aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,782 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a748164d58'
${ noResults }
Commit Graph

14782 Commits (a748164d5863937580dde41785663b1d3f3b78b7)
 

Author SHA1 Message Date
Victor Julien c90f67ac55 app-layer: improve/fix updates logic 
In 23323a961f ("app-layer: reduce app cleanup and output-tx calls"), flag
was set per packet updating the app-layer state. However this was missing a
common pattern: in IDS mode most updates are done in the opposite direction
of the traffic due to updates getting triggered by ACK's. This meant that
file store processing might not happen for a long time, or at all. Also,
app layer cleanup might not be called, which includes file pruning.

This patch sets per flow set of flags to indicate app layer is (potentially)
updated. It sets this per direction, based on how the parsers were invoked.
If an ACK triggers an app update, the flow is tagged for the opposite
direction and the next packet in that direction triggers output and cleanup.

Fixes: 23323a961f ("app-layer: reduce app cleanup and output-tx calls")

Bug: #6120.
 2 years ago
Victor Julien 22d7323eee output/tx: minor code cleanup 2 years ago
Philippe Antoine 14ecfebf68 http: htp_table_get_index does not return NULL 
if the index is correct
 2 years ago
Philippe Antoine 415b036dca http1: implement http.request_header 
So that it is generic for HTTP1 and HTTP2

Ticket: #5780
 2 years ago
Philippe Antoine 7256ec8a6e detect/http2: do not escape ':' in header name or value 
for keywords http.request_header and http.response_header

Ticket: #5780
 2 years ago
Philippe Antoine 656554f293 http2: rename http2.header to http.request_header 
Or http.response_header based on the direction

http2.header had a different behavior than http.header and this was
confusing.

Ticket: #5780
 2 years ago
Cole Dishington 746fb50d58 detect: Fix FTP bounce detection IP address comparison 
Fix the FTP bounce IP address comparison by only converting the IP
parsed from the FTP payload to network order.

Bug: #6087
 2 years ago
Philippe Antoine 4c466ec5f4 rust/pgsql: remove unused/unconstructed enum variants 2 years ago
Philippe Antoine 0392762daa rust: remove duplicate constants definitions in C 2 years ago
Philippe Antoine f2a18e91c4 rust: define AppLayerEventType only in rust 
And detect.h does no longer depend on app-layer-events.h
 2 years ago
Philippe Antoine 668501c225 rust: remove unused 2 years ago
Jeff Lucovsky 4edd516250 stream/reassemble: Include pool item count msg 
Issue: 5563

This commit adds the segment pool item count in the summary DEBUG
message.
 2 years ago
Jeff Lucovsky f8c9390ca3 stream/cache: Return sessions to correct pool 
Issue: 5563

This commit fixes the release of TCP resources. The sessions were being
returned to the segment thread pool instead of the sessions pool.
 2 years ago
Jeff Lucovsky 0d0c9ea07b pool: Use bool return type 
Issue: 5563

This commit changes PoolDataPreAllocated to return a bool instead of an
int.
 2 years ago
Jason Ish 6d7923c80b github-ci: check for suricata-update example configuration files 
Check that the Suricata-Update example configuration files are
installed.
 2 years ago
Jason Ish b8071a9eb0 suricata-update: install sample configuration files 
With the move to installing Suricata-Update files from Suricata
Makefile's, the sample configuration files were forgotten.

Ticket: #6132
 2 years ago
Philippe Antoine e30f4943ae doc: GitHub PRs workflow 2 years ago
Jeremy MountainJohnson 435d74d744 userguide/install: add info on arch-based installs 
Add Arch AUR information for installation on Arch-based distros.
 2 years ago
Philippe Antoine 5c419b79b7 doc: upgrade guide for logging http custom headers 
Ticket: #5320
 2 years ago
Juliana Fajardini f83c67bbb5 doc: add missing rule to engine-analysis section 
The first report didn't have an example rule to go with.
 2 years ago
Long Doan 6dc486af50 source-pcap-file: include unlink error in warning message 2 years ago
Philippe Antoine 7ca43e7e1f output/snmp: log version from tx 
and not the one from state

If a SNMP flow starts with a V2 version transaction,
then there is a V3i version transaction,
we will now log V3 for the second transaction
 2 years ago
Juliana Fajardini 8f324e3b3d exception: in ids mode, only REJECT the packet 
In case of 'EXCEPTION_POLICY_REJECT', we were applying the same behavior
regardless of being in IDS or IPS mode.
This meant that (at least) the 'flow.action' was changed to drop when we
hit an exception policy in IDS mode.

Bug #6109
 2 years ago
Cole Dishington 531d99f4cf decode-ipv6: Set IPv6 proto incase of ext header parsing error 
Set the IPv6 packet proto before parsing the ext headers, similar to
decode-ipv4, incase of an ext header parsing error. Otherwise
rule decode-events are not triggered for packets encapsulated in IPv6.

Bug: #6086.
 2 years ago
Shivani Bhardwaj cb1e7a9fab ftp: remove unnecessary code 2 years ago
Shivani Bhardwaj c229621be4 ftp: mark LF found per line 
Currently, there is no way to mark if LF was found and then the line was
truncated. It becomes difficult to spot in the callers whether the line
was truncated despite LF being found or not. So, label it clearly with a
variable.
 2 years ago
Shivani Bhardwaj aee7838ce1 ftp: separate truncated line markers 
So far, we store one variable in state to hold whether we want to
discard a long line till LF irrespective of direction. This means that a
long command to the client followed by a regular command w LF can be
considered as one long line which is incorrect.

Bug 6054
 2 years ago
Jason Ish 03442a36ef windows: add -lntdll to Windows builds 
Rust 1.70 has introduced some possible issues between LLVM and gcc
causing link errors that are fixed by explicitly adding -lntdll.

Thanks to https://github.com/extendr/rextendr/pull/285 for the fix.
 2 years ago
Victor Julien de2c836363 streaming/buffer: handle and document slide errors 
Slide error may happen if the region we're sliding starts to overlap
with the next region. If we can't temporary grow the current region
to merge with the next region, keep the regions separate.
 2 years ago
Victor Julien 9e0017a073 streaming/buffer: minor debug fixup 2 years ago
Victor Julien f06a0ee836 streaming/buffer: fix buf_offset getting out of sync 
During consolidation of regions, buf_offset could get out of sync if
the region was grown on the left side.

To fix, reset it and let "sbb slide" logic correct it.

Bug: #6117.
 2 years ago
Victor Julien e69583da54 streaming/buffer: fix sliding region into next 
When sliding a region it could start to overlap with the next region.
This case wasn't handled, causing validation checks to trigger.

This patch adds support for this, where largest region will be expanded
to fit both region and both regions will be consolidated into it.

Bug: #6066.
 2 years ago
Victor Julien 1dcfc174b0 streaming/buffer: move util code for reusability 2 years ago
Philippe Antoine 0ec0d8de67 output/rfb: remove unused function parameters 2 years ago
Philippe Antoine 24c2702a05 output/mqtt: remove unused function parameters 2 years ago
Philippe Antoine 09d364b32f output/krb5: remove unused function parameters 2 years ago
Philippe Antoine 210ca32905 output/ftp: remove unused function parameters 2 years ago
Philippe Antoine 0fb75f081f output/dns: remove unused function parameters 2 years ago
Philippe Antoine 9afb16b134 output/smtp: remove unused function parameters 2 years ago
Philippe Antoine 82803d1b0e http: complete multipart data on open 
Take as much as we can when opening, by making sure that the
boundary is not present
 2 years ago
Lancer Cheng abc76e27de smb: fix data padding logic in writeAndX parser 
Bug: #6008
 2 years ago
Lancer Cheng 000eb91078 smb: fix wrong data offset when wct = 12 
Bug: #6008
 2 years ago
Philippe Antoine 7e725c650d flow: optionally use livedev for hash 
So that in a setup with different interfaces capturing different
networks, flows do not get mixed up

Ticket: #5270
 2 years ago
Philippe Antoine cc305da476 flow: make FlowGetExistingFlowFromHash static 
For easier reasoning about the code
 2 years ago
Philippe Antoine 92884b9f43 device: limit device id to uint16_t 
Meaning that we support 65535 live devices at the most
 2 years ago
Jeff Lucovsky a4ade056cc general/typo: Correct misc. typos 2 years ago
Jeff Lucovsky 0ff403fb60 decode/vlan: Remove unused macros/functions 
This commit removes unused functions and macros related to fetching VLAN
values.
 2 years ago
Jeff Lucovsky 0d2268ddfc decode/vlan: Decode upto 3 layers of VLAN 
Issue: 2816

This commit increase the number of VLAN layers supported by Suricata
from 2 to 3. 3-layers are dubbed "Q-in-Q-in-Q".

Note that 3 layers are not compliant with any existing standard but are
often seen in larger deployments.
 2 years ago
Jeff Lucovsky 9dc68ac59a json/schema: Add additional VLAN layer stat 
Issue: 2816

This commit extends the JSON schema with the additional VLAN stat for
tracking VLAN encapsulated packets with 3 levels.
 2 years ago
Philippe Antoine 6350736882 http2: avoid quadratic complexity in headers 
When adding an element to the dynamic headers table, the oldest
ones may get evicted. When multiple elements get evicted, they
should get evicted all at once with drain, instead of one by one
as there will be a massive move each time.

Ticket: #6103
 2 years ago