aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,975 Commits
7 Branches
161 Tags
173 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-3.1.3'
${ noResults }
Commit Graph

6975 Commits (suricata-3.1.3)
 

Author SHA1 Message Date
Victor Julien 4a2e816bea detect parser: add parse regex util function 
Add regex setup and free util functions. Keywords often use a regex
to parse rule input. Introduce a common function to do this setup.

Also create a list of registered regexes to free at engine shutdown.
 9 years ago
Victor Julien 167d94efff dns: improve handling of tx pick up on response 9 years ago
Mats Klepsland c2f0f82bb4 util-decode-der: fix hang detected by AFL 
Fix hang that occurs when child->length is zero, resulting in an
endless loop.
 9 years ago
Mats Klepsland 18f88a6344 util-decode-der-get: code cleanup 9 years ago
Mats Klepsland a985b450e3 util-decode-der: code cleanup 9 years ago
Mats Klepsland e117461d4b app-layer-ssl: code cleanup 9 years ago
Mats Klepsland 550823455e app-layer-tls-handshake: code cleanup 9 years ago
Mats Klepsland 434b09563a app-layer-tls-handshake: remove duplicate include 9 years ago
Alexander Gozman 365015c2d5 Support sending rejects via libnet when running under non-root. 
Since version 1.1.6 libnet handles capabilities correctly.
So changing libnet's version checking a little bit should do the trick.
 9 years ago
Victor Julien e27ad81a43 autotools: add AS_VERSION_COMPARE stub for CentOS 5 9 years ago
Jason Ish fdff9e97e4 doxygen: define UNITTESTS to generate test framework docs 10 years ago
Jason Ish 52f6d21463 flowbits: use some of the new test macros 10 years ago
Jason Ish da1dec6d65 counters: use some of the new macros in tests 10 years ago
Jason Ish d7d05b007c conf: use new testing macros 
Also don't bother with cleanup on failure.
 10 years ago
Jason Ish 13cf2f829e testing: new test macros, new testing documentation group. 
Unit testing support macros for failing on expressions,
as well as passing tests on expressions.

If fatal unittests are enabled BUG_ON will be triggered for
an assertion providing the line number of the failure, otherwise
the test will simply fail.

Moved the fatal flag to a global var instead of a configuration
parameter for ease of access from a macro.
 10 years ago
Jason Ish 796dd5223b tests: no longer necessary to provide successful return code 
1 pass, 0 is fail.
 10 years ago
Jason Ish 52983bf314 tests: convert all test to return 0 on failure, 1 on success 10 years ago
Eric Leblond 50b33ad508 prscript: update logic of sync with master test 
Code now get master sha on github and check if it is in current
branch with a git command. It also sync first that the current
local branch is in sync with github corresponding branch.

Signed-off-by: Eric Leblond <eric@regit.org>
 10 years ago
Victor Julien 38f67d88ea tcp: reduce TCP options storage in packets 
Until now, the TCP options would all be stored in the Packet structure.
The commonly used ones (wscale, ts, sack, sackok and mss*) then had a
pointer to the position in the option array. Overall this option array
was large. About 360 bytes on 64bit systems. Since no part of the engine
would every access this array other than through the common short cuts,
this was actually just wasteful.

This patch changes the approach. It stores just the common ones in the
packet. The rest is gone. This shrinks the packet structure with almost
300 bytes.

* even though mss wasn't actually used
 10 years ago
Torgeir Natvig 7ef8558e79 lua_close() segfaults on null pointers 10 years ago
Victor Julien d085362e61 detect: fix error handling in mpm setup 
*** CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
/src/detect-engine-mpm.c: 940 in MpmStoreSetup()
934                     PopulateMpmHelperAddPatternToPktCtx(ms->mpm_ctx,
935                             cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP));
936                 }
937             }
938         }
939
>>>     CID 1358124:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "ms->mpm_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
940         if (ms->mpm_ctx != NULL) {
941             if (ms->mpm_ctx->pattern_cnt == 0) {
942                 MpmFactoryReClaimMpmCtx(de_ctx, ms->mpm_ctx);
943                 ms->mpm_ctx = NULL;
944             } else {
945                 if (ms->sgh_mpm_context == MPM_CTX_FACTORY_UNIQUE_CONTEXT) {
 10 years ago
Victor Julien dc008206e3 detect: fix scan-build warning 
detect-engine-siggroup.c:700:38: warning: Call to 'malloc' has an allocation size of 0 bytes
    sgh->non_mpm_other_store_array = SCMalloc(non_mpm * sizeof(SignatureNonMpmStore));
                                     ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./util-mem.h:177:14: note: expanded from macro 'SCMalloc'
    ptrmem = malloc((a)); \
             ^~~~~~~~~~~
1 warning generated.
 10 years ago
Victor Julien 2ee3e726a9 detect: don't set unused variable 
detect.c:3801:13: warning: Value stored to 'tmplist2_tail' is never read
            tmplist2_tail = joingr;
            ^               ~~~~~~
detect.c:3804:13: warning: Value stored to 'tmplist2_tail' is never read
            tmplist2_tail = joingr;
            ^               ~~~~~~
2 warnings generated.
 10 years ago
Victor Julien 9b6e292a28 mpm: remove unused max pattern len field 10 years ago
Victor Julien f1ee125810 detect-flowvar: shrink mem structure by 8 bytes 10 years ago
Victor Julien e2789a87c2 detect: shrink IPOnlyCIDRItem with 8 bytes 10 years ago
Victor Julien adc453eec6 detect-port: improve comment about sgh pointer 10 years ago
Victor Julien ef6f347f84 detect-address: remove sgh pointer as it's unused 10 years ago
Victor Julien d5c6d08bc8 detect-port: remove debug mem counters 10 years ago
Victor Julien 9bd8197009 detect-address: remove debug mem counters 10 years ago
Victor Julien e0111fbb90 detect grouping: remove debug mem counters 10 years ago
Victor Julien 5f676167a3 detect grouping: make json dump configurable 
Make the rule grouping dump to rule_group.json configurable.

detect:
  profiling:
    grouping:
      dump-to-disk: false
      include-rules: false      # very verbose
      include-mpm-stats: false
 10 years ago
Victor Julien d6ba01b1b7 detect: make port whitelisting configurable 
Make the port grouping whitelisting configurable. A whitelisted port
ends up in it's own port group.

detect:
  grouping:
    tcp-whitelist: 80, 443
    udp-whitelist: 53, 5060

No portranges are allowed at this point.
 10 years ago
Victor Julien 5b1d75f0bd detect: suppress output 10 years ago
Victor Julien 725d6c3739 yaml: convert detect-engine to just detect 
Instead of detect-engine which used a list for no good reason, use a
simple map now.

detect:
  profile: medium
  custom-values:
    toclient-groups: 3
    toserver-groups: 25
  sgh-mpm-context: auto
  inspection-recursion-limit: 3000
  # If set to yes, the loading of signatures will be made after the capture
  # is started. This will limit the downtime in IPS mode.
  #delayed-detect: yes
 10 years ago
Victor Julien ac2c206359 mpm: clean up builtin mpm setup, enable single/full 10 years ago
Victor Julien 1dd135d512 mpm: always cleanup factory 10 years ago
Victor Julien 6ef27c9f92 mpm: allow app buffer shared/unique 
Allow setting of shared or unique setting per app buffer type:
e.g. detect.mpm.http_uri.shared=true
 10 years ago
Victor Julien 79a96b2b90 mpm: refactor 'single' setup handling 10 years ago
Victor Julien 157ca89dd7 mpm: remove useless flag from factory 10 years ago
Victor Julien fdd05e8fb4 mpm: remove unused app proto factory 10 years ago
Victor Julien 4e91f6b1e6 mpm: in factory register, consider name const 10 years ago
Victor Julien 2b84387ea4 detect: work around cocci limitation 10 years ago
Victor Julien 0311f01b97 rule grouping: speed up port based grouping 
Create a hash table of unique DetectPort objects before trying to
create a unique list of these objects. This safes a lot of cycles
in the creation of the list.
 10 years ago
Victor Julien a2223bb066 mpm: consify packet/stream search 10 years ago
Victor Julien 87f3adbe4c detect/mpm: unify packet/stream mpm_ctx pointers 
SGH's for tcp and udp are now always only per proto and per direction.
This means we can simply reuse the packet and stream mpm pointers.

The SGH's for the other protocols already used a directionless catch
all mpm pointer.
 10 years ago
Victor Julien 30755265ee http_raw_header: improve mpm progress handling 10 years ago
Victor Julien af3bf3dc7a detect: optimize sgh layout 10 years ago
Victor Julien de273d88cc detect: remove unused content minlen tracking 10 years ago
Victor Julien e43c4f3ea2 mpm: optimize calls 
For all mpm wrapper functions, check minlen vs the input buffer to see
if we can bypass the mpm search.

Next to this, make all the function inline. Also constify the input and
do other minor cleanups.
 10 years ago