aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,438 Commits
8 Branches
154 Tags
168 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75f9c1ae9f'
${ noResults }
Commit Graph

9438 Commits (75f9c1ae9f20540aaceafbda809152cfc9ac4a39)
 

Author SHA1 Message Date
Jason Ish 87250da0fc rust/dns: add v1 dns logging 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2704
 6 years ago
Victor Julien 9d36182b74 unix: fix deadlock in unix runmode on many cores 
Same issue as in 7f8795c756, with the
solution now also applied to the unix socket runmode.

Bug #2734
 6 years ago
Victor Julien 8d2883f3fa output/tx: fix multi-instance logger output 
Fix transactions not being logged after the first tx logger had
logged.
 6 years ago
Victor Julien 0e40231189 app-layer: improve transaction cleanup handling 
The app layers with a custom iterator would skip a tx if during
the ..Cleanup() pass a transaction was removed.

Address this by storing the current index instead of the next
index. Also pass in the next "min_tx_id" to be incremented from
the last TX. Update loops to do this increment.

Also make sure that the min_id is properly updated if the last
TX is removed when out of order.

Finally add a SMB unittest to test this.

Reported by: Ilya Bakhtin
 6 years ago
Victor Julien d34e41068f app-layer: fix tx tracking updates in tx cleanup 
Fix min_id not getting updated in all cases.

Reported by: Ilya Bakhtin
 6 years ago
Victor Julien e62e4bdc49 app-layer: add debug statements to tx cleanup logic 6 years ago
Victor Julien 37203c98a1 unittests/app-layer: add helper to get app tx trackers 6 years ago
jason taylor fc395eb2c5 userguide: updated hyperscan version reference 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Travis Green 3539ae3041 Updated link for Prelude SIEM 
Updated link for Prelude SIEM to https://www.prelude-siem.org/
 6 years ago
Eric Leblond f3be8eaaf4 detect-depth: remove semi coma from desc 
It was breaking the CSV export.
 6 years ago
Eric Leblond 8c1b16e22d doc: fix some links in list-keywords command 6 years ago
Eric Leblond 24806c2102 suricata.yaml: fix path to XDP doc 6 years ago
Eric Leblond 64df672cf7 util-bpf: workaround OpenBSD old libpcap 
OpenBSD is not using a pcap_compile_* function so we can just
comment the code for OpenBSD users.
 6 years ago
Eric Leblond 6853683085 af-packet: remove unused field in AFPThreadVars 6 years ago
Eric Leblond 750651a45a configure.ac: better llc binary detection 
llc is needed to build the ebpf files and current autoconf code
was not working properly on Debian.
 6 years ago
Eric Leblond 6bfecd6906 af-packet: remove years old todos 6 years ago
Eric Leblond 017acaa465 netmap: use custom BPF compile function 6 years ago
Eric Leblond 28e9e4c85c af-packet: use the new BPF compilation function 6 years ago
Eric Leblond 3c566e0f89 util-bpf: introduce custom BPF compile functions 
We can't get error from pcap_compile_nopcap() so let's get our
own function and output message.
 6 years ago
Eric Leblond e98b5e4946 af-packet: micro optimization 
Use a else if instead of two chained if constructs.
 6 years ago
Eric Leblond 9efa4ace69 af-packet: improve error handling 
Stress condition in Suricata could lead to interface to disconnect
when it is not necessary. This patch updates the error handling
code to try to continue reading when such a case occurs.
 6 years ago
jason taylor 74761b04fe bypass:added new documentation reference 
Documentation didn't previously exist for the bypass keyword

Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Eric Urban 90a0731564 debug/log: add log level for JSON type 
resolves #2671
 6 years ago
Jason Ish 345ec58df4 configure: allow for --disable-suricata-update 
This is to prevent suricata-update from being installed if it
would otherwise be installed based on in being bundled, and
its dependencies being available.

Warn the user that Suricata-Update will not be installed if it
is bundled, but python-yaml is missing (this will also cover
the case where Python is missing).

Add "Install suricata-update" to the build summary. For consistency,
relable "Suricatasc install" as "Install suricatasc".
 6 years ago
Jason Ish db36708756 configure: check for python-yaml 
Don't install suricata-update if python-yaml does not
exist.
 6 years ago
Jason Ish 5eb7f0f77c configure: print datarootdir 
This is relevant now as its where Suricata engine rules
get installed.
 6 years ago
Victor Julien 6f2b974f9c detect/mpm: fix fast_pattern handling of len >255 
The fast pattern selection logic would truncate a patterns len to
255 leading to assigning the same pid to different patterns.

This in turn would be caught by the hyperscan setup code which would
abort.

Bug #2714.
 6 years ago
Victor Julien eedf08be29 rust/filetracker: remove reachable panic 
Remove reachable panic condition when an existing file chunk is not
completed. Instead trunc the file and reset.

Related to bug #2717
 6 years ago
Victor Julien 1b1e136c4f nfs: improve file tracking under packet loss 
In case of packet loss during an in-progress chunk the file tracker
could loose track of a file because it couldn't map the XID to a
file handle.

The file tracker would then panic if a new file was opened, as
it noticed the last chunk wasn't yet complete.

This patch tracks the file handle for a in-progress chunk in the
state, just like the tracking of the size that is left.

Bug #2717
 6 years ago
Victor Julien 27f87567ca rust/nfs: improve debug output 6 years ago
Victor Julien 961610489a iprep: small cleanups 6 years ago
Victor Julien 5740c79b93 iprep: improve error checking of path handling 6 years ago
Victor Julien 0b3220a0df detect: improve inspect buffer handling 
Fix and Optimize cleanup. For the simple single inspect buffer optimize
the cleanup by keeping track of the actually used buffers. This avoid
looping over unused buffers.

Fix the case of cleaning not being done after a tx if the next tx is
also inspected in the context of the same packet.

Fix cleanup of the multi-inspect buffers. Optimize in 2 ways. First
like with single keep track of which multi-inspect buffers have been
used. Second, keep a max of the buffers within a multi-inspect buffer.
Use this max to limit (nested) looping.
 6 years ago
jason taylor 683be94830 profiling: set loop limit to match array size 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Victor Julien 5aef72efd1 prelude: fix potential uninitialized value use 6 years ago
Victor Julien ca1161d798 detect: suppress coverity deadcode warnings 
Suppress as scan-build-7 relies on this 'dead' code to not issue
a warning.
 6 years ago
Victor Julien 7b318592e6 filestore: suppress coverity toctou warning 6 years ago
Victor Julien cb2008fb27 detect: fix coverity memory leak warnings 6 years ago
Victor Julien 16100e592d file: use u32 file id everywhere 6 years ago
Victor Julien 59d526481c detect/distance: improve value parsing and fix broken test 6 years ago
Victor Julien 9cce1995ef detect/within: clean up option value parsing 6 years ago
Victor Julien 8814b994b5 detect/within: test cleanups 6 years ago
Victor Julien 1803af7aa6 eve/dns: improve version warning message 6 years ago
Victor Julien 758acd4b7e detect/offset: improve value parsing 6 years ago
Mats Klepsland b5dfc9ed41 app-layer-ssl: fix coverty error (RESOURCE_LEAK) 
Bug #2677
 6 years ago
Victor Julien 787473ec64 changelog: update for 4.1 6 years ago
Victor Julien 36e84b929c smtp/mime: fix null ptr deref on bad traffic 
Due to missing error handling, a bad mime message could put the
mime parser in an error state, without the SMTP layer taking this
into account. So the SMTP layer would continue to pass data to the
mime parser, even though it was in an error state.

When the parser would be fed a very long line while in this state,
it would try to set an error flag in the state. However, due to
the error state, this setting of the flag would dereference a null
pointer.

This patch fixes this issue by updating the mime parser to check
the state it is in when receiving new input. It will refuse to
process futher data while in the error state. It will also return
a new error code to indicate to the SMTP layer that the parser
was in an error state.
 6 years ago
Victor Julien fa2ce043cf ipv6: disable zero len padN rule by default 6 years ago
jason taylor 131112de13 doc: Remove gulp references 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
jason taylor fc54d750dd doc: add bypass keyword documentation 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago