aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,501 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a8fde0112e'
${ noResults }
Commit Graph

4501 Commits (a8fde0112e9f3df1f926c87e527a96d24b766041)
 

Author SHA1 Message Date
Eric Leblond a8fde0112e prscript: add support for pcap build 
Now also start a pcap test build.
 11 years ago
Jason Ish eaff01a57f Use the stack for temporary memory buffers. 11 years ago
Jason Ish ab7091927e When setting final configuration nodes, set the whole tree as final. 
Prevents benign log message of parent nodes of final values being
redefined (which ends up having no affect as the final nodes
are protected from being removed).
 11 years ago
Eric Leblond 729540673e htp: display info about randomization 
When randomizatin is used display a message about actual values.
 11 years ago
Eric Leblond ff784075a2 htp: randomization of htp inspection sizes 
This is an implementation of #940. It randomize libhtp request
and response size if the same way this has been done for stream
inspection.
 11 years ago
Victor Julien 81ee6f5aad lua: push correct length back through ScFlowvarGet, work around valgrind warning 11 years ago
Victor Julien 86b299d06c lua: clear stack after each script run 11 years ago
Victor Julien ae69a4a024 luajit: pass calling rule's sid,gid,rev to script as SCRuleSid, SCRuleGid, SCRuleRev. 11 years ago
Eric Leblond f76448c1e6 decode: fix failure in layered tunnel 
If we have multiple layer of tunnel, the decoding of initial
Packet will recurse in DecodeTunnel function called in
PacketTunnelPktSetup. If we are not setting the pseudo
packet root before calling DecodeTunnel (as done in previous
code), then the tunnel root will no be correct for the lower
layer packets. This result in an counter problem and a suricata
failure after some time.
 11 years ago
Jason Ish e9a4871077 Fix alignment in usage. 11 years ago
Giuseppe Longo ae9393987e Adds a defrag configuration example in suricata.yaml 11 years ago
Victor Julien 0a24ac0855 Fix Conf api usage after rebase 11 years ago
Jason Ish 8d29dfca59 Instead of exiting on memory failure, log a warning then return NULL 
to signify an error to the caller.
 11 years ago
Jason Ish 5f6705c4dc Better document ConfSet and ConfSetFinal. 11 years ago
Jason Ish b033acfb0c Subsequent configuration keys now override previous ones 
instead of merging.

The exception is final values, for example, values like
default-log-dir that may be set on the command line.
 11 years ago
Jason Ish c981a16579 Function to prune all non-final nodes from a configuration node. 11 years ago
Jason Ish b8e13d4bd6 More concise API for setting config values that 
can be overrided or not (final values).
 11 years ago
Jason Ish 0820ac9355 Cleanup ConfSet, ConfGet, make more concise. 
Removes ifdef's for readability by using strchr instead
of strtok.
 11 years ago
Victor Julien 6cd6caf3ea tls: allow matching for @ symbol in tls.subject 
Also in tls.issuerdn keyword.

Original patch by Chris Wakelin.

Fixes #1042.
 11 years ago
Anoop Saldanha 6ea8ac44ff FTP parser updated to not use the archaic App layer feature of AppLayerParserResultElmt. 
The parser otherwise remains pretty much the same.
 11 years ago
Anoop Saldanha 80c08f8642 Updated the ftp response handler to return without doing anything. 
Currently the processing happening inside the handler is not being used
anywhere else in the engine.
 11 years ago
Anoop Saldanha 8523cbadcf Restructured flow_proto mapping enums. 
Moved FLOW_PROTO_DEFAULT down the enum list.
 11 years ago
Anoop Saldanha a49cbf8a49 Code cleanup. 
Use the MpmAddPattern[CS|CI] wrapper to add patterns to the mpm context.

Also use MpmInitCtx() to init the mpm context.
 11 years ago
Anoop Saldanha 9c0456ebbe Removed unused function MpmMatcherGetMaxPatternLength. 11 years ago
Victor Julien cc61a190ce Reduce allocs in boyer moore prepare phase 11 years ago
Victor Julien 8344854a1f Don't alloc for hash lookup in SCClassConfGetClasstype 11 years ago
Victor Julien f04618c7ad Don't malloc temp var in SCRuleVarsGetConfVar 11 years ago
Victor Julien 941d5a1081 Don't use strdup in ip-only address parsing 11 years ago
Victor Julien a7a77e32ca Convert classtype keyword to pcre_copy_substring 11 years ago
Victor Julien 4dd605ae3b Convert reference keyword to pcre_copy_substring 11 years ago
Victor Julien 3f8947ff3d app layer: set event if proto detect disabled for a stream, but we see data anyway. 11 years ago
Victor Julien 7074ca373b proto detection: add limit for one sided sessions 
If a session only has data in one direction, like ftp data sessions,
protocol detection will only run in one direction. This led to a
situation where reassembly would hold all the segments as proto
detection was never flagged as complete.

This patch introduces a limit for protocol detection in this case.
If the limit is reached, detection will give up.
 11 years ago
Victor Julien abccbe13f3 stream: add size debug code 11 years ago
Victor Julien daedb6c557 stream: wait for protocol detection to complete 
Wait for protocol detection to complete before removing segments
from the list.
 11 years ago
Eric Leblond 0460b194b1 decode: clean DecodeThreadVars counter 
Speed counters are not compute anymore and can be removed from the
structure definition.
 11 years ago
Eric Leblond 1bdc39fe9b cmdline: add -k to specify checksum validation 
This patch adds a '-k' option to suricata to be able to specify
the checksum validation to use. If '-k all' is used, checksum
validation is forced. If '-k none' is used, no checksum validation
is made.

Message output in case of detection of a pcap file with a probable
cheksum issue has been updated to indicate that '-k' is a solution.
 11 years ago
Eric Leblond 8b5be26f49 pcap-file: add checksum-checks configuration variable 
This patch adds support for checksum-checks in the pcap-file running
mode. This is the same functionnality as the one already existing for
live interface.

It can be setup in the YAML:
  pcap-file:
    checksum-checks: auto

A message is displayed for small pcap to warn that invalid checksum
rate is big on the pcap file and that checksum-check could
be set to no.
 11 years ago
Eric Leblond b2c58b8d14 Set packet invalid flag during decoding. 
This patch set a new value in pkt->flag to signal that a packet is
invalid during decoding. The patch has been obtained via a coccinelle
transformation.
 11 years ago
Eric Leblond 3088b6ac34 Add invalid pkt counter. 
This patch adds and increments a invalid packet counter. It
does this by introducing PacketDecodeFinalize function

This function is incrementing the invalid counter and is also
signalling the packet to CUDA.
 11 years ago
Victor Julien 92568c3857 Fix parsing of 'custom' detect grouping values 
Also, add error checking

Bug 892
 11 years ago
Victor Julien ffe4a302a1 vars: optimize layout to reduce size requirements of flowbits and other vars 11 years ago
Victor Julien 3e604b8703 pcre: parsing cleanup 
Remove all flags indicating the buffer type. They were only used
at parse time.

Because of this the DetectPcreData_ structure could shrink to 32
bytes.
 11 years ago
Victor Julien ab22385083 stream: minor clean up of TcpSession structure 11 years ago
Victor Julien 866b3a1c5d content: reorder DetectContentData member, shrinking the struct from 64 to 48 bytes. 11 years ago
Victor Julien 277fb61c1d defrag: clean up 
Rename PacketDefragPktFinishSetup to PacketDefragPktSetupParent to
better refect it's function.
 11 years ago
Eric Leblond 3fdf52239d defrag: don't modify packet if defrag fails 
If defrag fails dur to an invalid decoding, we are not modifying
the origin packet anymore.
 11 years ago
Eric Leblond c611b258a5 decode: PacketTunnelPktSetup replaces PacketPseudoPktSetup 
This patch replaces PacketPseudoPktSetup by a better named
PacketTunnelPktSetup function which is also in charge of doing
the decoding of the tunneled packet.
This allow to clean the code. But it also fixes an issue.
Previously, if the DecodeTunnel function was failling (cause of
an invalid packet mainly), the result was that the original packet
to be considered as a tunnel packet (and not inspected by payload
detection).
 11 years ago
Eric Leblond d4b7ecfbe3 decode: update API to return error 
In some cases, the decoding is not possible and some really invalid
packet can be created. This is in particular the case of tunnel. In
that case, it is more interesting to forget about the tunneled
packet and only consider the original packet.

DecodeTunnel function is maked as warn_unused_result because it is
meaningful for the decoder to know if the underlying data were not
correct. And in this case, only focus detection on the content.
 11 years ago
Victor Julien 0b0e9340dc rule setup: cleanup 
Remove rule preparation logic that ran, but it's results were not
used.
 11 years ago
Victor Julien 2be6829986 Convert dsize keyword parsing to use pcre_copy_substring 11 years ago