aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,442 Commits
8 Branches
165 Tags
223 MiB
main
main-8.0.x
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e62c75335e'
${ noResults }
Commit Graph

8196 Commits (e62c75335ee760dcaadd496e95284b5f954d0727)

Author SHA1 Message Date
Eric Leblond 28e9e4c85c af-packet: use the new BPF compilation function 7 years ago
Eric Leblond 3c566e0f89 util-bpf: introduce custom BPF compile functions 
We can't get error from pcap_compile_nopcap() so let's get our
own function and output message.
 7 years ago
Eric Leblond e98b5e4946 af-packet: micro optimization 
Use a else if instead of two chained if constructs.
 7 years ago
Eric Leblond 9efa4ace69 af-packet: improve error handling 
Stress condition in Suricata could lead to interface to disconnect
when it is not necessary. This patch updates the error handling
code to try to continue reading when such a case occurs.
 7 years ago
jason taylor 74761b04fe bypass:added new documentation reference 
Documentation didn't previously exist for the bypass keyword

Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Eric Urban 90a0731564 debug/log: add log level for JSON type 
resolves #2671
 7 years ago
Victor Julien 6f2b974f9c detect/mpm: fix fast_pattern handling of len >255 
The fast pattern selection logic would truncate a patterns len to
255 leading to assigning the same pid to different patterns.

This in turn would be caught by the hyperscan setup code which would
abort.

Bug #2714.
 7 years ago
Victor Julien 961610489a iprep: small cleanups 7 years ago
Victor Julien 5740c79b93 iprep: improve error checking of path handling 7 years ago
Victor Julien 0b3220a0df detect: improve inspect buffer handling 
Fix and Optimize cleanup. For the simple single inspect buffer optimize
the cleanup by keeping track of the actually used buffers. This avoid
looping over unused buffers.

Fix the case of cleaning not being done after a tx if the next tx is
also inspected in the context of the same packet.

Fix cleanup of the multi-inspect buffers. Optimize in 2 ways. First
like with single keep track of which multi-inspect buffers have been
used. Second, keep a max of the buffers within a multi-inspect buffer.
Use this max to limit (nested) looping.
 7 years ago
jason taylor 683be94830 profiling: set loop limit to match array size 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 7 years ago
Victor Julien 5aef72efd1 prelude: fix potential uninitialized value use 7 years ago
Victor Julien ca1161d798 detect: suppress coverity deadcode warnings 
Suppress as scan-build-7 relies on this 'dead' code to not issue
a warning.
 7 years ago
Victor Julien 7b318592e6 filestore: suppress coverity toctou warning 7 years ago
Victor Julien cb2008fb27 detect: fix coverity memory leak warnings 7 years ago
Victor Julien 16100e592d file: use u32 file id everywhere 7 years ago
Victor Julien 59d526481c detect/distance: improve value parsing and fix broken test 7 years ago
Victor Julien 9cce1995ef detect/within: clean up option value parsing 7 years ago
Victor Julien 8814b994b5 detect/within: test cleanups 7 years ago
Victor Julien 1803af7aa6 eve/dns: improve version warning message 7 years ago
Victor Julien 758acd4b7e detect/offset: improve value parsing 7 years ago
Mats Klepsland b5dfc9ed41 app-layer-ssl: fix coverty error (RESOURCE_LEAK) 
Bug #2677
 7 years ago
Victor Julien 36e84b929c smtp/mime: fix null ptr deref on bad traffic 
Due to missing error handling, a bad mime message could put the
mime parser in an error state, without the SMTP layer taking this
into account. So the SMTP layer would continue to pass data to the
mime parser, even though it was in an error state.

When the parser would be fed a very long line while in this state,
it would try to set an error flag in the state. However, due to
the error state, this setting of the flag would dereference a null
pointer.

This patch fixes this issue by updating the mime parser to check
the state it is in when receiving new input. It will refuse to
process futher data while in the error state. It will also return
a new error code to indicate to the SMTP layer that the parser
was in an error state.
 7 years ago
Jason Ish 961931e73a filestore: fix compiler truncation warnings 
And error out if the constructed filename is truncated.
 7 years ago
Mats Klepsland 033e756905 app-layer-ssl: add Facebook TLSv1.3 draft versions 
Add draft versions for Facebooks custom TLSv1.3 implementation "fizz"
to SSLVersionToString().
 7 years ago
Mats Klepsland dd5374c20d app-layer-ssl: change how TLSv1.3 drafts are logged 
Change from logging TLSv1.3 drafts as "TLS 1.3 (draft 28)" to
"TLS 1.3 draft-28" instead.
 7 years ago
Victor Julien 9291d434c6 pfring: default to runmode workers 
Now that threads:auto is implemented workers is a better default
as it generally performs better.
 7 years ago
Victor Julien 1467c30883 pfring: implement 'threads: auto' 
If threads is set to auto, first try the CPU count. If that would
fail, fall back to RSS queue count.
 7 years ago
Victor Julien 5f2831d60f pfring: support checking/disabling offloading 7 years ago
Victor Julien 7c02b40be6 pfring: fix bypass counter print uninitialized values 
If the option was disabled in the config the value would be uninitialized.
 7 years ago
Victor Julien 1360e030b1 storage: don't leak memory for unittests 7 years ago
Victor Julien 121b3021df radix: fix a memleak when removing the last node 7 years ago
Victor Julien 3836fe2353 detect/address: minor memory handling cleanups 7 years ago
Victor Julien 00e9fd7a36 detect: suppress scan-build warnings 7 years ago
Victor Julien 0a39e06535 detect/flags: cleanup parsing to not alloc temp strings 7 years ago
Victor Julien e22a833b94 mpm: fix minor scan-build warning 7 years ago
Victor Julien e180576afe pool: avoid possible double free in error path 
Should be impossible as a double free, but scan-build-7 thinks it
is possible.
 7 years ago
Victor Julien 7ce1ebe0d3 pool: small code cleanups 7 years ago
Victor Julien 478caac975 stream: don't assume malformed TCP packets 
This deep in the stream engine packets are valid, so don't check
for the tcph header in a packet as it confuses scan-build.

Do add a DEBUG_VALIDATE_BUG_ON so in QA we double check.
 7 years ago
Victor Julien cf37faff31 decode/tcp: rewrite options decoding to assist scan-build 7 years ago
Victor Julien 347e64e8d4 smb/c: don't accept null input 7 years ago
Victor Julien ce1753c715 htp: fix potential (but unlikely) memleak in uri normalization 7 years ago
Victor Julien 7ef8d31e4f thresholds: remove dead code in parsing 7 years ago
Victor Julien 8ef0818c3b radix: fix memory leak in error path 7 years ago
Victor Julien 506f299b09 coverity: suppress warnings 7 years ago
Victor Julien 2010610c91 host/os/info: fix lookup memleak 7 years ago
Victor Julien 1bf658f9ee debug/log: suppress coverity checked_return warning 7 years ago
Victor Julien ec94d7b33d bpf: suppress coverity toctou warning 7 years ago
Victor Julien 22c7be26c4 pcap: fix buffer size validation logic 7 years ago
Victor Julien 9c2c258f2b uricontent: move debug func into unittests 
Cleanup header, which lead to the app-layer-htp.h header needing to
be added in a few other places.
 7 years ago
Victor Julien 4ae85f16c5 detect/replace: fix mem leak in error path 7 years ago
Victor Julien 0d0da7880e isdataat: fix mem leak in error path 7 years ago
Victor Julien 2ef2febc7c bits: avoid memory leak in case of adding types 7 years ago
Victor Julien 5c69bbb236 ipproto: fix memleak in error case 7 years ago
Victor Julien 5283796018 bytetest: don't leak memory in error condition 7 years ago
Victor Julien 9d54a8361d yaml: fix potential memleak and suppress coverity issue 7 years ago
Victor Julien 15e0f7f5bb outputs: fix memleaks in the error paths reported by coverity 7 years ago
Victor Julien 575fb69a06 coverity: suppress warning for intentional code 7 years ago
Victor Julien 335df629a2 rust/dns: don't compile unused C code if Rust is enabled 7 years ago
Victor Julien f97bf298b2 coverity: fix filestore v2 memleak 7 years ago
Victor Julien 00111499b0 log-pcap: fix coverity memleak warning 7 years ago
Victor Julien a683279137 coverity: don't warn on fall back random 7 years ago
Mats Klepsland a8347e1bc2 app-layer-ssl: fix flow and inspection bypass for TLSv1.3 7 years ago
Mats Klepsland 3b73b7d542 app-layer-ssl: add 0-RTT support for TLSv1.3 7 years ago
Mats Klepsland 23993c18cd app-layer-ssl: decode early data extension in ClientHello record 
Decode early data extension used by 0-RTT that is used to indicate that
application data will be sent right after the ClientHello record.
 7 years ago
Mats Klepsland 7556004a51 app-layer-ssl: use extension length when decoding extensions 
Pass extension length to functions decoding extensions, instead of
passing the length left in the record. This enables us to also
decode empty extensions.
 7 years ago
Mats Klepsland ee1de4c812 app-layer-ssl: handle all versions above TLSv1.2 as TLSv1.3 
This makes it more likely to log custom versions of TLSv1.3 that
doesn't comply with the draft version numbering.
 7 years ago
Victor Julien 31b87d5f8f tls: remove debug printfs 7 years ago
Mats Klepsland 16643befe7 detect-tls-ja3-hash: add another unit test 
Add unit test that covers the JA3 bug in TLS extensions decoding.
 7 years ago
Mats Klepsland fc53b2ecd5 app-layer-ssl: fix JA3 bug in TLS extension decoding 7 years ago
Mats Klepsland 89bd274f44 app-layer-ssl: fix JA3 bug in TLS version decoding 7 years ago
Victor Julien 215e37a9c0 capture: multidev is not experimental 7 years ago
Victor Julien 631ee383bb flow/stream: 'wrong thread' as stream event & counter 
Set event at most once per flow, for the first 'wrong' packet.

Add 'tcp.pkt_on_wrong_thread' counter. This is incremented for each
'wrong' packet. Note that the first packet for a flow determines
what thread is 'correct'.
 7 years ago
Victor Julien 588a56c8ba smtp: fix clang -Wunreachable-code warning 
app-layer-smtp.c:756:12: error: will never be executed [-Werror,-Wunreachable-code]
    return 0;
           ^
1 error generated.
 7 years ago
Victor Julien 17e7d179d0 profiling/csv: update output format 
Update output to be:

pcap_cnt,total,receive,decode,flowworker,threading,proto detect,flow,
stream,app-layer,detect,tcp-prune,loggers,<detect stages>,<loggers>

For TCP, the app-layer cost is not part of stream anymore.
 7 years ago
Victor Julien 6781146556 test mode: parse interface list in test mode 7 years ago
Victor Julien 77c7cf0211 windivert: fix whitespace issue 7 years ago
Victor Julien b86e176262 af-packet: suppress noisy info message 7 years ago
Victor Julien d6460392c5 detect/transforms: fix doc urls 7 years ago
Victor Julien 57921d95d6 eve: improve error handling for Rust loggers 
Give useful warning message if Rust is not compiled in.
 7 years ago
Victor Julien 24b18e47bd pfring: minor cleanups 7 years ago
Victor Julien 4f84672d7c stats: decoder/stream events as stats 7 years ago
Victor Julien 014056f686 detect/analyzer: add detection for sigs that could use http keywords 7 years ago
Victor Julien 127937b2dd detect/analyzer: add debug statements 7 years ago
Victor Julien c05459ce89 detect/analyzer: fix json analyzer being called on incomplete rules 7 years ago
Victor Julien 6c97909a92 stream/events: log as stats 7 years ago
Victor Julien fa06879563 detect/events: cleanup keyword 7 years ago
Victor Julien 2ae8d1a208 cocci/detect: add flags check to SigTableElmt 7 years ago
Victor Julien ecb5d6419b rules/transform: add to list-keywords 7 years ago
Mats Klepsland 81cdcd315b detect-ssh-software: fix url for keyword 7 years ago
Mats Klepsland 08efbdc632 detect-ssh-software-version: add description and url to keyword 7 years ago
Mats Klepsland f4da3050f2 detect-ssh-proto-version: add description and url to keyword 7 years ago
Mats Klepsland c58252bb3b detect-ssh-proto: fix url for keyword 7 years ago
Victor Julien daaa90d515 rust/smb: suppress noisy messages 7 years ago
Victor Julien c4d8508f51 eve/json: introduce community flow id 
Add support for community flow id, meant to give a records a
predictable flow id that can be used to match records to
output of other tools.

Takes a 'seed' that needs to be same across sensors and tools
to make the id less predictable.
 7 years ago
Victor Julien e956b484c5 eve/json: handle common options in central function 7 years ago
Victor Julien df1ec82b55 eve/json: move common settings into it's own struct 7 years ago
Victor Julien 116c03cf17 nfs: use common json output structures 7 years ago
Victor Julien 04edc7cb6c smb: use common json output structures 7 years ago
Victor Julien 8b8270e732 eve/json: add common helper funcs 
Add simple helper funcs for option-less loggers
 7 years ago