aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,800 Commits
10 Branches
154 Tags
164 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2c557cfdb'
${ noResults }
Commit Graph

5800 Commits (e2c557cfdb48ac13ed535ee672d49d58b5a772c5)
 

Author SHA1 Message Date
Jason Ish 1f9d9256e7 spelling - dubbed -> duped (for duplicate) 10 years ago
Jason Ish 8911b04077 DetectGidSet - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; gid:";)
resulting a negative array index.
 10 years ago
Jason Ish da88b3b787 DetectSidSetup - safer stripping of quotes. 
Discovered by AFL when using a rule like:
    alert tcp any any -> any any (content:"ABC"; sid:";)
would result in a negative array index.
 10 years ago
Jason Ish ca60d8c370 ParseSizeString - don't abort on unknown unit type. 10 years ago
Victor Julien 00d6298666 host: handle timeout 
Set expiration for regular hostbits keyword.
 10 years ago
Victor Julien ab7882fbf3 ippair: handle timeouts in the flow manager 
Like host and defrag, handle timeouts of ippair in the first flow
manager thread.
 10 years ago
Victor Julien e8a5925012 ippair: implement basic timeout check 
The only user is the xbits subsys, so it's timeout controls all.
 10 years ago
Victor Julien f2349e10ad hosts: consider hostbits/xbits status in timeout 
Consider the host's xbits expiry status when checking the host for
timeout. If a single active non-expired bit is found, the host won't
be timeout just yet.
 10 years ago
Victor Julien 67dd5c0430 host: implement hostbits/xbits expire 10 years ago
Victor Julien ca1f3e68d4 ippair: implement xbits expiration 10 years ago
Victor Julien fbdcffabc2 xbits: expire (first steps) 10 years ago
Victor Julien 7b79b9458d xbits: implement ip_src/ip_dst support 
Just a wrapper for regular 'hostbits'.
 10 years ago
Victor Julien 57d93cbcfe hostbits: prepare for xbits integration 10 years ago
Victor Julien 8e6453faac xbits: prepare for non-ippair support 10 years ago
Victor Julien dea8dda3c1 vars: redo var name <-> idx handling 
Can't use sm type anymore as multiple var carriers (host/flow/etc) will
all have xbits.
 10 years ago
Victor Julien f77c3d9a2c xbits: hostbits use xbits type 
Make hostbits use xbits type.
 10 years ago
Victor Julien a716dded04 xbit: move to util-var 
We can reuse the type for hostbits and flowbits as well.
 10 years ago
Victor Julien 61cb2abc8d ippair: xbit implementation 
detect xbits for ippair: initial implementation
 10 years ago
Victor Julien 4c6d564211 hostbits: unittest cleanups 10 years ago
Victor Julien 2cb0df7cf9 hostbits: allow for src/dst parameter 
By default, the hostbit checks the 'src' host. By adding the dst option
the dst host is used instead.
 10 years ago
Victor Julien be725a5ba2 hostbits: add more tests, include sigorder 10 years ago
Victor Julien d67fd306f8 hostbits: implement sigorder 
Like with flowbits, make sure that 'set's are evaluated before
'isset's, etc.
 10 years ago
Victor Julien 5c880377ae detect: hostbits keyword 
Per host bit similar to 'flowbits'.

Initial code that uses just the 'src' ip for the operations.
 10 years ago
Victor Julien 99ae643e4e ippair: track ippairs, enable tests 10 years ago
Eric Leblond f7a25f2b24 prscript: rework option logic 
Handle cleanly the case where user start docker handling command
without having the dependency installed. The help message does
now say:

```
  -d, --docker          use docker based testing
  -C, --create          create docker container (disabled)
  -s, --start           start docker container (disabled)
  -S, --stop            stop docker container (disabled)

You need to install Python docker module to enable docker container handling
options.
```

And running a disabled options says:

```
$ qa/prscript.py -s
You need to install python docker to use docker handling features.
```
 10 years ago
Eric Leblond 0b64b992c9 prscript: fix error message in non local test 
Indicate to user that non local test needs a github user.
 10 years ago
Eric Leblond 8a0ebc4ade prscript: improve command line 
You can now directly access to docker related command:

 qa/prscript.py -C # create container
 qa/prscript.py -s # start container
 qa/prscript.py -S # stop container

The build option does not change:

 qa/prscript.pu -l -d MY_BRANCH # build test of branch MY_BRANCH
 10 years ago
Eric Leblond fe45f2a342 prscript: add notification system 
If Python pynotify is installed, prscript can now send notification
via the -n flag.
 10 years ago
Eric Leblond ef627816cc prscript: improve wordings 10 years ago
Eric Leblond a3c921f0a6 prscript: suppress useless message 
No build run faster than 2 seconds.
 10 years ago
Eric Leblond fbe5db500c prscript: iterate on builds when checking status 
This patch is changing the logic when using docker mode. We are
iterating over each builds so we know when one build is over in
the 5 seconds following the event instead of getting the result
when the builds that are checked before are others.

On OISF's build system, the two builds comes out in order so there
is no problem.
 10 years ago
Eric Leblond f12e6fdcda prscript: read buildbot config from source 
This patch change the logic of the Docker buildbot system. The
buildbot configuration is now the one available in qa/docker
directory.

This way, developers can test features in docker buildbot that
could require some specific flags to be set. They just need to
edit the buildbot.cfg for instance to enable a new feature.

In the same way, the tested pcap files are the one which are in
the qa/docker/pcaps/ directory. So to test some private ones it is
enough to put them in that directory.

To take into consideration a buildbot.cfg modification or a new
pcap, it is enough to stop and restart the container:

 sudo qa/prscript.py -l -d -S master
 sudo qa/prscript.py -l -d -s master

This patch also fixes the container update issue. A local modification
to the buildbot will be kept. It is also fixing the issue when working
on old code that could possibly not support the same build flag as
the one of buildbot. Here the configuration will remains in sync.
 10 years ago
Eric Leblond be473fa712 prscript: add a comment on the SELinux issue 10 years ago
Eric Leblond 1180fc1ac7 prscript: add docker handling support 
You can now create the docker image necessary to run a
suricata builbot in docker. To do that you need to have
docker and python-docker installed on the system.

Then you can go to the qa directory.

You need to run once the creattion procedure:
 sudo ./prscript.py  -C -d master  -l
This will create a container named 'suri-buildbot'.

You can start it with:
 sudo ./prscript.py  -s -d master  -l

And stop it with:
 sudo ./prscript.py  -S -d master  -l

To start a test, you can do:
 ./prscript.py -d my_branch -l
 10 years ago
Eric Leblond dd6f9a6298 prscript: refactor for docker 
With the current work in progress on docker we need to update the
script to handle this case.

This patch adds two options:
 - -d to run in docker mode. In that case the build is started in
 the local dockerized buildbot instance
 - -l to not test the tested branch synchronization with github.

The -l option allows user to run a complete test without publishing
the code on github and without Internet access.
 10 years ago
Jason Ish 3b827fd649 Duplicate rule ID. 10 years ago
Alexander Gozman 45ba20bcb0 DetectAddressParseString(): fix IPv6 address handling 10 years ago
Jason Ish 754ea3d849 prscript - fallback to json is simplejson not available. 10 years ago
Eric Leblond bd0041470f rules: add app layer events rules 
Some application layer events are defined but the corresponding
rules were not available in the rules directory.
 10 years ago
Eric Leblond 605ef33972 runmodes: improve listing output 
This patch removes some multiple line displayed before the
information about unix socket mode.
 10 years ago
Eric Leblond 9fb82390ab suricata.yaml: add missing mpm-algo 10 years ago
Eric Leblond e5ae808b0f runmodes: fix typo in output 10 years ago
Eric Leblond ef3290bb2e flow-manager: don't set cpu affinity twice 
It is already set in the thread creation function.
 10 years ago
Victor Julien 8e83d0073e stream: fix bad last_ack update leading to gaps 
A bad last_ack update where it would be set beyond next_seq could
lead to rejection of valid segments and thus stream gaps.

Update tests to reflect new last_ack/next_seq behaviour.
 10 years ago
Victor Julien 4e177bc9d6 detect-state: cleanups and comments 10 years ago
Victor Julien 304c711a27 detect-state: use f->protomap instead of FlowGetProtoMapping(f->proto) 10 years ago
Victor Julien e1efa7a0b5 detect-flowbits: locking update 
Make matches that can be in the POSTMATCH list aware of the lock hint.
 10 years ago
Victor Julien 4609495c60 detect-flowint: conditional locking 10 years ago
Victor Julien 5111aa2ec0 detect-state: handle 'post match' locking 
The post match list was called with an unlocked flow until now.
However, recent de_state handling updates changed this. The stateful
detection code can now call the post match functions while keeping
the flow locked. The normal detection code still calls it with an
unlocked flow.

This patch adds a hint to the DetectEngineThreadCtx called
'flow_locked' that is set to true if the caller has already locked
the flow.
 10 years ago
Victor Julien 9bcb02119f detect-flowint: fix unlocked flow access 
Some of the access to the flow and to structures retrieved from the
flow was unlocked.

This patch changes the logic to be wrapped in lock calls.
 10 years ago