Commit Graph

9425 Commits (c99dc5a7bfc3b29f746d28f868d3233b37625770)
 

Author SHA1 Message Date
Victor Julien 127937b2dd detect/analyzer: add debug statements 7 years ago
Victor Julien c05459ce89 detect/analyzer: fix json analyzer being called on incomplete rules 7 years ago
Victor Julien c62273f4fd rust/smb: silence noisy debug messages 7 years ago
Victor Julien 6c97909a92 stream/events: log as stats 7 years ago
Victor Julien fa06879563 detect/events: cleanup keyword 7 years ago
Victor Julien 5afeebf884 doc/flow: updates and cleanups to flow section 7 years ago
Victor Julien 2ae8d1a208 cocci/detect: add flags check to SigTableElmt 7 years ago
Victor Julien ecb5d6419b rules/transform: add to list-keywords 7 years ago
Victor Julien 72dd4a5f92 doc/rules: initial transforms documentation 7 years ago
Victor Julien 226fe5cab3 doc/performance: redo runmodes explanation 7 years ago
Victor Julien 17e2d39531 doc/install: update Rust info in generic install overview 7 years ago
Victor Julien 473688746b doc/eve: add community id 7 years ago
Mats Klepsland 81cdcd315b detect-ssh-software: fix url for keyword 7 years ago
Mats Klepsland 08efbdc632 detect-ssh-software-version: add description and url to keyword 7 years ago
Mats Klepsland f4da3050f2 detect-ssh-proto-version: add description and url to keyword 7 years ago
Mats Klepsland c58252bb3b detect-ssh-proto: fix url for keyword 7 years ago
Mats Klepsland e92fda37c9 doc: add documentation for SSH keywords 7 years ago
Victor Julien fd13970bfa changelog: update for 4.1rc2 7 years ago
Victor Julien 083908f3be rust/ike2: free destate on tx free
Bug #2604
7 years ago
Jason Ish 6f00ba0659 rust: fix (again) out of tree builds
As the generated Cargo.toml is shipped as part of a release
tarball, build from the source directory but set the cargo
CARGO_TARGET_DIR to the build directory.
7 years ago
Pascal Delalande 64922a476e doc: remove deprecated force-md5 flag from userguide 7 years ago
Travis Green 576b3b6a81 Added new classifications to classification.conf
Added classifications from rule-writing community feedback.
7 years ago
Victor Julien daaa90d515 rust/smb: suppress noisy messages 7 years ago
Victor Julien c4d8508f51 eve/json: introduce community flow id
Add support for community flow id, meant to give a records a
predictable flow id that can be used to match records to
output of other tools.

Takes a 'seed' that needs to be same across sensors and tools
to make the id less predictable.
7 years ago
Victor Julien e956b484c5 eve/json: handle common options in central function 7 years ago
Victor Julien df1ec82b55 eve/json: move common settings into it's own struct 7 years ago
Victor Julien 116c03cf17 nfs: use common json output structures 7 years ago
Victor Julien 04edc7cb6c smb: use common json output structures 7 years ago
Victor Julien 8b8270e732 eve/json: add common helper funcs
Add simple helper funcs for option-less loggers
7 years ago
Victor Julien f357ad1df2 eve/flow: minor cleanups 7 years ago
Victor Julien 7bf71805b8 hash/sha1: optimize by avoiding mem alloc
Don't allocate an output buffer for each call. These buffers
would have the exact same size every time.
7 years ago
Victor Julien c54acd3a6e travis: update rust to 1.29.1, add auto & disabled tests 7 years ago
Victor Julien ed712768d5 rust: enable by default
Remove 'experimental' label for Rust, and enable it by default if
rustc and cargo (and libjansson) are available.

Add rustc and cargo versions to the build-info.
7 years ago
Victor Julien 4ece6ba758 configure: fix and cleanup nss and nspr detection 7 years ago
Victor Julien 4d5024255f smb/dcerpc: remove now unused ssn2maxsize_map 7 years ago
Victor Julien 4d044483cf smb/dcerpc: clean up and unify DCERPC probe logic 7 years ago
Victor Julien ac4e888597 smb2/dcerpc: probe if response data is dcerpc
If we missed the tree connect we can't know for sure if we're
reading from a (DCERPC) PIPE or not. In this case probe the data
to see if it looks like DCERPC.

If the detection succeeds, use a special 'suricata::dcerpc' service
in the TX.

Simplify handling of DCERPC records that cross records

Update logging for the response only TXs.
7 years ago
Victor Julien 9dd7c38113 smb2: skip rest of READ response if status is not success 7 years ago
jason taylor 7f4e5e6eac userguide: update hyperscan documentation
Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
Victor Julien ae10a92bc6 rust/applayer: use correct return type for Parser
The mismatch between the types would randomly lead to the return code
of the Rust parser to be not correctly handled over the C/Rust
boundary. This would lead to the API considering a parser to be in
error state when it was not.
7 years ago
Victor Julien efbb5ce0fe afpacket: fix formatting of errors 7 years ago
Victor Julien 8d5da9e00f dns: shrink per flow state by improving layout 7 years ago
Victor Julien 275cf9b029 detect/ttl: major clean up of ttl code
Redo unittests using FAIL/PASS macros
Switch parsing to pcre_copy_substring.
Misc cleanups.
7 years ago
Victor Julien 13ea30ef23 spelling: fixing minor spelling mistakes 7 years ago
Victor Julien 8b213e9d63 yaml: fix typo 7 years ago
Hilko Bengen 731c2b2e17 configure: Fixed "no" output for XDP, libnss, libnspr 7 years ago
Danny Browning a307e637c6 suricata: file existence check (bug #2615)
Files and directories passed via command line option -r should be checked for
existence during command line parsing and not start additional suricata
functionality.
7 years ago
jason taylor d038c78cd6 config: added ja3 to tls custom logging example
Signed-off-by: jason taylor <jtfas90@gmail.com>
7 years ago
Mats Klepsland 8c3f1aa7a5 tlslog: don't log as "resumed" without ServerHello
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.
7 years ago
Mats Klepsland 814e1624c2 output-json-tls: don't log as "resumed" without ServerHello
Don't log a session as "resumed" if a ServerHello record has not been
seen. This makes sure that incomplete TLS sessions where the ClientHello
contains a session ticket, is not logged as a session resumption.
7 years ago