aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
13,697 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a9c05c7d96'
${ noResults }
Commit Graph

11045 Commits (a9c05c7d96c0973684f9f0fef794c5dba9c18339)

Author SHA1 Message Date
Eric Leblond a9c05c7d96 datasets: factorize serialised operations 
Ticket: #5184
 3 years ago
Eric Leblond 843dba0a28 datasets: add dataset-lookup command 
Ticket: #5184
 3 years ago
Eric Leblond 2f25e48897 datasets: add dataset-clear command 
Ticket: #5184
 3 years ago
Eric Leblond a480abcdd0 datasets: add dump via unix socket 
This patch adds a dataset-dump command to the list of unix socket
commands. Implementation is not optimal as we are locking the
datasets when doing the dump. But if we consider that the current
alternative from an implementation point of view is to stop Suricata
then this is far better than current state.

Ticket: #5184
 3 years ago
Victor Julien 1fafb83fed packet: turn tunnel lock into spinlock 
Lock is only held to update/check ints, so spin lock will be more
efficient.

Place the member of Packet in a new "persistent" area to make it
clear this is not touched by the PacketReinit logic.

Ticket: #5592.
 3 years ago
Victor Julien 57e70841c4 stream/tcp: remove obsolete and commented out tests 3 years ago
Victor Julien e72770c1b2 decode/vxlan/tests: don't memset new packet 3 years ago
Victor Julien edf93ae5b6 decode/mpls/tests: improve pkt handling; cleanups 3 years ago
Victor Julien 0f7fe2a4c3 app-layer/tests: don't memset new packet 3 years ago
Victor Julien 6dc53447f1 decode/geneve/tests: don't memset packet 
Packet is already initialized.
 3 years ago
Victor Julien b07c7ad14c threading: improve/add thread queues explanations 3 years ago
Victor Julien 951bcde0b2 eve/alert: remove tunnel locking 
Tunnel lock is only used to sync verdict logic.
 3 years ago
Victor Julien 0e7adc21a6 decode: alloc packets using calloc 3 years ago
Victor Julien 68a9da52ad packetpool: remove PKT_ALLOC flag 
Use Packet::pool instead. If Packet::pool is non-NULL the packet is
owned by a pool. Otherwise it is allocated and should be freed after
use.
 3 years ago
Victor Julien 3ed7b4473e runmodes: remove dead error check 3 years ago
Victor Julien 9d3c60bde3 smtp/mime: no error logging in packet path 3 years ago
Victor Julien 256f0f2c5c defrag: no error logging in packet path 3 years ago
Victor Julien 8f02a3e415 applayer: make sure to use correct ipproto 3 years ago
Victor Julien dba7103a96 eve/alert: use flow proto to avoid crash on ICMP 3 years ago
Alice Akaki 51c0714d71 detect-filemd5: convert unittests to FAIL/PASS APIs 
Task: #4035
 3 years ago
Alice Akaki fe31d51c30 detect-filesha256: convert unittests to FAIL/PASS APIs 
Task: #4038
 3 years ago
Haleema Khan 6988168114 src: Use WARN_UNUSED for ByteExtract* functions 
Add WARN_UNUSED macro for ByteExtract* functions
Fix warning raised in code related to WARN_UNUSED for ByteExtract*

Ticket: #3658
 3 years ago
Alice Akaki 76024f7571 detect-filename: convert unittests to FAIL/PASS APIs 
Task: #4036
 3 years ago
Alice Akaki 8614bff017 detect-filemagic: convert unittests to FAIL/PASS APIs 
Task: #4034
 3 years ago
Victor Julien 55cf11fdc2 flow/storage: use const for getter 3 years ago
Victor Julien 99fd69ee8c eve: mac logging code cleanup 3 years ago
Victor Julien 2d79a5206b eve/drop: log direction if we have a flow 3 years ago
Victor Julien 90f3823cad eve: log mac addresses in packet direction 3 years ago
Victor Julien f1068bbb08 dpdk: fix timestamp issues 
Each thread had its own version of the `machine_start_time`, which
lead to slight time differences. This became apparent mostly in IPS,
where 2 threads each process a side of the flow.

This patch makes the `machine_start_time` global.
 3 years ago
Victor Julien cd2a5ec84f packet: move action functions to packet files 3 years ago
Victor Julien 0977f40d1c detect/tag: improve time handling on windows 
Bug: #5584.
 3 years ago
Victor Julien 410acf226f detect: unittest guards for ut only function 3 years ago
Victor Julien 60285a629f detect: remove unused function 3 years ago
Victor Julien 5d6212183b eve/alert: minor cleanups 3 years ago
Victor Julien 6c200c7793 detect: issue drop to root packet in all cases 
Update DROP action handling in tunnel packets. DROP/REJECT action is set
to outer (root) and inner packet.

Check action flags both against outer (root) and inner packet.

Remove PACKET_SET_ACTION macro. Replace with RESET for the one reset usecase.
The reason to remove is to make the logic easier to understand.

Reduce scope of RESET macros.

Rename PacketTestAction to PacketCheckAction except in unittests. Keep
PacketTestAction as a wrapper around PacketCheckAction. This makes it
easier to trace the action handling in the real code.

Fix rate_filter setting actions directly.

General code cleanups.

Bug: #5571.
 3 years ago
Victor Julien 79fc8e74cb packetpool: debug message to assist drop checks 3 years ago
Victor Julien d1009e295c packetpool: remove debug validation check 
Current packet might be the root or a child. Root would have set
drop action set, but Packet::pkt_src might be set in either.
 3 years ago
Victor Julien fe5a8beb50 decode: minor code cleanup 3 years ago
Victor Julien ba3e0b3155 nfq: set drop reason on verdict error 3 years ago
Victor Julien a7333a3ea5 napatech: reduce size of Packet structure 
Put napatech packet vars in the union that is meant for this type of
data.
 3 years ago
Haleema Khan b31a286952 detect-fileext: convert unittests to FAIL/PASS APIs 
Fixes Bug: #4033
 3 years ago
Lukas Sismis 5365fdccf7 dpdk: fix mempool cache error message 3 years ago
Shivani Bhardwaj 7005443b8b base64: add and clean tests 3 years ago
Shivani Bhardwaj dad52f133d base64: add new mode as per RFC 4648 
As per RFC 4648,
Implementations MUST reject the encoded data if it contains characters
outside the base alphabet when interpreting base-encoded data, unless
the specification referring to this document explicitly states
otherwise.

Add a new mode BASE64_MODE_RFC4648, and handle input strictly as per the
specification.

Bug 5223
 3 years ago
Lukas Sismis e101384e7b transversal: remove suricata-ids.org references 3 years ago
Lukas Sismis aeb690317a dpdk: allow specifying RSS hash function flags in the config 
Ticket: #5400
 3 years ago
Eric Leblond e46a0bd46a eve: explicit default when setting port 3 years ago
Eric Leblond 00c419a6f8 eve: micro simplification 3 years ago
Eric Leblond a0065f4368 eve/alert: add direction field to log data way 
Add a key in the event to specify if the data that did
trigger the alert are in to_client or to_server direction.
 3 years ago
Eric Leblond f1300e68c9 eve/alert: add src and dest info to flow in alert 
When looking at an alert event, it was impossible to determine which
side from src or dest IP in the alert was the client and wich side
was the server with regards to the underlying flow. This was a problem
when you try to known who belongs a metadata property such as a HTTP
hostname or a TLS JA3.

This patch updates the code to add src and dest IP in the flow
subobject as well as src and dst port. This way, we can now which
side is the client and which side is the server.

The result is looking like:

{
  "event_type": "alert",
  "src_ip": "22.47.184.196",
  "src_port": 81,
  "dest_ip": "192.168.1.47",
  "dest_port": 1063,
  "proto": "TCP",
  "tx_id": 0,
  "alert": {
    "signature_id": 2018959,
    "rev": 3,
  },
  "app_proto": "http",
  "flow": {
    "pkts_toserver": 22,
    "pkts_toclient": 35,
    "bytes_toserver": 1370,
    "bytes_toclient": 48852,
    "start": "2009-10-28T10:01:46.755232+0100",
    "src_ip": "192.168.1.47",
    "dest_ip": "22.47.184.196",
    "src_port": 1063,
    "dest_port": 81
  }
}
 3 years ago