aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,836 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b5633b9bfd'
${ noResults }
Commit Graph

6836 Commits (b5633b9bfdd87413dc22bd6ff97c631e3d08b4d4)
 

Author SHA1 Message Date
Zachary Rasmor dbbca37a94 Remove free operation on thread name field. 
Name field is now  a pre-allocated array - free is no longer necessary.
Fix issue leading to segfault during interface shortening in Single runmode.
 9 years ago
Victor Julien 71018cd2ce runmodes: constify names 9 years ago
Zachary Rasmor f211fa48f4 Update unit test to account for 'name' type change. 9 years ago
Zachary Rasmor 68cfa009a0 Update thread creation and threads to use global thread names. 
Thread name is now stored as a static string buffer,
string duplication and alloc/de-alloc is no longer required.
 9 years ago
Zachary Rasmor 10d3d90f06 Change thread name from pointer to buffer. Remove pointer free. 9 years ago
Zachary Rasmor 885747218b Update shortening algorithm to account for addition of #. 9 years ago
Zachary Rasmor 8c8759c189 Add global threadnames. 
Update thread naming convention to follow: W#01-eth0.
Add interface name where applicable, add #.
 9 years ago
Zachary Rasmor f8a40dd906 Update pcap-file runmode to adhere to new thread standard. 9 years ago
Zachary Rasmor 41c768ce28 Update threads to use global thread names. 
Update FlowManager/Recycler to use global name.
Also add # into thread number.
Update af-packet to use global threadnames.
Update pcap to use global threadnames.
Update pfring to use global threadnames.
Update erf-dag to use global threadnames.
Update nflog to use global threadnames.
Update netmap to use global threadnames.
Update napatech to use global threadnames.
 9 years ago
Zachary Rasmor 1bfebae8c4 Update IPS thread names to new name standard. 9 years ago
Zachary Rasmor 19bc6c1f9f Update thread naming convention for all IDS modes. 
- Change 'Detect' to 'W'
- Enforce 2 digit numbering in thread names with leading zero
- Add 01 after W for single mode: W01
 9 years ago
maxtors a6adb5dbbf Changed naming of flowmanager/recycler. 
- Changed FlowManagerThread to FM-
- Changed FlowRecyclerThread to FR-
- Changed use of strcasecmp to strncasecmp. This was used in the
  killing and disabling of FM/FR Threads.
 9 years ago
maxtors a17ac21077 Reworked how shortening should be performed. 
The shortening of the interfacenames is now dependent on the
size of the destination buffer, so that this can be easily
changed in the future. The process uses snprintf and strlcat.

Also changed the buffer sizes in the util-runmodes to 12
so that they can hold 11 chars + null terminator.
 9 years ago
maxtors 88a6e79607 Fixed string copy and cat functions and made shortening safer. 
Changed out strcpy, strncpy to strlcat and strlcpy. Also added
checks to see if the shortening did work or if it would fail in
advance. Fixed code in util-device and util-runmodes.
 9 years ago
maxtors 10d1450e49 Added shortening of listening interface in util-runmodes 
Added function LiveSafeDeviceName in util-device that shortens an
NIC device name if the name is over a given length and turns
it in to Ex: longi...eeth1
 9 years ago
Eric Leblond 63937cd903 detect-msg: fix option parsing 
Code removing the space before the double quote at msg option start
was not working correctly for option starting with a space.
 9 years ago
Victor Julien 7f700a137c smtp: fix test 9 years ago
Victor Julien c4a9580fce detect file: improve multi file handling 
When multiple files were in a tx, the first one(s) closed/complete
and a new open one as well, a match in the former could lead to not
inspecting the latter.

This patch adds a workaround for this case, by allowing the file
inspection code to return a special code for 'match, but more files
available in tx'.

The stateful detection engine will then not make this match final for
the tx. It relies on the file pruning to kick in to make sure the
already complete files are removed from the tx before the next time
the detection engine is called on the tx.
 9 years ago
Victor Julien 8cd4405c21 detect file: cleanups 9 years ago
Victor Julien ea0067add8 debug: add various detect engine debug statements 9 years ago
Victor Julien 83e0529b2b http: flag destate about new files 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in http. For http it
should only apply to multipart bodies although the flag is set for
all files.
 9 years ago
Victor Julien aa4ad9d25b smtp: flag detect state that new files are available 
The stateful detection engine needs some assistance when inspecting
transactions with multiple files. This patch flags the detect state
(if any) about the availability of new files in smtp.
 9 years ago
Victor Julien 807fe4ac9f detect state: fix issues with multiple files per tx 
Make sure multiple files in a single tx are inspected correctly. This
requires resetting part of the stored state on new files.
 9 years ago
Victor Julien 19d112ba07 smtp/mime: allow unquoted name/filename fields 
Don't enforce that name/filename fields are quoted.

Reported-By: Blair Steven
 9 years ago
Victor Julien 5c514c904f smtp: fix file logging and matching 
When no rules with 'file content' keywords like filemd5 or filestore
were used, and non of the file outputs would force 'output' like
'force-md5' and 'force-magic', the file would not be tracked at all.

This meant that logging wouldn't work and neither would filename and
fileext inspection.

This patch removes the tracking bypass from the SMTP code and leaves
decisions to the file API.
 9 years ago
maxtors 9d3fd82849 Removed duplicate include statements. 9 years ago
maxtors 06d74b5775 Module specific error code for init ctx error. 9 years ago
maxtors 69863f7b1c Corrected and unified debugmessages for init data errors in *ThreadInit. 9 years ago
maxtors 7f2f7cc48d Added parsing and utilization of yaml defined payload buffer value. 9 years ago
maxtors c6bbd89251 Added payload-buffer-size option to yaml configuration 9 years ago
Victor Julien 554080cced lua: print lua script func/line/file in SCLog* funcs 
Instead of printing the func/line/file of the C code SCLog* wrappers,
print them from inside the lua script. They are not always available.
 9 years ago
Victor Julien 1c8775b340 QA: --afl-rules for faster rule fuzzing 9 years ago
Victor Julien c3efc4e072 pcap: small cleanups 9 years ago
Victor Julien 3f16ebe476 dns: don't read uninitialized memory in name parsing 
AFL+ASAN found that with certain input we used an uninitialized byte
in the length calculation. Probably harmless as the length was still
validated afterwards.
 9 years ago
Victor Julien c4575d1419 stream-tcp: improve test function cleanup 9 years ago
Victor Julien 3aea0bd4f3 stream-tcp: introduce stream cleanup function 9 years ago
Victor Julien 93fa291922 stream-tcp: unify ssn clean up functions 
There were 2 separate function doing ssn cleanup. To prevent issues
common with code duplication, unify them.
 9 years ago
Victor Julien 9b08cdae74 capture: only check for faster methods on -i 
Also, since we now default to AF_PACKET for -i if available, only check
for PF_RING and NETMAP.
 9 years ago
Victor Julien 053b96458f commandline: add -i arg check 9 years ago
Victor Julien f8852f4415 commandline: use afpacket for -i if available 9 years ago
Victor Julien a3a7d9b299 pcap: unify -i and --pcap parsing 9 years ago
Victor Julien b50111a5a7 commandline: move afpacket parsing into util func 9 years ago
Victor Julien 1fe09a38e0 commandline: move pcap parsing into util func 9 years ago
Victor Julien 7ac7f9cd55 instance: add progname as ptr to argv[0] 9 years ago
Victor Julien 65a3ff81ef readme: initial readme for github 9 years ago
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 9 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE 
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
 9 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file> 
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
 9 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 9 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 9 years ago