Jean-Paul Roliers
00d4357362
tls: adding support for fingerprint rule matching.
...
Add the support for tls.fingerprint keyword in rules.
13 years ago
Jean-Paul Roliers
bf386a396d
tls: adding fingerprint to TLS Log information.
...
Improve TLS logging by adding the certificate fingerprint to TLS Log file.
Add the extending option to the tls-log entry in suricata.yaml.
13 years ago
Jean-Paul Roliers
644c1b3cad
tls: adding fingerprint calculation.
...
Adding a pointer in ssl_state struct and compute fingerprint during
certificate decoding.
13 years ago
Eric Leblond
3df20d0544
tls: add NSS version for SHA1 computing function.
13 years ago
Jean-Paul Roliers
9071bcf983
tls: adding cryptographic functions.
...
Adding util-crypt containing cryptographic functions as SHA1 and Base64.
13 years ago
Jean-Paul Roliers
efdf96ccba
tls: adding TLS Log support
...
Creation of the log-tlslog file in order to log tls message.
Need to add some information into suricata.yaml to work.
- tls-log:
enabled: yes # Log TLS connections.
filename: tls.log # File to store TLS logs.
13 years ago
Anoop Saldanha
3eb0fd878d
Don't wait for packetpool to be back to full state before continuing with the shutdown process, on received shutdown signal
13 years ago
Anoop Saldanha
5f198e3a1d
Suricata shutdown updates + minor cleanup
13 years ago
Anoop Saldanha
34581ce902
rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup
13 years ago
Ignacio Sanchez
b057a20f10
Custom logging feature for log-httplog
13 years ago
Eric Leblond
def0270de7
decode: decode IPv6-in-IPv6
...
This patch adds decoding of IPv6-in-IPv6. It also adds some events
for invalid packets.
This patch should fix #514 .
13 years ago
Victor Julien
438dd61948
Update version number to reflect we're working towards 1.4 now.
13 years ago
Eric Leblond
f9046d8284
Add teredo counter.
13 years ago
Eric Leblond
09d893127e
defrag: prealloc more frags.
13 years ago
Eric Leblond
6475f99bea
defrag: Fix description of params
...
The max-frags params is not what it is.
13 years ago
Eric Leblond
fd32159464
defrag: add some events relative to defragmentation
13 years ago
Eric Leblond
d2aa0407c4
defrag: Fix unittest logic.
...
We've linked the size of hash with trackers. Thus calling DefragInit()
after setting the configuration variable is more logic.
13 years ago
Eric Leblond
0fd2c93c96
defrag: link hash size with number of frags.
...
We set defrag_hash_size by using the number of trackers. This is
effective to avoid collision.
13 years ago
Eric Leblond
f328e18d59
defrag: fix some integer type warning.
13 years ago
Eric Leblond
b1b4cd2729
defrag: really use 'max-frags' variable.
...
The 'max-frags' variable was not used and the 'trackers' variable was
not documented. This patch fixes the two issues.
13 years ago
Eric Leblond
6480cd1b9c
Teredo tunnel supports
...
This patch should fix #480 by adding the support of Teredo tunnel.
The IPv6 content of the tunnel will be parsed in a similar way as
what is done the GRE tunnel. Signatures will then be matched on the
IPv6 content.
13 years ago
Eric Leblond
09fa0b9542
Add support for IPv4-in-IPv6
...
This patch adds support for IPv4-in-IPv6 and should fix #462 .
13 years ago
Eric Leblond
2c57275921
nfq: implement "fail-open" support.
...
On linux >= 3.6, you can use the fail-open option on a NFQ queue
to have the kernel accept the packet if userspace is not able to keep
pace.
Please note that the kernel will not trigger an error if the feature is activated
in userspace libraries but not available in kernel.
This patch implements the option for suricata by adding a nfq.fail-open
configuration variable which is desactivated by default.
13 years ago
Eric Leblond
9e54819121
yaml: suppress old variable in pfring section.
13 years ago
Eric Leblond
d492683aa4
autotools: error on autoreconf is an error
13 years ago
Eric Leblond
adbf85c4a9
autotools: fix detection with clang
...
This patch improve detection of type of nfq_get_payload() by only
converting to error the warning we have when using the wrong type.
13 years ago
Eric Leblond
e0ddcdd194
autotools: rename configure.in to configure.ac
...
configure.in is deprecated since long and will be replaced by
configure.ac. For more information, see:
http://lists.gnu.org/archive/html/automake/2012-08/msg00023.html
13 years ago
Eric Leblond
452d3c4308
tm-thread: exit loop if suri want to quit
13 years ago
Eric Leblond
f389a1201f
tm-thread: run thread init function sequentially.
...
On some setup you want to run each thread init function sequentially.
For example, if I use flow_cpu load balancing on AF_PACKET, my target
is to have CPU 0 (first socket in the group) to be link with the
thread 0 in detect cpu set (first thread to be initialised). A good
way to achieve this is to run only one thread init function at a time
to avoid any possible race condition.
13 years ago
Victor Julien
e28835af91
Update Changelog to include 1.3.1 changes.
13 years ago
Victor Julien
f1b6f7a9e6
rule analyzer: make analyzer aware of http_user_agent pcre flag /V.
13 years ago
Victor Julien
e737e2dc56
http: after path double decoding, also normalize the path again. #504 .
13 years ago
Victor Julien
e839cea9e5
Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504 .
13 years ago
Victor Julien
e0bfcb7dde
Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP.
13 years ago
Victor Julien
bd6b865473
rule analyzer: fix fast pattern analyzer reporting wrong filename (same as rule analyzer).
13 years ago
Eric Leblond
11c3167583
stream-tcp: no checksum alert if validation is off
...
This patch disables checksum alert if checksum-validation is set
to no in the configuration file. Without this patch, when parsing
a pcap which checksum offloading, it was not possible to get rid
of event caused by checksum validation.
13 years ago
Victor Julien
c51a3aad17
stream: handle case where Suricata sees 3whs-ACK but server doesn't. Bug #523 .
13 years ago
Victor Julien
5cc8a09257
stream: fix unittest broken by new flags handling.
13 years ago
Victor Julien
ad827ad030
http: add more decoding unittests.
13 years ago
Victor Julien
4c6fd7ad4c
Bug #510 . Produce error if max-pending-packets is higher than 65534.
13 years ago
Victor Julien
6841171882
profiling: fix 'match' counter sometimes not incrementing. #460 .
13 years ago
Victor Julien
f9cde717e7
Use SCFree instead of free in DER decoder.
13 years ago
Victor Julien
c44f4c13fc
stream: improve TCP flags handling
13 years ago
Eric Leblond
09e709d1c5
af-packet: fix reconnect code
...
Reconnect code was in a "work by luck" stage as we did not update
the socket number after reconnect.
13 years ago
Anoop Saldanha
64fad5b36e
Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig.
...
Noticing a good spike in perf with et_pro ruleset.
Thanks to Will Metcalf for the suggestion.
13 years ago
Anoop Saldanha
fe4c66461f
bug #466 - Updated getticks() to serialize execution of rdtsc with cpuid
13 years ago
Anoop Saldanha
41bb3b95f9
bug 508 - List (ack | cwr | ecn) combination to be accepted by our stream engine.
...
This isn't a perfect solution. More like we have patched this for the case we
are in tcp's established state. The right solution would be to accept states
based on the presence(using operator OR) of certain flags in the tcp header,
rather than list out all possible flag combinations.
13 years ago
Anoop Saldanha
1c41672f5e
invalidate sigs if depth > content_length
13 years ago
Eric Leblond
8ebc625711
tls: fix keyword regular expression
...
Space, dash and comma are valid.
13 years ago
Eric Leblond
a369f8c359
af-packet: loop on ring if there is data to read.
...
This patch should bring some improvements by looping on the
ring when there is some data available instead of getting back
to the poll. It also fix recovery in case of drops on the ring
because the poll command will not return correctly in this case.
13 years ago