aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,466 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8e946b92b7'
${ noResults }
Commit Graph

5466 Commits (8e946b92b78633955cf23a2f79cbdeaa330a22eb)
 

Author SHA1 Message Date
Victor Julien d0357c6169 smtp: add file inspection engine 
Fix file inspection engine.

TODO: test
 10 years ago
Victor Julien 56b74c8b5b smtp: make TX aware 
Store mime decoding context per transaction. For this the parser
creates a TX when the mime body decoding starts.
 10 years ago
Victor Julien cb4440324e mime: redo PrintChars using PrintRawDataFp 10 years ago
Victor Julien f979e92f68 decode mime: refactor & cleanup 
Partly to work around cppchecks:
[src/util-decode-mime.c:1085]: (error) Memory leak: url
 10 years ago
Victor Julien 54df86658c mime: rename mime-decode.[ch] to util-decode-mime.[ch] 10 years ago
Victor Julien 6035470ffb mime: style updates 10 years ago
Victor Julien 595acf2dfc mime decode: reshuffle data structures to reduce structure sizes 10 years ago
Victor Julien 9a573c5704 output smtp: fix call 10 years ago
Victor Julien de44a5af94 decode mime: clean up includes 10 years ago
Victor Julien cd55b657c2 mime decode: improve MimeDecParseLineTest01 and MimeDecParseLineTest02 tests 10 years ago
Victor Julien dd4b506cc2 decode mime: fix scan-build issues 10 years ago
Victor Julien f91d52a0d2 mime decode: fix memory leak 10 years ago
Victor Julien bffceb7115 mime decode: remove unused url counter 10 years ago
Victor Julien d72f8c7de5 output smtp: clean up memory at shutdown 10 years ago
Victor Julien c712ab2299 Fix compiler warning 10 years ago
Victor Julien 106bbc78e1 mime: refactor buffer use 
Turn all buffers into uint8_t (from char) and no longer use the
string functions like strncpy/strncasecmp on them.

Store url and field names as lowercase, and also search/compare
them as lowercase. This allows us to use SCMemcmp.
 10 years ago
Tom DeCanio f55c94cb54 smtp-mime: preinitialize base64 decoder space 
Preinit with zeros.
 10 years ago
Tom DeCanio c279f07d2a mime-decode: clean up after MimeDecParseFullMsgTest01. 10 years ago
Tom DeCanio 4503ffeee9 mime-decode: fix minor memory leak if Mime parser initialization were to fail. 10 years ago
Tom DeCanio 1ab5f72fdd mime-decode: remove "comparison between signed and unsigned integer expressions" 
warnings
 10 years ago
Tom DeCanio e5c36952d6 app-layer-smtp: move old smtp-mime section in suricata.yaml into 
app-layer-protocols.smtp.mine section and update code to accomodate.
 10 years ago
Tom DeCanio 3e10ee4608 PR review comment. Use protocol to discern log type. 10 years ago
Tom DeCanio f1c160ed22 smtp: turn on smtp mime decoding and enable smtp eve logging. 10 years ago
Tom DeCanio 746da75615 eve-log: catch and log URLs in basic text emails without mime encapsulation. 
expand pointer walk protection.
 10 years ago
Tom DeCanio 471967aafd mime-decode: don't scan attachment's data for URLs. 
move event pointer lookup inside extract_urls and protect pointer walk.
 10 years ago
Tom DeCanio 6467a5d563 app-layer-smtp: fix Test14. 
Was running one byte past end of buffer.
Declare Unit Test 14's data as static.
 10 years ago
Eric Leblond 260872ccd9 smtp layer: fix unittests 
Synchronize test 14 with the new application layer API and improve
debug messages.
 10 years ago
Tom DeCanio 31f8f5cf20 eve-log: SMTP JSON logger 10 years ago
Tom DeCanio 7850d896a8 smtp-mime: add server reply codes returned from outlook server 10 years ago
David Abarbanel c2dc686742 SMTP MIME Email Message decoder 10 years ago
Ken Steele a781fc5c2e Make suricata_ctl_flags be volatile 
The global variable suricata_ctl_flags needs to volatile, otherwise the
compiler might not cause the variable to be read every time because it
doesn't know other threads might write the variable.

This was causing Suricata to not exit under some conditions.
 10 years ago
Victor Julien 503cc3de69 stream/async: improve handling of syn/ack pickup 
If we picked up the ssn with a syn/ack, we don't need to make more
assumptions about sack and wscale after that.
 10 years ago
Victor Julien 1656148490 stream/async: fix session setup issues 
For these 2 cases:

1. Missing SYN:
-> syn <= missing
<- syn/ack
-> ack
-> data

2. Missing SYN and 3whs ACK:
-> syn <= missing
<- syn/ack
-> ack <= missing
-> data

Fix session pickup. The next_win settings weren't correctly set, so that
packets were rejected.

Bug 1190.
 10 years ago
Victor Julien b2e80a0f66 stream: improve tracking with pkt loss in async 
If 3whs SYN/ACK and ACK are missing we can still pick up the session if
in async-oneside mode.

-> syn
<- syn/ack <= missing
-> ack     <= missing
-> data

Bug 1190.
 10 years ago
Victor Julien 033409a042 iprep: cleanup ctx on shutdown 
~~Dr.M~~ Error #1: LEAK 480 direct bytes 0x0aae7fc0-0x0aae81a0 + 0 indirect bytes
~~Dr.M~~ # 0 replace_malloc                    [/work/drmemory_package/common/alloc_replace.c:2373]
~~Dr.M~~ # 1 SRepInit                          [.../Suricata/src/reputation.c:594]
~~Dr.M~~ # 2 DetectEngineCtxInit               [.../src/detect-engine.c:844]
~~Dr.M~~ # 3 main                              [.../Suricata/src/suricata.c:2230]
 10 years ago
Ken Steele b2b1239ddf Make AppLayerProfiling functions inline 
The entire body of these functions are protected by ifdef PROFILING.
If the functions are inlined, then this check removes the need for the
function entirely.

Previously, the empty function was still called, even when not built
for profiling. The functions showed as being 0.25% of total CPU time
without being built for profiling.
 11 years ago
Giuseppe Longo 07fffa6a7d Fixes comments for pfring section in suricata.yaml 
Bug #1301
 11 years ago
Giuseppe Longo 2d43dae934 PF_RING: force cluster type if vlan is disabled 
If vlan is disabled the cluster_flow mode will still take VLAN tags
into account due to using pf_ring's 6-tuple mode.
So this forces to use pf_ring's 5-tuple mode.

Bug #1292
 11 years ago
Giuseppe Longo 395d5b7f61 iprep: add unit tests for cidr 
Implements unit tests to test the new API
 11 years ago
Giuseppe Longo 5499cb71b0 detect-iprep: extends cidr 
Adds new API to check if an IP address is belong
to a netblock and gets the value.
 11 years ago
Giuseppe Longo a1d8439b25 iprep: extends cidr support 
Implements new API to expand the IP reputation
to netblocks with CIDR notation

A new object 'srepCIDRTree' is kept in the DetectionEngineCtx,
which contains two tree (one for ipv4 and one for ipv6)
where the reputation values are stored.
 11 years ago
Eric Leblond 667b9a5220 lua: add export of dns.rrname 
Add the capability for a lua script to ask for rrname in DNS query.
 11 years ago
Eric Leblond 74ffa2b264 lua: move function to common utils 
LuaStateNeedProto function can be used for any protocol so let's
move it out of the http file.
 11 years ago
Victor Julien 4d66775a56 stream: improve bad window update detection 
Ignore more valid ACKs in FIN shutdown phase.

Improve heuristic for window shrinking in case of packet loss.
 11 years ago
Victor Julien a54f52278b stream: fix 'bad window update' false positive 
ACK packets completing a valid FIN shutdown could be flagged as
'bad window update' if they would shrink the window.

This patch detects this case before doing the bad window update
check.
 11 years ago
Tom DeCanio ce472d88be sanity check tcp SACK edges prior to recording. Attempt to avoid Cisco ASA 
tcp randomization issue with it not properly writing sequence numbers in SACK.
 11 years ago
Victor Julien 5834a1a619 stream: improve handling of 3whs packet loss 
If the 3whs ACK and some data after this is lost, we would get stuck
in the 'SYN_RECV' state, where from there each packet might be
considered invalid.

This patch improves the handling of this case.
 11 years ago
Victor Julien e7a909f4ae stream: fix ssh/ssl logging on tcp session reuse 
TCP session reuse wouldn't unset FLOW_NO_APPLAYER_INSPECTION.
 11 years ago
Victor Julien 59d12f334e ssh.softwareversion: allow more characters 
The keyword would not allow matching on "OpenSSH_5.5p1 Debian-6+squeeze5"
as the + and space characters were not allowed.

This patch adds support for them.
 11 years ago
Victor Julien a68e19d998 stream: add counter for failed pseudo setups 
Stream pseudo packets are taken from the packet pool, which can be empty.
In this case a pseudo packet will not be created and processed.

This patch adds a counter "tcp.pseudo_failed" to track this.
 11 years ago