aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
11,135 Commits
8 Branches
163 Tags
196 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6608b9a5f3'
${ noResults }
Commit Graph

11135 Commits (6608b9a5f3cce9fb9bfbdc2d71c87058c91c2698)
 

Author SHA1 Message Date
Victor Julien 6608b9a5f3 app-layer: set EOF flag in case of unsupported GAP 
If GAP is not supported set EOF flags in the parser.
 5 years ago
Victor Julien 54d2f2c300 flow: improve 'under stress' behavior 
When under stress, the packet threads ultimately fall back
to walking the hash table until they find a flow they can
safely evict and reuse. This could lead to all threads
fighting over the FlowBucket locks.

Fix by adding a limit to the number of hash rows that are
checked for a new flow. If the limit is reached, simply fail
to get a flow.
 5 years ago
Victor Julien c50ef8cc21 flow: fix TCP closed default initialization 
TCP closed state was initialized to 0 by default.

Clean up 'closed' value setting for other protocols and the common
default.
 5 years ago
Victor Julien 3bba671273 flow: remove unused function declaration 5 years ago
Victor Julien cba8efff2a flow: remove unused sctp enum member 
This caused some arrays to be larger than needed.
 5 years ago
Victor Julien c2561b2655 flow: cleanup validation check 5 years ago
Victor Julien 65e9a7c31c smb: fix 'dangling' files in lossy sessions 
In case of lossy connections the SMB state would properly clean up
transactions, including file transactions. However for files the
state was never set to 'truncated', leading to files to stay 'active'.

This would lead these files staying in the SMB's state. In long running
sessions with lots of files this would lead to performance and memory
use issues.

This patch cleans truncates the file that was being transmitted when
a file transaction is being closed.
 5 years ago
Victor Julien 25f2efe977 smb: check post-gap timeouts once a second at most 5 years ago
Victor Julien 8aa380600d smb: update ts only if it changed 5 years ago
Jeff Lucovsky 8c5c949cfa output/tftp: Convert to JsonBuilder 
This commit converts the TFTP logging mechanisms to JsonBuilder.
 5 years ago
Philippe Antoine 5ac8e41a13 signature: fix linked list for bidirectional signatures 
Bidirectional signatures are really two signatures with one id
This needs to be handled with care when changing a linked list
 5 years ago
Philippe Antoine ac76ff9e47 detect: fail properly on invalid transform pcrexform 5 years ago
Antti Tönkyrä 57d0f4bb6f detect/flowbits: fix stack overflow in analyzer 
Fix stack overflow in DetectFlowbitsAnalyze.

Use dynamically allocated array instead of stack and free
it after it is no longer needed.
 5 years ago
Jason Ish c09235e327 netflow/eve: convert to JsonBuilder 5 years ago
Jeff Lucovsky b116a56a32 doc: Correct typos 5 years ago
Jeff Lucovsky 59cc3c6281 doc: Update byte_extract doc 5 years ago
Jeff Lucovsky 297f91479e doc: Fix spelling error 5 years ago
Jeff Lucovsky 9c47b8c1bf general: Fix spelling error 5 years ago
Jeff Lucovsky 64912104b3 detect/content: Validate content byte array 
This commit checks whether the content byte array is compatible with the
transforms, if any, for the rule.
 5 years ago
Jeff Lucovsky 197a593078 detect: Add transform validation api 
This commit extends the API with a function that validates arguments
against the transforms for the SM list (if any).
 5 years ago
Jeff Lucovsky 0189ff998f detect/transform: Add validation function 
This commit adds a function to pre-validate buffers. If a content
buffer contains whitespace, the validation fails.
 5 years ago
Jeff Lucovsky a4132d8e0f detect/transform: Add transform "validate" function 
This commit adds an (optional) entry for a validation function. The
validation function, if present, will be used during rule processing.

Its role is to determine if the arguments are compatible with the
transform. E.g., a content string of "this string has whitespace" is not
compatible with the `strip_whitespace` transform.
 5 years ago
Jason Ish 114b7e5cd9 dhcp/eve: remove erroneous jsonbuilder close 
The JsonBuilder was being closed to early.
 5 years ago
Jason Ish 07e88a7479 jsonbuilder: add debug_validate to state 
If debug validation is enabled, panic on invalid state errors.

For example, calling close on an already closed jsonbuilder
object.
 5 years ago
Jason Ish ca6b70ea1b rust: macro debug_validate_fail to fail with message 
Add a new debug_validate macro that unconditionally panics
with a message. Useful in Rust pattern matching.
 5 years ago
Jeff Lucovsky 4127c5fcc8 output/fileinfo: Optimize filename output 
This commit optimizes the JSON preparation of the file name by
eliminating the temporary copy before adding to the Json builder buffer.
 5 years ago
Jeff Lucovsky 0d298d47a1 output/rdp: Include common output options 
This commit will cause common metadata values and the community id to be
included in log output when configured.
 5 years ago
Jeff Lucovsky ef3840e256 output/dhcp: Include common output options 
This commit will cause common metadata values and the community id to be
included in log output when configured.
 5 years ago
Jeff Lucovsky c6c4936a20 output/smb: Include common output options 
This commit will cause common metadata values and the community id to be
included in log output when configured.
 5 years ago
Jeff Lucovsky 414bb25c93 output/tftp: Include common options 
This commit will cause common metadata values and the community id to be
included in log output when configured.
 5 years ago
Angelo Mirabella 0cdc009da1 detect/http_raw_header: Correct type mismatch 
This changeset fixes a bug on the computation of the buffer
lenght for raw http headers. The bug is due to a mismatch
on the data type of the length (uint8_t vs uint32_t) and it
was causing signature misses.
 5 years ago
Victor Julien 06f414d66d doc/manpage: improve intro, add examples 5 years ago
Victor Julien 37d228dae0 rule/parse: minor action parsing cleanup 5 years ago
Victor Julien 75727c05e0 doc/manpage: add --reject-dev option 5 years ago
Victor Julien 82ac72782d doc/userguide: update app-proto list 5 years ago
Victor Julien e6330c354d doc/userguide: list valid rule actions 5 years ago
Victor Julien 14e1a342ac reject: support single vlan layer 
Support sending RST/ICMP errors for packet with a single VLAN header.
 5 years ago
Victor Julien 9f3f07dd97 reject: get MTU for reject-dev and use it 5 years ago
Victor Julien 498ae0180b reject: minor optimization of reset entry code 5 years ago
Victor Julien 279865b145 reject: remove L3 from function names 5 years ago
Victor Julien c594d0c1ad reject: allow configuration of the reject interface 
Using the '--reject-dev <dev>' commandline option. This is a global option
that applies to all 'reject' actions.

If the interface specified is using ethernet, libnet will use the faster
L2 (link) layer. Suricata sets up the ethernet header based on the packet.

When the interface is specified, cache libnet_t ctx for (much) better
performance.
 5 years ago
Victor Julien 604aa65c80 reject: don't respond to tunnel packets 5 years ago
Victor Julien a6ed9b11d5 reject: check tcp header sooner to avoid potential leak 5 years ago
Victor Julien 1b042cf108 reject: optimize and simplify run test 5 years ago
Victor Julien 66257f37eb reject: never return error 
Errors by thread modules are not handled.
 5 years ago
Jason Ish b8d1677b9c file-hash-common: fix rule_file truncation 
Loading file hash lists uses dirname(3) on the
de_ctx->rule_file which modifies the contents,
removing the last part of the path. So on subsequent
calls the rule_file no longer contains the rule_file,
but instead just the directory name.

Mostly noticed when using "-S" with rule files outside
of the default-rule-path which requires more hunting for
the rule file.
 5 years ago
Jeff Lucovsky 648bd5afff output/ftp: Use "Eve" prefix with FTP helpers 
This commit changes the prefix of the FTP helper routines from Json to
Eve.
 5 years ago
Jeff Lucovsky 1f19ab1013 output/eve: Remove unused helper function 
This commit removes an unused helper function no longer required/used
after conversion to JsonBuilder.
 5 years ago
Jeff Lucovsky 03de315bc2 ftp/eve: Convert FTP logging to use JsonBuilder 
This commit converts the FTP logging mechanisms to use JsonBuilder.
 5 years ago
Shivani Bhardwaj a7535099b4 smb/eve: convert to jsonbuilder 
Closes redmine ticket 3712.
 5 years ago