aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,101 Commits
8 Branches
165 Tags
212 MiB
main-8.0.x
main-7.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eebdfe9a3e'
${ noResults }
Commit Graph

14101 Commits (eebdfe9a3e46be0508ff636db0fc514a4f922656)
 

Author SHA1 Message Date
Shivani Bhardwaj eebdfe9a3e decode/events: add event type UDP_LEN_INVALID 3 years ago
Lukas Sismis d18e52ed93 decode-udp: Allow shorter UDP packets than the remaining payload length 
If the packet is shorter than IP payload length we no longer flag it as an
invalid UDP packet. UDP packet can be therefore shorter than IP payload.
Keyword "udp.hlen_invalid" became outdated as we no longer flag short UDP
packets as invalid.

Redmine ticket: #5693
 3 years ago
Philippe Antoine ba99241957 http2: fix leak with range files 
Ticket: #5808

May have been introduced by a24d7dc45c

Function http2_range_open expects to be called only when
tx.file_range is nil. One condition to ensure this is to check
that we are beginning the files contents. The filetracker field
file_open is not fit for this, as it may be reset to false.
 3 years ago
Jason Ish a0fc00bb48 log-pcap: fix inverse logic error 
We shouldn't early initialize when *offline*.  Instead this accidentally
delayed initializing when if an online mode, however its likely not to
have been noticed as delaying initializing in online mode is supported
as well.
 3 years ago
Philippe Antoine e07556b961 runmodes: fix memory leak 
By using constant for string instead of allocating and leaking it

CID: 1520497
CID: 1520500
 3 years ago
Philippe Antoine b281199e9a test: do not output non ascii character 
The unit test for content |aa bz| transforms in place the string
str to replace the 2 characters aa by one character 0xaa
Then, when z is not recognized as a valid hexadeicmal character,
the whole modified string is printed out, inclusing the non-ascii
0xaa

Ticket: #5558
 3 years ago
Victor Julien 7a47eabf82 streaming: fix possible use after free 
Don't use ptr after freeing it. Reported by Coverity Scan.
 3 years ago
Victor Julien f41646a012 streaming: remove dead code 
As reported by Coverity Scan.
 3 years ago
Victor Julien 7b18b9c01c flow: make next_ts unsigned 
To silence a coverity warning.
 3 years ago
Victor Julien 420351eda2 time: fix various time issues 
Found by Coverity Scan.
 3 years ago
Shivani Bhardwaj 06caef988c detect/ftp: use AppLayerResult API 3 years ago
Juliana Fajardini d9cd05e828 stream: remove unused retval from fn description 3 years ago
Juliana Fajardini 918bd7435c userguide/config: update log format symbols list 
There were some possible format options missing after the recent changes
in the log format.
 3 years ago
Philippe Antoine e8db6255cb tls: accept validity before 1970 
modify TLS certificate decoding of validity timestamps
to support times between 1950 and 2049,
as per RFC 5280

Ticket: #3253
 3 years ago
Philippe Antoine 0c0fcc9411 detect: config keyword transaction logic fix 
When the keyword config:logging disable,type tx is used,
OutputTxLog checks a flag to skip the transaction without logging
it, but AppLayerParserTransactionsCleanup waits for the
transaction to be marked as logged to clean it.

So, OutputTxLog now marks the tx as logged, so that it can
get cleaned away.

Ticket: #5456
 3 years ago
Victor Julien 37f13a4fc7 smb: set defaults for file transfer limits 
Ticket: #5782.
 3 years ago
Juliana Fajardini 416f7522e7 stream/tcp: fix typos, update copyright year 
Bug #5765
 3 years ago
Juliana Fajardini 8e9905e0d8 exceptions: ignore policy if stream.midstream=true 
Set the engine to ignore the stream.midstream-policy if stream.midstream
is enabled.

If we had both stream.midstream AND stream.midstream_policy enabled,
this could lead to midstream flows being dropped (or bypassed, or...)
instead of being accepted by the engine, as it was probably meant when
the user enabled midstream flows.

Bug #5765
 3 years ago
Juliana Fajardini 0d9289014b exceptions: add master switch config option 
This allows all traffic Exception Policies to be set from one
configuration point. All exception policy options are available in IPS
mode. Bypass, pass and auto (disabled) are also available in iDS mode

Exception Policies set up individually will overwrite this setup for the
given traffic exception.

Task #5219
 3 years ago
Jason Ish fab3f36b8c dns: never return error on UDP DNS 
UDP parsers should never return error as it should indicate to Suricata
that an unrecoverable error has occurred.  UDP being record based for
the most part is almost always recoverable, at least for protocols like
DNS.
 3 years ago
Jason Ish d720ead470 dns: split header and body parsing 
As part of extra header validation, split out DNS body parsing to
avoid the overhead of parsing the header twice.
 3 years ago
Jason Ish 595700ab7e dns: validate header on every incoming message 
As UDP streams getting probed, a stream that does not appear to be DNS
at first, may have a single packet that does look close enough to DNS
to be picked up as DNS causing every subsequent packet to result in a
parser error.

To mitigate this, probe every incoming DNS message header for validity
before continuing onto the body.  If the header doesn't validate as
DNS, just ignore the packet so no parse error is registered.
 3 years ago
Jason Ish c98c49d4ba dns: parse and alert on invalid opcodes 
Accept DNS messages with an invalid opcode that are otherwise
valid. Such DNS message will create a parser event.

This is a change of behavior, previously an invalid opcode would cause
the DNS message to not be detected or parsed as DNS.

Issue: #5444
 3 years ago
Jason Ish 49e9f51a03 github-ci: fedora non-root: suricata-verify -q 
Run Suricata-Verify in quiet mode for the non-root build to more
easily find the error when fails.
 3 years ago
Jason Ish 7afc2e3aed dns: rustfmt 3 years ago
Jason Ish 39d2524bf6 dns: mark test buffers with rustfmt::skip 3 years ago
Jason Ish 30a2cfa693 log-pcap: remove early output initializing if offline 
Remove early opening of output files if running in an offline mode, as
we don't yet know the timestamp to use.

Prevents the first pcap files being opened with a timestamp of 0,
bringing us back to the same behvaviour of pcap logging in 6.0.

Issue: 5374
 3 years ago
Jason Ish 64c069f162 log-pcap: fix typo in multi-mode error message 3 years ago
Jason Ish e4f85ecc2a log-pcap: display mininum limit on error 
On fatal error due to limit being less than the allowed minimum,
display the minimum value in bytes.
 3 years ago
Lukas Sismis 30d9d8c7f4 util-debug: clang-format required change 3 years ago
Lukas Sismis 03c21bfaa8 runmodes: Determine engine's copy-mode as early as possible 
Configuration and behavior of HTP app layer depends on the copy
mode of Suricata engine. Copy mode was set after the app layer setup.
Decision of engine's copy mode operation is now made earlier.

Ticket: #5706
 3 years ago
Lukas Sismis 958f94276a runmodes: remove misleading commment 3 years ago
Lukas Sismis e2a5bc7961 dpdk: add support for enabling IPS support in DPDK mode 3 years ago
Lukas Sismis 449943e1a9 util-device: remove unused functions 3 years ago
Lukas Sismis bed16ba44c runmodes: change function prototype of runmode init functions 
Commit contains prototype changes of RunModeSetLiveCaptureAutoFp and
RunModeSetLiveCaptureWorkers functions to move the IPS enable logic
out of suricata.c file.
 3 years ago
Lukas Sismis ee4f75e4b4 dpdk: port deprecated DPDK macros to the newer forms 3 years ago
Lukas Sismis 1c8205e6b1 dpdk: add Github action to build Suricata with all available (LTS) DPDK versions 3 years ago
Lukas Sismis 79130103c2 dpdk: print debug xstats counters of all DPDK ports on shutdown 3 years ago
Lukas Sismis cb6fa894ef dpdk: add a check for HW checksum validation offload 
Ticket: #5553
 3 years ago
Victor Julien da1ad843b4 time: -Wstrict-prototypes fix 3 years ago
Jeff Lucovsky 9fbe683642 time: Rework SCTime_t into a struct 
Issue: 5718

This commit changes SCTime_t to a struct with members setup as
bitfields.
 3 years ago
Jeff Lucovsky 31793aface time: Replace struct timeval with scalar value 
Issue: 5718

This commit switches the majority of time handling to a new type --
SCTime_t -- which is a 64 bit container for time:
- 44 bits -- seconds
- 20 bits -- useconds
 3 years ago
Jeff Lucovsky 7702ad410e format/clang: Apply clang-format 
Issue: 5718
 3 years ago
Victor Julien c15d511064 frames: enable only used frames 
Enable only frames that are actually used.

Ticket: #4979.
 3 years ago
Victor Julien 6cc9811edd files: move FileContainer into FileTransferTracker 
Update SMB, NFS, HTTP2.
 3 years ago
Victor Julien aa376a3b21 detect/frame: improve frame detection 
Add a per frame progress tracker.
 3 years ago
Victor Julien 169ee11ead output/frame: log frame type stream 3 years ago
Victor Julien d72bc364de output/frame: improve 'complete' logging 3 years ago
Victor Julien 6cbb5306c6 frame: add debug validation check 3 years ago
Victor Julien b43dc5a64a app-layer/frames: use absolute frame offset 
Frame offset was already a 64 bit integer, so simplify things by
making it an absolute offset from the start of the stream.
 3 years ago