suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	24d231315b	datasets: constify some function args	4 years ago
Victor Julien	ea2d0ecf08	datasets: fix cppcheck warning src/datasets.c:107:17: error: Uninitialized variable: hash [uninitvar] memcpy(out, hash, outs); ^ src/datasets.c:93:26: note: Assuming condition is false for (x = 0, i = 0; i < ins; i+=2, x++) { ^ src/datasets.c:107:17: note: Uninitialized variable: hash memcpy(out, hash, outs); ^ Bug: #5291.	4 years ago
Jason Ish	6392216f6b	base64: use the Rust base64 encode implementation Replace our internal base64 implementation with a ffi wrapper around the Rust implementation provided by an external crate.	4 years ago
Eric Leblond	64f994f753	dataset: fix dataset string lookup The data was unlocked but the use_cnt was not decreased resulting in the data entry not being removable.	5 years ago
Shivani Bhardwaj	98285177ba	datasets: use default memcap	5 years ago
Victor Julien	f21a4bc40e	datasets: remove experimental warning	5 years ago
Shivani Bhardwaj	1286b0a8f1	datasets: parse defaults section from yaml Datasets can now have a global defaults setting in suricata.yaml. In case the settings for memcap and hashsize are not find in the yaml or rule, this shall be the fallback. Example: datasets: defaults: memcap: 100mb hashsize: 2048 ua-seen: type: string load: datasets.csv	5 years ago
Shivani Bhardwaj	5ac94fc407	datasets: allow memcap, hashsize be set via yaml or rule It is now possible to set the memcap and hashsize via suricata.yaml and rules. Rule example: alert http any any -> any any (http.user_agent; dataset:isset,ua-seen,type string,load datasets.csv,memcap 100mb,hashsize 2048; sid:1;) suricata.yaml example: datasets: ua-seen: type: string load: datasets.csv memcap: 20mb hashsize: 2048	5 years ago
Shivani Bhardwaj	b2482d6c60	datasets: allow max possible memcap while loading While using the "load" option of datasets, it should be possible to load any file from the disk, so set the limit to highest possible.	5 years ago
Shivani Bhardwaj	c9a637d854	datasets: fix null pointer deref	5 years ago
Shivani Bhardwaj	e9fe5ada7f	datasets: reload static sets	5 years ago
Victor Julien	eef7760870	datasets: reputation value validation	6 years ago
Victor Julien	b0c79c6996	datasets: suppress coverity fp's	6 years ago
Victor Julien	1d8d03184d	datasets: remove useless variables	6 years ago
Victor Julien	af06883f65	datasets: add 'remove' support	6 years ago
Victor Julien	ff55a444d4	datasets: fix return values for 'add's	6 years ago
Victor Julien	381bc2dd64	datasets: fix ref cnt handling Each 'add' and 'lookup' would increment the use_cnt, without anything bringing it back down. Since there is no removal yet, nothing is actually affected by it yet.	6 years ago
Victor Julien	6d2bd6607e	datasets: make clear the feature is experimental	6 years ago
Victor Julien	914c5b7975	datasets: fix error handling	6 years ago
Victor Julien	1021465f23	datasets: improve and doc return codes	6 years ago
Victor Julien	e264a0cee8	datasets: fix hash table config Example: datasets: ua-seen: type: string state: ua-seen.lst hash: hash-size: 100000 prealloc: 1000 memcap: 256mb	6 years ago
Victor Julien	9b64b6794b	datasets: change config to map Example: datasets: ua-seen: type: string state: ua-seen.lst dns-sha256-seen: type: sha256 state: dns-sha256-seen.lst	6 years ago
Victor Julien	a3e5b91668	detect/dataset: fix 'state' path handling	6 years ago
Victor Julien	8045746bd1	datasets: remove notice messages and improve errors	6 years ago
Victor Julien	1d6a358d8a	datasets: unix socket dataset-add command	6 years ago
Victor Julien	317376f59d	datasets: match on lists of data Datasets are sets/lists of data that can be accessed or added from the rule language. This patch implements 3 data types: 1. string (or buffer) 2. md5 3. sha256 The patch also implements 2 new rule keywords: 1. dataset 2. datarep The dataset keyword allows matching against a list of values to see if it exists or not. It can also add the value to the set. The set can optionally be stored to disk on exit. The datarep support matching/lookups only. With each item in the set a reputation value is stored and this value can be matched against. The reputation value is unsigned 16 bit, so values can be between 0 and 65535. Datasets can be registered in 2 ways: 1. through the yaml 2. through the rules The goal of this rules based approach is that rule writers can start using this without the need for config changes. A dataset is implemented using a thash hash table. Each dataset is its own separate thash.	6 years ago

26 Commits (24d231315b5b8342ce2cec203f943077659b1c1a)