aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,866 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8560564657'
${ noResults }
Commit Graph

15866 Commits (8560564657735a4c22004d51db9775ca2f1d9645)
 

Author SHA1 Message Date
Victor Julien 6a23fafa5f decode/tcp: reduce space needed for MSS tracking 
Part of effort to make Packet more compact.

Ticket: #6938.
 10 months ago
Victor Julien 9632c2f570 decode/tcp: optimize SACKOK storage 
Take less space in the TCPVars for tracking if SACKOK is set.

Reduces size by 16 bytes.

Ticket: #6938.
 10 months ago
Victor Julien 3c17d5d73c decode/ipv4: minor test cleanups 10 months ago
Victor Julien a40d6f5c4f decode/ipv6: prep for turning ip4h/ip6h into union 
Store IPv6 decoder vars in a new Packet::l3 section in the packet.

Use inline functions instead of the often multi-layer macro's for
various IPv6 header getters.

Ticket: #6938.
 10 months ago
Victor Julien 2d5c381c3b decode/ipv4: prep for turning ip4h/ip6h into union 
Store IPv4 decoder vars in a new Packet::l3 section in the packet.

Use inline functions instead of the often multi-layer macro's for
various IPv4 header getters.

Ticket: #6938.
 10 months ago
Victor Julien 79e6f7018f decode: minor style cleanup in the header ptrs 10 months ago
Victor Julien 1535c88601 validate: remove ip4h/ip6h check 
In preparation of making them union members.
 10 months ago
Victor Julien 0e99e8a7fa defrag: track ip hdr offset in tracker 
In preparation of future Packet structure changes.

Ticket: #6938.
 10 months ago
Victor Julien c4a6ee1647 decode: reduce macro use in IPv4/IPv6 
Improve readability by setting up data/data_len once before
passing on to the other decoders.

Work in preparation of other decoder changes.

Ticket: #5517.
 10 months ago
Victor Julien 9d9ae62b6e flow: avoid direct IP header checks 
To prepare future changes to the Packet header pointers.

Ticket: #5517.
 10 months ago
Victor Julien eb3ca643c1 decode: reduce PKT_IS_IPV4/PKT_IS_IPV6 use 
Replace it with inline functions. Adds inline functions to
wrap PKT_IS_IPV4/PKT_IS_IPV6.

This is in preparation of removing the macro's, and cleaning up the
header pointers.

Ticket: #5517.
 10 months ago
Victor Julien 813147755d decode: rename IP_GET_IPPROTO to PacketGetIPProto 
To match function naming style.

Ticket: #5517.
 10 months ago
Victor Julien 61df76a57d decode: implement IP_GET_IPPROTO as inline func 
For better readability and type checking.

Ticket: #5517.
 10 months ago
Shivani Bhardwaj 14e2c579f6 tls/random: fix incorrect direction handling 
The connp objects were incorrectly set per direction leading to
incorrect matches on respective directions.

Bug 6989
 10 months ago
Victor Julien a51b6fa6bd pcap: address codeql warning 
Use of potentially dangerous function: localtime

Windows localtime is thread safe and no localtime_r is availabe on
Windows, so use separate logic for Windows.
 10 months ago
Victor Julien 60e6d1d77d rohash: fix codeql warnings 
Suspicious pointer scaling to void
 10 months ago
Victor Julien ea110aca5b rohash: minor code cleanups 10 months ago
Jason Ish ad4185b3c4 misc: remove some unused includes 
Remove unused includes noticed while updating runmode access.
 10 months ago
Jason Ish d2537361f4 run-mode: remove duplicate var; add setter function 
Remove the global "run_mode" var as it was a duplicate of the runmode on
the "instance" struct. For direct access outside of suricata.c, use the
getter function.

Also expose a setter function for unit tests that need to change it.
 10 months ago
Shivani Bhardwaj a2502c9fca util/base64: add more tests to increase coverage 10 months ago
Shivani Bhardwaj 4c131a4b30 util/mime: check invalidity after final b64 block 
Since there is code in place that skips over invalid base64 characters
and creates a new array out of the remainder vector, all test must be
made after that final array has been created and against the variable
that holds the actual length of the final array.
 10 months ago
Shivani Bhardwaj 884400f1ae util/mime: skipped chars should be marked consumed 10 months ago
Shivani Bhardwaj a573881418 util/base64: use real numbers in test vectors 10 months ago
Shivani Bhardwaj 76de3d9ab0 util/base64: update tests to correct consumed bytes 
Also, don't treat a successful decoding that had invalid characters as
errors. The caller does not treat them as errors so it makes sense to
consider it successful if something was decoded.

Bug 6964
 10 months ago
Shivani Bhardwaj c0bc43c393 util/base64: use decoder fns per RFC 
instead of the common decoder fn.

Bug 6964
 10 months ago
Shivani Bhardwaj 885d540dea util/base64: add base64 decode fns per RFC 
Base64 decoder tried to handle several different cases in one fn
including how the data should be decoded and corresponding consumed and
decoded bytes calculated for RFC 2045 and RFC 4648 which are very
different. This left window for mistakes and edge cases that one mode is
not supposed to take care of while the other can.

Separate the decoder per RFC so as to have each variable their own scope
and playground. This also makes it much easier to debug if there are any
issues in decoding w.r.t. different callers.

This also takes care of some known issues like making sure the consumed
bytes are correctly handled.

Bug 6964
 10 months ago
Giuseppe Longo 4f1e71bb4e doc: add sdp update 10 months ago
Giuseppe Longo 868493529b rust/sip: parse and log sdp 
If SDP payload is found within a SIP message, it will be parsed and then
logged.

Ticket #6627
 10 months ago
Giuseppe Longo bff790b6ac rust/sdp: implement logger 
This implements a logger for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627
 10 months ago
Giuseppe Longo 1ccfc35214 rust/sdp: implement protocol parser 
This implements a parser for the SDP protocol.
Given that SDP is encapsulated within other protocols (such as SIP),
enabling it separately is not necessary.

Ticket #6627.
 10 months ago
Philippe Antoine d8e0c72644 app-layer: remove unused C wrappers 
Ticket: 4083
 10 months ago
Jason Ish 480955b1f8 github-ci: update fedora builds 
f39 -> f40
f38 -> f39
 10 months ago
Philippe Antoine 316cc528f7 detect/parse: set limits for pcre2 
Ticket: 6889

To avoid regexp dos with too much backtracking.
This is already done on pcre keyword, and pcrexform transform.
We use the same default limits for rules parsing.
 10 months ago
Philippe Antoine 03442c9071 http2: do not log duplicate headers 
Ticket: 6900

And thus avoid DOS by logging a request using a compressed
header block repeated many times and having a long value...
 10 months ago
Philippe Antoine 390f09692e http2: use a reference counter for headers 
Ticket: 6892

As HTTP hpack header compression allows one single byte to
express a previously seen arbitrary-size header block (name+value)
we should avoid to copy the vectors data, but just point
to the same data, while reamining memory safe, even in the case
of later headers eviction from the dybnamic table.

Rust std solution is Rc, and the use of clone, so long as the
data is accessed by only one thread.
 10 months ago
Philippe Antoine fd47e67dc6 util/base64: fix buffer overflow 
Ticket: 6902

In case the caller of DecodeBase64 does not supply a big enough
output buffer.
 10 months ago
Jason Ish d226d0a3fc defrag: fix check for complete packet 
The list of fragments may still contain overlaps, so adding up the
fragment lengths is flawed. Instead track the largest size of
contiguous data that can be re-assembled.

Bug: #6675
 10 months ago
Jason Ish f1709ea551 defrag: fix subsequent overlap of start of original (bsd) 
Fix the BSD policy case where a subsequent fragment starts before an
original fragment and overlaps the beginning of the original
fragment. In this case the overlapping data from the new fragment is
preferred.

Suricata was preferring the data from the original fragment, but it
should only do that when the original fragment has an offset <= to the
new fragment.

- Adds tests for this case.

Bug: #6669
 10 months ago
Jason Ish d0fd078250 defrag: check next fragment for overlap before stopping re-assembly 
Instead of breaking the loop when the current fragment does not have
any more fragments, set a flag and continue to the next fragment as
the next fragment may have data that occurs before this fragment, but
overlaps it.

Then break if the next fragment does not overlap the previous.

Bug: #6668
 10 months ago
Jason Ish bdd17de73d defrag: use uint8_t in unit tests 10 months ago
Jason Ish 2f00b5870a defrag: consistent unit test naming 
Use a more consistent naming scheme between ipv4 and ipv6.
 10 months ago
Jason Ish 6339deadce defrag: make tests more readable 
Make tests more readable for comparing to the paper "Target-Based
Fragmentation Reassembly".
 10 months ago
Jason Ish 276d3d6541 defrag: minor cleanups 
- typo in comment
- remove debug function that is not used and no longer valid
 10 months ago
Lukas Sismis 3a27cfd7be dpdk: increase timeout for DPDK test runs 11 months ago
Philippe Antoine 402f39b4f2 util/mime: adds safety check 
Ticket: 6904

Even if there is no problem, just fortify the function,
so that it is future-proof if the caller does not do the check.
 11 months ago
Philippe Antoine 7274ad58aa detect: use direction-based tx for app-layer logging 
When we only have stream matches.

Ticket: 6846

This solves the case where another transaction was created
by parsing data in the other direction, before running the
detection.

Like
1. get data in direction 1
2. acked data: parse it, but do not run detection in dir 1
3. other data in direction 2
4. other data acked : parse it and create new tx,
then run detection for direction 1 with data from first packet
 11 months ago
Victor Julien f6635ea960 mime: validate that chunk size stays within limit 11 months ago
Victor Julien 6f27f2a817 smtp: minor debug cleanup 11 months ago
Victor Julien 8ef15ee205 streaming/buffer: add validation checks for data chunk sizes 11 months ago
Victor Julien 9aff8afc62 util/file: add validation check for extreme data chunk sizes 11 months ago