suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	f242fb7f22	quic: events and rules on them	3 years ago
Philippe Antoine	b9c1d9e86b	quic: parse gquic version Q039 Ticket: #5166	3 years ago
Philippe Antoine	018fef5ef8	quic: ja3 computation and logging and detection Logging as is done in TLS. Detection using the generic generic ja3.string keyword Ticket: #5143	3 years ago
Philippe Antoine	c6cf61a39b	quic: complete parsing of initial for non gquic The format of initial packet for quic ietf, ie quic v1, is described in rfc 9000, section 17.2.2 Parse more frames and logs interesting extensions from crypto frame Do not try to parse encrypted data, ie after we have seen a crypto frame in each direction. Use sni from crypto frame with tls for detection already implemented Ticket: #4967	3 years ago
Philippe Antoine	7044131c39	quic: rustfmt	3 years ago
Philippe Antoine	11e0eb9c89	quic: do not log empty cyu array Ticket: #5167	3 years ago
Victor Julien	e02b52c895	quic: add quic.ua for matching user agent	4 years ago
Victor Julien	4c13b73c4d	quic: log user agent when available	4 years ago
Victor Julien	da8b024b99	detect/quic: add quic.sni sticky buffer	4 years ago
Victor Julien	7b836af1b2	quic: log sni; reduce number of transactions Only create transactions for long headers. Store SNI in tx, log it.	4 years ago
Victor Julien	ccab28aad3	quic: log version as string Log as Q043, Q044, Q045, Q046. If the version is not supported/recognized, log the 4 bytes as hex. Only log for txs based on long headers.	4 years ago
Victor Julien	24a21af4ab	quic: redo quic.version; parser cleanups Reimplement quic.version as sticky buffer. Removed unused parts of the parser. Set unidirectional tx flag to fix double matching.	4 years ago
Emmanuel Thompson	7e51987263	quic: Add QUIC App Layer Parses quic and logs a CYU hash for gquic frames	4 years ago

1 2

63 Commits (master)