aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,493 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a67c31d4e1'
${ noResults }
Commit Graph

7493 Commits (a67c31d4e164b04c1ec5766b692bf984790cdad5)
 

Author SHA1 Message Date
Victor Julien 1380853ee8 mpm host: remove unused function args 8 years ago
Victor Julien b40ecb7356 mpm method: remove unused function args 8 years ago
Victor Julien 3d5807ba44 mpm raw uri: remove unused function args 8 years ago
Victor Julien d461c7888a mpm uri: remove unused function args 8 years ago
Victor Julien c4dcb20522 detect-parse: add new func to get last sigmatch 
Add SigMatchGetLastSM which simply returns the very last SM added
to the signature.

Minor cleanups.
 8 years ago
Victor Julien 3ab405dc50 doc: reorganize hyperscan guide 8 years ago
Victor Julien 99d5bf4e68 doc: improve tuning/perf docs 8 years ago
Victor Julien c7c8de7d59 doc: fix ET example URL 8 years ago
Victor Julien 485544d885 doc: improve commandline options 8 years ago
Eric Leblond 3ca663d7ff output-json-flow: display bypass method 
In the case of a bypassed flow we add a 'bypass' key that can
be 'local' or 'capture'. This will allow the user to know if
capture bypass method is failing by looking at the 'bypass' key.
 8 years ago
Giuseppe Longo e6bac998d9 flow: add timeout for local bypass 
This adds a new timeout value for local bypassed state. For user
simplication it is called only `bypassed`. The patch also adds
a emergency value so we can clean bypassed flows a bit faster.
 8 years ago
Eric Leblond 51bfe4960a flow: discard packets belonging to bypassed flows 8 years ago
Eric Leblond 724069626d flow: downgrade to local bypass if we see packets 
If we see packets for a capture bypassed flow after some times, it
means that the capture method is not handling correctly the bypass
so it is better to switch to local bypass method.
 8 years ago
Eric Leblond 4cf887b4f7 flow: update lastts in FlowHandlePacketUpdate 
This allows to make it conditional to the state of packet and
then trigger modified behavior.
 8 years ago
Giuseppe Longo 5b71b5834f filestore: avoid conflict with bypass keyword 
If a packet triggers a rule which contains both
bypass and filestore keywords,
it won't be stored since it's not inspected.

To avoid that, when a rule containing filestore keyword
we make sure that also bypass keyword is present.
 8 years ago
Giuseppe Longo 07564c4e41 detect: add bypass keyword 
This adds a new keyword which permits to call the
bypass callback when a sig is matched.

The callback must be called when the match of the sig
is complete.
 8 years ago
Eric Leblond c19cd12620 flow: bypass encrypted and after stream depth flow 
This patch activates bypass for encrypted flow and for flow
that have reached stream depth on both side.

For encrypted flow , suricata is stopping the inspection so
we can just get it out via bypass. The same logic apply
for flow that have reached the stream depth.

For a basic test of feature, use the following ruleset:

```
table ip filter {
	chain output {
		type filter hook output priority 0; policy accept;
		ct mark 0x1 counter accept
		oif lo counter queue num 0
	}

	chain connmark_save {
		type filter hook output priority 1; policy accept;
		mark 0x1 ct mark set mark counter
		ct mark 0x1 counter
	}
}
```

And use bypass mark and mask of 1 in nfq configuration. Then you
can test the system by scp big file to 127.0.0.1. You can also
use iperf to measure the performance on localhost. It is recommended
to lower the MTU to 1500 to get something more realistic by increasing
the number of packets..
 8 years ago
Giuseppe Longo 177df305d4 stream-tcp: enable bypass setting 
This permits to enable/disable in suricata.yaml
and the bypass function will be called
when stream.depth is reached.
 8 years ago
Giuseppe Longo 97783f8142 nfq: introduce bypass function 8 years ago
Eric Leblond 285b4dd981 decode: implement bypass function 
Call the packet bypass callback if necessary and update the flow
state. In case of failure we switch to local bypassed state and set
capture bypassed state if the callback is successful.
 8 years ago
Eric Leblond 68d9677eea flow: force reassembly for bypassed flows 
As capture method like nfq will cut both side of the flow instantly
we will not get the hack for most data which have been received. So
it is better to force reassembly to be sure to get the timeout of
the entry.
 8 years ago
Eric Leblond 39c8786a8e flow: get bypass info in get used flow function 8 years ago
Eric Leblond 07ef451c2b flow: add pruned bypassed flow counter 8 years ago
Eric Leblond 745dad9809 flow: display info about bypass in log 8 years ago
Eric Leblond e88555caf9 flow: add bypassed states 
This patch adds two new states to the flow:
* local bypass: for suricata only bypass, packets belonging to
a flow in this state will be discard fast
* capture bypass: capture method is handling the bypass and suricata
will discard packets that are currently queued

A bypassed state to flow that will be set on flow when a bypass
decision is taken. In the case of capture bypass this will allow
to remove faster the flow entry from the flow table instead of
waiting for the "established" timeout.
 8 years ago
Giuseppe Longo 616782aa98 packet: add API for bypass 8 years ago
Victor Julien 7011d8f34c doc: remove/cleanup 'guides' 8 years ago
Victor Julien 73b355e24a doc: fix lua keyword name 8 years ago
Victor Julien 43c2db0a55 doc: update what is suricata section 8 years ago
Victor Julien 1f2f1d7063 doc: commandline improvements 8 years ago
Victor Julien 879ab41ade doc: move drop privs into configuration 8 years ago
Jason Ish 7fa390de39 doc: bundle pre-built man page in distribution 8 years ago
Victor Julien f511f86398 doc: rename to 'Suricata User Guide' 8 years ago
Victor Julien 7ad667f282 doc: move snort compat to rule chapter 8 years ago
Jason Ish 614e2f1d43 doc: make target for pdf, and suricata.1 shortcut 8 years ago
Jason Ish 6149b014ec doc: shorten some paths to satisfy distcheck 
Long paths were being dropped from the source package.
 8 years ago
Jason Ish 2e78bf0ba8 doc: list files/directories in EXTRA_DIST 
So files get included in the distribution and pass
make distcheck.
 8 years ago
Jason Ish b1ced40ee4 doc: get Suricata version from autoconf vars 8 years ago
Jason Ish ab93eb97b9 doc: use - instead of _ in filenames for consistency 8 years ago
Jason Ish b8521a52f3 doc: link up hyperscan and packet capture 8 years ago
Jason Ish b9a7335ec4 doc: expose variables for substition in docs 8 years ago
Jason Ish 15d2a7a49d doc: minimal man page: suricata.1 8 years ago
Jason Ish 6eedd0068b doc: hook sphinx into build 8 years ago
Jason Ish 5e76a54714 doc: packet capture: sync up with wiki 8 years ago
Jason Ish 7f5ffeebad doc: dns: sync up with wiki 8 years ago
Jason Ish ba4931ddb6 doc: flow:not_established not supported 8 years ago
Andreas Herz 7806ae8f57 docs: sync up to recent redmine 8 years ago
Jason Ish 0e63c9ca41 doc: add GPL and CC licenses 8 years ago
brandonlattin 7e3591e3ce doc: performance: Replace 'medium' with 'custom' 
I assume the intent was to use the custom-values that are being defined.
 8 years ago
Andi 8e655cf107 eve-json-format: add newest version from the wiki 
This was added by pevma in the wiki, so should go into the sphinx doc as well.
 8 years ago