aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,991 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f42ae91c7'
${ noResults }
Commit Graph

7991 Commits (6f42ae91c7f3a92788801e024362d061a90ecaeb)
 

Author SHA1 Message Date
Mats Klepsland 005a700e54 logging: support custom file permissions 
Support setting file permissions per logger using 'filemode', e.g.:

  outputs:
    - eve-log:
        enabled: yes
        filetype: regular
        filename: eve.json
        filemode: 660
 8 years ago
Jason Ish 63078909d5 ipv4: update checksum function to be like tcp/udp 
Update the IPv4 checksum function to be like the
changed TCP/UDP checksum functions for consistency.
 8 years ago
Jason Ish b79a18ea15 tcp/udp: rename checksum functions for better meaning 
The TCP/UDP checksum functions no longer just calculate
the checksum, they can validate as well as calculate so
use a more generic name.
 8 years ago
Jason Ish f56428d996 tcp/udp: fix checksum validation when 0xffff 
Issue:
https://redmine.openinfosecfoundation.org/issues/2041

One approach to fixing this issue to just validate the
checksum instead of regenerating it and comparing it. This
method is used in some kernels and other network tools.

When validating, the current checksum is passed in as an
initial argument which will cause the final checksum to be 0
if OK. If generating a checksum, 0 is passed and the result
is the generated checksum.
 8 years ago
Jon Zeolla ce8a65a58e docs: fix statement about flow:to_server 8 years ago
Jon Zeolla 1589a15495 docs: clarify how iprep works 8 years ago
Jason Ish 1a7c5a01a1 travis: macos: unlink all deps, then relink 
Kind of ugly, but first unlink all dependencies then install.
The deps that don't get an upgrade will remain unlinked, so
relink all dependencies as relinking an already linked dep
does not error out.
 8 years ago
Victor Julien b58127edcb print: constify input 8 years ago
Victor Julien 44bab885d6 detect: fix ssl_state test 8 years ago
Victor Julien 4f8eacdc69 disable-detect: fix needless file hashing 
When detection is running flags are set on flows to indicate if file
hashing is needed. This is based on global output settings and rules.

In the case of --disable-detection this was not happening, so all
files where hashed with all methods. This has a significant
performance impact.

This patch adds logic to set the flow flags in --disable-detect mode.
 8 years ago
Victor Julien e24eb0f2b1 app-layer: remove version logic 8 years ago
Victor Julien a56b4817ef flow: remove unused alversion fields 8 years ago
Victor Julien c066f043a5 detect: remove unused alversion logic 8 years ago
Victor Julien 6c6802b957 detect: simplify state detect code: remove unused params 8 years ago
Victor Julien c961da2dce detect: clean up test 8 years ago
Victor Julien 3626ecb474 bytejump: don't print errors when matching 
When bytejump was told to convert some payload data to int from a
string it would print an error to the screen if the conversion
failed. This is unwanted as the payload is controlled by an attacker
and printing is expensive.
 8 years ago
Victor Julien 15d26f14e1 file-store: fix force store 8 years ago
Victor Julien dbbf185173 app-layer: fix gap handling in protocol detection 
A GAP during protocol detection would lead to all reassembly
getting disabled, so also the raw reassembly. In addition, it
could prevent the opposing side from doing protocol detection.

This patch remove the 'disable reassembly' logic. Stream engine
will take the stream with GAP and app-layer will make the proto
detection as complete.
 8 years ago
Victor Julien f1e19b5dd4 file store: store multiple files if available 8 years ago
Victor Julien 7c0a3b5582 app-layer: fix memleak on bad traffic 
If state was alloc'd after protocol detection, but then the direction
turned out to be wrong, the state would not be freed.
 8 years ago
Victor Julien 132e0e21f0 ippair: fix xbits unset memleak 8 years ago
Victor Julien 4c597bb9e1 ippair: use both addresses in hash 8 years ago
Victor Julien 1de1413863 stream: validate SACK right edge to be in window 8 years ago
Victor Julien daf39b422b stream: remove unused stream config member 8 years ago
Victor Julien 7512949670 stream: make data pointer in StreamSegmentCallback const 8 years ago
Victor Julien 2a5b9eb5fa stream: remove unused variable 8 years ago
Victor Julien a86b7b7042 app-layer: minor debug improvement 8 years ago
Victor Julien 25bd3e28f7 qa/appveyor: install libiconv-devel 8 years ago
Victor Julien 205975009a travis: fix pkg-config in mac builds 
Unlink pkg-config before installing.
 8 years ago
Jason Ish db5708f6ad travis: fix libpcre in mac builds 
It looks like Travis changed their Mac image and pcre is now
installed by default. In case it gets removed again, just unlink
it before re-installing so it doesn't fail on install.
 8 years ago
Jason Ish 6585ac4a9f logging: remove unused print stats callbacks 
Remove the ThreadExitPrintStats callback from logging modules
that weren't doing anything with it.
 8 years ago
Jason Ish 0c3f1e2974 logging: move lock into write function 
All loggers were wrapping just the write in a lock with some
updating a counter.  This moves the lock into the write function.

The log_ctx alerts counter was also removed as many modules have
stopped using this and the alert count is available elsewhere.

Should satisfy Coverity CID 1400798:

CID 1400798 (#1 of 1): Data race condition (MISSING_LOCK) 2.
missing_lock: Accessing log_ctx->rotation_flag without holding lock
LogFileCtx_.fp_mutex. Elsewhere, "LogFileCtx_.rotation_flag" is accessed
with LogFileCtx_.fp_mutex held 4 out of 5 times.

Which appears to be a false positive as all calls to SCLogFileWrite
were done under lock, but this will make it more explicit.
 8 years ago
Jason Ish ddf1bf6518 unified2: unlock using same dereference as lock 
Addresses Coverity CIDs:
    1400797
    1400796

Note that the mutex was actually being unlocked, but
from a different variable pointing to the same mutex.
 8 years ago
Mats Klepsland 285b566205 doc: add documentation for TlsGetCertSerial Lua function 8 years ago
Mats Klepsland ee9f822b8e doc: add documentation for tls_cert_serial keyword 8 years ago
Mats Klepsland d6508e640a detect: add (mpm) keyword tls_cert_serial 
Match on TLS certificate serial number using tls_cert_serial
keyword, e.g.:

alert tls any any -> any any (msg:"TLS cert serial test";
        tls_cert_serial; content:"5C:19:B7:B1:32:3B:1C:A1";
        sid:12345;)
 8 years ago
Mats Klepsland 95864375f2 lua: add function to print certificate serial number 
Add function LuaGetCertSerial to print serial number from TLS
certificate.

Example:

function log (args)
    serial = TlsGetCertSerial()

    if serial then
        file:write(serial .. "\n");
        file:flush()
    end
end
 8 years ago
Mats Klepsland 2e339aa791 tls-log: log certificate serial number 8 years ago
Mats Klepsland 2b460b8d06 output-json-lua: log certificate serial number 8 years ago
Mats Klepsland 2c1a36dd6e app-layer-tls: decode certificate serial number 8 years ago
Alexander Gozman 310b27a196 af-packet: fix parsing packet in TPACKET_V3 mode 
AFPParsePacketV3() saved tpacket_block_desc structure
instead of tpacket3_hdr. As a result, reconstructed
packets were wrong.

Bug #2044.
 8 years ago
Alexander Gozman e41a9d637b af-packet: get VLAN info for packets in TPACKET_V3 mode 8 years ago
Alexander Gozman ee7e689b54 af-packet: write VLAN info for both TPACKET_V2 and V3 8 years ago
Jason Ish 92db12c349 pidfile: fail if the pid file exists 
Changes the pidfile check function to fail just on the
existence of the file to address issue
https://redmine.openinfosecfoundation.org/issues/1335
but log a message if the pid file appears to be stale.
 8 years ago
David Wharton 1bf7ded224 doc: specify buffers that can be used for fast_pattern 
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
 8 years ago
David Wharton b1ad770b36 doc: removed references to older Suricata versions 
docs are versioned; references to older Suricata versions undesired.
 8 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 8 years ago
Mats Klepsland bbd32c1419 output-json-tls: code cleanup 8 years ago
Mats Klepsland 115b3138cc output-json-tls: log certificate and chain 
Log entire certificate and certificate chain Base64 encoded.
 8 years ago
Mats Klepsland 0716199acb output-json-tls: custom tls logging 8 years ago