aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,206 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '019f856442'
${ noResults }
Commit Graph

6206 Commits (019f85644251fc56ae12122ec0fc6279017d96b9)
 

Author SHA1 Message Date
Eric Leblond fbd6428f1b smtp-layer: add MAIL FROM parsing test in unittest 10 years ago
Eric Leblond 534360fc02 smtp-layer: add HELO parsing test in unittest 10 years ago
Eric Leblond 8fd88f543d yaml: add comment describing smtp extended 10 years ago
Eric Leblond f81f353d1f email-json: add 'date' field extraction 10 years ago
Eric Leblond 6f033747ec util-decode-mime: add unittests for field fetching 10 years ago
Eric Leblond 17edff6c5e unittests: finally register MIME tests 10 years ago
Eric Leblond 6e0668125c email-json: improve log message 10 years ago
Eric Leblond dad1f85edb email-json: add author 
Add myself as author and change the copyright date.
 10 years ago
Eric Leblond d1b0a5aa6d yaml: document new MIME features 10 years ago
Eric Leblond caa8982b43 email-json: add some fields 
This patch adds some fields to the list of extracted fields.
 10 years ago
Eric Leblond ca52fa91dd email-json: body md5 logging is optional 10 years ago
Eric Leblond a719ea3c92 email-json: add capa to display subject md5 
To be able to identify mails with identical subjects without
using the subject itself as a key, it is possible to use the md5
hash of the subjet string. This allows to limit the privacy impact.
 10 years ago
Eric Leblond 881aa3efce email-json: don't log subject by default 
It seems to be a bit too intrusive for the privacy so this patch
adds this field to the extended logging only.
 10 years ago
Eric Leblond 7bb38f7c30 decode-mime: fix typo in comment 10 years ago
Eric Leblond 431dc155aa email-json: delete white space from "from" 
The From field is handled separatly and it could also starts by
white spaces.
 10 years ago
Eric Leblond abcaf46193 email-json: delete leading white spaces 
Some mail clients are using tabulation and/or space for comma
separated list. This patch removes them so the event will contain
only significative characters.
 10 years ago
Eric Leblond 4c0f8803e7 email-json: factorize the code 10 years ago
Eric Leblond a7ef0c05ba email-json: add LOG_EMAIL_COMMA type 
extract these data types by treating them as a comma separated list.
 10 years ago
Eric Leblond 3456ec467f email-json: add custom fields support 
This patch adds a way to specify which MIME fields to log via
the custom keyword in the EVE configuration. it also adds an
extended logging where some fields are added. The logging support
mono value fields as well as multivalue fields via the use of
JSON array.
 10 years ago
Eric Leblond 714c30a127 decode-mime: introduce MimeDecFindFieldsForEach 
This patch introduces a new function that can be used to handle
multivalued MIME fields. A callback function can be called for
each corresponding field value.
 10 years ago
Eric Leblond 54038f5691 file-json: log 'email' information 
Log information coming from email/MIME decoding in the message.
 10 years ago
Eric Leblond ab941305d5 email-json: add function to export data 10 years ago
Eric Leblond 77119a3186 file-json: output smtp proto info 10 years ago
Eric Leblond 47a199ee97 smtp-json: introduce function to output smtp data 10 years ago
Eric Leblond 94dbd303e4 file-json: log http data using common function 10 years ago
Eric Leblond 4ef12dcf5d alert-json: use new JsonHttpAddMetadata function 
This patch uses the newly introduced function to handle the logging
of HTTP data.
 10 years ago
Eric Leblond bccabe3813 http-json: introduce JsonHttpAddMetadata function 
This function will be usable in other logging components to add
the http data to their messages.
 10 years ago
Eric Leblond d7e13c2c03 email-json: output MIME parsing status 
If the status is not PARSE_DONE then in that case we may have
imcomplete information. Increasing the stream reassemly depth
in that case would be a good idea.
 10 years ago
Eric Leblond a233a982ea decode-mime: add function to get status 
This new function return the textual status of MIME parsing.
 10 years ago
Eric Leblond 9900558428 smtp: add 'body-md5' mime option 
This option will allow the user to select weither or not he wants
to journalize the md5 of the mail body.
 10 years ago
Eric Leblond ea311c1594 email-json: export md5sum of body 
The body_md5 has been added and contain the value of the md5sum
of the body.

This patch is using the state PARSE_DONE on the MIME state to
detect when a message has been completely parsed.
 10 years ago
Eric Leblond d39009ca58 decode-mime: compute body md5 
This patch is computing the md5 sum of the body of the MIME message.
This will allow to detect messages with same content and sent to
different people.
 10 years ago
Eric Leblond e43eb76abd app-layer-stmp: simplify code 
Delete a only used once goto to a point where we only do a return.
 10 years ago
Eric Leblond 0f3979cc81 output-json-smtp: output RCPT TO fields 
This patch uses an array to output the RCPT TO fields to the
JSON message.
 10 years ago
Eric Leblond 752fdba957 app-layer-smtp: parse and extract RCPT TO fields 
Add the RCPT TO fields to a linked list stored in the transaction.
 10 years ago
Eric Leblond 2abae3f0a1 smtp-json: update SMTP EVE messages 
This patch updates SMTP message to have them feature a 'smtp'
section which will contain all fields coming from the smtp
protocol.
 10 years ago
Eric Leblond 7bca8268bc app-layer-smtp: extract and store HELO and MAIL FROM 
This patch updates the SMTP transaction and SMTP state to be able
to contain the HELO and MAIL FROM fields.
 10 years ago
Eric Leblond 5c26a2f2c8 email-json: move email fields to email section 
This patch changes the way smtp message are written. It is using
the "email" key to store the email related fields. This will
allow to do the same search through SMTP and IMAP if we implement
this last one.
 10 years ago
Victor Julien 77302e5d51 threshold: remove debug message from info loglevel 10 years ago
Victor Julien fc7f090cd3 flow: add missing storage size to checks, output 10 years ago
Victor Julien 37fa4a4876 host: update host size logic 
Instead of using (sizeof(Host)+HostStorageSize()) in many places,
create a simple size variable that is set during setup.
 10 years ago
Victor Julien 480e91edac ippair: update ippair size logic 
Instead of using (sizeof(IPPair)+IPPairStorageSize()) in many places,
create a simple size variable that is set during setup.
 10 years ago
Victor Julien ff769b73a7 stream: improve retransmission detection 
Consider packets starting before last_ack and ending after it also
to be retransmissions. This way we can see if they are having
different data.
 10 years ago
Victor Julien 6b2f831a70 mpm: SGH maxlen was actually minlen, so rename 10 years ago
Victor Julien 2716c78628 mpm: improve SGH content len tracking 
SGH's track content length for rule grouping.

This patch changes the logic to only consider the pattern that is
used in the mpm for a sig.
 10 years ago
Victor Julien e529ebb50e mpm: redo uri maxlen logic 
The mpm_uricontent_maxlen logic was meant to track the shortest
possible pattern in the MPM of a SGH. So a minlen more than a maxlen.

This patch replaces the complicated tracking logic by a simpler
scheme. When the SGH's are finalize, the minlen is calculated.

It also fixes a small corner case where the calculated "maxlen" could
be wrong. This would require a smaller pattern in a rule to be forced
as fast pattern.
 10 years ago
Victor Julien df95d375bb detect: improve comments on mpm 10 years ago
Victor Julien 496f9800ac mpm: remove used counter 10 years ago
Victor Julien c53c9b4b20 mpm: remove bloated counting logic 
Counters were only used to print debug info.
 10 years ago
Victor Julien da7bad7c1b mpm: improve debug output 10 years ago