aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,260 Commits
8 Branches
169 Tags
241 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9d5158594f'
${ noResults }
Commit Graph

17260 Commits (9d5158594f1694f38bef2970a13729da842d8c17)
 

Author SHA1 Message Date
Jason Ish 9d5158594f util-device: break into public and private definitions 
util-device.h exposes some details that are particularly problematic
for C++, even when wrapped in 'extern "C"'. To address this, break the
header into public and private parts. The public part exposes
LiveDevice as an opaque data structure, while the private header has
the actual definition.

The idea is that only Suricata C source files should include the
private header, it should not be re-included in any other header
file. And this is the header library users should use, however we
don't enforce it with tecnical means, a library user could still
include the private header, but the clue there is in the name.
 12 months ago
Jason Ish 12fdd6b802 device: move LiveDeviceName from header into source 
This data structure is only used by the C file and has no reason to be
exposed in the header.
 12 months ago
Jason Ish 272d6c8903 libsuricata-config: fix static library dependency order 
When static linking we have a circular dependency between
libsuricata_rust, and libsuricata_c, so we have to list each twice.

An alternative is to use "-Wl,--start-group", but that isn't portable
outside the GNU toolchain.
 12 months ago
Jason Ish 49f242b306 libsuricata-config: fix type (status -> static) 12 months ago
Jason Ish 49edd247f7 misc: add c++ support to some headers 
For now, just the headers required by our examples.
 12 months ago
Jason Ish 23eaa65185 misc: only define _GNU_SOURCE if not defined 
C++ compilers on Linux (g++, clang++) appear to always define this.
 12 months ago
Victor Julien ff0d609a9f threads: rename function to make scope more clear 
SCTmThreadsSlotPktAcqLoopFinish ss now used outside of
just pktacq as well.
 12 months ago
Victor Julien 12f8f03532 threads: fix autofp shutdown race condition 
Sometimes a single flow pcap would log 2 flows. It turns out FlowWorkToDoCleanup
ran before all the packet threads had processed their "wire" packets. It then
removed a flow that a wire packet would still have needed, leading to the worker
thread creating a new flow for it.

This could happen due to the logic in TmThreadDisableReceiveThreads which calls
TmThreadDrainPacketThreads to made sure it only returns when all autofp-workers
have processed all the packets the autofp-capture thread fed to them.

However, the way it checked this is by checking the size of the autofp-worker's
input queue. If 0, it assumes it is done.

What this missed, is that a worker thread could have just taken the last packet
from the input queue, but it is not yet done processing it. If then the
FlowWorkToDoCleanup is ran as well, it would race the worker thread to the flow
handling logic. When it won, the flow was evicted and the packet thread
created a new flow.

This patch improves the shutdown logic to force the worker threads to
enter a "flow loop" (THV_FLOW_LOOP) state before moving on to the
FlowWorkToDoCleanup step. This makes sure that any in progress packets
in the worker threads have been processed.

Bug: #7681.
 12 months ago
Victor Julien b42eea67d5 threads: remove unused flag 12 months ago
Philippe Antoine 22abad746a lua: convert hassh function into suricata.hassh lib 
Ticket: 7603

We use suricata.ssh lib but also enable hassh.
 12 months ago
Jason Ish 096aa9250e lua/flowvarlib: fix unchecked null 
Use checkudata, instead of testudata which won't return in case of
NULL, but raise an error in the Lua script.

Fixes:

** CID 1646748:  Null pointer dereferences  (NULL_RETURNS)
/src/util-lua-flowvarlib.c: 89 in LuaFlowvarValue()
 12 months ago
Jason Ish 35cf378233 lua/flowvarlib: fix formatting inside clang-format off 12 months ago
Jeff Lucovsky d1f78c3e18 gen/typo: Correct configure output grammar 
Fixup the grammar for the Napatech option -- was "Enabled Napatech".
 12 months ago
Philippe Antoine 033e0480cf detect/single-buf: helper with more explicit direction 12 months ago
Philippe Antoine dadf9012fc rust: bindgen detect-engine-buffer.h 
Ticket: 7667

And prefix SCDetectBufferSetActiveList to be exported

Allows less use of suricata crate in plugin as we get the functions
prototypes from suricata_sys and they are more correct.
 12 months ago
Philippe Antoine 0024de5e9e src: new file detect-engine-buffer.h 
Taken from detect-engine.h so that we can bindgen this smaller
unit.
 12 months ago
Philippe Antoine 31e30d4aa1 sdp: use rust join 
It is much faster as it does not do an allocation for each element
 12 months ago
Philippe Antoine 6436a5cebe websocket: limit allocation for small sizes 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")

We do not need to allocate 8kbytes for a small message
 12 months ago
Jason Ish 35b03b4077 lua: convert flowvar functions to lib 
New Lua lib, "suricata.flowvar" for working with flowvars from Lua.

Replaces functions:
- SCFlowvarGet (and ScFlowvarGet)
- SCFlowvarSet (and SCFlowvarSet)

Of note, the DetectLuaData has been made available to the init and
thread_init methods, instead of just the match. This is due to an
issue that if a flow variable is not registered in init, it will not
be logged, registering in thread_init is too late.

Ticket: #7486
 12 months ago
Philippe Antoine daabab7381 doc/ssh: document hooks 
Ticket: 7607
 1 year ago
Philippe Antoine 1d4ff8a8fd detect: flow friendly error on hook incompatibility 1 year ago
Philippe Antoine 1f2cb21786 ssh: rustfmt 1 year ago
Philippe Antoine 76d7ab5418 lua: convert ssh function into suricata.ssh lib 
Ticket: 7607
 1 year ago
Philippe Antoine fcac063cfe ssh: make hooks available 
Allows signature like `alert ssh:request_banner_done`
 1 year ago
Philippe Antoine bbc007b4d4 rust: derive for AppLayerState 
To enable easily hooks for rust app-layers such as SSH
 1 year ago
Philippe Antoine 78dc70f5fd dns/lua: remove now unused includes 
Completes commit 1206c1c5af
 1 year ago
Jeff Lucovsky 87b7a0cef6 ftp: Apply rustfmt changes 1 year ago
Jeff Lucovsky ff59f215d6 doc/ftp: Document ftp.dynamic_port keyword 
Document the sticky buffer for ftp.dynamic_port
 1 year ago
Jeff Lucovsky 19fe098e88 detect/ftp: Add ftp.dynamic_port keyword 
Issue: 7504

Add implementation of the ftp.dynamic_port rule keyword. The
implementation uses the U16 integer matching/parsing and thus supports
the comparison operations such as <, >, <=, >=, !, !=, and range (-).
 1 year ago
Jeff Lucovsky 04bf28d6a1 app/ftp: Use common API naming 
Modify the Rust API functions to conform to project naming format:
SCFTP*

Issue: 7504
 1 year ago
Philippe Antoine 808f8a877a detect/multi-buf: helper with more explicit direction 1 year ago
Philippe Antoine 990ed204eb detect/multi-buf: use only one progress 
for both inspect engine and app-layer mpm
 1 year ago
Philippe Antoine 8ecc3efdc8 detect/multi-buf: harmonize wrapper 
Introduce DetectGetMultiData which does the generic wrapping,
including the transforms.

And let each keyword do just the getter.
 1 year ago
Victor Julien bed96505aa github-ci: update to Fedora 42 1 year ago
Philippe Antoine f301cd3702 app-layer: remove obsolete NULL check 
Completes commit 833a738dd1

Fixes coverity 1646610
 1 year ago
Jason Ish be483dc873 doc/userguide: document that lua dns rules need hooks 
And remove the old "keywords" that a lua Rule can register with for
DNS.
 1 year ago
Jason Ish 13de319b01 lua: fix fast.lua example 
This one is a little different as it logs to a file, and is the same
fast.lua used in the new Suricata-Verify test.

Ticket: #7656
 1 year ago
Jason Ish b99f254105 lua: add suricata.rule library 
Add a "suricata.rule" library for accessing rule information from a
Lua rule, or a Lua output script.

This lib replaces the following global Lua functions:
- SCRuleIds
- SCRuleAction
- SCRuleMsg
- SCRuleClass

Ticket: #7490
 1 year ago
Jason Ish a5e662cb8a doc/lua/dns: fix typo 1 year ago
Philippe Antoine a6392ac5d4 rust: use pure rust helper for registering sticky buffers 
Mark sdp and sip keywords with flags SIGMATCH_INFO_STICKY_BUFFER
as a side effect.
 1 year ago
Philippe Antoine 9c8ec0d3a9 plugin: applayer: do not use suricata JsonError 
We do not need a specific error type
 1 year ago
Philippe Antoine 833a738dd1 http: fail tx creation if we cannot allocate user data 
So, we always have a libhtp.rs htp_tx_t and a Suricata tx
with its AppLayerTxData

Thus AppLayerParserGetTxData cannot return NULL

Ticket: 5739
 1 year ago
Philippe Antoine 0167001ce8 rust/htp: remove unused code 1 year ago
Philippe Antoine e728aae1e0 websocket: fixes substraction 
Fixes: 16f74c68aa ("websocket: use max window bits of 15")
 1 year ago
Victor Julien 7af8ef07b3 github-ci: codecov llvm updates 
Use LLVM 15 with Rust 1.67.1
 1 year ago
Victor Julien fe07781bfc github-ci: update codecov unittest job 
LLVM 19, rust 1.85.1 and Ubuntu 24.04.
 1 year ago
Philippe Antoine e41c28f7c9 dnp3: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a dnp3 tx
 1 year ago
Philippe Antoine f24d3ffb74 ftp: mark tx as updated when creating it 
Ticket: 7668

We should set updated_tx when allocating a ftp tx

Was already done right for updated_tc
 1 year ago
Philippe Antoine a5b987266b http1: always mark tx as updated on request/response start 
Ticket: 7668

We should set updated_tx when allocating HtpTxUserData
 1 year ago
Philippe Antoine aa7f926ff4 detect: rust helper to register sticky buffer 1 year ago