b4454b6846 
								
							
								 
							
						 
						
							
							
								
								Switch to b2gc as default pattern matcher as it uses less memory and is a little faster.  
							
							
							
						 
						
							15 years ago  
				
					
						
							
							
								 
						
							
							
								87f88867f4 
								
							
								 
							
						 
						
							
							
								
								Further improve B2gc. Add B2gm. Improve memory layout.  
							
							
							
						 
						
							15 years ago  
				
					
						
							
							
								 
						
							
							
								9dfbab42f8 
								
							
								 
							
						 
						
							
							
								
								WIP B2gc  
							
							
							
						 
						
							15 years ago  
				
					
						
							
							
								 
						
							
							
								6a5bc52461 
								
							
								 
							
						 
						
							
							
								
								support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them  
							
							
							
						 
						
							15 years ago  
				
					
						
							
							
								 
						
							
							
								875184a4ba 
								
							
								 
							
						 
						
							
							
								
								Cleanup suricata.yaml.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								f0928a4555 
								
							
								 
							
						 
						
							
							
								
								support for enforcing the depth until when the reassembly will be performed  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								cbebc44fb2 
								
							
								 
							
						 
						
							
							
								
								Fix config file typo.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								07491f8887 
								
							
								 
							
						 
						
							
							
								
								add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								8b0ca4f628 
								
							
								 
							
						 
						
							
							
								
								support for seperate memcaps for reassembly and stream engine  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								2c5c0d54f3 
								
							
								 
							
						 
						
							
							
								
								Add comments on CUDA usage in suricata.yaml.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								c67cf593c2 
								
							
								 
							
						 
						
							
							
								
								Disable alert-debuglog and unified1 in the default config. Add comments to the default config about pending packets, alert log types.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								6519a86ec7 
								
							
								 
							
						 
						
							
							
								
								Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								9d114eaffb 
								
							
								 
							
						 
						
							
							
								
								Adding threshold.config example at suricata.yaml  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								49d68169ea 
								
							
								 
							
						 
						
							
							
								
								Allow the user to disable setting cpu affinity and allow configuring the number of detect threads relative to the number of CPU's/CPU cores.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								2fd31a1a11 
								
							
								 
							
						 
						
							
							
								
								Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								4775f67ba1 
								
							
								 
							
						 
						
							
							
								
								Adding emergency mode recovery options on config  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								18e5ac8cde 
								
							
								 
							
						 
						
							
							
								
								Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								1238668961 
								
							
								 
							
						 
						
							
							
								
								Adding actions order and suport for rule action "pass"  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								00974d157b 
								
							
								 
							
						 
						
							
							
								
								Fix issue 131.  
							
							... 
							
							
							
							Flow-timeouts likely don't need to be a sequence, but rather mappings.  We'd only need a sequence if you wanted to list something like "tcp" twice which I don't think makes sense for configuration section.
Also fixup flow.c to not attempt to use the sequence, and put the timeouts into their correct place. 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								4875c2daf4 
								
							
								 
							
						 
						
							
							
								
								Console logging settings are now overridden by env vars.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								a9cdd2bbae 
								
							
								 
							
						 
						
							
							
								
								Add htp personality configuration.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								b0faeb91d7 
								
							
								 
							
						 
						
							
							
								
								small PF_RING update cmd line opts changed  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								ddf995da3b 
								
							
								 
							
						 
						
							
							
								
								pfring support lb type, and now uses logging subsys  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								eab93e766a 
								
							
								 
							
						 
						
							
							
								
								Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								5c3ab2b73f 
								
							
								 
							
						 
						
							
							
								
								Load host OS info from the configuration.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								0693dc1a50 
								
							
								 
							
						 
						
							
							
								
								Fix typo in example config.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								38dc7ffebc 
								
							
								 
							
						 
						
							
							
								
								Adding settings for detect engine group config  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								fbdf1baf1c 
								
							
								 
							
						 
						
							
							
								
								- rebase  
							
							... 
							
							
							
							Provide limits to the unified outputs. 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								7142fdb780 
								
							
								 
							
						 
						
							
							
								
								quick way to make max_pending configurable.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								999a200bc9 
								
							
								 
							
						 
						
							
							
								
								pattern matcher options support  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								c72d6be58b 
								
							
								 
							
						 
						
							
							
								
								Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								4515ae13e4 
								
							
								 
							
						 
						
							
							
								
								Add Prelude output plugin  
							
							... 
							
							
							
							Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.
Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)
libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).
This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com> 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								6a53ab9c5a 
								
							
								 
							
						 
						
							
							
								
								Stream engine memory handling update  
							
							... 
							
							
							
							The stream engine memory handling needed updating as it didn't scale. Changes:
- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs. 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								2b7b78f1bf 
								
							
								 
							
						 
						
							
							
								
								Intial IPFW support FreeBSD and OSX  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								f08d01a8e8 
								
							
								 
							
						 
						
							
							
								
								Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								5592189c04 
								
							
								 
							
						 
						
							
							
								
								Loading flow settings from config  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								4e1acf5fd2 
								
							
								 
							
						 
						
							
							
								
								Require that the configuration file begins with a valid YAML version. At this time this means the configuration file must begin with  
							
							... 
							
							
							
							%YAML 1.1 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								844c444af1 
								
							
								 
							
						 
						
							
							
								
								Use the configuration file to setup alert logging (and http logging).  
							
							... 
							
							
							
							Only setup for the live pcap modes at the moment. 
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								bea22d91ed 
								
							
								 
							
						 
						
							
							
								
								Set default-rule-path in example config to /etc/suricata/rules/  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								d284f0d333 
								
							
								 
							
						 
						
							
							
								
								Set default classification file location in the config file.  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								87a435cd0d 
								
							
								 
							
						 
						
							
							
								
								updated to include more rulesets more sane vars  
							
							
							
						 
						
							16 years ago  
				
					
						
							
							
								 
						
							
							
								ecf86f9c23 
								
							
								 
							
						 
						
							
							
								
								Rename to Suricata.  
							
							
							
						 
						
							16 years ago