independent file info.
- SCIsRegularDirectory to provide OS independent directory info.
- SCRealPath is an OS independent wrapper for realpath.
- PathJoin to manage path resolution logic.
 5 years ago
Philippe Antoine 3cfc1fcb07 stream/app-layer: break loop on proto change 5 years ago
Shivani Bhardwaj c9a637d854 datasets: fix null pointer deref 5 years ago
Shivani Bhardwaj a8f147d17a datasets: Init even in socket mode 
Closes redmine ticket 3476.
 5 years ago
Sascha Steinbiss 93eef1da84 detect-mqtt: unify error handling in rule parsing 
This is meant to provide a single path to the error case.
This might help make things more clear for static
checkers.
 5 years ago
Sascha Steinbiss 5dc21b0e09 detect-engine: initialize struct fields 5 years ago
Philippe Antoine 9a954e944d http: merge duplicated code 
HtpRequestBodyHandlePUT and HtpRequestBodyHandlePOST
 5 years ago
Philippe Antoine fe6950de08 http: use more precise parameter in HtpRequestBodySetupMultipart 
So that we can see that it does not have to handle gaps
 5 years ago
Philippe Antoine e13b319beb http: remove unused code 
HtpRequestBodySetupPUT function
So that we can see that we do not use data=NULL in there
 5 years ago
Philippe Antoine 28050c967f file: handles gaps natively 
ie data=NULL and len>0 parameters
 5 years ago
Philippe Antoine f0159b2fd2 util: PrintRawDataFp handles null 
for gaps which are data=NULL and len>0
 5 years ago
Philippe Antoine 83567e8732 files: rust closes files even on 0 length chunk 5 years ago
Philippe Antoine 6343920dfc applayer: allow rust parsers to have only one probe 5 years ago
Sascha Steinbiss 4e1a41a17d output-json: add MAC address output 
This commit adds MAC address output to the EVE-JSON format. We follow the
remarks made in Redmine ticket #962: for packets, log MAC src/dst as a
scalar field in EVE; for flows, log MAC src/dst as lists in EVE. Field names
are different between flow and packet context to avoid type confusion
(src_mac vs. src_macs). Configuration approach and JSON representation is
taken from previous GitHub PR #2700.
 5 years ago
Jeff Lucovsky c42574169e output/anomaly: Restrict anomaly logger count 
This commit restricts the anomaly logger count. The restriction is
necessary due to state maintenance in the logger that doesn't scale
beyond a single logger.

Until that issue's solved, when multiple anomaly loggers are configured,
an error message will be emitted to highlight the restriction.
 5 years ago
Philippe Antoine 61c327dd80 signature: checks for integer overflow in limits propagation 5 years ago
Victor Julien 5db1d9b841 eve/yaml: move mqtt down 5 years ago
Victor Julien 1c748f394b fuzz/pcap: enable MQTT parser 5 years ago
Shivani Bhardwaj e9fe5ada7f datasets: reload static sets 5 years ago
Sascha Steinbiss c31360070b rust/mqtt: add MQTT parser 5 years ago
Philippe Antoine a5572890a9 detect: adds engine for u8 keywords 5 years ago
Jeff Lucovsky a5d30a3220 doc/output: Document multithreaded eve option 5 years ago
Jeff Lucovsky 30ae98f658 output/json: Multi-threaded EVE logging support 
This commit modifies the JSON loggers with changes necessary to support
multi-threaded EVE output.

Each "thread-init" function sets up the per-thread log file context for
subsequent calls to the JSON output to buffer function.
 5 years ago
Jeff Lucovsky aa20770277 log: Support multi-threaded eve output. 5 years ago
Jeff Lucovsky 15b4554ab3 output: Check for fwrite_unlocked 
This commit creates a macro for fwrite_unlocked which is probed during
configuration time.
 5 years ago
Jeff Lucovsky 3d0f353ee5 output: Correct typos 5 years ago
Jeff Lucovsky 1b791f34a5 output: Remove unused variables/define 5 years ago
Jeff Lucovsky 92e2e2ec8d log: remove unused include files 5 years ago
Jeff Lucovsky 60658cbe01 output/flow: Eliminate unnecessary parameter 
This commit removes a parameter to an internal-only function call.
Removing the parameter allows an JSON builder optimization to be used.
 5 years ago
Jeff Lucovsky 4aa7c988e8 output/netflow: Eliminate unneeded parameter 
This commit changes an internal-only function to remove a parameter
that's invariant in all use cases. This allows an JSON builder
optimization to be used.
 5 years ago
Philippe Antoine 1569f3e349 transform: adds url_decode keyword 
Fixes https://redmine.openinfosecfoundation.org/issues/2689

Adds a new source file to handle this keyword.
And modifies documentation, Makefile, and registration accordingly.

url_decode decodes url-encoded data, ie replacing '+' with space
and '%HH' with its value.
 5 years ago
Victor Julien 4c8af9cb96 stream: fix endless loop in traffic with gaps 5 years ago
Victor Julien 9b13c1b804 flow: avoid double state update on reuse 
Avoids an unnecessary atomic operation.
 5 years ago
Victor Julien fd2dff8542 flow: minor cleanups 5 years ago
Victor Julien 7bf000731c flow: validate emergency timeout settings 
Make sure they are below the regular values.
 5 years ago
Victor Julien 611c991f27 flow: improve performance in emergency mode 
When the flow engine enters emergency mode, 3 things happen:

1. a different set of (lower) timeout values are applied
2. the flow manager runs more often
3. worker threads go get a flow directly from the hash table

Testing showed that performance went down significantly due to concurrency
issues:

1. worker threads would fight each other over the hash access
2. flow manager would get in the way of workers

This patch changes the behavior in 2 ways:

1. it makes the flow manager slightly less aggressive. It will still
   try to run ~3 times per second, but no longer 10 times.

   This should be reducing the contention. At the same time flows
   won't time out faster if they are checked many times per second.

2. The 'get a used flow' logic optimizes the use of atomics by only
   doing an atomic operation once, and while doing so reserving
   a slice of the hash per worker.

   The worker will also give up much quicker, to avoid the overhead
   of hash walking and taking and releasing locks.

These combined changes show much better 'under stress' behavior, esp
on multi-NUMA systems.
 5 years ago
Philippe Antoine 0da4dc0dea enip: use status for probing parser 5 years ago
Philippe Antoine a99ad4c1e4 signature: checks for integer overflow in limits propagation 5 years ago
Philippe Antoine 5c31383d1c detect: fix read overflow in DetectGetLastSMByListId 5 years ago
Victor Julien b99ffd9ece eve: remove unused jansson code 5 years ago
Victor Julien a8e2399ea9 eve/metadata: create preformatted json string at start up 
Avoid runtime overhead of assembling metadata json string by
pre-creating it at rule parsing time.
 5 years ago
Victor Julien 1a18081a59 detect/profile: convert match dumps to jsonbuilder 
Remove unused code and do minor misc cleanups as well.
 5 years ago
Victor Julien 1639dfa36e pfring: fix compile warning 5 years ago