suricata

Commit Graph

Author	SHA1	Message	Date
Philippe Antoine	e8db6255cb	tls: accept validity before 1970 modify TLS certificate decoding of validity timestamps to support times between 1950 and 2049, as per RFC 5280 Ticket: #3253	3 years ago
Jeff Lucovsky	31793aface	time: Replace struct timeval with scalar value Issue: 5718 This commit switches the majority of time handling to a new type -- SCTime_t -- which is a 64 bit container for time: - 44 bits -- seconds - 20 bits -- useconds	3 years ago
Philippe Antoine	9f21e2bcde	src: remove unneeded double colon git grep ';;' src/ \| grep -v for \| cut -d: -f1 \| uniq \| while read f; do sed -i -e 's/;;/;/' $f; done	3 years ago
Victor Julien	b31ffde6f4	output: remove error codes from output	3 years ago
Victor Julien	e250ef6402	debug: remove empty header	3 years ago
Philippe Antoine	83a8cd80b2	detect: remove wrappers around DetectEngineInspectGenericList	3 years ago
Philippe Antoine	b8524e70d9	detect: change InspectEngineFuncPtr2 to return uint8_t	3 years ago
Philippe Antoine	56f664af6b	pcre2: follow code naming style	4 years ago
Philippe Antoine	48dd0cf804	pcre2: check for PCRE2_ERROR_UNSET Needs maybe to be generalized	4 years ago
Philippe Antoine	3de99a214c	pcre2: migrate keywords parsing	4 years ago
Victor Julien	84385549fe	detect: remove unused arg from generic list inspect	5 years ago
Victor Julien	494f8f2700	detect/tls: convert to v2 inspect API	5 years ago
Victor Julien	26bcc97515	detect/keywords: dynamic version part of doc URL	6 years ago
Jeff Lucovsky	d3a65fe156	detect: Provide `de_ctx` to free functions This commit makes sure that the `DetectEngineCtx *` is available to each detector's "free" function.	6 years ago
Jeff Lucovsky	7f6af10fed	general: copyright bump	6 years ago
Jeff Lucovsky	4b0085b03c	detect: Update to take advantage of PCRE refactor This commit changes the keyword detectors to use the refactored PCRE modifications from detect-parse.[ch]	6 years ago
Victor Julien	14896365ef	detect: remove Threadvars argument from API calls Remove it as it's (almost) never used. If it is really needed it can be accessed through DetectEngineThreadCtx::tv as well.	6 years ago
Mats Klepsland	767bde5e74	detect-tls-cert-validity: move unittests to tests/	7 years ago
Mats Klepsland	12d37b8b2c	detect-tls: tidy up unittests By doing the following: - removing unnecessary locks - moving variable declarations - removing redundant function 'SigCleanSignatures'	7 years ago
Mats Klepsland	285855d928	detect-tls: remove NULL settings from keyword registration	7 years ago
Victor Julien	998f32f88c	detect/tls: consolidate validity code	7 years ago
Eric Leblond	8c1b16e22d	doc: fix some links in list-keywords command	7 years ago
Victor Julien	ab1200fbd7	compiler: more strict compiler warnings Set flags by default: -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wcast-align -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char Fix minor compiler warnings for these new flags on gcc and clang.	9 years ago
Victor Julien	d304be5bc3	detect: register progress in inspect engines Register required progress so we can stop inspecting as soon as the progress isn't far enough yet.	9 years ago
Victor Julien	cc4010343d	detect: add and use util func for alproto sets	9 years ago
Victor Julien	8bd1422948	detect: detect engine registration cleanup	9 years ago
Victor Julien	9ba386a141	tls: dynamic buffers	9 years ago
Eric Leblond	a2e2f50fb9	documentation: fix list keywords URLs Update URLs in keyword definition to point to sphinx documentation.	9 years ago
Victor Julien	7e4df3a1d1	tls-validity: fix memory handling	9 years ago
Mats Klepsland	10d827639e	detect-tls-cert-validity: clean up unit tests Remove locks, unnecessary function calls and conditional statements.	9 years ago
Mats Klepsland	1fea52dd8a	detect: add keyword tls_cert_valid Add keyword to check if TLS certificate is valid.	9 years ago
Mats Klepsland	f7e0083269	detect-cert-validity: fix typos	9 years ago
Mats Klepsland	f22c9d9781	detect: add keyword tls_cert_expired Add keyword to check if TLS certificate is expired.	9 years ago
Mats Klepsland	07d2312d96	detect-tls-validity: use flags for modes Use flags for modes to support using multiple modes at the same time.	9 years ago
Victor Julien	e28e98bcaa	tls_cert_subject: register inspect engine from keyword	9 years ago
Giuseppe Longo	675fa56497	app-layer: add ThreadVars to AppLayerParserParse To be able to add a transaction counter we will need a ThreadVars in the AppLayerParserParse function. This function is massively used in unittests and this result in an long commit.	9 years ago
Mats Klepsland	dc8e0b3cf2	detect: add detect engine for tls validity keywords Add detect engine for tls validity keywords (tls_cert_notbefore and tls_cert_notafter).	9 years ago
Mats Klepsland	ea5696812f	detect: add tls_cert_notbefore and tls_cert_notafter keywords Detection plugin for TLS certificate fields notBefore and notAfter. Supports equal to, less than, greater than, and range operations for both keywords. Dates can be represented as either ISO 8601 or epoch (Unix time). Examples: alert tls [...] tls_cert_notafter:1445852105; [...] alert tls [...] tls_cert_notbefore:<2015-10-22T23:59:59; [...] alert tls [...] tls_cert_notbefore:>2015-10-22; [...] alert tls [...] tls_cert_notafter:2000-10-22<>2020-05-15; [...]	9 years ago

38 Commits (8746fbe07e9291a36a27d5dd116b7a65048946c3)