aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
14,994 Commits
7 Branches
161 Tags
170 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'suricata-7.0.1'
${ noResults }
Commit Graph

14994 Commits (suricata-7.0.1)
 

Author SHA1 Message Date
Richard McConnell b39a4c63fe doc: document AF_XDP feature 3 years ago
Richard McConnell 9b43481680 af-xdp: Configure build with AF_XDP support 3 years ago
Richard McConnell 6e128f48a2 af-xdp: Add AF_XDP socket support 
AF_XDP support is a recent technology introduced that aims at improving
capture performance. With this update, Suricata now provides a new
capture source 'af-xdp' that attaches an eBPF program to the network
interface card. Packets received in the NIC queue are forwarded to
a RX ring in user-space, bypassing the Linux network stack.

Note, there is a configuration option (force-xdp-mode) that forces the
packet through the normal Linux network stack.

libxdp and libbpf is required for this feature and is compile time
configured.

This capture source operates on single and multi-queue NIC's via
suricata.yaml. Here, various features can be enabled, disabled
or edited as required by the use case.

This feature currently only supports receiving packets via AF_XDP,
no TX support has been developed.

Ticket: https://redmine.openinfosecfoundation.org/issues/3306

Additional reading:
https://www.kernel.org/doc/html/latest/networking/af_xdp.html
 3 years ago
Todd Mortimer 7d1a8cc335 file/swf: Use lzma-rs decompression instead of libhtp. 
Use the lzma-rs crate for decompressing swf/lzma files instead of
the lzma decompressor in libhtp. This decouples suricata from libhtp
except for actual http parsing, and means libhtp no longer has to
export a lzma decompression interface.

Ticket: #5638
 3 years ago
Victor Julien 45eb038e63 smb: fix file reopening issue 
Fuzzing highlighted an issue where a command sequence on the same file
id triggered a logging issue:

file data for id N
close id N
file data for id N

If this happened in a single blob of data passed to the parser, the
existing file tx would be reused, the file "reopened", confusing the
file logging logic. This would trigger a debug assert.

This patch makes sure a new file tx is created for the file data
coming in after the first file tx is closed.

Bug: #5567.
 3 years ago
Victor Julien 9ed65907a7 fuzz/sigpcap: set pkt_src 3 years ago
Victor Julien f848e34bcc stream: stricter check inserting segments 
In lossy streams, esp where TcpSession::lossy_be_liberal it is possible
to end up inserting a segment that is out of the expected sequence
number bounds.
 3 years ago
Victor Julien addc9b301d version: require libhtp 0.5.42 3 years ago
Victor Julien 5b6193f4c4 flow: cleanup and clarify ancient debug messages 3 years ago
Victor Julien 03d049dadc decode: enforce layer limit through tunnel layers 
Bug: #5686.
 3 years ago
Philippe Antoine 29f40c9e07 dcerpc: fix integer underflow 
as input.len() can be 65536, it cannot be directly cast to u16

Ticket: #5557
 3 years ago
Shivani Bhardwaj f80c999db3 util/base64: fix heap buffer overflow 
While updating the destination pointer, we were also adding the padded
bytes which are not a part of the decoded bytes. This led to running out
of space on the destination buffer.
Fix it by only incrementing destination buffer ptr by the number of
actual bytes that were decoded.

Ticket 5623
 3 years ago
Victor Julien c56fa0a805 version: development towards 7.0.0-rc1 3 years ago
Jason Ish 64fab3be04 github-ci: non-root builder 
All the GitHub CI jobs run as root inside a container. This means the
testing is done in a different environment than a developer typically
uses, running as a user.

Add a job that does the build as a non-root user.
 3 years ago
Jason Ish 91617f479a rust: sha-1 is now sha1 
This is the same crate, but renamed to be more consistent with the
RustCrypto project naming. Some recent discussion is available here:

    https://github.com/RustCrypto/hashes/issues/438
 3 years ago
Philippe Antoine af44504550 smb: do not use tree id to match request and response 
Completes commit e94920b49f

This must be true for access to state ssn2vecoffset_map

Ticket: #5161
 3 years ago
Jason Ish 18b468742a readthedocs: enable all formats 
Ticket: #5654
 3 years ago
Victor Julien 9f4dd4fc56 smtp/files: don't modify prev file on open failure 3 years ago
Victor Julien e601ebdfd8 files: always initialize inspect_window and min_inspect_depth 
This is to make sure the files buffers are properly managed even
when there are no rules or when there are no file.data rules.

Bug: #5703.
 3 years ago
Victor Julien cade6046c5 rust/files: open file without trackid as pointer 3 years ago
Victor Julien ad869e1c52 rust/filecontainer: remove unused declaration 3 years ago
Victor Julien df7d8d96c9 streaming/buffer: set hard limit on buffer size 
Don't allow the buffer to grow beyond 1GiB. Add a once per thread
warning if it does reach it.

Bug: #5703.
 3 years ago
Jason Ish bf1c185c03 github-ci/centos:7: cache yum RPMs 3 years ago
Jason Ish 1c13efb8d4 github-ci/windows: cache cargo artifacts 3 years ago
Jason Ish 6da066cc53 github-ci/macos: don't force cbindgen 
We want to use binary from the cache if available.
 3 years ago
Jason Ish 0dddfbc8e6 github-ci: cache RPMs on dnf distros 3 years ago
Jason Ish 814a76a217 github-ci: better .cargo caching 3 years ago
Philippe Antoine 086b28da3d http2: fix decompression buffering 
It was not enough to set Cursor position to 0,
also its inner Vec should be cleared.

This way, a new input gets written at the beginning of the
Cursor and its inner Vec...

Ticket: #5691
 3 years ago
Philippe Antoine c6349d3cfc http2: support padded data frames 
Ticket: #5691
 3 years ago
Victor Julien 2edfff7a0c src: unify how warnings specify ticket id's 3 years ago
Jason Ish 0c00f28ebc afpacket/netmap: warn about mixed ips, ids/tap deprecation 
Suricata already logs if AF_PACKET or Netmap are running in a mixed IPS
and IDS/TAP mode.  As the behavior is undefined when these modes are
mixed, it is best to deprecate and to not allow this behavior. For now
warn that it will be unsupported and fail in Suricata 8.

Ticket: 5587
 3 years ago
Philippe Antoine 222f2ac1c5 ci: remove unnecessary write permission to github workflow 3 years ago
Philippe Antoine 7fd3aaa81c ci: build with -Werror for -Wimplicit-int-conversion 
So that CI gets red
 3 years ago
Philippe Antoine 3e4f58e375 detect: fix memory leak when parsing signature 
Ticket: #5529
 3 years ago
Victor Julien 1e653cc36d profiling: fix includes 3 years ago
Todd Mortimer 15c77be937 swf-decompression: Disable by default. 
Add an entry to the upgrade guide noting the change.

Ticket: #5632
 3 years ago
Victor Julien 50b858aa49 ipfw: fix missing include 3 years ago
Victor Julien f3f2807202 netmap: fix missing include 3 years ago
Jason Ish dcd9dabc70 classification: continue processing on parse error 
Instead of returning on the first line that fails to parse, log the
error and continue instead of returning.

The fail fast makes sense in test mode, but not in a normal run mode
where you don't want one bad line to abort processing the whole file.

This will still fail out in test mode.

Related issue: 4554
 3 years ago
Philippe Antoine ad713246a9 src: remove double includes 
Keep the unconditional include to be sure it works

git grep '#include "' src/*.c | sort | uniq -c | awk '$1 > 1'
 3 years ago
Philippe Antoine 9af0dafbad src: fix some include orders 
So as to be able to get include removal right
 3 years ago
Philippe Antoine cc23923de1 src: remove obsolete comment 
Should have been removed along by commit
82dba07579
 3 years ago
Philippe Antoine 62352ad030 src: fix remaining cppclean warnings 3 years ago
Philippe Antoine 1f066cbbe8 unittest: fix unneeded includes as per cppclean 
Especially because there is conditional inclusion from a header
 3 years ago
Philippe Antoine 662f0ce503 util: fix includes for util-memcmp 
u8_tolower is now in suricata-common.h

Fixes commit 19e94e93fa
 3 years ago
Philippe Antoine 7cfc45a6f8 ci: adds one build with hyperscan 3 years ago
Philippe Antoine fbccd74f89 ci: adds build with luajit 3 years ago
Philippe Antoine e85f3916e3 src: fix integer warnings 
and adds defrag debug validations
 3 years ago
Philippe Antoine b5147189ae tls: fix off by one in supported versions extension 
Ticket: #5663
 3 years ago
Jeff Lucovsky a4239d433a detect/bsize: Validate bsize values after parsing 
Issue: 2982

This commit moves bsize validation with respect to content matches to
the post-parse validation stage. This allows bsize to consider all
content-related values, including those that follow the bsize keyword.
 3 years ago