suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	26bcc97515	detect/keywords: dynamic version part of doc URL	6 years ago
Victor Julien	0771eb1e0e	detect/ja3: print error for one rule only Use 'silent error' logic for any other rules using ja3 as well.	6 years ago
Victor Julien	ca5226f0c7	tls/ja3: try to enable ja3 if rule keywords need it	6 years ago
Mats Klepsland	a4471987ba	app-layer-ssl: generate JA3S fingerprints Generate JA3S fingerprints based on fields in the ServerHello record.	7 years ago
Mats Klepsland	adb4da3975	detect-tls-ja3-string: move unittests to tests/	7 years ago
Mats Klepsland	12d37b8b2c	detect-tls: tidy up unittests By doing the following: - removing unnecessary locks - moving variable declarations - removing redundant function 'SigCleanSignatures'	7 years ago
Mats Klepsland	15012fc908	ja3: check if JA3 is disabled on one line	7 years ago
Mats Klepsland	285855d928	detect-tls: remove NULL settings from keyword registration	7 years ago
Mats Klepsland	008f08c1b3	detect-tls: declare ssl_state as const in GetData()	7 years ago
Mats Klepsland	0f7f35bd85	detect-tls: check return values of functions on setup Check the return values of DetectBufferSetActiveList() and DetectSignatureSetAppProto().	7 years ago
Mats Klepsland	1c04d7cdae	detect-tls: remove confusing underscores from variables Remove confusing underscore prefix from variables in GetData() for all tls keywords.	7 years ago
Jeff Lucovsky	7f102d95b6	detect: Modernize TLS keywords This changeset adds keywords for "tls.<name>" and moves the existing value of "tls_<name>" to an alias.	7 years ago
Eric Leblond	8c1b16e22d	doc: fix some links in list-keywords command	7 years ago
Victor Julien	0b3220a0df	detect: improve inspect buffer handling Fix and Optimize cleanup. For the simple single inspect buffer optimize the cleanup by keeping track of the actually used buffers. This avoid looping over unused buffers. Fix the case of cleaning not being done after a tx if the next tx is also inspected in the context of the same packet. Fix cleanup of the multi-inspect buffers. Optimize in 2 ways. First like with single keep track of which multi-inspect buffers have been used. Second, keep a max of the buffers within a multi-inspect buffer. Use this max to limit (nested) looping.	7 years ago
Mats Klepsland	6e23ae230b	detect: add (mpm) keyword ja3_string Match on JA3 string using ja3_string keyword, e.g: alert tls any any -> any any (msg:"JA3 string test"; ja3_string; content:"65-68-69-102"; sid:1;)	8 years ago

15 Commits (0701d828900ff6dfd9fcf81cc0082502e15c1617)