aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,459 Commits
8 Branches
165 Tags
177 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f70badeb0e'
${ noResults }
Commit Graph

7459 Commits (f70badeb0e9a3c9f55023a57abefc9857d2f729f)
 

Author SHA1 Message Date
Victor Julien d7c828bcb0 proto detect: update behavior on partial detection 
When the current direction doesn't get a protocol detection, but the
opposing direction did, previously we would send the current data to
the parser. Then when we'd be invoked again (until the protocol
detection finally failed) we'd get the same data + the new data. To
make sure we'd not send the same data to the parser again, the flow
kept track of how much was already sent to the app-layer using
data_al_so_far.

This patch changes the behaviour. Instead of sending the data for
the current direction right away, we only do this when protocol
detection is complete. This way we won't have to track anything.
 9 years ago
Victor Julien 6022fa44a5 proto detect: TCP cleanup 
Split function into multiple smaller ones.
 9 years ago
Victor Julien 8347aa01fa app-layer: clean up counters registration 9 years ago
Victor Julien c6134e007e doc: app-layer tls including no-reassemble 9 years ago
Victor Julien b789d2ae3d tls: change 'no-reassemble' option to default off 
This option was broken so there should be no visible change to
actual deployments.
 9 years ago
Thomas Andrejak c17402fdcb prelude: add IPv6 support 9 years ago
Thomas Andrejak dcce225102 prelude: add missing TCP header to additional data 9 years ago
Thomas ANDREJAK 671320aab8 prelude: update URL 9 years ago
Thomas Andrejak e33060cee0 prelude: coding style, it's better to use macro 9 years ago
Thomas Andrejak b1c1699699 prelude: Add other actions than just ACTION_DROP when packet drop 9 years ago
Thomas Andrejak 4d4a3d0b8f prelude: Add log when failed to create assessment or impact object 9 years ago
Thomas Andrejak 18c9312380 Add macro for TCP and UDP header access 9 years ago
Eric Leblond 4eca40ac34 app-layer-tls: stop detection if no reassembly 
It no-reassembly is asked in TLS conf then we can stop inspection
after handshake and cause bypass to be triggered on the flow.
 9 years ago
Eric Leblond 69e1ff7ba7 stream-tcp: bypass encrypted when both side ready 
Suricata should not completely bypass a flow before both end of it
have reached the stream depth or have reached a certain state.
Justification is that suricata need the ACK to treat the other side
so we can't really decide to cut only one side.
 9 years ago
Nicolas Thill 3750c15632 doc: add SCPacketTimestamp Lua function 
Signed-off-by: Nicolas Thill <ntl@p1sec.com>
 9 years ago
Nicolas Thill e95e6ccded lua: add an SCPacketTimestamp function 
The SCPacketTimestamp function returns packet timestamps as 2 real
numbers (seconds & microseconds).

Example:

  local sec, usec = SCPacketTimestamp()

Signed-off-by: Nicolas Thill <ntl@p1sec.com>
 9 years ago
Victor Julien f4b165de94 file: register filedata loggers before file 
This fixes the issue that 'stored' remained false even if the file
was stored.

Reported-by: Chris Wakelin
 9 years ago
Victor Julien 4126fd82a0 doc: small eve update: add dns 9 years ago
Victor Julien e3b2d95100 doc: add recent tls keywords 9 years ago
Victor Julien 08b875c03b doc: clean up fast_pattern 9 years ago
Victor Julien f1046db113 doc: fix header keywords layout 9 years ago
Victor Julien 43aed70976 detect: during detection sgh is read only so turn into const 9 years ago
Victor Julien 0e31124609 detect: add util func for post-inspect tasks on first sgh 9 years ago
Victor Julien d3fb4de1b5 detect: move file flags update into it's own function 9 years ago
Victor Julien 664f9aa906 flow: use BIT_U32 for flags 9 years ago
Victor Julien c81aaeda7b flow: move file flags into their own variable 
Move FLOW_FILE_* flags into Flow::file_flags. Rename them to
FLOWFILE_* so non updated code will break.
 9 years ago
Jason Ish 3fab684f97 logging: don't log that json is disabled in each logger 
A warning log is already emitted if eve-log is enabled in the
configuration but json support is not built so the logger
registration functions can be silent.
 9 years ago
Jason Ish 0bce4b5534 macOS: thread return value affects newer macOS as well 
ALl OS X/macOS versions since 10.10 return EDEADLK here instead
of EBUSY. Assume they will moving forward as well.
 9 years ago
Victor Julien d80914d350 doc: move rule reload and adding rules into rule-management 9 years ago
Victor Julien e24c3937b3 doc: add rule-management chapter 9 years ago
Victor Julien 80bd59ae86 doc: improve install doc, configure 9 years ago
Victor Julien 48274218df doc: multi-tenancy is not work in progress 9 years ago
Victor Julien f64decf5e2 doc: clean up log rotation 9 years ago
Victor Julien 729fd2e406 doc: update libcap-ng doc 9 years ago
Victor Julien e5ee665f24 doc: rewrite rule reload doc 9 years ago
Victor Julien f867bb61e6 http: fix memory leak in error path 9 years ago
Victor Julien 40af9aad02 streaming: improve error handling 
When memory allocations happened in HTTP body and general file
tracking, malloc/realloc errors (most likely in the form of memcap
reached conditions) could lead to an endless loop in the buffer
grow logic.

This patch implements proper error handling for all Append/Insert
functions for the streaming API, and it explicitly enables compiler
warnings if the results are ignored.
 9 years ago
Victor Julien 6a831f8125 doc: add simple install guide 9 years ago
Jason Ish 2c60e9b4de doc: remove userguide.pdf on clean instead of suricata.pdf 
As the pdf is a built artifact, it needs to be removed to
satisfy distcheck.
 9 years ago
Jason Ish afead7e565 doc: add missing docs to EXTRA_DIST 9 years ago
Jason Ish dbde356053 doc: exclude docs in partials/ from reference errors 
These docs are already included with the include statement,
but older versions of Sphinx still complain that they
are not in a table of contents.
 9 years ago
Victor Julien aaf0fe4d29 doc: eve update 9 years ago
Victor Julien a35bea28f3 doc: rules-meta typo 9 years ago
Victor Julien 879c3d8ad7 detect: fix scan-build 0-size alloc warnings 9 years ago
Victor Julien 76b55214f0 doc: rules-meta small cleanup 9 years ago
Victor Julien 3cf1b12061 doc: http sticky vs modifier 9 years ago
Victor Julien 0d15593258 doc: move urilen to other uri keywords 9 years ago
Victor Julien 34bfacdee0 doc: add minimal http request/response line sections 9 years ago
Victor Julien adb6c75e2e doc: only make sphinx warnings fatal on html/pdf 9 years ago
Jason Ish 82a6bfd599 doc: manpage: add bugs and notes section 9 years ago