aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,399 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'cbeb8a86b7'
${ noResults }
Commit Graph

3399 Commits (cbeb8a86b76236a8645d6f1421312b234d13c0f9)
 

Author SHA1 Message Date
Victor Julien cbeb8a86b7 pcap: fix compilation on old libpcap 13 years ago
Eric Leblond 16bdcbeb0e tm-thread: suppress rarely used variable. 13 years ago
Eric Leblond 92679442ca Convert to atomic and disable check on HTP config change. 
This patch converts the series of variable to an atomic.

Furthermore, as the callbacks are now always run, it is not
necessary anymore to refuse a ruleswap if HTP parameters are
changing.
 13 years ago
Eric Leblond 66a083dafa Get rid of AppLayerHtpRegisterExtraCallbacks 
This patch add a early exit condition to the body handling callback.
This permits to avoid to avoid a complex system to handle htp
object change.
 13 years ago
Eric Leblond 7e09cdc265 Delay Detect threads initialization 
This patch modifies the init of Detect threads. They are now started
with a dummy function and their initialisation is done after the
signatures are loaded. Just after this, the dummy function is switched
to normal one.

In IPS mode, this permit to route packets without waiting for the
signature to start and should fix #488.

Offline mode such as pcap file don't use this mode to be sure to
analyse all packets in the file.

The patch introduces a "delayed-detect" configuration variable
under detect-engine. It can be used to activate the feature
(set to "yes" to have signature loaded after capture is started).
 13 years ago
Eric Leblond eaea832a4e pcap: handle failure of packet treatment 
If the loop is breaked, this means we've got a treatment error. We
don't need to reconnect but we must exit with correct status.
 13 years ago
Eric Leblond f82573be12 tls: suppress always true condition. 13 years ago
Eric Leblond a3b2cee0d5 detect-tls: various indent fixes. 
And delete a useless FIXME.
 13 years ago
Eric Leblond b253d1a499 tls: store all the certificates chain in the written PEM file. 
When using the tls.store command, a dump of all certificates in
the chain is now done on the disk.
 13 years ago
Eric Leblond 152b4eaf56 tls: keep pointers to all certificates in chain 
When multiple certificates forming a chain are sent. A pointer to
the start of each certificate is kept. This will allow treatment
on certificates chains.
 13 years ago
Jean-Paul Roliers c4df7a45ae tls: adding store option for TLS 
This patch adds a TLS store option to save certificate in PEM format.
Each time the store action is met, a file and a metafile are created.

Reworked-by: Eric Leblond <eric@regit.org>
 13 years ago
Jean-Paul Roliers 00d4357362 tls: adding support for fingerprint rule matching. 
Add the support for tls.fingerprint keyword in rules.
 13 years ago
Jean-Paul Roliers bf386a396d tls: adding fingerprint to TLS Log information. 
Improve TLS logging by adding the certificate fingerprint to TLS Log file.
Add the extending option to the tls-log entry in suricata.yaml.
 13 years ago
Jean-Paul Roliers 644c1b3cad tls: adding fingerprint calculation. 
Adding a pointer in ssl_state struct and compute fingerprint during
certificate decoding.
 13 years ago
Eric Leblond 3df20d0544 tls: add NSS version for SHA1 computing function. 13 years ago
Jean-Paul Roliers 9071bcf983 tls: adding cryptographic functions. 
Adding util-crypt containing cryptographic functions as SHA1 and Base64.
 13 years ago
Jean-Paul Roliers efdf96ccba tls: adding TLS Log support 
Creation of the log-tlslog file in order to log tls message.
Need to add some information into suricata.yaml to work.

  - tls-log:
      enabled: yes	# Log TLS connections.
      filename: tls.log # File to store TLS logs.
 13 years ago
Anoop Saldanha 3eb0fd878d Don't wait for packetpool to be back to full state before continuing with the shutdown process, on received shutdown signal 13 years ago
Anoop Saldanha 5f198e3a1d Suricata shutdown updates + minor cleanup 13 years ago
Anoop Saldanha 34581ce902 rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup 13 years ago
Ignacio Sanchez b057a20f10 Custom logging feature for log-httplog 13 years ago
Eric Leblond def0270de7 decode: decode IPv6-in-IPv6 
This patch adds decoding of IPv6-in-IPv6. It also adds some events
for invalid packets.

This patch should fix #514.
 13 years ago
Victor Julien 438dd61948 Update version number to reflect we're working towards 1.4 now. 13 years ago
Eric Leblond f9046d8284 Add teredo counter. 13 years ago
Eric Leblond 09d893127e defrag: prealloc more frags. 13 years ago
Eric Leblond 6475f99bea defrag: Fix description of params 
The max-frags params is not what it is.
 13 years ago
Eric Leblond fd32159464 defrag: add some events relative to defragmentation 13 years ago
Eric Leblond d2aa0407c4 defrag: Fix unittest logic. 
We've linked the size of hash with trackers. Thus calling DefragInit()
after setting the configuration variable is more logic.
 13 years ago
Eric Leblond 0fd2c93c96 defrag: link hash size with number of frags. 
We set defrag_hash_size by using the number of trackers. This is
effective to avoid collision.
 13 years ago
Eric Leblond f328e18d59 defrag: fix some integer type warning. 13 years ago
Eric Leblond b1b4cd2729 defrag: really use 'max-frags' variable. 
The 'max-frags' variable was not used and the 'trackers' variable was
not documented. This patch fixes the two issues.
 13 years ago
Eric Leblond 6480cd1b9c Teredo tunnel supports 
This patch should fix #480 by adding the support of Teredo tunnel.
The IPv6 content of the tunnel will be parsed in a similar way as
what is done the GRE tunnel. Signatures will then be matched on the
IPv6 content.
 13 years ago
Eric Leblond 09fa0b9542 Add support for IPv4-in-IPv6 
This patch adds support for IPv4-in-IPv6 and should fix #462.
 13 years ago
Eric Leblond 2c57275921 nfq: implement "fail-open" support. 
On linux >= 3.6, you can use the fail-open option on a NFQ queue
to have the kernel accept the packet if userspace is not able to keep
pace.

Please note that the kernel will not trigger an error if the feature is activated
in userspace libraries but not available in kernel.

This patch implements the option for suricata by adding a nfq.fail-open
configuration variable which is desactivated by default.
 13 years ago
Eric Leblond 9e54819121 yaml: suppress old variable in pfring section. 13 years ago
Eric Leblond d492683aa4 autotools: error on autoreconf is an error 13 years ago
Eric Leblond adbf85c4a9 autotools: fix detection with clang 
This patch improve detection of type of nfq_get_payload() by only
converting to error the warning we have when using the wrong type.
 13 years ago
Eric Leblond e0ddcdd194 autotools: rename configure.in to configure.ac 
configure.in is deprecated since long and will be replaced by
configure.ac. For more information, see:
  http://lists.gnu.org/archive/html/automake/2012-08/msg00023.html
 13 years ago
Eric Leblond 452d3c4308 tm-thread: exit loop if suri want to quit 13 years ago
Eric Leblond f389a1201f tm-thread: run thread init function sequentially. 
On some setup you want to run each thread init function sequentially.
For example, if I use flow_cpu load balancing on AF_PACKET, my target
is to have CPU 0 (first socket in the group) to be link with the
thread 0 in detect cpu set (first thread to be initialised). A good
way to achieve this is to run only one thread init function at a time
to avoid any possible race condition.
 13 years ago
Victor Julien e28835af91 Update Changelog to include 1.3.1 changes. 13 years ago
Victor Julien f1b6f7a9e6 rule analyzer: make analyzer aware of http_user_agent pcre flag /V. 13 years ago
Victor Julien e737e2dc56 http: after path double decoding, also normalize the path again. #504. 13 years ago
Victor Julien e839cea9e5 Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504. 13 years ago
Victor Julien e0bfcb7dde Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP. 13 years ago
Victor Julien bd6b865473 rule analyzer: fix fast pattern analyzer reporting wrong filename (same as rule analyzer). 13 years ago
Eric Leblond 11c3167583 stream-tcp: no checksum alert if validation is off 
This patch disables checksum alert if checksum-validation is set
to no in the configuration file. Without this patch, when parsing
a pcap which checksum offloading, it was not possible to get rid
of event caused by checksum validation.
 13 years ago
Victor Julien c51a3aad17 stream: handle case where Suricata sees 3whs-ACK but server doesn't. Bug #523. 13 years ago
Victor Julien 5cc8a09257 stream: fix unittest broken by new flags handling. 13 years ago
Victor Julien ad827ad030 http: add more decoding unittests. 13 years ago