aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,398 Commits
8 Branches
169 Tags
241 MiB
main-8.0.x
main
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.4
suricata-7.0.15
suricata-8.0.3
suricata-7.0.14
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-1.3.3'
${ noResults }
Commit Graph

3398 Commits (suricata-1.3.3)
 

Author SHA1 Message Date
Victor Julien f6bb95e919 Update changelog to reflect 1.3.3 changes. 14 years ago
Victor Julien a1a20cc50a libhtp: harden code against malloc failures. Bug #587. 14 years ago
Victor Julien 985cb92573 http: don't assume http tx to have header alloc'd. Can happen in OOM conditions. Bug #587. 14 years ago
Victor Julien cd27571220 Don't use SCStrdup in SCLogMessage as we call it on OOM condition, leading to endless recursion. SCStrdup failure calling SCLogMessage... 14 years ago
Eric Leblond d8f68ec2a0 ipfw: add missing include 
RunmodeGetActive() was used but not declared. This patch fixes
bug #612: on amd64 implicit declaration was triggering the conversion
of an int to a pointer during assignement and this was causing an
invalid read.
 14 years ago
Eric Leblond dab509ea43 defensive set of variable. 14 years ago
Eric Leblond ef10d70d7f FreeBSD: add missing include 14 years ago
Victor Julien 81dbbf72f5 filestore: fix logic flag in continued stateful detection 
Backport from 70bc9e2494 from
master branch.
 14 years ago
Victor Julien 5be687f7b5 Remove pcre jit warning. Bug #579. 14 years ago
Eric Leblond cb0532e5b7 pf_ring: don't set cluster for DNA interface. 14 years ago
Victor Julien bccda4d11f http: fix client and server body sometimes being inspected in wrong order 14 years ago
Victor Julien 49fb3d39a4 Fix drop (and other actions) not being applied to thresholded packets. Bug #615. 14 years ago
Victor Julien 559c8ae181 http: fix http header reassembly bug causing some headers to be left out of the inspected buffer 14 years ago
Anoop Saldanha dba7b8dc41 Move Flow Reference/Dereferene api from flow-util.h to flow.h. 
Remove duplicate FlowDeReference from decode.h
 14 years ago
Anoop Saldanha 73b3d28dc0 Update all flow referencing to use the new FlowReference and FlowDeReference macros 14 years ago
Anoop Saldanha cb9ff164fc fix for bug #557. 
In FFRv2, dereference flow from a packet using the new reference/dereference
util macros.  This allows the decr use_cnt for flow and reseting the flow
pointer to NULL for the pseudo pkt to happen simultaneously, in case there we
fail to retrieve a pseudo_packet and have to return the already obtained
pseudo packets, back to the packetpool.
 14 years ago
Anoop Saldanha e59cf418f6 Introduce utility flow macros to help referencing/dereferencing flows. 14 years ago
Anoop Saldanha 7f35e69b92 fix for bug #557. 
Reset hhd buffers list len if we exit before allocating the buffer.
 14 years ago
Victor Julien 2cdbdab38c libhtp: don't use internal iterator 
It violates thread safety. #601.

Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create.  A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time.

The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t.

This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.
 14 years ago
Victor Julien 0e7c9af443 Fix/suppress a couple of harmless compiler warnings. 14 years ago
Victor Julien 6f6ba31eba yaml: default to cluster_flow type for AF_PACKET and PF_RING 14 years ago
Anoop Saldanha 89797de914 fix for #588. 
Respect pcre's anchor during content inspection.
 14 years ago
Anoop Saldanha 3630d01e6a detect-pcre.c cleanup. Delete old pcre functions that we no longer use. 14 years ago
Anoop Saldanha 34e59cd9d5 Unittest to display #bug 588. pcre anchor not respected. 14 years ago
Victor Julien 27e585f6d0 htp: update version numbers of bundled htp 14 years ago
Victor Julien d7efd062e7 Update Changelog to reflect changes in 1.3.2 release. 14 years ago
Victor Julien 6cba9b7c4f http: fix multipart parsing leading to missing chunks of files in file extraction. 14 years ago
Anoop Saldanha 2f8e83c539 fix for #562. 
disable inspection bypass for stream mpm patterns.
 14 years ago
Victor Julien 3c841ae931 bug #572: make sure we use profiling fallback for all architectures except x86_64 and i386. 14 years ago
Victor Julien 5ef71806a0 Fix flow keyword compilation failure. 14 years ago
Anoop Saldanha 1a0873ff10 fix for bug #575. 
If sig has no_stream set, don't mask it as requiring flow.  Should get rid of
FNs any.
 14 years ago
Victor Julien 16cd305d96 http: fix multipart parsing bug 14 years ago
Victor Julien 6688b23e60 stream: never resend reassembled data to app layer. 14 years ago
Eric Leblond 6f40f6c846 pf_ring: set cluster_id even if only one thread is used. 14 years ago
Eric Leblond 0a5bda8d34 defrag: don't use message for repetitive error 
When nothing can be fetch from the pool, this can repeat frequently.
Thus displaying a message in the log will not help. This patch
uses a counter instead of a log message. As this is a sort of memcap
this is conformed to what is done for other issues of the same type.
 14 years ago
Eric Leblond 2e4a16d1ee ipfw: avoid critical error for broadcast 
In some setup, suricata may receive broadcast packets and the call
to sendto may fail if the wrong interface is choosen by kernel.
This patch change the error treatment to avoid to leave when
this problem occurs.
 14 years ago
Eric Leblond 2fe39cf867 freebsd: fix function usage. 
The unlock function was not correctly used in error treatment.
 14 years ago
Eric Leblond 79c75bbb4d af-packet: fix kernel offset issue 
It seems that, in some case, there is a read waiting but the
offset in the ring buffer is not correct and Suricata need to
walk the ring to find the correct place and make the read.
 14 years ago
pi-rho 12aae61a3c fix regression (clobbered register; redmine #534) 14 years ago
Victor Julien e28835af91 Update Changelog to include 1.3.1 changes. 14 years ago
Victor Julien f1b6f7a9e6 rule analyzer: make analyzer aware of http_user_agent pcre flag /V. 14 years ago
Victor Julien e737e2dc56 http: after path double decoding, also normalize the path again. #504. 14 years ago
Victor Julien e839cea9e5 Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504. 14 years ago
Victor Julien e0bfcb7dde Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP. 14 years ago
Victor Julien bd6b865473 rule analyzer: fix fast pattern analyzer reporting wrong filename (same as rule analyzer). 14 years ago
Eric Leblond 11c3167583 stream-tcp: no checksum alert if validation is off 
This patch disables checksum alert if checksum-validation is set
to no in the configuration file. Without this patch, when parsing
a pcap which checksum offloading, it was not possible to get rid
of event caused by checksum validation.
 14 years ago
Victor Julien c51a3aad17 stream: handle case where Suricata sees 3whs-ACK but server doesn't. Bug #523. 14 years ago
Victor Julien 5cc8a09257 stream: fix unittest broken by new flags handling. 14 years ago
Victor Julien ad827ad030 http: add more decoding unittests. 14 years ago
Victor Julien 4c6fd7ad4c Bug #510. Produce error if max-pending-packets is higher than 65534. 14 years ago