aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,891 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6f77c722a2'
${ noResults }
Commit Graph

12891 Commits (6f77c722a28a18db717e265e19ffba431efad97e)
 

Author SHA1 Message Date
Victor Julien 1556e86c7d app/frames: initial support 
The idea of stream frames is that the applayer parsers can tag PDUs and
other arbitrary frames in the stream while parsing. These frames can then
be inspected from the rule language. This will allow rules that are more
precise and less costly.

The frames are stored per direction in the `AppLayerParserState` and will only
be initialized when actual frames are in use. The per direction storage has a
fixed size static portion and dynamic support for a larger number. This is done
for effeciency.

When the Stream Buffer slides, frames are updated as they use offsets relative
to the stream. A negative offset is used for frames that started before the
current window.

Frames have events to inspect/log parser errors that don't fit the TX model.

Frame id starts at 1. So implementations can keep track of frame ids where 0
is not set.

Frames affect TCP window sliding. The frames keep a "left edge" which
signifies how much data to keep for frames that are still in progress.
 3 years ago
Victor Julien e6f49e5a05 app/frames: implement name to id API for frames 3 years ago
Victor Julien eeee740e84 stream: add util function to get 'usable' data 3 years ago
Philippe Antoine a6cb539054 ci: do not use ppa for cocci 
As this version segfaults
 3 years ago
Pierre Chifflier 3e19ccdc0c rust/http2: convert parser to nom7 functions (HTTP2 ranges) 3 years ago
Pierre Chifflier f8647b0ffb rust/http2: convert parser to nom7 functions (HTTP2 core functions) 3 years ago
Lukas Sismis 52d8d35453 dpdk: fix received/error counters 3 years ago
Victor Julien 3cbbe66ea2 tests/pppoe: clean up more tests to use PASS/FAIL macros 3 years ago
Steven Ottenhoff 6bf2117056 pppoe: fix protocol field length variation 
Detect when protocol field is not a 16 bit field.
Added tests to prove logic

Ticket: 4810
 3 years ago
Steven Ottenhoff 260bc03603 test/pppoe: refactor to use FAIL/PASS macros 3 years ago
Modupe Falodun 3dbf74ff10 detect-file-data: remove SMTP unittests 
These tests are reimplemented as Suricata-verify tests

Task: 4938
 3 years ago
Eric Leblond 264eddb81f output/alert: don't call basic logging twice 
Issue: 4106
 3 years ago
Victor Julien a7e77dd22d stream: suppress noisy debug message 3 years ago
Victor Julien 78f5e082f5 stream: fix stream pruning being too aggressive 
Pruning of StreamBufferBlocks could remove blocks that fell entirely
after the target offset due to a logic error. This could lead to data
being evicted that was still meant to be processed in theapp-layer
parsers.

Bug: #4953.
 3 years ago
Victor Julien 544ff0fb52 stream: debug code for showing segment list state 3 years ago
Jeff Lucovsky f30d8ece80 detect: Avoid recomputing ntohl() in addr match 
This commit makes a small optimization when comparing IPv4 and IPv6
addresses by making the host order value invariant and calculating the
value once, before entering the loop.
 3 years ago
Philippe Antoine 86ea7f2474 file: define own variable instead of PATH_MAX 
to be used for maximum size of file names,
and not depend on the OS
 3 years ago
Philippe Antoine c56b1c99d5 ssl: fix int warnings 
especially increasing padding_len size
 3 years ago
Philippe Antoine 078e1cdacc smtp: fix int warnings 
and explicitly truncating filename's length
 3 years ago
Philippe Antoine 23f242dfc2 app: fix int warnings in generic app files 3 years ago
Philippe Antoine 334b1382e0 http: : fix int warnings 
Explicitly truncate file names to UINT16_MAX

Before, they got implicitly truncated, meaning a UINT16_MAX + 1
file name, went to 0 file name (because of modulo 65536)
 3 years ago
Philippe Antoine defce022b4 ftp: fix int warnings 
Explicitly truncate a file name if it is longer
than UINT16_MAX
 3 years ago
Jeff Lucovsky 22e89ec4a3 log: Coverity REVERSE_INULL warnings 
This commit addresses Coverity reported "REVERSE_INULL" warnings.

Issue: 4699
 3 years ago
Philippe Antoine e1c0725e05 doc: fix typo lenght/length 3 years ago
Sam Muhammed 9bea850d53 nfs4_records: add unittests for nom7 parsers 
Task #4866
 3 years ago
Sam Muhammed 463fbdc36d nfs4_records: add missing field to res_sequence_ok() 
Missing _seqid in sequence op struct left a trailing four zeros
that are parsed by nfs4_res_compound_command() as a cmd
causing a Switch Error Code
 3 years ago
Sam Muhammed 4e2edd44aa nfs3-records: add unittests to nom7 parsers 
Task #4866
 3 years ago
Sam Muhammed 03906010a2 nfs3-records: add missing fields and update parsers 
Add missing fields to some record structures and
update their respective parsers
 3 years ago
Sam Muhammed 86c273dadc nfs2-records: add unittests for nom7 parsers 
Task #4866
 3 years ago
Jeff Lucovsky fc6fdef070 suricatasc: Handle incomplete/empty recv values 
Issue: 4947

Improve handling of values returned by recv. Sometimes, recv returns an
empty string if suricata terminates asynchronously.
 3 years ago
Victor Julien ddf14e51dc nfs2: improve READ parsing 
Take fill_bytes into account.
 3 years ago
Jason Ish 2011a5579c rust/app-layer: expose AppLayerEvent derive macro 
Export the AppLayerEvent derive macro so plugin (or library code) can
use it as expected, for example:

use suricata::applayer::AppLayerEvent;

enum MyEvent {
    EventOne,
    EventTwo,
}
 3 years ago
Jason Ish ba310440a6 rust/derive: make usable from a plugin or lib user 
The macro was generating code that references names use the "crate"
prefix which will fail if the macro is used by a library user or plugin.
Dynamically check where we are running an use the correct import paths
as needed.
 3 years ago
Jason Ish bbd5e6402b rust: rename to suricata (from suricata_rust) 
Rename the Rust lib to simply "suricata" instead of "suricata_rust".
This allows Rust plugin/library code to use it under the name "suricata"
which is what should be expected.

The name was only "suricata_rust" to prevent on-disk conflict with the C
code, so just rename the file on disk, which doesn't affect how the code
is interacted with from an API layer.
 3 years ago
Jason Ish 2ffe88c1f0 rust: remove feature function-macro 
The function macro existed so it would only be enabled on Rust
versions that supported.  Now that our MSRV is 1.41, which is
greater than 1.38 we can assume we always have support for
this macro.
 3 years ago
Shivani Bhardwaj 613b12b0e7 rust: bump MSRV to 1.41.1 
Ticket: #4902.
(cherry picked from commit 87f04475aa)
 3 years ago
Jason Ish 50fdcd098c rust/http2: use base64 crate for base64 decode 3 years ago
Jason Ish 6392216f6b base64: use the Rust base64 encode implementation 
Replace our internal base64 implementation with a ffi wrapper
around the Rust implementation provided by an external crate.
 3 years ago
Jason Ish 6d3dcf27a6 eve: use JsonBuilder for encoding base64 
Replaces all usages of Base64Encode just before writing to a
JsonBuilder with jb_set_base64 and jb_append_base64.
 3 years ago
Jason Ish 8181030f72 jsonbuilder: add methods to encode values as base64 
Add new methods to set a value as a base64 encoded string of
a byte array. This uses the Rust base64 crate and encodes
directly into the JsonBuilder buffer with no intermediate
buffer required.

jb_set_base64: set a field on an object
jb_append_base64: append a value to an array
 3 years ago
Victor Julien c073d5cfbf app-layer: use StreamSlice as input to parsers 
Remove input, input_len and flags in favor of stream slice.
 3 years ago
Victor Julien 6466296b32 app-layer: add StreamSlice to pass data to parsers 
Since object to contain relevant pointer, length, offset, flags to make
it easy to pass these to the parsers.
 3 years ago
Jeff Lucovsky 93842aa14a doc/yaml: Signal-termination option description 3 years ago
Jeff Lucovsky 7f0f463b64 logging/diag: Enable stacktrace diagnostic if config'd 
This commit adds a signal handler for SIGSEGV when configured. The
signal handler emits a one line stack trace using SCLogError. The intent
is to provide diagnostic information in deployments where core files are
not possible.

The diagnostic message is from the offending thread and includes the
stack trace; each frame includes the symbol + offset.
 3 years ago
Jeff Lucovsky 163f70be9d logging: Stacktrace on signal term setting 
This commit adds a configuration setting to enable a stack trace message
if Suricata receives a signal that terminates execution, such as
SIGSEGV, SIGABRT.
 3 years ago
Jeff Lucovsky 501c870a2c error: Add error code for sig-related diagnostics 
This commit adds an error code for the diagnostic code used for
diagnostic messages following unexpected termination due to signals..
 3 years ago
Jeff Lucovsky 303dd29b50 configure.ac: Support libunwind configuration 
This commit adds support for enabling libunwind -- a library that can be
used to display stack information.

Libunwind is enabled and used by Suricata if present during
configuration.  A diagnostic message is displayed if libunwind
cannot be found.
 3 years ago
Juliana Fajardini 6ae80b2819 doc: replace ohloh with openhub link 3 years ago
Juliana Fajardini de0ce26e3f userguide: update references to Suricata website 
Many places were still referencing the old Suricata page.
Used git grep with replace to update them. Checked that new links work.
Left old references when they were only documentation examples (for
output or unittests).

Task#4915
 3 years ago
Juliana Fajardini 7b20488d4e userguide: fix low-hanging typos Config page 3 years ago