aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add stream events support to 'engine-event' keyword

Browse Source 
This patch adds the list of stream events (with associated
keywords) to the list of events that can be treated by 'engine-event'.
remotes/origin/master-1.1.x
Eric Leblond 14 years ago
parent e3a6d8955e
commit eb0d4e4d8b
1 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File

49
src/detect-engine-event.h
Unescape Escape View File

@ -114,6 +114,55 @@ struct DetectEngineEvents_ {
{ "ipv4.frag_overlap", IPV4_FRAG_OVERLAP, },
{ "ipv6.frag_too_large", IPV6_FRAG_PKT_TOO_LARGE, },
{ "ipv6.frag_overlap", IPV6_FRAG_OVERLAP, },
{ "stream.3whs_ack_in_wrong_dir", STREAM_3WHS_ACK_IN_WRONG_DIR, },
{ "stream.3whs_async_wrong_seq", STREAM_3WHS_ASYNC_WRONG_SEQ, },
{ "stream.3whs_right_seq_wrong_ack_evasion", STREAM_3WHS_RIGHT_SEQ_WRONG_ACK_EVASION, },
{ "stream.3whs_synack_in_wrong_direction", STREAM_3WHS_SYNACK_IN_WRONG_DIRECTION, },
{ "stream.3whs_synack_resend_with_different_ack", STREAM_3WHS_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
{ "stream.3whs_synack_resend_with_diff_seq", STREAM_3WHS_SYNACK_RESEND_WITH_DIFF_SEQ, },
{ "stream.3whs_synack_toserver_on_syn_recv", STREAM_3WHS_SYNACK_TOSERVER_ON_SYN_RECV, },
{ "stream.3whs_synack_with_wrong_ack", STREAM_3WHS_SYNACK_WITH_WRONG_ACK, },
{ "stream.3whs_syn_resend_diff_seq_on_syn_recv", STREAM_3WHS_SYN_RESEND_DIFF_SEQ_ON_SYN_RECV, },
{ "stream.3whs_syn_toclient_on_syn_recv", STREAM_3WHS_SYN_TOCLIENT_ON_SYN_RECV, },
{ "stream.3whs_wrong_seq_wrong_ack", STREAM_3WHS_WRONG_SEQ_WRONG_ACK, },
{ "stream.4whs_synack_with_wrong_ack", STREAM_4WHS_SYNACK_WITH_WRONG_ACK, },
{ "stream.4whs_synack_with_wrong_syn", STREAM_4WHS_SYNACK_WITH_WRONG_SYN, },
{ "stream.4whs_wrong_seq", STREAM_4WHS_WRONG_SEQ, },
{ "stream.4whs_invalid_ack", STREAM_4WHS_INVALID_ACK, },
{ "stream.closewait_ack_out_of_window", STREAM_CLOSEWAIT_ACK_OUT_OF_WINDOW, },
{ "stream.closewait_fin_out_of_window", STREAM_CLOSEWAIT_FIN_OUT_OF_WINDOW, },
{ "stream.closewait_invalid_ack", STREAM_CLOSEWAIT_INVALID_ACK, },
{ "stream.closing_ack_wrong_seq", STREAM_CLOSING_ACK_WRONG_SEQ, },
{ "stream.closing_invalid_ack", STREAM_CLOSING_INVALID_ACK, },
{ "stream.est_packet_out_of_window", STREAM_EST_PACKET_OUT_OF_WINDOW, },
{ "stream.est_pkt_before_last_ack", STREAM_EST_PKT_BEFORE_LAST_ACK, },
{ "stream.est_synack_resend", STREAM_EST_SYNACK_RESEND, },
{ "stream.est_synack_resend_with_different_ack", STREAM_EST_SYNACK_RESEND_WITH_DIFFERENT_ACK, },
{ "stream.est_synack_resend_with_diff_seq", STREAM_EST_SYNACK_RESEND_WITH_DIFF_SEQ, },
{ "stream.est_synack_toserver", STREAM_EST_SYNACK_TOSERVER, },
{ "stream.est_syn_resend", STREAM_EST_SYN_RESEND, },
{ "stream.est_syn_resend_diff_seq", STREAM_EST_SYN_RESEND_DIFF_SEQ, },
{ "stream.est_syn_toclient", STREAM_EST_SYN_TOCLIENT, },
{ "stream.est_invalid_ack", STREAM_EST_INVALID_ACK, },
{ "stream.fin_invalid_ack", STREAM_FIN_INVALID_ACK, },
{ "stream.fin1_ack_wrong_seq", STREAM_FIN1_ACK_WRONG_SEQ, },
{ "stream.fin1_fin_wrong_seq", STREAM_FIN1_FIN_WRONG_SEQ, },
{ "stream.fin1_invalid_ack", STREAM_FIN1_INVALID_ACK, },
{ "stream.fin2_ack_wrong_seq", STREAM_FIN2_ACK_WRONG_SEQ, },
{ "stream.fin2_fin_wrong_seq", STREAM_FIN2_FIN_WRONG_SEQ, },
{ "stream.fin2_invalid_ack", STREAM_FIN2_INVALID_ACK, },
{ "stream.fin_but_no_session", STREAM_FIN_BUT_NO_SESSION, },
{ "stream.fin_out_of_window", STREAM_FIN_OUT_OF_WINDOW, },
{ "stream.lastack_ack_wrong_seq", STREAM_LASTACK_ACK_WRONG_SEQ, },
{ "stream.lastack_invalid_ack", STREAM_LASTACK_INVALID_ACK, },
{ "stream.rst_but_no_session", STREAM_RST_BUT_NO_SESSION, },
{ "stream.timewait_ack_wrong_seq", STREAM_TIMEWAIT_ACK_WRONG_SEQ, },
{ "stream.timewait_invalid_ack", STREAM_TIMEWAIT_INVALID_ACK, },
{ "stream.pkt_invalid_timestamp", STREAM_PKT_INVALID_TIMESTAMP, },
{ "stream.pkt_invalid_ack", STREAM_PKT_INVALID_ACK, },
{ "stream.rst_invalid_ack", STREAM_RST_INVALID_ACK, },
{ "stream.reassembly_segment_before_base_seq", STREAM_REASSEMBLY_SEGMENT_BEFORE_BASE_SEQ, },
{ "stream.reassembly_no_segment", STREAM_REASSEMBLY_NO_SEGMENT, },
{ NULL, 0 },
};
#endif /* DETECT_EVENTS */

Write Preview
Loading…
Cancel
Save