aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
17,416 Commits
8 Branches
165 Tags
215 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c0aa60c573'
${ noResults }
Commit Graph

271 Commits (c0aa60c573f72a3fddf9d73b7cdca1bd469098dd)

Author SHA1 Message Date
Philippe Antoine a2b5225612 rust: bindgen SCSigMatchAppendSMToList 
Ticket: 7667
 6 months ago
Philippe Antoine 78034b218d rust: bindgen SCDetectSignatureSetAppProto 
Ticket: 7667
 6 months ago
Philippe Antoine 41fcf3b356 detect: fix some -Wshorten-64-to-32 warnings 
Ticket: #6186
 6 months ago
Philippe Antoine 0024de5e9e src: new file detect-engine-buffer.h 
Taken from detect-engine.h so that we can bindgen this smaller
unit.
 7 months ago
Jason Ish 22b77b0c56 conf: prefix conf API with SC 8 months ago
Philippe Antoine 20423fdd38 style: remove some useless return 
and remove empty line before end of function
 1 year ago
Victor Julien f2e9c258c4 detect/pcre: remove unused match member 
pcre2_match_data is created per thread when needed.
 2 years ago
Victor Julien eca6639a82 detect/pcre: localize match limit option parsing 
No need to put it into a per ctx flag.
 2 years ago
Victor Julien b69f4cb5cf detect/pcre: match data is const at match time 2 years ago
Philippe Antoine c272a646c5 detect: SigMatchAppendSMToList can fail 
Ticket: #6104

And failures should be handled to say that the rule failed to load

Reverts the fix by 299ee6ed55
that was simple, but not complete (memory leak),
to have this bigger API change which simplifies code.
 2 years ago
Victor Julien b130234b26 var-names: reimplement var name handling 
Implement a new design for handling var name id's. The old logic
was aware of detection engine versions and generally didn't work
well for multi-tenancy cases. Other than memory leaks and crashes,
logging of var names worked or failed based on which tenant was
loaded last.

This patch implements a new approach, where there is a global store
of vars and their id's for the lifetime of the program.

Overall Design:

Base Store: "base"

Used during keyword registration. Operates under lock. Base is shared
between all detect engines, detect engine versions and tenants.
Each variable name is ref counted.

During the freeing of a detect engine / tenant, unregistration decreases
the ref cnt.

Base has both a string to id and a id to string hash table. String to
id is used during parsing/registration. id to string during unregistration.

Active Store Pointer (atomic)

The "active" store atomic pointer points to the active lookup store. The call
to `VarNameStoreActivate` will build a new lookup store and hot swap
the pointer.

Ensuring memory safety. During the hot swap, the pointer is replaced, so
any new call to the lookup functions will automatically use the new store.
This leaves the case of any lookup happening concurrently with the pointer
swap. For this case we add the old store to a free list. It gets a timestamp
before which it cannot be freed.

Free List

The free list contains old stores that are waiting to get removed. They
contain a timestamp that is checked before they are freed.

Bug: #6044.
Bug: #6201.
 2 years ago
Victor Julien 575fbdfbf3 detect/pcre: use local match data during parsing 
Fixes multi-tenant multi-loader crashes.

Bug: #6247.
 2 years ago
Victor Julien f6f2c22574 detect/pcre: remove redundant applayer flag set 3 years ago
Victor Julien 549f7873df detect: spelling 3 years ago
Victor Julien 6b27087527 detect/pcre: remove obsolete tests 3 years ago
Victor Julien 501388c912 detect/pcre: use util funcs for buffer test 3 years ago
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Victor Julien e250ef6402 debug: remove empty header 3 years ago
Philippe Antoine 02f2602dde src: rework includes as per cppclean 3 years ago
Philippe Antoine 585e5e0d3c detect: impose limits on pcrexform 
As is done for pcre keyword

Ticket: #5409
 3 years ago
Philippe Antoine c5cf2967b3 detect: fix integer warnings 
Ticket: #4516
 3 years ago
Victor Julien 84448d3bae tests: remove unnecessary flow locks 
Added once to satisfy debug validation, but we don't mix unittests
and debug validation anymore.

    sed -i -E '/.*FLOWLOCK_.*LOCK/d' *.c
 3 years ago
Victor Julien 69b8b48b94 detect/pcre: assist code analyzer around pointer logic 
cppcheck:

src/detect-pcre.c:381:27: warning: Either the condition 'pcap' is redundant or there is overflow in pointer subtraction. [nullPointerArithmeticRedundantCheck]
            cut_capture = MIN((pcap - regexstr), (fcap - regexstr));
                          ^
src/detect-pcre.c:378:18: note: Assuming that condition 'pcap' is not redundant
        else if (pcap && !fcap)
                 ^
src/detect-pcre.c:381:27: note: Null pointer subtraction
            cut_capture = MIN((pcap - regexstr), (fcap - regexstr));
                          ^

Bug: #5291.
 4 years ago
Victor Julien 7e2ed11a11 detect: fix bad BUG_ON pattern 
cppcheck:

src/detect-engine-uint.c:73:13: warning: Conversion of string literal "unknown mode" to bool always evaluates to true. [incorrectStringBooleanError]
            BUG_ON("unknown mode");
            ^
src/detect-engine-uint.c:328:13: warning: Conversion of string literal "unknown mode" to bool always evaluates to true. [incorrectStringBooleanError]
            BUG_ON("unknown mode");
            ^
src/detect-pcre.c:291:25: warning: Conversion of string literal "Impossible captype" to bool always evaluates to true. [incorrectStringBooleanError]
                        BUG_ON("Impossible captype");
                        ^

Bug: #5291.
 4 years ago
Victor Julien a14854bce9 detect: keyword list to hash to improve perf 
Since the switch to pcre2 this was much more heavily used, which
would lead to measurable time spent in list handling.
 4 years ago
Modupe Falodun 54bc43d3ed detect-pcre: remove unittests 
These tests are reimplemented in Suricata-Verify

Task: 4911
 4 years ago
Victor Julien 707b75ccda detect: split register time and detect load time buffer funcs 4 years ago
Philippe Antoine 8a50edbd10 pcre: fixes a memory leak on alloc error 4 years ago
Philippe Antoine c64a1f6a09 pcre: use thread-storage for matches 4 years ago
Philippe Antoine 3b690e53c8 pcre: using de_ctx in unit tests for free function 4 years ago
Philippe Antoine a049a6c29c pcre: creates a match structure per match run 
So that DetectPcrePayloadMatch is thread safe
and does not rewrite a shared parse_regex.match structure
 4 years ago
Philippe Antoine bce3c46874 pcre2: remove PCRE1 as dependency 4 years ago
Philippe Antoine e10d930660 pcre2: only one DetectParseRegex structure 4 years ago
Philippe Antoine 3de99a214c pcre2: migrate keywords parsing 4 years ago
Philippe Antoine 2dea9a1e37 pcre: use pcre2 to parse detect pcre itself 4 years ago
Philippe Antoine f0f3295ba0 pcre: migrate detect-pcre to pcre2 
pcre2 substrings need special free...
 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 5 years ago
Philippe Antoine 707f027231 protos: renaming ALPROTO_HTTP* constants 
Having now ALPROTO_HTTP1, ALPROTO_HTTP2 and ALPROTO_HTTP

Run with 3 sed commands
git grep ALPROTO_HTTP | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP/ALPROTO_HTTP1/g'
git grep ALPROTO_HTTP12 | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP12/ALPROTO_HTTP2/g'
git grep ALPROTO_HTTP1_ANY | cut -d: -f1 | uniq |
 xargs sed -i -e 's/ALPROTO_HTTP1_ANY/ALPROTO_HTTP/g'

and then running clang-format
 5 years ago
Philippe Antoine c8dbe24fb6 proto: introduce signature protocol, as extension to flow protocol 
AppProtoEquals function allows to check if a flow protocol
matches a signature protocol
 5 years ago
Jeff Lucovsky cbb03dbb39 detect/pcre: Test capture group/var mismatch 5 years ago
Jeff Lucovsky 469d5bb214 detct/pcre: Correct capture group count check 
This commit corrects the validation check between the number of
variables used and the number of specified capture groups.
 5 years ago
Victor Julien 6ab323d323 detect: hide RegisterTests behind ifdef UNITTESTS 
Update all callers to more aggressively use UNITTESTS guards as well.
 5 years ago
Philippe Antoine ac76ff9e47 detect: fail properly on invalid transform pcrexform 5 years ago
Victor Julien f8f2a2bbc0 detect/pcre: set app proto correctly when using modifiers 6 years ago
Victor Julien 9fd56e8430 detect/pcre: minor code cleanups 6 years ago
Jeff Lucovsky 12148bc53c detect/pcre: Use the keyword context for JIT stack 
When PCRE `jit` is available, store the JIT stack in the keyword context
instead of on a global id. This ensures proper cleanup and
re-initialization over a rule reload.
 6 years ago
Victor Julien 26bcc97515 detect/keywords: dynamic version part of doc URL 6 years ago
Jeff Lucovsky d3a65fe156 detect: Provide `de_ctx` to free functions 
This commit makes sure that the `DetectEngineCtx *` is available
to each detector's "free" function.
 6 years ago
Jeff Lucovsky f0bd69e7e3 detect/pcre: Correct spelling typos 6 years ago