aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,782 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a748164d58'
${ noResults }
Commit Graph

14782 Commits (a748164d5863937580dde41785663b1d3f3b78b7)
 

Author SHA1 Message Date
Jason Ish c30fff8bcb rust/doc: restore comment with code example, but ignore 
Use backticks for proper markdown processing. As Rust code in
backticks is compiled, and this is a non-complete example, tag the
code sample to be ignored.
 2 years ago
Jason Ish af5a0e11e8 github-ci: check for new authors in pull-request 
On pull request, get a list of commit authors for the pull request and
compare to the list of authors in git master. If any differ, save to
new-authors.txt and upload this as an artifact.

As a workflow-run, download this artifact and if non-empty, add a
comment to the pull-request that new authors may be part of the pull
request.

This 2 step approach is because GitHub actions running in pull-request
context are not allowed to comment on the pull request, instead a
post-workflow workflow has been added that runs in the context of the
repo which can then comment on the pull request.
 2 years ago
Victor Julien 3e0d2ff29a profiling/rules: minor fatal error cleanup 2 years ago
Victor Julien ecc7ec3ea7 profiling/rules: add BUG_ON to profile tracking 2 years ago
Victor Julien 2423b2a483 profiling/rules: simplify return code handling 2 years ago
Victor Julien 835eaf7ccd profiling/rules: minor code cleanup 2 years ago
Victor Julien 2596dc262b profiling/rules: use atomics for rule flag 2 years ago
Victor Julien 3de687f30c profiling/rules: doc updates 2 years ago
Victor Julien b591813b86 profiling/rules: reduce sync logic scope 
Use a simple once a second scheme.
 2 years ago
Eric Leblond 694bff11ac doc: add rule profiling information 2 years ago
Eric Leblond 8b2313b0ae profiling: socket command to control rules profiling 
This patch adds unix socket command to start and stop the collection
of stats when running in rules profiling mode.
 2 years ago
Eric Leblond ea95e85755 profiling: set sample rate to power of 2 
For the rules profiling, we really want to limit the performance
impact to the maximum. So let's use an hash size that is a power
of 2. This will allow to not use the modulo operation that is
costly and simply use a single binary operator.

This code is only active for rules profiling so we are backward
compatible.
 2 years ago
Eric Leblond df88ef0249 profiling: let 'ruleset-profile' send message 
Let's send the profile output as an answer on the Unix socket.
 2 years ago
Eric Leblond 75b46edd79 profiling: add 'ruleset-profile' unix command 
This patch adds a new unix command that allows the user to trigger
a dump of the ruleset profile to the file without having to stop
Suricata.

This will be really useful to debug performance issue related to
signatures in production environment.
 2 years ago
Eric Leblond 020cfbcd61 profiling: introduce rules profiling 
Performance measurement of rules is important on live Suricata
as bad rules can cause severe performance regression. This patch
introduces the --enable-profiling-rules that activate profiling
for the rules. This reduces the performance impact of full
profiling  and provide visiblity on the rules performance at
the same time.
 2 years ago
Philippe Antoine 656cddcf65 detect: http_client_body for HTTP2 
By using the file.data logic

Ticket: #4067
 2 years ago
Philippe Antoine 6b32bc459b detect: http.response_body for HTTP2 
Already using the file.data logic

Ticket: #4067
 2 years ago
Philippe Antoine 5391f0a8a0 detect: http_response_line for HTTP2 
Ticket: #4067

Synthetized as HTTP/2 <STAT>\r\n
 2 years ago
Philippe Antoine 0dca8cc796 detect: http_request_line support for HTTP2 
Ticket: #4067

Synthetized as <METHOD> <URI> HTTP/2\r\n
 2 years ago
Philippe Antoine 22fb385e23 detect: http_stat_msg supported for HTTP2 
By providing a constant empty buffer

Ticket: #4067
 2 years ago
Philippe Antoine c00c345123 detect: support http.protocol for HTTP2 
Ticket: #4067

By having a synthetic constant HTTP/2 buffer
 2 years ago
Victor Julien 1c182de468 dpdk: support capture timeout support 
To not inject too many packets, simulate a 100ms timeout based on
af-packet's 100ms poll() timeout.

Bug: #6064.
 2 years ago
Jason Ish 13fe957b7e rust/doc: wrap some code examples in backticks 2 years ago
Victor Julien d4c60924f1 rust/doc: fix doc compile issues 2 years ago
Jason Ish cc3f3a0a72 github-ci: fix rust check by fixing git directory permissions 
Due to the update to AlmaLinux 9.2, a new version of git with stricter
permissions was introduced.  Mark the directory as safe as we have
done in other builds with newer versions of it.
 2 years ago
Jeff Lucovsky e75bacd19e dataset: Address compile-time error 
This commit fixes an issue with using a `in_addr` when an IPv6 structure
should be used.
 2 years ago
Victor Julien 36f6e05155 counters: make tcp stats independent of flow, ssn 
Counters depended on availability of flow and tcp session, meaning
that 2 memcaps could affect the counters.

Bug: #5017.
 2 years ago
Victor Julien 0360cb6542 stream: update no-flow checks 2 years ago
Alex 60902236e4 build: harden rust.yml permissions 
Signed-off-by: Alex <aleksandrosansan@gmail.com>
 2 years ago
Jason Ish b0c329da04 doc/userguide: provide more RPM doc 
- Address the various RPM distributions
- User info
- Systemd info

Related issue: #5884
 2 years ago
Eloy Pérez González b3c7130749 krb5: update krb5_msg_type keyword docs 2 years ago
Eloy Pérez González ed91d689f2 krb5: use req_type instead of msg_type to get request type 2 years ago
Eloy Pérez González a9b7241417 krb5: set msg_type for KRB-ERROR messages to MessageType::KRB_ERROR 2 years ago
Eloy Pérez González 511dbfe171 krb5: add AS-REQ and TGS-REQ transactions 
Fix bug in ticket #4529
 2 years ago
Lukas Sismis f751c93cb8 dpdk: warn about processing segmented DPDK mbufs 
Segmented mbufs should never happen in Suricata.
Mbuf segmentation divides the received packet into multiple
mbufs. This can happen when MTU of the NIC is larger than
the allocated mbufs in the mbuf mempool. As Suricata sets the size
of the mbuf to be slightly higher than the configured MTU, mbuf
segmentation should never happen in Suricata. This is especially
true, if Suricata runs as a primary process and configures the
packet source (NIC).

Processing segmented mbufs can lead to missed/false
(pattern-matching) detections as Suricata only inspects the first
segment of the packet. It can also lead to segfault if Suricata
moves the detection window out of the segment boundaries.
 2 years ago
Lukas Sismis d421d42411 dpdk: query device stats only with one worker 
Function rte_eth_stats_get is not thread-safe and
the result is only used by one thread.
Running with multiple workers led to very high values in rx_missed
counters (buffer-overflow-like behavior).

Ticket: #6006
 2 years ago
Lukas Sismis 1c3cb1e8cc docs: refactor DPDK docs and add performance tuning section 
Ticket: #5857
Ticket: #5858
 2 years ago
Lukas Sismis 03319263db docs: wrap DPDK doc section at 80 chars 2 years ago
Lukas Sismis d0bf3ba638 dpdk: add configure option 
Ticket: #5859
 2 years ago
Lukas Sismis a331726eef dpdk: update version checking to DPDK-intended version checking API 
Ticket: #5937
 2 years ago
Lukas Sismis b6f7693e86 dpdk: release mempool after the device is closed 
Ticket: #5936
 2 years ago
Lukas Sismis 15a61f02a0 dpdk: fix multibit comparison 
Ticket: #5925
 2 years ago
Lukas Sismis 95abe11a92 dpdk: fix DPDK API change on NUMA/socket retrieval 
Ticket: #5923
 2 years ago
Thomas Norheim 5cfbdcab32 threshold: fixed example rules to match description 2 years ago
Victor Julien fa3f16ec75 threading: wait for flow housekeeping at shutdown 
Flow house keeping can accumulate work that wasn't taken into account
during shutdown. This could lead to flows still in the flowworker
thread context when being it was freed, leading to missed work and
memory leaks.

This patch adds a new way of checking if a thread module is still
busy.

Bug: #6062.
 2 years ago
Victor Julien d333dffdcb flowworker: flush local work queue on capture timeout 
Capture timeout means no packets have been received for some
time, so this is a good time to flush out all work.
 2 years ago
Victor Julien 55e32b2544 flowworker: rate limit flow queue processing 
Until this patch the logic the flow worker flow house keeping used was:
- at most 2 flows are handled per packet
- pseudo packets could flush the entire queue

This patch changes that. Pseudo packets are fairly common, and can lead
to packet stalls / latency spikes if the number of flows in the queue
is large.

It does that by adding a new packet type only used at shutdown, which
flushes out the queues completely. All other packets will now stick
to the 2 flow rate limit.
 2 years ago
Scott Jordan 04d3584889 datasets: bugfix to load ip types from yaml 2 years ago
Victor Julien 9a4231d737 src: various comment spelling fixes 
Thanks to Josh Soref.
 2 years ago
Victor Julien 8d016fe3ed dpdk: minor output fixup 
Thanks to Josh Soref.
 2 years ago