aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,580 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '55ed6c2a55'
${ noResults }
Commit Graph

2580 Commits (55ed6c2a55d41155a56efda237b475ff6ed72d54)
 

Author SHA1 Message Date
Eric Leblond c3c20dd041 pcap: add new config style 13 years ago
Eric Leblond 78467f1846 Update configuration file to new pfring format. 13 years ago
Eric Leblond d9d8286671 pfring: restore compatibility with v1.0 config 
Compatibility of pfring module with previous version was broken. This
patch restores backward compatibility.
 13 years ago
Eric Leblond a64dcfeba2 pfring: use factorisation function 
This patch convert pfring to pktacqloop and use the new factorisation
function. This also fixes commmand line parsing of pfring which is now
able to work like af-packet:
 - 'suricata -c s.yaml --pfring' start suricata with all interfaces in
 conf
 - 'suricata -c s.yaml --pfring=eth2' start suricata on eth2
 13 years ago
Eric Leblond cbb36b5182 af-packet: remove unused function 13 years ago
Eric Leblond 75c875b1ac af-packet: use factorisation function for Auto mode. 13 years ago
Eric Leblond 8bf0897b3c Add factorisation function for runmode. 
This patch adds a function which will be used to factorise the
Auto runmode between the different IDS mode.
 13 years ago
Anoop Saldanha de635b5866 remove trailing whitespace from conf file 13 years ago
Eric Leblond 2fc58a48a5 Doxygen: Include documentation of define dependant code. 
Generated documentation for unittests and other module was not
generated because doxygen was not assuming the define to be set.
This patch adds the necessary define for unittests and does the
same for NFQ, PFRING, IPFW, AF_PACKET and Prelude. This also adds
a variable that permit parallelisation of dot file generation.
 13 years ago
Eric Leblond d4d62f3099 http-uri: Remove useless function declaration. 13 years ago
Victor Julien 3401defbbb tag: fixes and cleanups 
Major fixes for the tag subsystem:

- Removed TimeGet call from tag packet runtime to safe a gettimeofday
- Removed unused lock from data type
- Fixed broken first packet skip logic
- Fix broken reference counter logic
- Fix memory leak on tag expiration
- Cleaned up code
 13 years ago
Anoop Saldanha b7b58074de fix ac unittest 13 years ago
Anoop Saldanha d6f9e06bbb update ac to behave the same way irrespective of the state count. Should improve performance. Also fix unittests to accomodate these changes 13 years ago
Anoop Saldanha dcaef183e8 fix compiler warning for printf format 13 years ago
Victor Julien bc5c9f4a52 Fix too many SMTP commands causing an integer overflow in the cmds_cnt variable, in turn causing an out of bounds memory write. 13 years ago
Victor Julien 9baa16af63 Convert flow memcap to u64. Bug #332. 13 years ago
Victor Julien 8208eacd79 Convert stream memcaps to u64. Bug #332. 13 years ago
Victor Julien 4c641f0deb Fix compilation with profiling enabled. 13 years ago
Anoop Saldanha 3ec7b75194 fix timestamps for pseudo packets created during FFR - bug 337 13 years ago
Anoop Saldanha 9d94bb38d5 refactor flow timeout code. fix ipv6 address assignment for pseudo pkt. 13 years ago
Anoop Saldanha 246a4e9fff for shutdown reassembly properly init the reassembly packet using PACKET_RECYCLE 13 years ago
Victor Julien 1a5931e878 pcap-log: fall back to sguil_base_dir option if 'dir' isn't set. Minor cleanups. 13 years ago
William Metcalf 3b3f5816bf You spin me right round baby, right round like a rotating packet capture right round. Oh, also log file size counters are now uint64_t 13 years ago
Victor Julien 6bad2dbd79 Don't match on IP only rules that use ports if packet is not (proper) TCP, UDP or SCTP. Rules out frags matching as well. 13 years ago
Anoop Saldanha 63ed36a892 Replace all reallocs with SCReallocs 13 years ago
Anoop Saldanha 4307ea2348 Replace all frees with SCFrees 13 years ago
Anoop Saldanha 797b1a44c7 Replace all strdup with SCStrdup 13 years ago
Anoop Saldanha 13ea299ee0 Replace all mallocs with SCMallocs 13 years ago
Eric Leblond de59c9f4b1 Add and use utility functions for checksum computing. 13 years ago
Eric Leblond a85dc9b0e2 Add support for replace keyword. 
This patch adds support for the replace keyword. It is used with
content to change selected part of the payload. The major point
with this patch is that having a replace keyword made necessary
to avoid all stream level check because we need to access to the
could-be-modified packet payload.

One of the main difficulty is to handle complex signature. If there is
other content check, we must do the substitution when we're sure all
match are valid. The patch adds an attribute to the thread context
variable to be able to deal with recursivity of the match function.

Replace is only activated in IPS mode and apply only to raw match.
 13 years ago
Eric Leblond 0c34a1c5e7 rewrite constants and add flag for replace 
This patch make use of bit shift to rewrite some of the mask constants.

It also delete an unused flag value and suppress the associated dead code.
The numeric value of the flag is now used by the flag needed for replace
code.
 13 years ago
Victor Julien 77b7089f79 Fix stream-events not working. Stream events won't fit our 'detection only' schema. Fixes #321. 13 years ago
pilcrow f5017e0d1a Always try PCRE_NO_AUTO_CAPTURE first for signature regexes. 
Many, many pcre: signatures specify (...) when the more efficient
(?:...) is all that is needed.  This change attempts to force
PCRE_NO_AUTO_CAPTURE on all unnamed capture groups, reverting to
capturing when necessary, e.g., when \1 is referenced.
 13 years ago
Victor Julien 60887131be Fix minor address parsing compiler warning. 13 years ago
Anoop Saldanha 8028392e9a fix mpm segv. Use sgh flags to check if the sgh has packet or stream mpm set or not 13 years ago
Anoop Saldanha 41d71a6d70 fix http http transaction id update. Update transactions as soon as we receive a callback on new request 13 years ago
pilcrow ed69eeab14 Safer macro parenthesization and do/while use 13 years ago
Eric Leblond bbd04fde30 NFQ: fix race condition at exit. 
A race condition was observed when leaving NFQ. This was caused by
the queue handle being accessed after been nullified. This patch
uses the handle mutex to protect the destruction and adds tests
on nullity to avoid crashed.
 13 years ago
Victor Julien 1ab6443e44 Fix compilation when profiling is enabled. 13 years ago
Anoop Saldanha b6ba944e6d Rearrange flow manager functions into flow-manager.[ch]. Some other minor changes/updates 13 years ago
Anoop Saldanha 7c729d2d53 some more code cleanup + comments added 13 years ago
Anoop Saldanha d14fdb1156 Remove the unnecessary unittest runmode check to get the test working. Modify tests to get it working around this 13 years ago
Anoop Saldanha 16884a0dea refix failing unittest 13 years ago
Anoop Saldanha 552e72e35e fix failing unittest 13 years ago
Anoop Saldanha 0957c0f8a4 shutdown timeout reassembly shouldn't check timeout flag set or not on flow 13 years ago
Anoop Saldanha 3f1c4efceb Add new flags var to tm module. TMs can now set flags to identify special properties. Also use these to identify receive TMs 13 years ago
Anoop Saldanha 54f6e4ff4d Merge thread kill functions. Merge slot's tm_id with the one used by packet profiling. Remove some junk unused code from ms sync pts. Timeout setup cleanup as well. packet q dbg_maxlen now u32 var. 13 years ago
Anoop Saldanha e335bdbfbc Code cleanup. All code to kill flow manager thread under one function now. 13 years ago
Anoop Saldanha 99a496e852 Indentation fixes 13 years ago
Anoop Saldanha e68ca2f32f Rewrite forced reassembly v2 using while loop instead of goto 13 years ago