aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,728 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '97a2d1ac26'
${ noResults }
Commit Graph

5728 Commits (97a2d1ac267a13b6c623bf57ad1b8ad8d95290a1)
 

Author SHA1 Message Date
Tom DeCanio 97a2d1ac26 fix reputation parser so that it accepts ipv6 addresses in configuration file. 10 years ago
Jason Ish 11d6770ae4 afl - SCHINfoLoadFromConfig - check for NULL before parsing. 
Found by AFL on suricata.yaml.
 10 years ago
Jason Ish 75d21851cf afl - Don't fail if app-layer proto enabled value is NULL. 
Found by using AFL on suricata.yaml.
 10 years ago
Eric Leblond 0376b60da9 email-json: free temporary 'cc' string 10 years ago
Eric Leblond bd67000b69 email-json: free temporary 'to' string 10 years ago
Eric Leblond 7b8184947a app-layer-smtp: fix SMTPTransactionFree function 
A typo was causing some freeing tasks not to be executed.
 10 years ago
Victor Julien 91ddf85323 profiling: fix sorting on very long runs 
Fix poor int handling breaking sorts of profiling on long runs
where the numbers could get really big.
 10 years ago
Victor Julien 1a83fee5f5 xbits: fix coverity warnings 
Switch statement would contain NOALERT even though this was
unreachable.
 10 years ago
Victor Julien 54d5e2eed5 coverity fix: don't do pointer check on static array 10 years ago
Victor Julien b9aaf5a9ab Fix potential deadlock in output 
Coverity:
** CID 1296115:  Program hangs  (ORDER_REVERSAL)
/src/tm-threads.c: 1670 in TmThreadClearThreadsFamily()

The problem is with the by default unused '%m' output parameter.
To get the thread vars it takes the tv_root_lock. This may already
be locked by the calling thread. Also, it could lead to a case of
wrong lock order between the tv_root_lock and the thread_store_lock.

Very unlikely to happen though.

As the %m param isn't really used (by default) this patch just
disables it.
 10 years ago
Victor Julien 94321b8a2f packet pool: fix memleaks 
Don't kill flow manager and recyclers before the rest of the threads. The
packet threads may still have packets from their pools. As the flow threads
would destroy their pools the packets would be lost.

This patch doesn't kill the threads, it just pulls them out of their run
loop and into a wait loop. The packet pools won't be cleared until all
threads are killed.

Wait for flow management threads to close before moving on to the
next steps in the shutdown process.

Don't destroy flow force reassembly packet pool too early. Worker
threads may still want to return packets to it.
 10 years ago
Victor Julien 22142d9b8b threshold: cleanups 
Use pcre_copy_substring in the most common part of threshold rule
parsing. Minor other cleanups.
 10 years ago
Victor Julien e86e1e0282 reference: use pcre_copy_substring 10 years ago
Victor Julien cc38df8074 classification: cleanups 
Reduce hash table size as regular classification files are usually
below 100 in size. It's not performance critical anyway.

Convert pcre_get_substring calls to pcre_copy_substring.
 10 years ago
Victor Julien 3fbc6ede6b suricatasc: allow for longer response times after connect 10 years ago
Victor Julien deb98fab0c packet pool: init pool for autofp workers as well 
Introduce a new 'PacketPoolInitEmpty' as these pools will not often
need packets.

Also, don't double 'destroy' in the main thread.
 10 years ago
Victor Julien 1884227019 autofp: reduce flow storage space requirement 
Use int16_t instead of a regular int to safe 2 bytes per flow.
 10 years ago
Victor Julien 643c30f67f threading: add missing locks to threading storage 
Lock threading root lock when walking or updating the threading
storage for 'ThreadVars' objects.
 10 years ago
maxtors e7658fd4f4 Added new WebDAV http methods. 
Added more WebDAV functions. A complete list of what http
methods libhtp can handle can be found at:
https://github.com/OISF/libhtp/blob/0.5.x/htp/htp_core.h#L260.
So now the methods array reflects these available functions.

The comments have also been changed to reflect the desired style.
 10 years ago
maxtors 3b26b07963 Reworked pattern registration structure and feedback issues. 
1) Reworked pattern registration for http methods and versions.

Instead of being a manual and verbose action of adding one
and one http method with N-amount if prefix spacings and
the same for HTTP versions (eg. HTTP/1.1) i moved it all
to be loop based actions reading values from char arrays.

In the future all that is needed is to add new methods
to the arrays and they will be added as a pattern.

2) Modified pattern registration after feedback.

Changed variable used in snprintf for http method registration
Should have been size of dest buffer at not another var (catsize)
that i had created. Also removed this variable.

Fixed a typo in the comment for registering http versions.
TO_CIENT -> TO_CLIENT.
 10 years ago
maxtors 7a9e963619 Added http methods for webdav (rfc4918). 
Included the following methods to app-layer-htp.c:
- PROPFIND
- PROPPATCH
- MKCOL
- COPY
- MOVE
- LOCK
- UNLOCK
 10 years ago
maxtors a7abaf538c Added DELETE and PATCH http methods to app-layer-htp.c 
Added two new http methods to the http decoding done in
app-layer-htp.c so that these messages will be decoded as well.
 10 years ago
Victor Julien 915eb992ca app-layer: update protocol detection tests 
AppLayerTest09, AppLayerTest10 and AppLayerTest11 depended on a max
protocol detection pattern size of < 17. Update the tests to pass one
extra byte to the app layer. This makes the protocol detection code
flag the session as 'proto detection completed' again.
 10 years ago
David Maciejak 48971afdfb Fix Unit ID check 10 years ago
Eric Leblond f35001a614 util-running-mode: setup config file 
Without that we get warning message.
 10 years ago
Eric Leblond 6f5c4c12e1 list keywords: fix regression on app layer name 
It was not anymore displayed.
 10 years ago
Eric Leblond d98060410c list keywords: restore 2.0 similar output 
Unset was previously displayed if the application layer was not
set. Code before this patch was displaying '(null)' which is not
user friendly.
 10 years ago
Alexander Gozman 568635c2e1 Reject ICMP traffic, not only TCP/UDP 10 years ago
Jason Ish 1f9d9256e7 spelling - dubbed -> duped (for duplicate) 10 years ago
Jason Ish 8911b04077 DetectGidSet - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; gid:";)
resulting a negative array index.
 10 years ago
Jason Ish da88b3b787 DetectSidSetup - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; sid:";)
would result in a negative array index.
 10 years ago
Jason Ish ca60d8c370 ParseSizeString - don't abort on unknown unit type. 10 years ago
Victor Julien 00d6298666 host: handle timeout 
Set expiration for regular hostbits keyword.
 10 years ago
Victor Julien ab7882fbf3 ippair: handle timeouts in the flow manager 
Like host and defrag, handle timeouts of ippair in the first flow
manager thread.
 10 years ago
Victor Julien e8a5925012 ippair: implement basic timeout check 
The only user is the xbits subsys, so it's timeout controls all.
 10 years ago
Victor Julien f2349e10ad hosts: consider hostbits/xbits status in timeout 
Consider the host's xbits expiry status when checking the host for
timeout. If a single active non-expired bit is found, the host won't
be timeout just yet.
 10 years ago
Victor Julien 67dd5c0430 host: implement hostbits/xbits expire 10 years ago
Victor Julien ca1f3e68d4 ippair: implement xbits expiration 10 years ago
Victor Julien fbdcffabc2 xbits: expire (first steps) 10 years ago
Victor Julien 7b79b9458d xbits: implement ip_src/ip_dst support 
Just a wrapper for regular 'hostbits'.
 10 years ago
Victor Julien 57d93cbcfe hostbits: prepare for xbits integration 10 years ago
Victor Julien 8e6453faac xbits: prepare for non-ippair support 10 years ago
Victor Julien dea8dda3c1 vars: redo var name <-> idx handling 
Can't use sm type anymore as multiple var carriers (host/flow/etc) will
all have xbits.
 10 years ago
Victor Julien f77c3d9a2c xbits: hostbits use xbits type 
Make hostbits use xbits type.
 10 years ago
Victor Julien a716dded04 xbit: move to util-var 
We can reuse the type for hostbits and flowbits as well.
 10 years ago
Victor Julien 61cb2abc8d ippair: xbit implementation 
detect xbits for ippair: initial implementation
 10 years ago
Victor Julien 4c6d564211 hostbits: unittest cleanups 10 years ago
Victor Julien 2cb0df7cf9 hostbits: allow for src/dst parameter 
By default, the hostbit checks the 'src' host. By adding the dst option
the dst host is used instead.
 10 years ago
Victor Julien be725a5ba2 hostbits: add more tests, include sigorder 10 years ago
Victor Julien d67fd306f8 hostbits: implement sigorder 
Like with flowbits, make sure that 'set's are evaluated before
'isset's, etc.
 10 years ago