aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,844 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '752e4828d7'
${ noResults }
Commit Graph

10844 Commits (752e4828d73f5ca9aba9d9e830b9f76cb5c5672a)
 

Author SHA1 Message Date
Victor Julien c5f4b41881 ippair: fix global declarations 5 years ago
Victor Julien 0a006d2258 host: fix global declarations 5 years ago
Victor Julien 29780d6164 mpm: fix global declarations 5 years ago
Victor Julien b89059bda7 detect: fix global declaration of sigmatch_table 5 years ago
Victor Julien 0118e07d57 spm: fix global declaration of spm_table 5 years ago
Victor Julien a12c0b499d threading: fix global declaration of threading_set_cpu_affinity 5 years ago
Victor Julien 45955d2e58 unix-socket: avoid using global variable w/o extern 5 years ago
Victor Julien a9a522fac3 decode: fix default-packet-size global variable 5 years ago
Victor Julien f68c255f09 nfs: implement post-GAP transaction cleanup 
Close all prior transactions in the direction of the GAP, except the
file xfers. Those use their own logic described below.

After a GAP all normal transactions are closed. File transactions
are left open as they can handle GAPs in principle. However, the
GAP might have contained the closing of a file and therefore it
may remain active until the end of the flow.

This patch introduces a time based heuristic for these transactions.
After the GAP all file transactions are stamped with the current
timestamp. If 60 seconds later a file has seen no update, its marked
as closed.

This is meant to fix resource starvation issues observed in long
running SMB sessions where packet loss was causing GAPs. Due to the
similarity of the NFS and SMB parsers, this issue is fixed for NFS
as well in this patch.

Bug #3424.
Bug #3425.
 5 years ago
Victor Julien 7709b90c16 detect/file-data: remove debug abort that wasn't reachable 5 years ago
Victor Julien ac8ceae9bf detect/file-data: fix function doc 5 years ago
Victor Julien 500e8da63a files: tracking flag update 
Improve flow file flags and file flags updates. Introduce a mask
that is set at start up to avoid lots of runtime checks.

Disable cocci flags check as it doesn't support the more dynamic
nature of the flag updates.
 5 years ago
Victor Julien a4a4d17ad0 app-layer/files: optimize GetFiles calls 
Remove FlowGetProtoMapping calls from the GetFiles wrapper and
get the alstate from the flow directly.
 5 years ago
Victor Julien d369e54f1d app-layer: all protocols are tx aware now 
So remove the runtime check for it.
 5 years ago
Timo Sigurdsson 1262ecbde0 init: Fix dropping privileges in nflog runmode 
Using the run-as configuration option with the nflog capture method
results in the following error during the startup of suricata:
[ERRCODE: SC_ERR_NFLOG_BIND(248)] - nflog_bind_pf() for AF_INET failed

This is because SCDropMainThreadCaps does not have any capabilities
defined for the nflog runmode (unlike other runmodes). Therefore, apply
the same capabilities to the nflog runmode that are already defined for
the nfqueue runmode. This has been confirmed to allow suricata start
and drop its privileges in the nflog runmode.

Fixes redmine issue #3265.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
 5 years ago
Victor Julien 7810f22413 decode: remove pseudo packet checks 
Bug 1107 checks/hacks should not longer be needed, so remove them.
 5 years ago
Victor Julien 272a5f526b threading/queues: simplify error handling 5 years ago
Victor Julien dce227ec88 threading/queues: remove 256 queue limit 
Convert fixed size array to a dynamic TAILQ so we can
grow as needed.
 5 years ago
Victor Julien 0e3f27a87e threading: remove 'trans_q' array of packet queues 
Let the queues code set up PacketQueues on demand.
 5 years ago
Victor Julien efa8a69923 packet-queue: create alloc and free functions 5 years ago
Victor Julien 550cfdd98d threading: hide 'trans_q' from queue handlers 5 years ago
Victor Julien 45e5e19e6e threading/threadvars: optimize layout 
Make sure StatsPublicThreadContext is on its own cache line.
 5 years ago
Victor Julien e3fbdf1948 flowworker/stream: use no-lock packet queue 
Use smaller structure for temporary packet queues.
 5 years ago
Victor Julien f8aed4ce2d threading: change local packet queue logic 
Previously each 'TmSlot' had it's own packet queue that was passed
to the registered SlotFunc as an argument. This was used mostly for
tunnel packets by the decoders and by defrag.

This patch removes that in favor of a single queue in the ThreadVars:
decode_pq. This is the non-locked version of the queue as this is
only a temporary store for handling packets within a thread.

This patch removes the PacketQueue pointer argument from the API.
The new queue can be accessed directly through the ThreadVars
pointer.
 5 years ago
Victor Julien b8c2b66d33 packet-queue: introduce a non-locked version 
Works exactly like PacketQueue, just does not contain a mutex
and cond var, leading to much reduced memory size.
 5 years ago
Victor Julien 9ed260c489 threading: more efficient TmSlot layout 5 years ago
Victor Julien 18e652309f threading: remove 'id' field from TmSlot 
Field was now unused.
 5 years ago
Victor Julien d7cb0774dd detect: cleanup reload thread handling 5 years ago
Victor Julien 786e697590 threading: simplify flow timeout loop 5 years ago
Victor Julien 261b77742e threading: shrink and reorganize TmSlot 5 years ago
Victor Julien 87c9b11d8c threading/threadvars: rearrange for better cache behavior 5 years ago
Victor Julien 071b753e84 threading/threadvars: remove unused 'prev' field 5 years ago
Victor Julien f53f004917 threading: remove unused 'TmThreadRemove' function 5 years ago
Victor Julien 569a5d985b threading: remove handler names to shink struct 
Shrink ThreadVars by removing the queue handler names that are only
used at shutdown. Since this is not performance critical, we can use
the id's to look up the queue handler.
 5 years ago
Victor Julien 74a6f8d4dd threading/queues: add way to lookup by ID 
In preparation of doing runtime operations by ID instead of by name,
add functions to look up by ID and to convert name to ID.
 5 years ago
Victor Julien d0218696ba threading: shrink threadvars struct size 5 years ago
Victor Julien c029599515 threading: remove unused threadvars field 5 years ago
Victor Julien f1ee176111 threading: clarify threadvars fields 5 years ago
Victor Julien d50492cb20 threading: cleanup packet thread shutdown loop 5 years ago
Victor Julien 8e762f5190 source-pcap: remove unused function 5 years ago
Victor Julien 3a703c84ad threading/modules: declare prototypes static 
Declare registered threading API funcs static where appropriate.
 5 years ago
Victor Julien 7c83cb585e sources: fix pipeline failure handling 
When TmThreadsSlotProcessPkt fails it will return the packet that was
passed to it to the packetpool.

Some of the packet sources were doing this manually as well. This patch
fixes those sources.
 5 years ago
Victor Julien 49599dfe89 threading: use tm_flowworker for pseudo packets 
Pseudo packets don't need to be processed by the decoding layer.
 5 years ago
Victor Julien 9df8e1c984 threading: add shortcut to flowworker 5 years ago
Victor Julien 02004fa547 threading: remove per slot post_pq 
Use a single packet queue per thread for flow timeout packet
injection. The per slot queue was unused except for this use
case. Having a single queue makes the logic and implementation
simpler.

In case of 'autofp', the per thread packet queue will actually
use the threads input queue. For workers/single a dedicated
queue will be set up.

Rename TmThreadsSlotHandlePostPQs to TmThreadsHandleInjectedPackets
to reflect the changed logic.
 5 years ago
Victor Julien 15e3bdb7b8 af-packet: prototypes cleanup 
Remove unused prototype.

Declare other prototypes static.
 5 years ago
Victor Julien 44d7f636f2 threading: remove post_pq argument from 'SlotFunc' 
This was not in use anywhere.
 5 years ago
Victor Julien f5045af3e3 runmodes: code cleanups 5 years ago
Victor Julien 1a8562b3c6 detect: clean up threads handling 
Clean up reload and break loop thread handling.
 5 years ago
Victor Julien e5010d7704 detect: inject packet cleanup 5 years ago