aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
9,462 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-4.1.3'
${ noResults }
Commit Graph

9462 Commits (suricata-4.1.3)
 

Author SHA1 Message Date
Victor Julien 45f2fdc1a6 doc: update install doc for 4.1.3 7 years ago
Victor Julien 461a7fc388 changelog: update for 4.1.3 7 years ago
Victor Julien 8a7f87d613 decoder: improve stats hash error handling 7 years ago
Victor Julien b39405e6d6 detect/pcre: minor fix to modifiers 
Set SIG_FLAG_APPLAYER when setting the alproto to make sure the
sig is processed correctly.
 7 years ago
Victor Julien 35f847ed87 af-packet: fix v3 code using v2 union member 7 years ago
Pierre Chifflier a819b9219a rust/ikev2: fix events not being raised in first message 
The `set_event` function requires that the transaction is already
inserted, or the event set is silently lost.
When parsing first IKEv2 message, first insert transaction, prepare
values, and borrow back inserted transaction to update it.
 7 years ago
Pierre Chifflier 4c89f3959e rules: fix event names for ikev2 (weak authentication and DH parameters) 7 years ago
Victor Julien ab9f1bf511 eve/http: add proxy related custom headers 7 years ago
Victor Julien 2aae90acf1 eve/http: fix custom header table 7 years ago
Murat Balaban f7c00a1753 netmap: refresh netmap_if address after each NIOCREGIF 
With the introduction of netmap "partial opening" feature
netmap requires that we get a new NETMAP_IF pointer after
every `NIOCREGIF` registration. Because this allocates an
independent instance of `struct netmap_if`. If one
separately opens hw rings and sw rings he/she'll get two
`struct netmap_if`, one with the valid hw rings, and the other
with valid sw rings.

Because of that we get a new netmap_if pointer after each
NIOCREGIF.

Also removing netmap_if struct from NetmapDevice since
it's no more required.

Ticket #2855.
 7 years ago
Victor Julien adbc65d9df stream/ips: set proper payload len for inspection 
On mem(cap) presure we fall back to the packet payload. The previous
patch failed to properly set the payload length.
 7 years ago
Victor Julien dceecd6804 ips/stream: handle low mem(cap) crash 
In low memory or memcap reached conditions a crash could happen in
inline stream detection.

The crash had the following path:

A packet would come in and it's data was added to the stream. Due
to earlier packet loss, the stream buffer uses a stream buffer block
tree to track the data blocks. When trying to add the current packets
block to the tree, the memory limit was reached and the add fails.

A bit later in the pipeline for the same packet, the inline stream
mpm inspection function gets the data to inspect. For inline mode
this is the current packet + stream data before and after the packet,
if available.

The code looking up the packets data in the stream would not
consider the possibility that the stream block returned wasn't
the right one. The tree search returns either the correct or the
next block. In adjusting the returned block to add the extra stream
data it would miscalculate offsets leading to a corrupt pointer to the
data.

This patch more carefully checks the result of the lookup, and
falls back to simply inspecting the packet payload if the lookup
didn't produce the expected result.

Bug 2842.

Reported-by: Ad Schellevis <ad@opnsense.org>
 7 years ago
Victor Julien cc281f59ae stream-buffer: fix block search compare func 
Sbb search function could return the wrong block due to an off by
one error.
 7 years ago
Victor Julien 80665e1f40 stream-buffer: fix streaming buffer size issue 
It was using buffer size instead of the real usage of the buffer.
 7 years ago
Victor Julien e2a82c8f4e netmap: fix checksum auto check under high load 7 years ago
Victor Julien b9be35a09d detect/pcre: fix false positive 
Fix case where a HTTP modifier in PCRE statements would lead to
the rule alerting when it should not.

Bug #2769
 7 years ago
Mats Klepsland ae7febaf4e app-layer-ssl: check that cipher suites length is divisible by two 
Cipher suites length should always be divisible by two. If it is a
odd number, which should not happen with normal traffic, it ends up
reading one byte too much.
 7 years ago
Mats Klepsland 271cc6c738 util-ja3: fix AddressSanitizer heap-buffer-overflow 
No resizing is done in Ja3BufferResizeIfFull() when the buffer is
empty. This leads to a potential overflow when this happens, since
a ',' is appended even when the buffer is empty.

Bug #2762
 7 years ago
Victor Julien 64ca95c5d0 windows: allow multiple pcap devices on commandline 
Ticket #2774
 7 years ago
Victor Julien d1e4b978c0 ips: set host mode only after engine mode 
Make sure it is set after the final engine mode update.
 7 years ago
Victor Julien a926368b2a stream: fix 'stream.inline=auto' for L2 IPS 
Make sure the livedev setup is finalized before initializing the
stream engine.

Bug #2811

Reported-by: Ad Schellevis
 7 years ago
Victor Julien f909b98a70 dcerpc/udp: fix int mishandling in opnum parsing 
For Big Endian support in the protocol, the opnum would not be set
correctly.

Found using undefined sanitizer.
 7 years ago
Victor Julien 66fe4aaffb file/swf: fix undefined int behaviour 
Fix warnings by the undefined sanitizer.
 7 years ago
Victor Julien 2b08d8ab7d detect/bytetest: don't print errors at runtime 7 years ago
Jason Ish ee32c098d1 issue 2795: python 3 fix in Rust C header gen 
The C header generation script was failing with a unicode error
in Python 3 on FreeBSD.  Fix the reading of files to properly
handle unicode in all Python 3 environments.

Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2794
 7 years ago
Jason Ish 0c1254738e rust/dns: add dns to dns alerts 7 years ago
Fabrice Fontaine 7c4ff8325b configure.ac: fix --{disable,enable}-xxx options 
Currently, if the user provides --enable-libmagic or
--disable-libmagic, libmagic will be disabled because $enableval is not
used to know if the user provided --enable or --disable

Most of the options have this issue so fix them all by using $enableval

Fixes:
 - https://redmine.openinfosecfoundation.org/issues/2797

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
 7 years ago
Victor Julien 7f38ffc8bc log/stats: fix formatting of long decoder events 7 years ago
Victor Julien b3c021f8d0 userguide: improve stats logging documentation 7 years ago
Jingyu Yang bb26e6216e source-pcap:set PktAcqBreakLoop as pcap_breakloop 7 years ago
Victor Julien d8634daf74 stream: fix false negative on bad RST 
If a bad RST was received the stream inspection would not happen
for that packet, but it would still move the 'raw progress' tracker
forward. Following good packets would then fail to detect anything
before the 'raw progress' position.

Bug #2770

Reported-by: Alexey Vishnyakov
 7 years ago
Victor Julien fb18a1655c eve.stats: warn that output might miss decoder-events 7 years ago
Victor Julien 0d86263efd eve.stats: make decoder event prefix configurable 7 years ago
Victor Julien 932c2a7ec5 eve: fix missing decoder-events in stats 
In the eve log the decoder events are added as optional counters. This
behaviour is enabled by default. However, lots of the counters are
missing, as the names colide with other counters.

E.g.

decoder.ipv6 counts ipv6 packets
decoder.ipv6.unknown_next_header counts how often an unknown next
    header is encountered.

In this example 'ipv6' would be both a json integer and a json object.
It appears that jansson favours the first that is generated, so the
event counters are mostly missing.

This patch registers them as 'decoder.events.<event>' instead. As
these names are generated on the fly, a hash table to contain the
allocated strings was added as well.
 7 years ago
Victor Julien 0f1fc1f0c8 hash: move string hash funcs into util files 7 years ago
Victor Julien c140505bec decoder: add gre over ipv6 support 7 years ago
Victor Julien 8709a20d94 af-packet: minor code cleanups 7 years ago
Victor Julien c99dc5a7bf af-packet: re-enable sync for tpacket v2 
Synchronize start was disabled for v2 when v3 was introduced, without
a reason being given.

Re-enable as v2 will otherwise also start reading packets before the
other threads are set up. This will lead to hashing issues.

Part of bug #2788.
 7 years ago
Victor Julien cebbe06f70 af-packet: fix sync start for tpacket v3 
The tpacket-v3 implementation of the synchonize start logic would
not correctly consider the timestamp parameter, leading to threads
starting before synchronization between threads was complete.

Bug #2788
 7 years ago
Alexander Gozman 03af3e1ed8 nfqueue: inject fake packet on timeout 
Fixes nfqueue and delayed-detect.

On systems with small amount of traffic (or with no traffic at all)
nfqueue with 'delayed-detect' enabled hanged in 'workers' mode.

Bug #2362.
 7 years ago
Pascal Delalande f2dca46382 doc: fix minor typo 7 years ago
Eric Leblond a51d1f7c46 lua: add lua dir with example to make dist 7 years ago
Eric Leblond 2b72dfaf01 coccinelle: add missing tests to make dist 7 years ago
Eric Leblond 0e3b1eba86 util-binsearch: remove the files 7 years ago
Eric Leblond 7a121d9b4c doc: add _static dir to make dist 7 years ago
Eric Leblond 97da91dc5e ebpf: include files in make dist 7 years ago
Victor Julien b51e4a3959 changelog: update for 4.1.2 release 7 years ago
Victor Julien 8b570c0293 smb: improve request/response mapping 
Only use ssn_id and msg_id for mapping a response to a request.

By not using the tree_id it can always be included in the tx.hdr which
means it can be logged properly in case of IOCTL and DCERPC.
 7 years ago
Travis Green 6f5eb487a1 doc: add missing and fix 404 for --list-keywords 7 years ago
Travis Green c2adb9e669 doc: added tos keyword 
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2583
 7 years ago