aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,975 Commits
7 Branches
161 Tags
173 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-3.1.3'
${ noResults }
Commit Graph

6975 Commits (suricata-3.1.3)
 

Author SHA1 Message Date
Victor Julien 253a684fdd Update Changelog for 3.1.3 9 years ago
Victor Julien 8f085e4b8c eve: make payload printing in alerts more robust 9 years ago
fooinha 90276f0fa7 eve: check redis reply in non pipeline mode 
We may lose the reply if disconnection happens.
Reconnection is needed.
 9 years ago
Jason Ish d35613ff4a fast-pattern: fix tls_sni 
Use all 32 arguments in call to SigMatchGetLastSMFromLists

Was preventing fast_pattern from being applied to tls_sni:
https://redmine.openinfosecfoundation.org/issues/1941
 9 years ago
Jason Ish 3973dd58ba dns: use new unittest macros 9 years ago
Jason Ish e62b3c632e dns: support back to back requests without a response 
Address the issue where a DNS response would not be logged when
the traffic is like:
- Request 1
- Request 2
- Response 1
- Response 2
which can happen on dual stack machines where the request for A
and AAAA are sent out at the same time on the same UDP "session".

A "window" is used to set the maximum number of outstanding
responses before considering the olders lost.
 9 years ago
Jason Ish db490228b9 tcp dns: unit test for multi-request buffer 9 years ago
Jason Ish 88559b9d60 tcp dns: fix advancement to next request in buffer 
The advancement through the buffer was not taking into account
the size of the length field resulting in the second request
being detected as bad data.
 9 years ago
Victor Julien 79cafc548f multi-tenants: fix minor memleak 9 years ago
Victor Julien 3bac252595 detect: suppress debug message for reloads 9 years ago
Victor Julien 8c13d38511 nfq_set_mask: don't set mark on tunnel pkts 9 years ago
Victor Julien 06bdd337e7 tls-rules: install on 'make install-full' 9 years ago
Victor Julien 49ffe2f212 unix-socket: don't try to change permissions on BSD 
On BSD using fchmod on a socket is not supported and will result
in EINVAL.
 9 years ago
Victor Julien 6e7310e34a bug 1353: don't cut off last char of unix path 9 years ago
Victor Julien f8ded6f473 pcre: disable JIT if RWX pages not supported 9 years ago
Victor Julien 6bbce4fe7f util: add facility to check for RWX page support 
Some code won't work well when the OS doesn't allow RWX pages. This
page introduces a check for runtime evaluation of the OS' policy on
this.

Thanks to Shawn Webb from HardenedBSD for suggesting this solution.
 9 years ago
Victor Julien e0183aca11 detect: fix multi-tenant loaders 9 years ago
Victor Julien 534fc8748b af-packet: fix fanout support on Debian Jessie 
Debian Jessie with kernel 3.16 would not accept the 'id' of 99 used
in the test. Id 1 does work.
 9 years ago
Victor Julien 5ccd21fcda http: fix memory leak in error path 9 years ago
Victor Julien 12521c453f streaming: improve error handling 
When memory allocations happened in HTTP body and general file
tracking, malloc/realloc errors (most likely in the form of memcap
reached conditions) could lead to an endless loop in the buffer
grow logic.

This patch implements proper error handling for all Append/Insert
functions for the streaming API, and it explicitly enables compiler
warnings if the results are ignored.
 9 years ago
Victor Julien 471b61a0e1 magic: fix broken tests after CentOS6 update 9 years ago
Victor Julien 82282a9e68 mpls: add missing event type + rule 9 years ago
Victor Julien 71c8d1f46c bpf: fix file parsing memory handling 
Fix improper fread string handling. Improve error handling.

Skip trailing spaces for slightly more pretty printing.

Coverity CID 400763.

Thanks to Steve Grubb for helping address this issue.
 9 years ago
Victor Julien 519b2970ec detect: don't print (null) in --list-keywords=all 9 years ago
Eric Leblond ed90a16e89 detect: fix setup for some keywords 
Fix problems found by siginit.cocci.
 9 years ago
Eric Leblond 4324805478 coccinelle: add siginit test 
Add a test that check an inversion during keyword setup where
we add a sigmatch to a signature and then do error handling on it.
This was causing a double free of some elements and ultimately a
segfault.

Proposed-by: Victor Julien <victor@inliniac.net>
 9 years ago
Jason Ish 17e70483c5 detect-flowbits: more unittest macro usage 
Also cleanup some tests by removing extra code after a test was
determined to fail.
 9 years ago
Jason Ish 3c5d8e65d4 hostbits: use new unittest macros 9 years ago
Jason Ish c4945607e3 hostbits: fail parse on unexpected trailing data 
Address issue https://redmine.openinfosecfoundation.org/issues/1889
for hostbits. This involves updating the regular expresssion
to capture any trailing data as the regex already keeps
spaces out of the name.

A unit test was converted to new macros to find out which
line it was failing at after updating regex.
 9 years ago
Jason Ish 24f2387b23 flowbits: validate that there are no spaces in the name 
Fixes issue: https://redmine.openinfosecfoundation.org/issues/1889

To catch the issue where the ';' is missing we have to expand the
regex to capture the whole name string, not just the leading
valid stuff. Then verify that there are no spaces in the name
(Snort has the same restriction) and fail if there is.
 9 years ago
Eric Leblond 1cdd062dc6 unix-manager: fix output of version command 
Make it consistent with the output of version command line flag.
 9 years ago
Andreas Herz 65fd09a399 rule-parsing: reject unescaped double quote within content section 9 years ago
Victor Julien ae116871ad Update Changelog for 3.1.2 9 years ago
Victor Julien 2997d086be eve-drop: allow logging all drops 
- drop:
    alerts: yes      # log alerts that caused drops
    flows: all       # start or all: 'start' logs only a single drop
                     # per flow direction. All logs each dropped pkt.
 9 years ago
Victor Julien 1cc5f9825d dns: use nonnull attr for log functions 9 years ago
Victor Julien bbcc22d2ad dns: fix coverity warning 
** CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
/src/output-json-dns.c: 532 in OutputAnswer()

________________________________________________________________________________________________________
*** CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
/src/output-json-dns.c: 532 in OutputAnswer()
526             }
527         }
528
529         /* reset */
530         MemBufferReset(aft->buffer);
531         json_object_set_new(djs, "dns", js);
>>>     CID 1372324:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "entry".
532         if (likely(DNSRRTypeEnabled(entry->type, aft->dnslog_ctx->flags))) {
533             OutputJSONBuffer(djs, aft->dnslog_ctx->file_ctx, &aft->buffer);
534         }
535         json_object_del(djs, "dns");
536
537         return;

Move checks to the top of the functions. Should be more efficient too.
 9 years ago
Victor Julien b4565004c7 detect-template: modernize 9 years ago
Jason Ish e878dd2231 app-layer templates: cleanups 
- cleanup file headers
- add todo section
- convert unit tests to new macros
- add markers to remove disabled by default behaviour
 9 years ago
Jason Ish 3cf8b4629f decode-icmpv6: use FAIL macros in tests 9 years ago
Jason Ish 2a42e8be03 unittest: FAIL macro to unconditionally fail a test 9 years ago
Jason Ish af4085b77b icmpv6: fix checksum verification if fcs present 
Calculate the length of the ICMPv6 packet from decoded information
instead of off the wire length. This will provide the correct
length if trailing data like an FCS is present.

Fixes issue:
https://redmine.openinfosecfoundation.org/issues/1849
 9 years ago
Victor Julien 120f59386b affinity: fix compilation on SunOS 9 years ago
Victor Julien a2c9b86cdf byteswap: fix compilation on SunOS 9 years ago
Victor Julien 7847c4f8ee configure: detect SunOS and link against required libs 9 years ago
Victor Julien ef1acdfaee threads: provide SCGetThreadIdLong for SunOS 9 years ago
Victor Julien 4271d57157 decode: declare IPPROTO_IPIP if OS doesn't have it 9 years ago
Victor Julien 6956c1c749 decode: fix int types 9 years ago
Victor Julien ec87123339 configure: check for strings.h: used by SunOS 9 years ago
Victor Julien 8600872e02 logfile: resolve name clash on SunOS 9 years ago
Victor Julien b81ea0d7db eve: reduce flow_id to 51 bits 
Evebox & ELK couldn't handle the large integers. It looks like (partly)
a javascript limitation that doesn't treat 64bit ints as real ints.
 9 years ago