aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,701 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd84dc02bd7'
${ noResults }
Commit Graph

27 Commits (d84dc02bd706694a97f99775239e5af67e6c6104)

Author SHA1 Message Date
Eric Leblond ab3aed7d25 decode: update icmpv6 message handling 
This patch adds two new events relative to icmpv6. One for packets
using unassigned icmpv6 type. The second one for packets using
private experimentation type.

Icmpv6 type table taken from http://www.iana.org/assignments/icmpv6-parameters/icmpv6-parameters.xhtml#icmpv6-parameters-2
 9 years ago
Victor Julien 928957f0a3 decode: add ERSPANv1 decoder 
Only allow v1 to be parsed as thats what is tested.

Take vlan_id from the ERSPAN layer.
 10 years ago
Victor Julien 04ccfda639 pcap: implement LINKTYPE_NULL 
Implement LINKTYPE_NULL for pcap live and pcap file.

From: http://www.tcpdump.org/linktypes.html

"BSD loopback encapsulation; the link layer header is a 4-byte field,
 in host byte order, containing a PF_ value from socket.h for the
 network-layer protocol of the packet.

 Note that ``host byte order'' is the byte order of the machine on
 which the packets are captured, and the PF_ values are for the OS
 of the machine on which the packets are captured; if a live capture
 is being done, ``host byte order'' is the byte order of the machine
 capturing the packets, and the PF_ values are those of the OS of
 the machine capturing the packets, but if a ``savefile'' is being
 read, the byte order and PF_ values are not necessarily those of
 the machine reading the capture file."

Feature ticket #1445
 10 years ago
Victor Julien 0bb2b15491 ipv6: check for MLD messages with HL not 1 
MLD messages should have a hop limit of 1 only. All others are invalid.

Written at MLD talk of Enno Rey, Antonios Atlasis & Jayson Salazar during
Deepsec 2014.
 10 years ago
Jason Ish 55c45ac91d Fix MPLS decoder rules. 11 years ago
Jason Ish 65f40cbeaa Don't default to ethernet, ethernet should be preceded by a pseudowire. 
If the payload type can't be determined, raise an alert.
 11 years ago
Jason Ish 348b0e0e9f Set decoder events for labels that shouldn't be seen on the wire. 
Add unit tests to test for mpls decoder events.
 11 years ago
Victor Julien 7c05685421 ipv6: set event on unsupported nh 
If a next header / protocol is encountered that we can't handle (yet)
set an event. Disabled the rule by default.

    decode-event:ipv6.unknown_next_header;
 11 years ago
Victor Julien bbcdb657da ipv6: more robust ipv6 exthdr handling 
Skip past Shim6, HIP and Mobility header.

Detect data after 'none' header.
    decode-event:ipv6.data_after_none_header;
 11 years ago
Victor Julien 938602c55e ipv6: detect frag header reserved field non-zero 
Frag Header length field is reserved, and should be set to 0.

    decode-event:ipv6.fh_non_zero_reserved_field;
 11 years ago
Victor Julien 8c19e5ff63 ipv6: make exthdr parsing more robust 
Improve data length checks. Detect PadN option with 0 length.
 11 years ago
Victor Julien abee95ca4f ipv6: set flag on type 0 routing header 
Type 0 Routing headers are deprecated per RFC 5095.

This patch sets an decode event flag that can be matched on through:
    decode-event:ipv6.rh_type_0;
 11 years ago
Victor Julien fdca557e01 ipv4 decoder: set 'invalid' event on icmpv6 
ICMPv6 on IPv4 is invalid, so if we encounter this we set an event
and flag the packet as invalid.

Ticket #1105.
 11 years ago
Victor Julien fb16cf1a5a vlan: add rule for new 'too many layers' event 12 years ago
Victor Julien 1eed3f2233 ipv6: add event for ipv6 packet with icmpv4 header 12 years ago
Victor Julien 150b0c5ae0 ipv6: add option to detect HOP/DST headers with only padding. Detect unknown DST/HOP opts. 12 years ago
Eric Leblond def0270de7 decode: decode IPv6-in-IPv6 
This patch adds decoding of IPv6-in-IPv6. It also adds some events
for invalid packets.

This patch should fix #514.
 13 years ago
Eric Leblond 09fa0b9542 Add support for IPv4-in-IPv6 
This patch adds support for IPv4-in-IPv6 and should fix #462.
 13 years ago
Victor Julien b976ff228a ipv6: fix an AH header parsing issue. Add decoder event for non-null reserved fields. 13 years ago
Victor Julien 374947c354 ipv6: properly deal with packets containing a FH header that has offset 0 and no more frags flag set. 13 years ago
Victor Julien fd4e1460cf Add checksum validation rules to decoder events rules. 13 years ago
Victor Julien d9ad1b00b3 Clean up SID allocation for decoder and stream rules. 13 years ago
Victor Julien 83c3f15812 Minor fixes in defrag engine, shrink DefragTracker_ structure. 14 years ago
Jason Ish 0385f72669 Use separate frag decoder events for IPv4 and IPv6. 14 years ago
Jason Ish de1c40c44f Set decoder event on fragment overlaps. 14 years ago
Jason Ish 6da9c64a28 Set decoder event when re-assembled fragments would exceed max IP packet size. 14 years ago
Victor Julien 6a048f2d69 Include initial version of decoder-event rules. 14 years ago