Andreas Herz
c04a60aaa0
doc: added ip reputation
8 years ago
Andreas Herz
630f3d3bc8
doc: added ip reputation
8 years ago
Andreas Herz
ba27602bab
doc: fixed underline too short error
8 years ago
Andi
07dac046d9
doc: Add ssl_state doc
...
See https://redmine.openinfosecfoundation.org/issues/589
8 years ago
Andi
733f1a5842
doc: Document http_host and http_raw_host
...
Added doc for http_host and http_raw_host as mentioned in https://redmine.openinfosecfoundation.org/issues/756
8 years ago
Jason Ish
aa6a975f1c
doc: ignoring traffic
8 years ago
Jason Ish
f27e85e346
doc: tcmalloc
8 years ago
Jason Ish
f97c045bf1
doc: runmodes
8 years ago
Jason Ish
38bf0df6f0
doc: rule profiling
8 years ago
Jason Ish
fc9d621921
doc: packet profiling
8 years ago
Jason Ish
7b8aa62463
doc: statistics
8 years ago
Jason Ish
2574415a2d
doc: tuning considerations
8 years ago
Jason Ish
2354987171
doc: high performance config
8 years ago
Jason Ish
ab69c93a28
doc: making sense of alerts
8 years ago
Jason Ish
6136ec583f
doc: oinkmaster
8 years ago
Jason Ish
5e0c39be57
doc: snort compatibility
8 years ago
Jason Ish
4f9f9c09ec
doc: command line options
8 years ago
Jason Ish
80e6830dec
doc: restructure directory layout
8 years ago
Jason Ish
b0c2d6c8ee
doc: restructure the rules section a little
8 years ago
Jason Ish
7c9475e94d
doc: add fixme to broken images
8 years ago
Jason Ish
b1bc0038ae
doc: finish off the rules section
8 years ago
Jason Ish
98f56f9916
doc: dnp3 keywords
8 years ago
Jason Ish
9dea001c7d
doc: modbus keyword
8 years ago
Jason Ish
082758deae
doc: rule profiling
8 years ago
Jason Ish
30f3ecf223
doc: normalized buffers
8 years ago
Jason Ish
75662a16da
doc: tls keywords
8 years ago
Jason Ish
58691fbb48
doc: live rule swap
8 years ago
Jason Ish
107c12afd6
doc: adding your own rules
8 years ago
Jason Ish
3366571eeb
doc: rule lua scripting
8 years ago
Jason Ish
1e6df87ecb
doc: rule lua scripting
8 years ago
Jason Ish
62e0f6a3e3
doc: thresholding
8 years ago
Jason Ish
b3b5e333e4
doc: file-keywords
8 years ago
Jason Ish
5537c0f63c
doc: flowint
8 years ago
Jason Ish
5f9d265fdf
doc: flow-keywords
8 years ago
Jason Ish
0c602c5f19
doc: pcre
8 years ago
Jason Ish
7c36361aac
doc: helper tool to convert from wiki to sphinx
8 years ago
Jason Ish
3f2b1277d1
doc: header-keywords
8 years ago
Jason Ish
33e96c5087
doc: fast-pattern
8 years ago
Jason Ish
a464573230
doc: payload-keywords
8 years ago
Jason Ish
6d7c0e8274
docs: sample of sphinx docs
8 years ago
Jason Ish
1f4725fcab
detect-tls: make check on fingerprint directional
8 years ago
Jason Ish
44c846f2f8
tls-json: make tls events direction sensitive
...
Previously the src/dest ips in TLS events would differ between
IDS and IPS modes. Make the header creation direction sensitive
so they are identical in both modes.
8 years ago
Mats Klepsland
c0f93503b7
util-decode-der-get: fix coverity warning
...
*** CID 1373380: Control flow issues (DEADCODE)
/src/util-decode-der-get.c: 126 in UtctimeToTime()
120 year = strtol(yy, NULL, 10);
121 if (year >= 50)
122 snprintf(buf, sizeof(buf), "%i%s", 19, utctime);
123 else if (year < 50)
124 snprintf(buf, sizeof(buf), "%i%s", 20, utctime);
125 else
>>> CID 1373380: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "goto error;".
126 goto error;
127
128 time = GentimeToTime(buf);
129 if (time == -1)
130 goto error;
131
8 years ago
Victor Julien
d6f051cdf9
http: removed unused flags
8 years ago
Eric Leblond
a194dfbd5b
app-layer: tx counter implementation
...
This patch adds a transaction counter for application layers
supporting it. Analysis is done after the parsing by the
different application layers.
This result in new data in the stats output, that looks like:
```
"app-layer": {
"tx": {
"dns_udp": 21433,
"http": 12766,
"smtp": 0,
"dns_tcp": 0
}
},
```
8 years ago
Giuseppe Longo
675fa56497
app-layer: add ThreadVars to AppLayerParserParse
...
To be able to add a transaction counter we will need a ThreadVars
in the AppLayerParserParse function.
This function is massively used in unittests
and this result in an long commit.
8 years ago
Giuseppe Longo
5908dd0804
app-layer: add flow counters
...
This adds per flow counters for all
supported protocols.
This results in new data in stats output that looks like:
```
"app-layer": {
"flow": {
"http": 9310,
"ftp": 0,
"smtp": 0,
"tls": 71,
"ssh": 0,
"imap": 0,
"msn": 0,
"smb": 170,
"dcerpc_udp": 0,
"dns_udp": 870,
"dcerpc_tcp": 2,
"dns_tcp": 0
},
},
```
8 years ago
Eric Leblond
398489e6df
stream: fix depth reached detection
...
When a segment only partially fit in streaming depth, the stream
depth reached flag was not set resulting in a continuous
inspection of the rest of the session.
By setting the stream depth reached flag when the segment partially
fit we avoid to reenter the code and we don't take anymore a code
path resulting in the flag not to be set.
8 years ago
Mats Klepsland
dc8e0b3cf2
detect: add detect engine for tls validity keywords
...
Add detect engine for tls validity keywords (tls_cert_notbefore and
tls_cert_notafter).
8 years ago
Mats Klepsland
d91664d67a
detect-dns: move DetectEngineInspectGenericList to detect-engine.c
...
Move DetectEngineInspectGenericList from detect-engine-dns.c to
detect-engine.c to enable it to be used other places as well.
8 years ago