aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
10,234 Commits
7 Branches
155 Tags
197 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c68fbfcfe6'
${ noResults }
Commit Graph

10234 Commits (c68fbfcfe690934e370f90a4f3e04872a1878c37)
 

Author SHA1 Message Date
Victor Julien 0b02efdf01 pool/thread: introduce simpler way to grow thread pool 6 years ago
Victor Julien 6e6c1bad7d pool/thread: minor code cleanups 6 years ago
Victor Julien 924982e792 app-layer: minor cleanups 6 years ago
Victor Julien ce71bf1fff capture: check for flow packets on capture timeout 
The capture threads can receive packets from the flow manager in their
Threadvars::stream_pq packet queue. This mechanism makes sure the packets
the flow manager injects into the engine are processed by the correct
worker thread.

If the capture thread(s) would not receive packets for a long time, the
Threadvars::stream_pq would not be checked and processed. This could
lead to packet pool depletion in the flow manager. It would also lead
to flows not being timed out/logged until either packets started flowing
again or until the engine was shut down.

The scenario is more likely to happen in a test (e.g. replay) but could
also delay logging on low traffic sensors.
 6 years ago
Victor Julien 952cbb563c app-layer: mandatory tx registration checks 
All protocols now implement the TX API, so the runtime checks for
whether or not a protocol supports the TX API can be removed.
 6 years ago
Victor Julien 8bc1e120ea app-layer: make tests tx aware 
Make tests minimally TX-aware so we can asume all parsers use
the tx API.
 6 years ago
Victor Julien 3526569b25 ssh: test cleanup 
Remove explicit locks. Set ALPROTO_SSH in all tests.
 6 years ago
Victor Julien 480f497d05 packetpool: move return stack to pool earlier 
If waiting for N packets move the return stack to the main
stack every time we take the return stack lock.

Make sure we consider enough packets when setting the pending pool
flush logic. This should at least make sure to have the 9 packets
the flow manager requires per run.
 6 years ago
jason taylor fa0008dbbe detect/content: clean up logging output 
Signed-off-by: jason taylor <jtfas90@gmail.com>
 6 years ago
Eric Leblond e9be6126e2 suricatasc: fix reconnect 6 years ago
Jeff Lucovsky ab1d95446a doc: http keyword update 
This changeset updates the keyword type for http.location and http.server
 6 years ago
Jeff Lucovsky 0960ca0d00 detect/analyzer Add missing HTTP values 
This changeset adds recognition of missing HTTP values
- Raw host
- Header names
- Server body
- User agent
 6 years ago
Philippe Antoine a370d2a91d signature: fix memory leak in DetectBytejumpSetup 6 years ago
Philippe Antoine 8a339e73d3 http: adds an event for double encoded uri 6 years ago
Philippe Antoine e5879650bb http: fixes double-encode configuration keywords 6 years ago
Victor Julien a5f1f19b27 travis: move checks into script 
This makes error handling easier and more robust:
https://docs.travis-ci.com/user/job-lifecycle#complex-build-commands
 6 years ago
Victor Julien 68455caa6a travis: add sphinx to trigger doc build 6 years ago
Mats Klepsland f634da61c9 ja3s-string: move unittests to tests/ 6 years ago
Mats Klepsland 736d35f36e ja3s-hash: move unittests to tests/ 6 years ago
Mats Klepsland b59e82a642 userguide: add documentation for ja3s.string keyword 6 years ago
Mats Klepsland 0b489f329c detect: add (mpm) keyword ja3s.string 
Match on JA3S string using ja3s.string keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.string test";
      ja3s.string; content:"10-11-12"; sid:1;)
 6 years ago
Mats Klepsland 76b94c7073 userguide: add documentation for ja3s.hash keyword 6 years ago
Mats Klepsland 80cee50916 detect: add (mpm) keyword ja3s.hash 
Match on JA3S hash using ja3s.hash keyword, e.g:

  alert tls any any -> any any (msg:"ja3s.hash test";
      ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; sid:1;)
 6 years ago
Mats Klepsland d15903a2ef userguide: add documentation for Ja3SGetString Lua function 6 years ago
Mats Klepsland 03e8e658d7 lua: add Ja3SGetString function 
Add Ja3SGetString() to return the content of the JA3S string buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_string.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_string = Ja3SGetString()
      if ja3s_string == nil then
          return
      end

      file:write(ja3s_string .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end
 6 years ago
Mats Klepsland 37a0594417 userguide: add documentation for JA3SGetHash Lua function 6 years ago
Mats Klepsland b1d5fe9657 lua: add Ja3SGetHash function 
Add Ja3SGetHash() to return the content of the JA3S hash buffer from
the TLS session.

Example:

  function init (args)
      local needs = {}
      needs["protocol"] = "tls"
      return needs
  end

  function setup (args)
      filename = SCLogPath() .. "/ja3s_hash.log"
      file = assert(io.open(filename, "a"))
  end

  function log (args)
      ja3s_hash = Ja3SGetHash()
      if ja3s_hash == nil then
          return
      end

      file:write(ja3s_hash .. "\n")
      file:flush()
  end

  function deinit (args)
      file:close()
  end

In the example above, each JA3S hash is logged to a log file.
 6 years ago
Mats Klepsland 800608ab65 userguide: add JA3S fields to the TLS logger documentation 6 years ago
Mats Klepsland a4eaef25d6 eve: add JA3S field to TLS JSON logger 
Add JA3S object to TLS JSON logger (extended log).
 6 years ago
Mats Klepsland a4471987ba app-layer-ssl: generate JA3S fingerprints 
Generate JA3S fingerprints based on fields in the ServerHello record.
 6 years ago
Alexander Gozman 3a16009966 Bug #2965: fix NFQ arguments parsing 6 years ago
Andreas Herz 8baf64f5e9 af-packet: fix setting block_timeout value through afpconfig 6 years ago
Jeff Lucovsky 8a94b93b7b doc: Anomaly logging documentation 
This changeset adds discussion of anomaly log records and
the anomaly log record format.
 6 years ago
Jeff Lucovsky 462a4e2b5b detect/analyzer: Improve warning message 
This changeset modifies the warning printed when a rule
is determined to detect in both directions.
 6 years ago
Eric Leblond 5d76f0897c af-packet: remove rollover reference 
This patch removes reference to rollover in the configuration file
and add warnings when it is used.
 6 years ago
Philippe Antoine 037d50ef06 signature: fix overflow in parsing 6 years ago
Philippe Antoine 3e12066819 http: adds events for each libhtp log 
Fixes #997
 6 years ago
Mats Klepsland 3c57ac144c detect-ssl-version: move unittests to tests/ 6 years ago
Mats Klepsland 238797cc66 detect-ssl-state: move unittests to tests/ 6 years ago
Mats Klepsland 479e73b98e detect-tls-version: move unittests to tests/ 6 years ago
Mats Klepsland 767bde5e74 detect-tls-cert-validity: move unittests to tests/ 6 years ago
Mats Klepsland a260a57b68 detect-tls-sni: move unittests to tests/ 6 years ago
Mats Klepsland adb4da3975 detect-tls-ja3-string: move unittests to tests/ 6 years ago
Mats Klepsland 74a7b7e3cf detect-tls-ja3-hash: move unittests to tests/ 6 years ago
Mats Klepsland 5d3b94b3e4 detect-tls-cert-subject: move unittests to tests/ 6 years ago
Mats Klepsland 0d728ee4c6 detect-tls-cert-serial: move unittests to tests/ 6 years ago
Mats Klepsland e125e58c97 detect-tls-cert-issuer: move unittests to tests/ 6 years ago
Mats Klepsland 3646234ac5 detect-tls-cert-fingerprint: move unittests to tests/ 6 years ago
Mats Klepsland 12d37b8b2c detect-tls: tidy up unittests 
By doing the following:
- removing unnecessary locks
- moving variable declarations
- removing redundant function 'SigCleanSignatures'
 6 years ago
Mats Klepsland 15012fc908 ja3: check if JA3 is disabled on one line 6 years ago