aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
12,585 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dab3274263'
${ noResults }
Commit Graph

12585 Commits (dab3274263865f7f2592d204141346911996d41b)
 

Author SHA1 Message Date
Lukas Sismis dab3274263 dpdk: add documentation for the DPDK runmode 
Briefly present the DPDK runmode through configuration file.
 3 years ago
Lukas Sismis de53e07559 dpdk/ice: setup RSS for Intel ICE PMD 
Set RSS hash function according to Intel ICE PMD available hash functions

Set hash functions according to the support by the ICE PMD, so that no warning
regarding RSS setting is issued.
 3 years ago
Lukas Sismis 3f7a50eeb7 dpdk/ixgbe: setup RSS for Intel IXGBE PMD 
Set RSS hash function according to Intel IXGBE PMD available hash functions.

During configuration, a warning appeared stating that RSS hash function
has been changed from one value to the other. This has meant that
the supported hash functions did not cover all required hash functions
by the configuration. This commit solves the warning.
 3 years ago
Lukas Sismis 639aa04c5f dpdk/i40e: support RSS on Intel i40e PMD driver 
Due to peculiar behavior of i40e PMD driver, the RSS is required to be set
via rte_flow rules or a hash filter as compared to other NICs where RSS is
configured through port configuration structure.
RTE_FLOW rules are created on 5-tuples (as opposed to 3-tuple configured
on the other NICs). Fragmented traffic have been tested with this setup
and it has been proven that fragmented packets of the same flow are
received on the same queue. At the same time, setting 3-tuple on rte_flow
rules have not yield in the expected results.

Notes from the experiments:

- Configuration of 5-tuple (as is in the commit):
    fragmented and nonfragmented packets are received by the same workers
    even when I applied seed to alter them via tcpreplay-edit (option --seed)

- Setting only ETH_RSS_FRAG_IPV4 and ETH_RSS_IPV4 (i.e. setting 3-tuple):
    when setting ETH_RSS_IPV4, the PMD driver says that pctype is not
    supported (generally this means that the "type" of traffic is not
    a valid configuration for the i40e)

- Setting only ETH_RSS_FRAG_IPV4 and ETH_RSS_NONFRAG_IPV4_OTHER:
    this doesn't work well, packets of the same flow are received on
    the different workers (my explanation is that the fragmented packets are
    matched with ETH_RSS_FRAG_IPV4 but the other UDP packets are not matched
    with ETH_RSS_NONFRAG_IPV4_OTHER rte_flow rule (they would be matched with
    ETH_RSS_NONFRAG_IPV4_UDP).
 3 years ago
Victor Julien f98df5c3fd dpdk: add RSS flags that are set in the NIC 3 years ago
Victor Julien 56dfec48b9 dpdk: add specific error counters 3 years ago
Lukas Sismis a7faed1245 dpdk: initial support with workers runmode 
Register a new runmode - DPDK. This enables a new flag on Suricata start
(--dpdk).

With the flag given, DPDK runmode is enabled.

Runmode loads the configuration and then initializes EAL.

If successful, it configures the physical NICs according to the configuration
file. After that, worker threads are initialized and then are in continuous
receive loop.
 3 years ago
Lukas Sismis fcfee6994e dpdk: edit configure.ac to include DPDK compilation option 
Add a build flag --enable-dpdk to support DPDK parts in the source code.
 3 years ago
Jeff Lucovsky 142a579971 netmap: allow specifying a library directory 
Ticket: #4482
 3 years ago
Jason Ish 92eb14c5ad datasets: initialize after dropping privileges 
Move initialization of datasets to a point after privileges
have been dropped.

Ticket 4239
 3 years ago
Pierre Chifflier d67f8f9196 rust/smb: convert parser to nom7 functions (SMB1) 3 years ago
Pierre Chifflier 895a54cea4 rust/smb: convert parser to nom7 functions (DCERPC records) 3 years ago
Pierre Chifflier 8d77ce1ffc rust/smb: convert parser to nom7 functions (SMB2) 3 years ago
Pierre Chifflier 5cadb878ff rust/smb: convert parser to nom7 functions (SMB3) 3 years ago
Pierre Chifflier 4c97dfa851 rust/smb: convert parser to nom7 functions (NTLM/SSP records) 3 years ago
Pierre Chifflier 3da816eb23 rust/smb: convert parser to nom7 functions (NBSS records) 3 years ago
Pierre Chifflier 90f9450971 rust: add nom7 combinator take_until_and_consume 3 years ago
Lukas Sismis e4b5239202 doc: fix typo in "Stream engine" documentation 3 years ago
Philippe Antoine dd32238667 ftp: do not set alproto if one was already found 
Ticket: 4857

If a pattern such as GET is seen ine the beginning of the
file transferred over ftp-data, this flow will get recognized
as HTTP, and a HTTP state will be created during parsing.

Thus, we cannot override directly alproto's values

This solves the segfault, but not the logical bug that the flow
should be classified as FTP-DATA instead of HTTP
 3 years ago
Victor Julien a02f263e56 app-layer/htp: cleanup test 3 years ago
Victor Julien 0a1c3267e6 htp: rename callbacks to make purpose clearer 3 years ago
Victor Julien 258415b23f stream: unify ack'd right edge handling 
Use util function in all code needing the ack'd data.
 3 years ago
Victor Julien ac11502629 detect/engine: store buffer name in local array 
Instead of storing a name and description as a pointer in DetectBufferType
store them in fixed size arrays. This is in preparation of runtime registration
of buffer types, where a constant name/desc is not available.
 3 years ago
Victor Julien e93dc24383 mingw: add bcrypt to LDADD for rust compilation 3 years ago
Victor Julien 6ee818cb3e stream/reassembly: ignore min_inspect_depth on TCP state CLOSED 3 years ago
Victor Julien 55202f826a detect/http: don't set min-inspect-depth higher than setting 3 years ago
Philippe Antoine 27dd0c6b3d eve/ftp-data: log alert metadata in ftp-data object 
Ticket: 4860

instead of directly in root
 3 years ago
Philippe Antoine 87d9c44ec5 rust: export constants via cbindgen 
so that constants are not defined twice in Rust anc C
So that we are sure they have the same value
 3 years ago
Philippe Antoine 784558df2e mime: handles multiple sections for a parameter 
Ticket: 4386

as per RFC2231.
For instance filename can be split between filename*0,
filename*1, etc...
 3 years ago
Philippe Antoine 8feb9c35ae mime: move FindMimeHeaderTokenRestrict to rust 
Also fixes the case where the token name is present
in a value
 3 years ago
Modupe Falodun 76131c8cff detect-ipopts: convert unittests to FAIL/PASS APIs 
Bug: 4047
 3 years ago
Philippe Antoine 1b10848d84 mqtt: fix transaction completion 
Ticket: 4862

A transaction to client is always considered
complete in the direction to server and vice versa.
Otherwise, transactions are never complete for
AppLayerParserTransactionsCleanup
 3 years ago
Victor Julien ecce116117 detect/fast_pattern: allow for rule time registration 
In preparation of more dynamic logic in rule loading also doing
some registration, allow for buffers to be registered as fast_patterns
during rule parsing.

Leaves the register time registrations mostly as-is, but copies the
resulting list into the DetectEngineCtx and works with that onwards.
This list can then be extended.
 3 years ago
Victor Julien db27244379 detect: add buffer helper functions 3 years ago
Victor Julien 707b75ccda detect: split register time and detect load time buffer funcs 3 years ago
Victor Julien 5bcaae0a01 detect: use hashes for all buffer to id 
Instead of a map that is constantly realloc'd, use 2 hash tables for
DetectBufferType entries: one by name (+transforms), the other by
id. Use these everywhere.
 3 years ago
Victor Julien 51dcf3d76a detect: increase SigMatch type from u8 to u16 3 years ago
Victor Julien bb3d49d5bf detect: use bool for uint16_t used as bool 3 years ago
Victor Julien 6d7c1519ed common: fix missing ; in header 3 years ago
Philippe Antoine c9d222a483 detect: allows <> syntax for uint ranges 3 years ago
Philippe Antoine 5af4ef4532 detect: use prefilter values for modes 3 years ago
Philippe Antoine 3f15b2492c detect: errors for rule with impossible conditions 
Such as >255 for an uint8 field
 3 years ago
Juliana Fajardini 7c636d25c7 userguide: (nit) fix typo in lua-output page 3 years ago
Juliana Fajardini 4256c1ccd5 userguide: rename pg Lua Scripting->Lua Detection 
Since we can have scripts for output _or_ detection, it seems more
clear to rename this page to add more meaning
 3 years ago
Juliana Fajardini 59e5a21fca userguide: update buffers list for lua-scripting 3 years ago
Juliana Fajardini e7f1736f3a userguide/lua: add explanation about `need` diffs 
The differences on how the `need` key works, depending on script
usage (output or detection) confuses users, sometimes (cf doc#4725).
While we don't fix that, just explain this behavior.
 3 years ago
Philippe Antoine f4449d3fb3 fuzz: restrict flags passed to AppLayerProtoDetectGetProto 
Completes commit 05f9b3ffc6
 3 years ago
Jason Ish 7732efbec2 app-layer: include decoder events in app-layer tx data 
As most parsers use an events structure we can include it in the
tx_data structure to reduce some boilerplate/housekeeping code
in app-layer parsers.
 3 years ago
Philippe Antoine 0caaf6bd23 range: prevents memory leak of file from HTTP2 
Ticket: 4811
Completes commit c023116857

state.free should also close files with ranges
as state.free_tx did already

And file_range field should be reset so that there is no
use after free.
 3 years ago
Philippe Antoine 86f5d33f75 enip: fix int warnings 
There seems to fix a real bug when an ENIP connection
has more than 65k transactions
 3 years ago