aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,159 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9b05db7db0'
${ noResults }
Commit Graph

10159 Commits (9b05db7db0c3ed4647adbe763f77a5f61b6aefe1)
 

Author SHA1 Message Date
Jeff Lucovsky 488446cf37 logging/anomaly: Track event log progress 
This changeset adds a mechanism to track when individual events
are logged. Transactions can be provided more than once; track
events to prevent event re-logging.
 6 years ago
Jeff Lucovsky 4a39d7a1ee app-layer: Extend event container with progress 6 years ago
Jeff Lucovsky 07c05f7dd8 logging/anomaly: TX based logging addition 6 years ago
Jeff Lucovsky 36644907f5 app-layer/logging Add TX packet logging support 
Add transactional logging support for packet based loggers, like
the anomaly logger.
 6 years ago
Jeff Lucovsky f7b934f83f app-layer/logging: protocol parser updates 6 years ago
Jeff Lucovsky 49438569a2 logging: anomaly log updates 6 years ago
Jeff Lucovsky 50e23ba93a app-layer: Initial app layer logging 6 years ago
Victor Julien 4e8d38348f flow: no bypass manager for Windows 6 years ago
Victor Julien 287b87b81b bypass: switch to gettimeofday 6 years ago
Victor Julien d8614a15c6 mingw: fix compile error 
Declare _POSIX_C_SOURCE before sys/time.h to avoid:

util-time.c: In function 'SCUtcTime':
util-time.c:222:12: error: implicit declaration of function 'gmtime_r'; did you mean 'gmtime_s'? [-Werror=implicit-function-declaration]
  222 |     return gmtime_r(&timep, result);
      |            ^~~~~~~~
      |            gmtime_s
util-time.c:222:12: warning: returning 'int' from a function with return type 'struct tm *' makes pointer from integer without a cast [-Wint-conversion]
  222 |     return gmtime_r(&timep, result);
      |            ^~~~~~~~~~~~~~~~~~~~~~~~
util-time.c: In function 'SCLocalTime':
util-time.c:305:9: error: implicit declaration of function 'localtime_r'; did you mean 'localtime_s'? [-Werror=implicit-function-declaration]
  305 |         localtime_r(&timep, &cached_local_tm[lru]);
      |         ^~~~~~~~~~~
      |         localtime_s
util-time.c:321:56: warning: comparison between pointer and integer
  321 |         if (localtime_r(&timep, &cached_local_tm[lru]) == NULL)
      |                                                        ^~
cc1.exe: some warnings being treated as errors

Tickets: #2994 #3051
 6 years ago
Eric Leblond 1f151dd8a6 doc: address norg comments on eBPF doc 6 years ago
Eloïse Brocas 8692aac97f doc: specify config file in ebpf doc 
This patch updates the ebpf-xdp.rst file to specify which
configuration file has to be modified.
 6 years ago
Eric Leblond 6126f105ea util-ebpf: fix creation of flow from pinned maps 6 years ago
Eric Leblond 7df3007066 af-packet: xdp pinned maps need to be read 6 years ago
Eric Leblond 4ba02830b6 flow-bypass: registration of non periodic check 
This patch adds the capability to register a set of functions
without providing a periodic check function. This permit to
run a task only at init.
 6 years ago
Eric Leblond 3e8fd26ee3 flow-hash: real hash computation for FlowKey 6 years ago
Eric Leblond 0963fea390 util-ebpf: log bypassed flow maps count 6 years ago
Eric Leblond eea3c6b610 doc: info for new bypass counters 6 years ago
Eric Leblond 7e5439bc15 bypass: add counter for local captured bypass 
Packets from captured bypassed flows that are received by Suricata
before the capture method start to bypass them can represent an
important part due to various buffer and insertion delay.

This patch adds a two counters to know the number of packets and
bytes in this case.
 6 years ago
Eric Leblond de52e78e65 bypass: flow bypass is not ebpf only 6 years ago
Eric Leblond c938dbde27 util-ebpf: early exit if no map 6 years ago
Eric Leblond e5d325a6ca util-ebpf: reindex 6 years ago
Eric Leblond aa989a7445 af-packet: some conditional fields 6 years ago
Eric Leblond e3dccb2400 doc: update bypass stats doc 6 years ago
Eric Leblond abbb066a96 bypass: bytes and pkts counters for local bypass 6 years ago
Eric Leblond 9206b30fe1 af-packet: better accounting and error handling 
This patch improves the bypass error handling add adds more counters
to the interface so it is possible to get a view on success and
failure of insertion in the eBPF maps via the `iface-bypassed-stat`
command.
 6 years ago
Eric Leblond aeb2bd3aa1 util-ebpf: optimization on flow storage queries 6 years ago
Eric Leblond 288f335aa5 util-ebpf: simplify free function 
First key can't be null.
 6 years ago
Eric Leblond f4abe2f9c0 util-ebpf: set livedev in flow 
This will fix the accounting for pinned maps as the livedev field
of Flow is used to do the accounting of bypass flows.
 6 years ago
Eric Leblond 98e7d9d1c0 util-device: introduce bypassed stats sub function 6 years ago
Eric Leblond f29a4b8bee flow-manager: move bypass timeout to a inline func 6 years ago
Eric Leblond 89e8cb50ed util-ebpf: case is not possible so remove warning 6 years ago
Eric Leblond 8c97998cb9 bypass: implement iface-bypassed-stat for callback 6 years ago
Eric Leblond 51ab06256a bypass: account callback method in stats 6 years ago
Eric Leblond f78e5ba1e1 bypass: restore interface counter 6 years ago
Eric Leblond d119845d98 bypass: compress flow keys structure 6 years ago
Eric Leblond 69d2c8eb75 ebpf: get rid of hash in map value 6 years ago
Eric Leblond b07bda7a7b bypass: new callback stragegy 
This patch introduces and uses a new bypass strategy
based on a callback. EBPF bypass implementation is
updated to use this new strategy.

Once the flow manager detect that a flow should be timeouted,
it asks the capture method if it has seen packets in the interval.
If it is the case the lastts of the flow is updated and the timeout
is postponed.
 6 years ago
Eric Leblond fcae1c18de af-packet: improve error handling for some hw 
Some cards seems to return EAGAIN when there is no more place in
the hash table.
 6 years ago
Eric Leblond 0bfbb4a889 bypass: fix accounting 
The flow bypass stats is computed at every pass so the accounting
needs to be done at each pass. This patch fixes the accounting
in the flow_bypassed counters.
 6 years ago
Eric Leblond 44566e5a24 ebpf: only display that file is loaded if we do it 6 years ago
Eric Leblond 5e62ae6d28 af-packet: avoid error flooding when bypass fails 6 years ago
Eric Leblond af6daceeda util-ebpf: more useful error message 
At the time of the writing, libbpf output useful error message
on strdout only and errno is not really interesting. So let's
tell user to look at stdout.
 6 years ago
Eric Leblond 833d9ef7e1 ebpf: don't use nexthdr to build hash 
As pointed by Victor Julien, it is not a good idea to use the
nexthdr value, as init key for the hash as it could contain some
other headers and can be changed for a session.
 6 years ago
Eric Leblond 0f64c25b73 util-ebpf: improve code readability 
As pointed by Victor Julien, the pkts_cnt usage was quite confusing
so functions are now returning a bool.
 6 years ago
Eric Leblond a8f35cc30e util-ebpf: discard flow if no Flow storage 6 years ago
Eric Leblond dbf3606169 doc: document flow event_type 6 years ago
Eric Leblond efb648aa24 util-ebpf: fix ebpf bypass 
Fix endian order in eBPF bypass. It has to be updated after the
bypassed flows handling change.
 6 years ago
Eric Leblond f8aa9ee986 bypass: fix wait time at exit 
The loop on bypassed flow maps can take a few seconds on heavily
loaded system causing Suricata to not honor a stop before a few
seconds.

This patch adds the code needed to detect the need to exit from
the check loop.
 6 years ago
Eric Leblond a277f2eb0c af-packet: fix use after free on config 
ASAN did find that afp config was used after free. This was in
fact done in the Flow bypass manager hence this patch.
 6 years ago