aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
15,965 Commits
7 Branches
159 Tags
196 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c17df004ed'
${ noResults }
Commit Graph

85 Commits (c17df004ed609cd19e12c87b48cfce60bb016951)

Author SHA1 Message Date
Philippe Antoine c272a646c5 detect: SigMatchAppendSMToList can fail 
Ticket: #6104

And failures should be handled to say that the rule failed to load

Reverts the fix by 299ee6ed55
that was simple, but not complete (memory leak),
to have this bigger API change which simplifies code.
 2 years ago
Victor Julien 58c7a438ed detect/flow: optimize only_stream/no_stream options 
Until now the implementation would scan the stream, fallback to the
packet payload in exception cases, then keep track of where the match
was and in the flow match logic reject the match if it was in the wrong
buffer.

This patch simplifies this logic, by refusing to inspect the packet
payload when `only_stream` is set.

To do this the `only_stream`/`no_stream` options are now translated
to the pseudo protocols `tcp-stream` and `tcp-pkt` at parsing, so that
the `flow` keyword doesn't have to evaluate these conditions anymore.
 2 years ago
daniel zhao de14e3d0b5 detect/flow: fix DETECT_FLOW_FLAG_ESTABLISHED check 
Ticket: #6448
 2 years ago
Jeff Lucovsky 3286c3b912 detect/pcre: Use local match variables 
pcre2 is not thread-safe wrt match objects so use locally scoped
objects.

Issue: 4797
 2 years ago
Victor Julien 549f7873df detect: spelling 2 years ago
Victor Julien b31ffde6f4 output: remove error codes from output 3 years ago
Victor Julien 39f5c7f56a error: use SC_EINVAL for invalid input 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Victor Julien e250ef6402 debug: remove empty header 3 years ago
Philippe Antoine 02f2602dde src: rework includes as per cppclean 3 years ago
Philippe Antoine c5cf2967b3 detect: fix integer warnings 
Ticket: #4516
 3 years ago
Philippe Antoine 56f664af6b pcre2: follow code naming style 4 years ago
Philippe Antoine 48dd0cf804 pcre2: check for PCRE2_ERROR_UNSET 
Needs maybe to be generalized
 4 years ago
Philippe Antoine 3de99a214c pcre2: migrate keywords parsing 4 years ago
Jeff Lucovsky 1eeb96696b general: Cleanup bool usage 4 years ago
Victor Julien 7309c97eda detect/flow: test cleanup 5 years ago
Victor Julien 6ab323d323 detect: hide RegisterTests behind ifdef UNITTESTS 
Update all callers to more aggressively use UNITTESTS guards as well.
 5 years ago
Victor Julien 26bcc97515 detect/keywords: dynamic version part of doc URL 5 years ago
Jeff Lucovsky d3a65fe156 detect: Provide `de_ctx` to free functions 
This commit makes sure that the `DetectEngineCtx *` is available
to each detector's "free" function.
 5 years ago
Jeff Lucovsky 7f6af10fed general: copyright bump 5 years ago
Jeff Lucovsky 4b0085b03c detect: Update to take advantage of PCRE refactor 
This commit changes the keyword detectors to use the refactored PCRE
modifications from detect-parse.[ch]
 5 years ago
Jeff Lucovsky be4c6b85de general: Convert _Bool to bool 
This commit addresses task 3167 and changes usages of '_Bool` to `bool`.
The latter is included from `suricata-common.h`
 5 years ago
Shivani Bhardwaj d801c3e588 detect: Make keyword description consistent 
Closes redmine ticket #3137.
 6 years ago
Shivani Bhardwaj b5b429c288 detect: Add missing keyword URLs and description 
Add missing keyword URLs and their description. Fix the ones that
were incorrect.

Partially closes redmine ticket #2974.
 6 years ago
Victor Julien 14896365ef detect: remove Threadvars argument from API calls 
Remove it as it's (almost) never used. If it is really needed it can
be accessed through DetectEngineThreadCtx::tv as well.
 6 years ago
Victor Julien 55e5d50496 detect/flow: optimize flow check 
Flow direction doesn't need explicit checking as the rule groups (sgh)
are already per direction. So if a rule sets only flow:to_server or
flow:to_client, we can avoid adding a sigmatch to the signature.
 6 years ago
Victor Julien d5baac3f85 detect/flow: don't require flow for direction options 
Flow isn't directly used for direction checks, so don't require
a flow to be present.
 6 years ago
Victor Julien 67c90954c0 detect: use BIT_* macros 
Also add notes that when adding flags they should be added to the
analyzer as well.
 7 years ago
Victor Julien 991ec4ed60 detect/flow: minor code cleanups 7 years ago
Victor Julien c8bd489aa1 detect: set implied flow direction based on keywords 7 years ago
Victor Julien 91296d1eec detect/prefilter: add de_ctx to registration 7 years ago
Victor Julien ab1200fbd7 compiler: more strict compiler warnings 
Set flags by default:

    -Wmissing-prototypes
    -Wmissing-declarations
    -Wstrict-prototypes
    -Wwrite-strings
    -Wcast-align
    -Wbad-function-cast
    -Wformat-security
    -Wno-format-nonliteral
    -Wmissing-format-attribute
    -funsigned-char

Fix minor compiler warnings for these new flags on gcc and clang.
 8 years ago
Victor Julien f370e88135 detect: move init only Signature members to init_data 9 years ago
Victor Julien 8edc954e82 detect: get rid of Signature::sm_lists 
Instead use the lists in init_data during setup and the SigMatchData
arrays during runtime.
 9 years ago
Victor Julien bfd4bc8233 detect: constify Signature/SigMatch use at runtime 9 years ago
Eric Leblond a2e2f50fb9 documentation: fix list keywords URLs 
Update URLs in keyword definition to point to sphinx documentation.
 9 years ago
Jason Ish 8f56c23468 detect-flow: no_frag and only_frag keyword support 
Support flow:no_frag and flow:only_frag keywords from Snort.
 9 years ago
Jason Ish 571f56cfcf detect-flow: support flow:not_established 9 years ago
Jason Ish dc762cd44d detect-flow: use new unit test macros 9 years ago
Victor Julien ace8f9f5df detect-flow: prefilter extra match support 9 years ago
Victor Julien 822e034753 detect-flow: implement prefilter 9 years ago
Victor Julien e67ae0f174 detect keywords: use parse regex util func 9 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code 
1 pass, 0 is fail.
 9 years ago
Victor Julien d834173bb8 detect-flow: use dedicated flags 
The flow keyword used flag names that were shared with the
Packet::flowflags field. Some of the flags were'nt used by the packet
though. This lead to waste of some 'flag space'.

This patch defines dedicated flags for the flow keyword and removes
the otherwise unused flags from the FLOW_PKT_* space.
 11 years ago
Ken Steele 923a77e952 Change Match() function to take const SigMatchCtx* 
The Match functions don't need a pointer to the SigMatch object, just the
context pointer contained inside, so pass the Context to the Match function
rather than the SigMatch object. This allows for further optimization.

Change SigMatch->ctx to have type SigMatchCtx* rather than void* for better
type checking. This requires adding type casts when using or assigning it.

The SigMatch contex should not be changed by the Match() funciton, so pass it
as a const SigMatchCtx*.
 11 years ago
Ken Steele 8f1d75039a Enforce function coding standard 
Functions should be defined as:

int foo(void)
{
}

Rather than:
int food(void) {
}

All functions where changed by a script to match this standard.
 11 years ago
Victor Julien beab8d401c Convert flow keyword parsing to use pcre_copy_substring 12 years ago
Victor Julien 3470b07ea5 Fix several compile and runtime warnings found by clang 3.2 with the -fsanitize=address option. 12 years ago
Last G 8ae11f73b2 Added parentheses to fix Eclipse static code analysis 
Fixed bug in action priority (REJECT_DST had lowest prio)
 13 years ago
Eric Leblond 6842545331 Add documentation url in list-keyword output. 
The output of the list-keyword is modified to include the url to
the keyword documentation when this is available. All documented
keywords should have their link set.

list-keyword can be used with an optional value:
 no option or short: display list of keywords
 csv: display a csv output on info an all keywords
 all: display a human readable output of keywords info
 $KWD: display the info about one keyword.
 13 years ago