suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	0bb2b15491	ipv6: check for MLD messages with HL not 1 MLD messages should have a hop limit of 1 only. All others are invalid. Written at MLD talk of Enno Rey, Antonios Atlasis & Jayson Salazar during Deepsec 2014.	11 years ago
Jason Ish	55c45ac91d	Fix MPLS decoder rules.	11 years ago
Jason Ish	65f40cbeaa	Don't default to ethernet, ethernet should be preceded by a pseudowire. If the payload type can't be determined, raise an alert.	11 years ago
Jason Ish	348b0e0e9f	Set decoder events for labels that shouldn't be seen on the wire. Add unit tests to test for mpls decoder events.	11 years ago
Victor Julien	7c05685421	ipv6: set event on unsupported nh If a next header / protocol is encountered that we can't handle (yet) set an event. Disabled the rule by default. decode-event:ipv6.unknown_next_header;	11 years ago
Victor Julien	bbcdb657da	ipv6: more robust ipv6 exthdr handling Skip past Shim6, HIP and Mobility header. Detect data after 'none' header. decode-event:ipv6.data_after_none_header;	11 years ago
Victor Julien	938602c55e	ipv6: detect frag header reserved field non-zero Frag Header length field is reserved, and should be set to 0. decode-event:ipv6.fh_non_zero_reserved_field;	11 years ago
Victor Julien	8c19e5ff63	ipv6: make exthdr parsing more robust Improve data length checks. Detect PadN option with 0 length.	11 years ago
Victor Julien	abee95ca4f	ipv6: set flag on type 0 routing header Type 0 Routing headers are deprecated per RFC 5095. This patch sets an decode event flag that can be matched on through: decode-event:ipv6.rh_type_0;	11 years ago
Victor Julien	fdca557e01	ipv4 decoder: set 'invalid' event on icmpv6 ICMPv6 on IPv4 is invalid, so if we encounter this we set an event and flag the packet as invalid. Ticket #1105.	12 years ago
Victor Julien	fb16cf1a5a	vlan: add rule for new 'too many layers' event	12 years ago
Victor Julien	1eed3f2233	ipv6: add event for ipv6 packet with icmpv4 header	13 years ago
Victor Julien	150b0c5ae0	ipv6: add option to detect HOP/DST headers with only padding. Detect unknown DST/HOP opts.	13 years ago
Eric Leblond	def0270de7	decode: decode IPv6-in-IPv6 This patch adds decoding of IPv6-in-IPv6. It also adds some events for invalid packets. This patch should fix #514.	13 years ago
Eric Leblond	09fa0b9542	Add support for IPv4-in-IPv6 This patch adds support for IPv4-in-IPv6 and should fix #462.	13 years ago
Victor Julien	b976ff228a	ipv6: fix an AH header parsing issue. Add decoder event for non-null reserved fields.	14 years ago
Victor Julien	374947c354	ipv6: properly deal with packets containing a FH header that has offset 0 and no more frags flag set.	14 years ago
Victor Julien	fd4e1460cf	Add checksum validation rules to decoder events rules.	14 years ago
Victor Julien	d9ad1b00b3	Clean up SID allocation for decoder and stream rules.	14 years ago
Victor Julien	83c3f15812	Minor fixes in defrag engine, shrink DefragTracker_ structure.	15 years ago
Jason Ish	0385f72669	Use separate frag decoder events for IPv4 and IPv6.	15 years ago
Jason Ish	de1c40c44f	Set decoder event on fragment overlaps.	15 years ago
Jason Ish	6da9c64a28	Set decoder event when re-assembled fragments would exceed max IP packet size.	15 years ago
Victor Julien	6a048f2d69	Include initial version of decoder-event rules.	15 years ago

24 Commits (10104066e17a59769467cc5350eac59ee37404f1)