aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,851 Commits
8 Branches
163 Tags
196 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7bfb63210e'
${ noResults }
Commit Graph

11122 Commits (7bfb63210e3a128c999343a4805b1d972ae64b73)

Author SHA1 Message Date
Victor Julien 7bfb63210e mime/base64: unify space handling 3 years ago
Philippe Antoine 0e054af1ac mime: do not skip empty lines for quoted-printable 
As these lines are in the file...

Ticket: #5725
 3 years ago
Philippe Antoine 04fd2ae78e dns: do not oputput empty array for query 3 years ago
Richard McConnell 6e128f48a2 af-xdp: Add AF_XDP socket support 
AF_XDP support is a recent technology introduced that aims at improving
capture performance. With this update, Suricata now provides a new
capture source 'af-xdp' that attaches an eBPF program to the network
interface card. Packets received in the NIC queue are forwarded to
a RX ring in user-space, bypassing the Linux network stack.

Note, there is a configuration option (force-xdp-mode) that forces the
packet through the normal Linux network stack.

libxdp and libbpf is required for this feature and is compile time
configured.

This capture source operates on single and multi-queue NIC's via
suricata.yaml. Here, various features can be enabled, disabled
or edited as required by the use case.

This feature currently only supports receiving packets via AF_XDP,
no TX support has been developed.

Ticket: https://redmine.openinfosecfoundation.org/issues/3306

Additional reading:
https://www.kernel.org/doc/html/latest/networking/af_xdp.html
 3 years ago
Todd Mortimer 7d1a8cc335 file/swf: Use lzma-rs decompression instead of libhtp. 
Use the lzma-rs crate for decompressing swf/lzma files instead of
the lzma decompressor in libhtp. This decouples suricata from libhtp
except for actual http parsing, and means libhtp no longer has to
export a lzma decompression interface.

Ticket: #5638
 3 years ago
Victor Julien 9ed65907a7 fuzz/sigpcap: set pkt_src 3 years ago
Victor Julien f848e34bcc stream: stricter check inserting segments 
In lossy streams, esp where TcpSession::lossy_be_liberal it is possible
to end up inserting a segment that is out of the expected sequence
number bounds.
 3 years ago
Victor Julien 5b6193f4c4 flow: cleanup and clarify ancient debug messages 3 years ago
Victor Julien 03d049dadc decode: enforce layer limit through tunnel layers 
Bug: #5686.
 3 years ago
Shivani Bhardwaj f80c999db3 util/base64: fix heap buffer overflow 
While updating the destination pointer, we were also adding the padded
bytes which are not a part of the decoded bytes. This led to running out
of space on the destination buffer.
Fix it by only incrementing destination buffer ptr by the number of
actual bytes that were decoded.

Ticket 5623
 3 years ago
Victor Julien 9f4dd4fc56 smtp/files: don't modify prev file on open failure 3 years ago
Victor Julien e601ebdfd8 files: always initialize inspect_window and min_inspect_depth 
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.
 3 years ago
Victor Julien df7d8d96c9 streaming/buffer: set hard limit on buffer size 
Don't allow the buffer to grow beyond 1GiB. Add a once per thread
warning if it does reach it.

Bug: #5703.
 3 years ago
Victor Julien 2edfff7a0c src: unify how warnings specify ticket id's 3 years ago
Jason Ish 0c00f28ebc afpacket/netmap: warn about mixed ips, ids/tap deprecation 
Suricata already logs if AF_PACKET or Netmap are running in a mixed IPS
and IDS/TAP mode.  As the behavior is undefined when these modes are
mixed, it is best to deprecate and to not allow this behavior. For now
warn that it will be unsupported and fail in Suricata 8.

Ticket: 5587
 3 years ago
Philippe Antoine 3e4f58e375 detect: fix memory leak when parsing signature 
Ticket: #5529
 3 years ago
Victor Julien 1e653cc36d profiling: fix includes 3 years ago
Victor Julien 50b858aa49 ipfw: fix missing include 3 years ago
Victor Julien f3f2807202 netmap: fix missing include 3 years ago
Jason Ish dcd9dabc70 classification: continue processing on parse error 
Instead of returning on the first line that fails to parse, log the
error and continue instead of returning.

The fail fast makes sense in test mode, but not in a normal run mode
where you don't want one bad line to abort processing the whole file.

This will still fail out in test mode.

Related issue: 4554
 3 years ago
Philippe Antoine ad713246a9 src: remove double includes 
Keep the unconditional include to be sure it works

git grep '#include "' src/*.c | sort | uniq -c | awk '$1 > 1'
 3 years ago
Philippe Antoine 9af0dafbad src: fix some include orders 
So as to be able to get include removal right
 3 years ago
Philippe Antoine cc23923de1 src: remove obsolete comment 
Should have been removed along by commit
82dba07579
 3 years ago
Philippe Antoine 62352ad030 src: fix remaining cppclean warnings 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Philippe Antoine 662f0ce503 util: fix includes for util-memcmp 
u8_tolower is now in suricata-common.h

Fixes commit 19e94e93fa
 3 years ago
Philippe Antoine e85f3916e3 src: fix integer warnings 
and adds defrag debug validations
 3 years ago
Philippe Antoine b5147189ae tls: fix off by one in supported versions extension 
Ticket: #5663
 3 years ago
Jeff Lucovsky a4239d433a detect/bsize: Validate bsize values after parsing 
Issue: 2982

This commit moves bsize validation with respect to content matches to
the post-parse validation stage. This allows bsize to consider all
content-related values, including those that follow the bsize keyword.
 3 years ago
Jeff Lucovsky 9d73777a46 bsize/general: Remove unnecessary includes 
This commit removes unused/commented out #include lines.
 3 years ago
Jeff Lucovsky 8b41754acd add to general: Typo fixup 3 years ago
Jeff Lucovsky 8df6701186 netmap: Fix include file issues 3 years ago
Jeff Lucovsky ecfdc24e08 detect/bsize: Semantic validation of bsize values 
This commit adds validation of the bsize value(s) with the available
buffer size. Signatures are flagged if the bsize and buffer size are
incompatible.

Issue: 3682
 3 years ago
Jeff Lucovsky 25c0a6ea7c tests/bsize: Test cases with preceding content 
This commit adds test cases that validate behavior when "content"
immediately precedes "bsize".
 3 years ago
Jeff Lucovsky c91b987732 general: Typo fixup 3 years ago
Jeff Lucovsky 115297c016 detect/content: Use SCCalloc instead of malloc/memset 
This commit replaces a SCMalloc/memset with SCCalloc
 3 years ago
Jeff Lucovsky 7eb5fb1826 detect/content: Consider distance in validation 
Ticket: 2982

This commit validates that the content usage in a rule will not exceed
the dsize value.

Values of distance that cause the right edge to be exceeded are
considered an error and the signature will be rejected.
 3 years ago
Shivani Bhardwaj 58e5033a44 util/base64: use padding var for calculations 3 years ago
Victor Julien ca6ce935b5 security: disable setrlimit with asan 
Various parts of ASAN will require creation of threads. At least
LSAN reporting and ASAN stack traces require this. Detect if we
run with ASAN and bypass the noproc setting with a warning.

Bug: #5661.
 3 years ago
Victor Julien 8f0d820218 ssl: add debug validation checks for recent changes 
Make sure the assumptions are correct.
 3 years ago
Philippe Antoine 3fbcba8ab7 tls: fix buffer overread 
Recently introduced by commit 4bab6e24e5

Ticket: #5564
 3 years ago
Philippe Antoine 4706083929 detect: avoids memory leak on ja3 signature parsing 
If a later keyword enforces a protocol incompatible with ja3
 3 years ago
Philippe Antoine c09ca7d171 clean: use SC_MD5_HEX_LEN instead of magic number 32 3 years ago
Philippe Antoine 7823653a30 clean: replace MD5_STRING_LENGTH with more used SC_MD5_HEX_LEN 3 years ago
Philippe Antoine 5a0d07b13f clean: remove useless * sizeof(char) 3 years ago
Philippe Antoine f75d18b077 quic: ja3 code deduplication 
As quic transactions are unidirectional, the same function is
used to get ja3 from client or from server.
 3 years ago
Philippe Antoine 7cb40a1dfc quic: allow ja3.hash keyword 
Ticket: #5624
 3 years ago
Daniel Young aeb0c0e71a detect/parse-port: fix whitespaces bug 
Updated by Victor Julien to:
- accept but strip leading whitespaces
- update tests
- cleanup tests
 3 years ago
Eric Leblond ea85e2ccf2 detect/filename: fix buffer description 3 years ago
Shivani Bhardwaj 82dba07579 src: remove unneeded header and refs 3 years ago