aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,646 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2c7078cc3'
${ noResults }
Commit Graph

3646 Commits (e2c7078cc3e227cc28b751d7bc7e4e6757f72a5b)
 

Author SHA1 Message Date
Eric Leblond b26ec60398 af-packet: fix possible infinite loop. 
If no packet arrives to a capture thread, it is possible that the
AFPReadLoop() function goes into an infinite loop. This could cause
suricata to hang at exit on non busy system.
This patch adds a counter to detect when Suricata start looping in
the ring to stop when it reaches this point.
 13 years ago
Eric Leblond e8a4a4c47c af-packet: dump counter every seconds. 
This patch updates to kernel counters handling to be almost sure to
update at least once per second.
 13 years ago
Eric Leblond 3acdd4da1d pf-ring: add counter for kernel drop and packets 
This patch adds a counter for kernel drop and packets by using the
same strategy as the one used in af-packet.
 13 years ago
Victor Julien 80d62b59ec Fix drop (and other actions) not being applied to thresholded packets. Bug #613. 13 years ago
Anoop Saldanha bca1b7c52a change default mpm to ac. Also default sgh-mpm-context is full. 13 years ago
Victor Julien fd6df00684 Bug 585: use per detect thread libmagic ctx 13 years ago
Victor Julien ea6fcb355b magic: add test showing payload resulting in libmagic invalid read as reported by valgrind. 13 years ago
Anoop Saldanha fdab6f2ab1 fix flow deadlock issue in detection engine state introduced by tx api. 
Issue discovered by coverity.
 13 years ago
Eric Leblond 00b95c69c0 suricata: list-keywords does not depend on unittest 13 years ago
Victor Julien 83ffd1f743 luajit: suppress compiler warning 13 years ago
Anoop Saldanha 2ab62920aa fix segv in hcbd and hsbd buffering. 
Increase bufffers_list_len, only we open up a space for a new tx.
 13 years ago
Anoop Saldanha b359bc03a9 unittest to reveal a bug/segv in our hsbd buffering code. 13 years ago
Victor Julien 4fab8ea6d6 http: fix http header reassembly bug causing some headers to be left out of the inspected buffer 13 years ago
Victor Julien 5cd46433d3 http: now that htp_state has a cfg reference, use it for body limits 13 years ago
Victor Julien 2763a61213 http: allow configuration of request and response body inspection limits. Issue #560. 13 years ago
Anoop Saldanha b99f9fe890 New app inspection engine introduced. Moved existing inspecting engines to use it. 13 years ago
Anoop Saldanha 7b4eac3e8d Change all inspect callbacks to accept TV and a tx_id param. 13 years ago
Anoop Saldanha 10a6e6a3eb Engine cleanup. Remove all old engine inspection and mpm functions. 13 years ago
Anoop Saldanha b0e20a486c update client/server/http_header to use a different form of 
buffering/buffer_retrieval.

Now it happens per tx, based on tx id.  Also notice a perf improvement with
this.
 13 years ago
Victor Julien e1321f9ae6 stream: change how retransmissions are handled and detected. 13 years ago
Victor Julien b621ed8423 stream: fix retransmission on closewait being considered out of window 13 years ago
Victor Julien a25629b250 stream: detect retransmissions on timewait state 13 years ago
Victor Julien 6326390120 stream: accept ack with next_seq + 1 on last_ack state 13 years ago
Victor Julien 3f6ecff260 stream: disable retransmission packet before last ack sig as it is fairly common in regular traffic 13 years ago
Victor Julien bc37cb6b8e stream: detect retransmissions on closewait and finwait2 states 13 years ago
Victor Julien 305ed3f23b stream: don't flag zero window probe packets as out of window. Bug #604. 13 years ago
Victor Julien 13e60c0040 stream: detect keep-alive packets so we don't consider those invalid 13 years ago
Victor Julien 9094eb4783 stream: ignore ack value if ack flag is not set. Add stream.pkt_broken_ack event for when ack value is not 0 and ack flag not set. 13 years ago
Victor Julien a5d9442c2d stream: handle retransmission of lost data packet on TIME_WAIT state 13 years ago
Victor Julien 037d67cc66 stream: go from FIN_WAIT_1 to CLOSING on simultaneous close. 13 years ago
Victor Julien 6544475670 stream: don't reject RST as response to SYN because of ACK 13 years ago
Victor Julien 6f76ac176d stream: add option to match on overlapping data 
Set event on overlapping data segments that have different data.

Add stream-events option stream-event:reassembly_overlap_different_data and
add an example rule.

Issue 603.
 13 years ago
Victor Julien 0b68da0b31 libhtp: don't use internal iterator 
It violates thread safety. #601.

Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create.  A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.

The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.

This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.
 13 years ago
Victor Julien d68fd54a76 Fix/suppress a couple of harmless compiler warnings. 13 years ago
Anoop Saldanha 870a98b528 Remove dead comment about flow reference api duplicate 13 years ago
Anoop Saldanha f08497d1e4 Move Flow Reference/Dereferene api from flow-util.h to flow.h. 
Remove duplicate FlowDeReference from decode.h
 13 years ago
Anoop Saldanha 67981d1c5c Update suricata to use FlowReference/FlowDeReference for the ones left out 
from last update.
 13 years ago
Victor Julien bb14cf899b yaml: default to cluster_flow type for AF_PACKET and PF_RING 13 years ago
Victor Julien 72782e5a6a profiling: fix rule profiling output sometimes missing sid,rev,gid. Bug #576. 13 years ago
Victor Julien 10a11b750d Add dsize check to prefilter stage 
Many sigs with dsize have a weak fast_pattern. Those patterns
are likely to match. By filtering on dsize early, we safe a lot
of cycles later.
 13 years ago
Victor Julien 45cbef0735 For signatures with the dsize option set depth on any content match in that sig. 13 years ago
Victor Julien d774d6e226 Update changelog to reflect 1.4beta2 changes 13 years ago
Victor Julien 63c64ed2cc Clean up and update bundled docs 13 years ago
Victor Julien 4464657ca2 remove reference to non-existing file from Makefile.am 13 years ago
Victor Julien a01130d2ed packet src: move pkt_src field up in the structure to fix in an existing hole (found with pahole -C Packet_ src/.libs/suricata). 13 years ago
Anoop Saldanha b33986c887 Add a packet src for every packet generated inside suricata. 13 years ago
Eric Leblond 58bf4ea4a4 nfq: fix detection of type nfq_get_payload function. 13 years ago
Eric Leblond 19756488ab nfq: close the queue when leaving acquisition. 
This patch adds a call to close the queue when the acquisition
loop is ending. This way the incoming packets will be accepted
during all the shutdown phase (if the queue-bypass option of
NFQUEUE is used). At the same time the currently processed packets
will be dropped but the time scale are different: suricata will
drop 20 ms of packets and the shutdown can take 0.5 seconds.

Patch based on an idea of Victor Julien.
 13 years ago
Victor Julien 75cddabd8a fast_pattern: don't consider http_method, http_stat_code and http_stat_msg when automatically giving preference to a HTTP pattern over a stream pattern. 13 years ago
Eric Leblond 928ade1d04 pf-ring: suppress unused variable. 13 years ago