831ddb62d2 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: add support for TLSv1.3 from draft 22  
							
							... 
							
							
							
							Add support for draft 22 to draft 28 and for the final
version (RFC8446) of TLSv1.3. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								e0ef578c46 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: add support for session tickets  
							
							... 
							
							
							
							Add support for logging a session as 'resumed' when using a non-empty
session ticket extension in the client hello record. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								21897a4d7a 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: add better session id support  
							
							... 
							
							
							
							Verify that the session id from both the client hello record and the
server hello record matches before marking the session as 'resumed'. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								f22bd5a75b 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: decode server hello record  
							
							... 
							
							
							
							Decoding server hello is needed to do a better implementation of
session resumption. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								0f1c8711ce 
								
							
								 
							
						 
						
							
							
								
								doc: README.md minor fixes  
							
							... 
							
							
							
							- Capitalization update
- Typo fix
- Spacing update
Signed-off-by: jason taylor <jtfas90@gmail.com> 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								93364b9175 
								
							
								 
							
						 
						
							
							
								
								flow/timeout: code simplification and cleanup  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								c8ecca59f8 
								
							
								 
							
						 
						
							
							
								
								stream: minor code cleanup  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								af6f52cc09 
								
							
								 
							
						 
						
							
							
								
								rules: hide 'template' from --list-keywords  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								b0577402b6 
								
							
								 
							
						 
						
							
							
								
								rules: hide internal keywords from --list-keywords  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								8c7aee92eb 
								
							
								 
							
						 
						
							
							
								
								flow-manager: fix unittest initialization  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								68cc53d188 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: make sure that JA3 stuff is only initialized once  
							
							... 
							
							
							
							Avoid possible memory leaks by making sure that JA3 buffer and
string is only initialized once. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								5ec2f6e7b3 
								
							
								 
							
						 
						
							
							
								
								app-layer-ssl: fix memleak/coredump (Bug  #2603 )  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								fcd5e138b9 
								
							
								 
							
						 
						
							
							
								
								af-packet: close the socket in case of early fail  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								7e8a749227 
								
							
								 
							
						 
						
							
							
								
								log-filestore: fix file descriptor leak  
							
							... 
							
							
							
							In the case we exceed the number of simultaneously open
file we can reach a state were we will not close the file
after writing.
Thanks to Steve Grubb <sgrubb@redhat.com> for the analysis. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								876156d3a1 
								
							
								 
							
						 
						
							
							
								
								profiling/app-layer: fix TCP parsers showing UDP stats  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								1f16b42d78 
								
							
								 
							
						 
						
							
							
								
								profiling: add missing logger labels  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								1f4cd75f05 
								
							
								 
							
						 
						
							
							
								
								detect: clean up sgh flags and add cocci check  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								e6b74f8ee0 
								
							
								 
							
						 
						
							
							
								
								stream: minor code cleanups  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								7abb8745bf 
								
							
								 
							
						 
						
							
							
								
								detect/mpm: clean up setup code  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								1c6bc5754c 
								
							
								 
							
						 
						
							
							
								
								dhcp: check length of option before accessing  
							
							... 
							
							
							
							Prevent Rust index out of bounds panic.
Redmine issue:
https://redmine.openinfosecfoundation.org/issues/2571  
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								7bc2469eb1 
								
							
								 
							
						 
						
							
							
								
								dhcp: remove println!() that got committed  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								88277d0402 
								
							
								 
							
						 
						
							
							
								
								detect: fix file_data detect issue with alert ip  
							
							... 
							
							
							
							Fix mpm progress being updated by irrelevant engines. Esp in the
case of file_data engines, signature can contain multiple versions
of the same engine, registered for different 'progress' values.
This would lead to signatures being considered 'can't match' even
in cases where they clearly could still match.
Only consider those progress values that apply to the protocol in
use. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								a68eec630f 
								
							
								 
							
						 
						
							
							
								
								detect/parse: try to set flow direction for sigs w/o explict app proto as well  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								4c1173ffcd 
								
							
								 
							
						 
						
							
							
								
								configure: added rust install notes  
							
							... 
							
							
							
							Signed-off-by: jason taylor <jtfas90@gmail.com> 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								015cd93014 
								
							
								 
							
						 
						
							
							
								
								configure: updated fedora/centos references  
							
							... 
							
							
							
							* updated fedora yum references to dnf
* updated/added centos/rhel references
Signed-off-by: jason taylor <jtfas90@gmail.com> 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								bce7c2dd87 
								
							
								 
							
						 
						
							
							
								
								eve/http: add tx->request_port_number as http_port  
							
							... 
							
							
							
							Add the port specified in the hostname (if any) to the http object in
eve. The port may be different from the dest_port used by the TCP flow. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								2938f797f2 
								
							
								 
							
						 
						
							
							
								
								yaml: add var for DC_SERVERS (Domain Controller)  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								99193b1492 
								
							
								 
							
						 
						
							
							
								
								yaml: add note for dns v1 not available with rust  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								a3832e4594 
								
							
								 
							
						 
						
							
							
								
								yaml: add note for dns.log with Rust  
							
							... 
							
							
							
							It is not availbale when rust is enabled. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								173e5a1c58 
								
							
								 
							
						 
						
							
							
								
								doc: iprep supports CIDR networks  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								c9b9f7fd1b 
								
							
								 
							
						 
						
							
							
								
								util-unittest: fix typo  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								28e74abcc5 
								
							
								 
							
						 
						
							
							
								
								detect/files: fix inspection issues with 'alert ip'  
							
							... 
							
							
							
							Don't track the 'skipped' engines as matches. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								6ffa0507d2 
								
							
								 
							
						 
						
							
							
								
								detect/filehash: try to open data file from rulefile dir  
							
							... 
							
							
							
							If the data file can't be found in the default location, which
normally is 'default-rule-path', try to see if it can be found
in the path of the rule file that references it.
This makes QA much easier. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								39ca1db8e8 
								
							
								 
							
						 
						
							
							
								
								files: only prune in own direction  
							
							... 
							
							
							
							Only prune files in own direction. The opposite direction may still
require inspection. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								1df38c3b97 
								
							
								 
							
						 
						
							
							
								
								cocci: add more flag checks  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								67c90954c0 
								
							
								 
							
						 
						
							
							
								
								detect: use BIT_* macros  
							
							... 
							
							
							
							Also add notes that when adding flags they should be added to the
analyzer as well. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								25a87cbbed 
								
							
								 
							
						 
						
							
							
								
								stream: use BIT_U8 for stream flags  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								7fca17639d 
								
							
								 
							
						 
						
							
							
								
								detect/prefilter: speed up setup  
							
							... 
							
							
							
							If the global detect.prefilter.default setting is not "auto", it is
wasteful to run each prefilter setup routine. This patch tracks which
of the engines have been explicitly enabled in the rules and only
runs those. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								4f1befd217 
								
							
								 
							
						 
						
							
							
								
								detect/prefilter: fix prefilter when setting is 'mpm'  
							
							... 
							
							
							
							When prefilter is not enabled globally, it is still possible to
enable it per signature. This was broken however, as the setup
code would never be called.
This commit always call the setup code and lets that sort out
which signatures (if any) to enable prefiltering for. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								085521b218 
								
							
								 
							
						 
						
							
							
								
								detect: include keyword types in detect.h  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								38b698c50f 
								
							
								 
							
						 
						
							
							
								
								detect/analyzer: show pattern that is used by mpm  
							
							... 
							
							
							
							Set a new DETECT_CONTENT_MPM flag on the pattern that is selected
during setup. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								0b5d8a1d75 
								
							
								 
							
						 
						
							
							
								
								detect/prefilter: fix alias for fast_pattern  
							
							... 
							
							
							
							If prefilter is used on a content keyword, it acts as a simple
fast_pattern statement. This was broken because the SIG_FLAG_PREFILTER
flag bypasses MPM for a sig. This commits fixes this by not setting
the flag when it should act as fast_pattern. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								35c5ae3458 
								
							
								 
							
						 
						
							
							
								
								detect: limit flush logic to sigs that need it  
							
							... 
							
							
							
							Limit the early 'flush' logic to sigs that actually need to match
on both stream and http bodies. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								f35a3bbae0 
								
							
								 
							
						 
						
							
							
								
								detect/analyzer: add built-in lists  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								28a0291d07 
								
							
								 
							
						 
						
							
							
								
								detect: don't setup PMATCH if it will be unused  
							
							... 
							
							
							
							Safes a bit of memory and makes it easier to debug. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								6694593cc0 
								
							
								 
							
						 
						
							
							
								
								detect/analyzer: add Signature::flags  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								c0adff3770 
								
							
								 
							
						 
						
							
							
								
								detect: remove STATE_MATCH flag use at runtime  
							
							... 
							
							
							
							Instead, use it only at init time and use Signature::app_inspect
directly at runtime. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								5879dafe55 
								
							
								 
							
						 
						
							
							
								
								detect: cleanup direct SIG_FLAG_STATE_MATCH use  
							
							... 
							
							
							
							This flag should normally not be set manually. It will be set by the
code registering the app engines in a signature. 
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								cbd5ca3f69 
								
							
								 
							
						 
						
							
							
								
								detect/dnp3: cleanup list and proto registration  
							
							
							
						 
						
							7 years ago  
				
					
						
							
							
								 
						
							
							
								c279a801e5 
								
							
								 
							
						 
						
							
							
								
								detect: remove SIG_FLAG_STATE_MATCH flag check  
							
							... 
							
							
							
							It could not fail as before it the flag was already checked as a bail
out condition. 
							
						 
						
							7 years ago