suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	fd4e1460cf	Add checksum validation rules to decoder events rules.	13 years ago
Victor Julien	e6af837b25	Convert StreamTcpSetEvent function into macro. Eases debug.	13 years ago
Victor Julien	58011554b0	Don't consider payload len in ACK value validation check.	13 years ago
Victor Julien	9878eca086	file handling: expand filestore keyword Filestore keyword by default (... filestore; ... ) marks only the file in the same direction as the rule match for storing. This makes sense when inspecting individual files (filemagic, filename, etc) but not so much when looking at suspicious file requests, where the actual file is in the response. The filestore keyword now takes 2 optional options: filestore:<direction>,<scope>; By default the direction is "same as rule match", and scope is "currently inspected file". For direction the following values are possible: "request" and "to_server", "response" and "to_client", "both". For scope the following values are possible: "tx" for all files in the current HTTP/1.1 transation, "ssn" and "flow" for all files in the session/flow. For the above case, where a suspious request should lead to a response file download, this would work: alert http ... content:"/suspicious/"; http_uri; filestore:response; ...	13 years ago
Victor Julien	ddfa5c49c6	Stream engine: gap handling Set a stream event for stream gaps. Add a (disabled by default) signature to the stream-event.rules.	13 years ago
Victor Julien	45d86ff58a	Stream reassembly / app layer: disable gap errors Gap errors on the app layer are now silently handled. No longer printed to the screen.	13 years ago
Victor Julien	425294f912	stream reassembly: account stream gaps Add counter to the stream reassembly engine to count stream gaps. Stream gaps are the result of missing packets (usually due to packet loss). This missing data stops the reassembly for the app layer.	13 years ago
Victor Julien	d8d8fdd9f5	Improve handling of packets when stream is in the fin_wait1 or fin_wait2 state.	13 years ago
Victor Julien	b74c73309b	file handling: improve filestore keyword handling In stateful detection only inspect the file portion of the rule after all other conditions matched. This to prevent "filestore" from tagging files for storage during a partial match. Add a couple of unittests to test the behaviour change.	13 years ago
Victor Julien	4cbe7519fa	Add missing file util code.	13 years ago
Victor Julien	a556338936	Add magic-file example to suricta.yaml.	13 years ago
Victor Julien	56b96363b8	Fix merge artefact.	13 years ago
Victor Julien	63c9a3ab85	Remove duplicate include.	13 years ago
Victor Julien	b3e1679321	file handling: add example files.rules file Adding a rule file with various examples for using the fileext, filename, filemagic and filestore keywords.	13 years ago
Victor Julien	53df3982a1	Update suricata.yaml for file extraction.	13 years ago
Victor Julien	042fd850fc	Make sure we check the sgh for no magic and no store once per flow direction.	13 years ago
Victor Julien	f3fbc1a44c	file handling: filemagic matching improvement Magic buffer is a null terminated string. Allow matching on the final \0 using filemagic:"somevalue\|00\|"; so we can anchor to the end of the buffer.	13 years ago
Victor Julien	2ccd35c6e4	Fix code after rebase.	13 years ago
Victor Julien	33848124d1	Fix a multipart body parsing issue.	13 years ago
Victor Julien	96d20098b0	file inspect: stateful inspection split Split stateful detection of the files in a HTTP state between toserver and toclient inspection.	13 years ago
Victor Julien	d59ca75e46	file extract: split toserver and toclient tracking Split toserver and toclient file tracking for the http state.	13 years ago
Victor Julien	04ea70ccf7	file extract: pruning Add pruning of files in memory so we keep only memory what we really need. Fix magic logic. Reset file part of the de_state on receiving another file in the same tx.	13 years ago
Victor Julien	1c934acc85	Don't store fd per file (too many fd's). Enable IPv6 storing. Close file on receiving stream end flag.	13 years ago
Victor Julien	b402d97179	File carving -- enable reponse file extraction - Enable response body tracking - Enable file extraction for responses - File store meta file includes magic, close reason. - Option to force magic lookup for all stored files. - Fix libmagic calls thead safety.	13 years ago
Victor Julien	66a3cd96a8	Prepare HTTP response body tracking.	13 years ago
Victor Julien	417495e542	file-extraction: remove no longer used files.	13 years ago
Victor Julien	e1022ee5ae	file-extraction: Disconnect file handling from flow and move into the app layer state.	13 years ago
Victor Julien	27645f64c6	Remove unused util-filetype.[ch] from Makefile.am.	13 years ago
Victor Julien	9b62ec65ab	Make sure filemagic works properly regardless of filestore being in use for a flow.	13 years ago
Victor Julien	5945e652d6	Initial implementation of filemagic keyword.	13 years ago
Victor Julien	f4a6f4b293	Add libmagic detection, linking and a basic API.	13 years ago
Victor Julien	23e01d23d3	Implement filestore keyword, including a way for the stateful detection engine to conclude that a file will never have to be stored.	13 years ago
Victor Julien	3e7baa6810	Fix improper error handling in http body chunk function.	13 years ago
Victor Julien	403b2788d6	Add support for extracting PUT files.	13 years ago
Victor Julien	59cda9a358	Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test.	13 years ago
Victor Julien	64aee5e70c	Add file log to default suricata.yaml.	13 years ago
Victor Julien	ef0536794c	Adding comments, some cleanups.	13 years ago
Victor Julien	21acd72adf	Cleanups to the Multipart parsing code. Fixes to negation in filename and fileext.	13 years ago
Victor Julien	70f0d3d2e7	Add negation to filename and fileext, use same syntax as with content.	13 years ago
Victor Julien	32fb9f375d	log-file log-dir option added, meta file created, fixes.	13 years ago
Victor Julien	a6b7a560f1	Fix a bug in the HTTP file closing.	13 years ago
Victor Julien	7e3d537338	Fix setting libhtp personality.	13 years ago
Victor Julien	1eef36b011	Initial checkin of a log-file module, that can write files extracted from flows to disk.	13 years ago
Victor Julien	3c1edf3763	Add a file descriptor to the flow file structure.	13 years ago
Victor Julien	cd618e48df	Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing.	13 years ago
Victor Julien	4723f07254	Improve testing and fix some bugs.	13 years ago
Victor Julien	9d5d46c4bb	Implement flow file storage API, create HTP wrappers for it, use it in HTTP parsing.	13 years ago
Victor Julien	a0ee6ade3e	Improve HTTP multipart parsing, add streaming parsing for files.	13 years ago
Victor Julien	4537f889ef	Handle all strings as raw strings in HTTP content-type and content-disposition header parsing.	13 years ago
System Administrator	222bc6e935	Flow files	13 years ago

... 10 11 12 13 14 ...

3205 Commits (02e19502c7ecd46ae43b1aa7f168f1f80a02a486) All Branches Search

3205 Commits (02e19502c7ecd46ae43b1aa7f168f1f80a02a486)

All Branches