aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,209 Commits
7 Branches
155 Tags
194 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0f10298990'
${ noResults }
Commit Graph

433 Commits (0f102989902f6b45fd942f2b74ab832fea132c90)

Author SHA1 Message Date
Zach Kelly caef8b5b38 protocol parser: rdp 
Initial implementation of feature 2314:
1. Add protocol parser for RDP
2. Add transactions for RDP negotiation
3. Add eve logging of transactions
 6 years ago
Andreas Herz d657fd9bf0 doc: add quickstart guide 6 years ago
Victor Julien d5009c5d8c doc/stream: briefly explain bypass 6 years ago
Jason Ish 0bb07b550c userguide: remove section on using Oinkmaster 
Users should be using Suricata-Update now.
 6 years ago
Travis Green 3f146cdd7e doc: add endswith keyword docs 6 years ago
Travis Green 9f8dcad287 doc: update of ssh-kewords documentation 
Modifies ssh-keywords.rst to fix syntax error in example rule as well as
update descriptions to indicate older keywords have been deprecated.
 6 years ago
Jason Ish 9488002a0d doc: use describe instead of option for old Sphinx 
Older versions of Sphinx will generate duplicate IDs when you have
options like:

.. option:: some-option

.. option:: some-other-option

The version of Sphinx provided on CentOS 7 has this issue, newer
versions of Sphinx do not.  As CentOS 7 is still a popular
distribution, change ".. option" to ".. describe" which has the
same visual output, but does not generate links.
 6 years ago
Victor Julien e36a963196 datasets/doc: minor fixes and clarifications 6 years ago
Victor Julien 0107b9a057 doc/dataset: initial documentation 6 years ago
Victor Julien 1bc738fbe4 doc: typo fixes 
By @espritlibre and @Zeal0us
 6 years ago
Nick Price d0a85b7550 ja3: Mention LibNSS dependency for JA3 6 years ago
Eric Leblond cc28d24e9a doc: install eBPF files in share directory 
Following proposal by Sascha Steinbiss, let's use /usr/share/suricata
to store the eBPF files.
 6 years ago
Eric Leblond 3cf49ae868 doc: fix English and some typos 6 years ago
Eric Leblond 4be6701836 doc: pointer to bpfctrl 
As bpfctrl is currently the easiest way to manage pinned maps,
let's point to it. We will switch doc to suricatacl once support
has been added.
 6 years ago
Eric Leblond 8f1a7de791 doc: improve doc on compiling with eBPF support 6 years ago
Eric Leblond f1ab27b7cb doc: improve XDP cpu redirect documentation 6 years ago
Eric Leblond 6d9ac64f7b doc: only balance by ip pair 
As there is some issue with defrag, let's recommend to only do
IP pair load-balacing for RSS
 6 years ago
Eric Leblond a1d3835b86 doc: document filter.bpf changes 
Also adds some info to explain maps.
 6 years ago
Eric Leblond 08397e07f1 doc: fix typos in geoip doc 6 years ago
Eric Leblond 0d5608bab2 doc: fix display of icmp code and type array 6 years ago
Eric Leblond 0c84591afe doc: use a table to list direction filter in geoip 6 years ago
Eric Leblond c01cadbade doc: fix geoip syntax 
Spaces are not allowed before country code.
 6 years ago
Vinjar Hillestad 4c18fee3c6 Documenting base64_decode and base64_content 
base64 doc changes based on #4027 pull feedback
 6 years ago
Hilko Bengen 36998ab4cd Add documentation for --with-clang parameter 6 years ago
Andreas Herz c0bddff078 userguide: remove old reference to rule-reload option 6 years ago
Jeff Lucovsky a66383569c userguide: formatting: remove tabs 6 years ago
Jeff Lucovsky c68510437f userguide: ftp formatting updates 6 years ago
Jeff Lucovsky 2149807bd6 eve/ftp: Transaction support for unmatched requests 
Modified transaction logic to create a new transaction with each
request; replies location transactions by using the oldest "open"
(unmatched) transaction or the last transaction if none are open.
 6 years ago
Jeff Lucovsky 1930b1f504 eve/ftp: Log FTP transactions 
This changeset includes changes that
1. Add transaction support to the FTP parser
2. Support eve json logging of FTP transactions
 6 years ago
Bill Meeks a291209e47 detect/geoip: migrate to GeoIP2 database format 
Issue #2765
 6 years ago
Victor Julien 034555644b doc: add tcp.hdr and udp.hdr 6 years ago
Victor Julien a01df4b86b doc: document tcp.mss keyword 6 years ago
Jeff Lucovsky 6cd39c5cfb userguide: Document app-layer anomaly items 
This changeset expands the anomaly section to include newly added
app-layer items.
 6 years ago
Eric Leblond 1f151dd8a6 doc: address norg comments on eBPF doc 6 years ago
Eloïse Brocas 8692aac97f doc: specify config file in ebpf doc 
This patch updates the ebpf-xdp.rst file to specify which
configuration file has to be modified.
 6 years ago
Eric Leblond eea3c6b610 doc: info for new bypass counters 6 years ago
Eric Leblond e3dccb2400 doc: update bypass stats doc 6 years ago
Eric Leblond dbf3606169 doc: document flow event_type 6 years ago
Eric Leblond 8a11581ac8 doc: update ebpf doc following bypass_filter change 6 years ago
Eric Leblond 253c011c70 doc: update for latest xdp_filter.c change 6 years ago
Eric Leblond 567b5ee1bc af-packet: rename option 'no-percpu-hash' 6 years ago
Eric Leblond ca50f8852e doc: improve ebpf doc 
Add example of bypass rules and explain clang dependency.
 6 years ago
Eric Leblond c11eb78141 doc: document netronome hardware bypass usage 6 years ago
Eric Leblond 82c4f5135b doc: use github mirror to setup libbpf 6 years ago
Eric Leblond 1c4d214cdb doc: typo fixes on ebpf doc 6 years ago
Eric Leblond b7560d7547 doc: document externally managed global switch 
This is currently implemented as an exposed map and it seems
a good way to do it.
 6 years ago
Eric Leblond b1769d5f8f util-ebpf: implement pinned maps loading 
Load flow tables at start if asked to.
 6 years ago
Eric Leblond 19c0a5edf5 doc: white space and typo fix 6 years ago
Eric Leblond 6d41a0ced0 doc: more eBPF and XDP capabilities 6 years ago
Eric Leblond 315c29a8e6 ebpf: change the logic to avoid ktime usage 
Kernel time is not available (and/or costly) on NIC such as
Netronome so we update the logic to detect dead flows based on a
lack of update of packets counters. This way, the XDP filter will
be usable by network card.

This patch also updates the ebpf code to support per CPU and
regular mapping. Netronome is not supporting it and the structure
is using atomic for counter so the cost of simultaneous update
is really low.

This patch also updates the xdp_filter to be able to select if the
flow table is per CPU on shared. Second option will be used for
hardward offload. To deactivate the per cpu hash, you need to set
USE_PERCPU_HASH to 0.

This patch also adds an new option to af-packet named no-percpu-hash
If this option is set to yes then the Flow bypassed manager thread
will use one CPU instead of the number of cores. By doing that
we are able to handle the case where USE_PERCPU_HASH is unset (so
hardware offload for Netronome).

This patch also remove aligment indications in the eBPF filter. This
was not really needed and it seems it is causing problem with
some recent version of LLVM toolchain.
 6 years ago