aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,591 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'faad6bd335'
${ noResults }
Commit Graph

6591 Commits (faad6bd335274a244771177c036dcb59fca83d48)
 

Author SHA1 Message Date
Victor Julien faad6bd335 configure: don't use AC_DISABLE_SHARED as it breaks OSX 9 years ago
Mats Klepsland 45d87d66c0 afl: add support for AFL PERSISTANT_MODE 
Add support for AFL PERSISTANT_MODE when Suricata is compiled with
a supported compiler (only afl-clang-fast for now).

This gives a ~10x performance boost when fuzzing.
 9 years ago
Mats Klepsland 8111eb934f QA: add --afl-der=<file> 
Expose SSL/TLS certificate decoding (DER) to commandline
using --afl-der=<file>.
 9 years ago
Victor Julien d165906397 QA: add --afl-decoder-ppp=<file> 9 years ago
Victor Julien bdaba1d815 QA: expose Mime decoding API to commandline using --afl-mime=<file> 9 years ago
Victor Julien 077ac81688 QA: direct access from commandline to AppLayer API 
This patch introduces a new set of commandline options meant for
assisting in fuzz testing the app layer implementations.

Per protocol, 2 commandline options are added:

--afl-http-request=<filename>
--afl-http=<filename>

In the former case, the contents of the file are passed directly to
the HTTP parser as request data.

In the latter case, the data is devided between request and responses.
First 64 bytes are request, then next 64 are response, next 64 are
request, etc, etc.
 9 years ago
Victor Julien ca81c33e14 afl: add --enable-afl configure option 9 years ago
Victor Julien 09242fb4a8 afl: optionally exit right after afl single runmode 
Exit right away if afl.exit_after_pcap is set to true. Safes time
as fuzzing the shutdown code may not be as interesting.
 9 years ago
Victor Julien d461837511 afl: add --afl-parse-rules to return 0 on any rule 
When fuzzing, AFL will create lots of malformed rules. We don't want
to error out on those. As we're fuzzing the parser any non-crash
should return 0. Crashes (ASAN or not) will return a non-0 code.
 9 years ago
Victor Julien e824a8be76 afl: special 'single' runmode 
To avoid threading, this 'single' mode doesn't run in it's own thread
but instead runs in the main thread.
 9 years ago
Victor Julien a42251d459 afl: add define to disable mgt threads 
The inherent non-deterministic nature of the management threads
creates variable test cases.
 9 years ago
Victor Julien b2695600ba afl: add define to disable rand_r use 
The randomness affects AFL. It creates variable test cases, which
we need to avoid.
 9 years ago
Victor Julien 4c1c13d110 detect reload: improve signal logic 9 years ago
Victor Julien c0294521dd startup: move more into PostConfLoadedSetup 9 years ago
Victor Julien 0ab83288ac startup: move RunUnittests to StartInternalRunMode 9 years ago
Victor Julien e67ae0f174 detect keywords: use parse regex util func 9 years ago
Victor Julien 4a2e816bea detect parser: add parse regex util function 
Add regex setup and free util functions. Keywords often use a regex
to parse rule input. Introduce a common function to do this setup.

Also create a list of registered regexes to free at engine shutdown.
 9 years ago
Victor Julien 167d94efff dns: improve handling of tx pick up on response 9 years ago
Mats Klepsland c2f0f82bb4 util-decode-der: fix hang detected by AFL 
Fix hang that occurs when child->length is zero, resulting in an
endless loop.
 9 years ago
Mats Klepsland 18f88a6344 util-decode-der-get: code cleanup 9 years ago
Mats Klepsland a985b450e3 util-decode-der: code cleanup 9 years ago
Mats Klepsland e117461d4b app-layer-ssl: code cleanup 9 years ago
Mats Klepsland 550823455e app-layer-tls-handshake: code cleanup 9 years ago
Mats Klepsland 434b09563a app-layer-tls-handshake: remove duplicate include 9 years ago
Alexander Gozman 365015c2d5 Support sending rejects via libnet when running under non-root. 
Since version 1.1.6 libnet handles capabilities correctly.
So changing libnet's version checking a little bit should do the trick.
 9 years ago
Victor Julien e27ad81a43 autotools: add AS_VERSION_COMPARE stub for CentOS 5 9 years ago
Jason Ish fdff9e97e4 doxygen: define UNITTESTS to generate test framework docs 9 years ago
Jason Ish 52f6d21463 flowbits: use some of the new test macros 9 years ago
Jason Ish da1dec6d65 counters: use some of the new macros in tests 9 years ago
Jason Ish d7d05b007c conf: use new testing macros 
Also don't bother with cleanup on failure.
 9 years ago
Jason Ish 13cf2f829e testing: new test macros, new testing documentation group. 
Unit testing support macros for failing on expressions,
as well as passing tests on expressions.

If fatal unittests are enabled BUG_ON will be triggered for
an assertion providing the line number of the failure, otherwise
the test will simply fail.

Moved the fatal flag to a global var instead of a configuration
parameter for ease of access from a macro.
 9 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code 
1 pass, 0 is fail.
 9 years ago
Jason Ish 52983bf314 tests: convert all test to return 0 on failure, 1 on success 9 years ago
Eric Leblond 50b33ad508 prscript: update logic of sync with master test 
Code now get master sha on github and check if it is in current
branch with a git command. It also sync first that the current
local branch is in sync with github corresponding branch.

Signed-off-by: Eric Leblond <eric@regit.org>
 9 years ago
Victor Julien 38f67d88ea tcp: reduce TCP options storage in packets 
Until now, the TCP options would all be stored in the Packet structure.
The commonly used ones (wscale, ts, sack, sackok and mss*) then had a
pointer to the position in the option array. Overall this option array
was large. About 360 bytes on 64bit systems. Since no part of the engine
would every access this array other than through the common short cuts,
this was actually just wasteful.

This patch changes the approach. It stores just the common ones in the
packet. The rest is gone. This shrinks the packet structure with almost
300 bytes.

* even though mss wasn't actually used
 9 years ago
Torgeir Natvig 7ef8558e79 lua_close() segfaults on null pointers 9 years ago
Victor Julien d085362e61 detect: fix error handling in mpm setup 
*** CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
/src/detect-engine-mpm.c: 940 in MpmStoreSetup()
934                     PopulateMpmHelperAddPatternToPktCtx(ms->mpm_ctx,
935                             cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
936                 }
937             }
938         }
939
>>>     CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "ms->mpm_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
940         if (ms->mpm_ctx != NULL) {
941             if (ms->mpm_ctx->pattern_cnt == 0) {
942                 MpmFactoryReClaimMpmCtx(de_ctx, ms->mpm_ctx);
943                 ms->mpm_ctx = NULL;
944             } else {
945                 if (ms->sgh_mpm_context == MPM_CTX_FACTORY_UNIQUE_CONTEXT) {
 9 years ago
Victor Julien dc008206e3 detect: fix scan-build warning 
detect-engine-siggroup.c:700:38: warning: Call to 'malloc' has an allocation size of 0 bytes
    sgh->non_mpm_other_store_array = SCMalloc(non_mpm * sizeof(SignatureNonMpmStore));
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-mem.h:177:14: note: expanded from macro 'SCMalloc'
    ptrmem = malloc((a)); \
             ^~~~~~~~~~~
1 warning generated.
 9 years ago
Victor Julien 2ee3e726a9 detect: don't set unused variable 
detect.c:3801:13: warning: Value stored to 'tmplist2_tail' is never read
            tmplist2_tail = joingr;
            ^               ~~~~~~
detect.c:3804:13: warning: Value stored to 'tmplist2_tail' is never read
            tmplist2_tail = joingr;
            ^               ~~~~~~
2 warnings generated.
 9 years ago
Victor Julien 9b6e292a28 mpm: remove unused max pattern len field 9 years ago
Victor Julien f1ee125810 detect-flowvar: shrink mem structure by 8 bytes 9 years ago
Victor Julien e2789a87c2 detect: shrink IPOnlyCIDRItem with 8 bytes 9 years ago
Victor Julien adc453eec6 detect-port: improve comment about sgh pointer 9 years ago
Victor Julien ef6f347f84 detect-address: remove sgh pointer as it's unused 9 years ago
Victor Julien d5c6d08bc8 detect-port: remove debug mem counters 9 years ago
Victor Julien 9bd8197009 detect-address: remove debug mem counters 9 years ago
Victor Julien e0111fbb90 detect grouping: remove debug mem counters 9 years ago
Victor Julien 5f676167a3 detect grouping: make json dump configurable 
Make the rule grouping dump to rule_group.json configurable.

detect:
  profiling:
    grouping:
      dump-to-disk: false
      include-rules: false      # very verbose
      include-mpm-stats: false
 9 years ago
Victor Julien d6ba01b1b7 detect: make port whitelisting configurable 
Make the port grouping whitelisting configurable. A whitelisted port
ends up in it's own port group.

detect:
  grouping:
    tcp-whitelist: 80, 443
    udp-whitelist: 53, 5060

No portranges are allowed at this point.
 9 years ago
Victor Julien 5b1d75f0bd detect: suppress output 9 years ago