aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,804 Commits
7 Branches
159 Tags
196 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1ac805f1b3'
${ noResults }
Commit Graph

241 Commits (1ac805f1b3018dad46e87eeb77fb8ee4116048fa)

Author SHA1 Message Date
Anoop Saldanha 966119b6aa support for http_raw_uri keyword + mpm engine 14 years ago
Victor Julien b9fd978253 Fix compiler warnings in two unittests. 14 years ago
Victor Julien 153f9298e7 Fix priority handling during the signature parsing stage. Fixes #275. 15 years ago
Gurvinder Singh 27f67c97de log error on duplicate sig and also for dup sig with newer revision 15 years ago
Eric Leblond 2c80f18dc9 detect: Add sctp detection and parsing. 
This patch adds the support of SCTP in signature subsystem.
 15 years ago
Anoop Saldanha c9897a44a4 fast pattern support for http_cookie. Also support relative modifiers 15 years ago
Anoop Saldanha bbbedaf963 fast pattern support for http_method. Also support relative modifiers 15 years ago
Anoop Saldanha 2321a4dd58 support isdataat negation. Also fix addiing isdataat to appropriate lists 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Anoop Saldanha 2b781f00d7 support relative pcre for client body. All pcre processing for client body moved to hcbd engine 15 years ago
Victor Julien 435d0fb327 Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering. 15 years ago
Victor Julien 169aa5581a Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose. 15 years ago
Victor Julien d7b92d9bfe Consolidate several signature flags into one. 15 years ago
Anoop Saldanha 07f20674ac allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body; 15 years ago
Anoop Saldanha 5c6a65dc58 support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch] 15 years ago
Anoop Saldanha 4883efd0f6 unifying content structure - uricontent now uses DetectContentData 15 years ago
Anoop Saldanha 6eaba8941c Use new flags to indicate uricontent has a mpm set 15 years ago
Anoop Saldanha 46b4806d8e use a single populatempm() function to add the right content for mpm 15 years ago
Anoop Saldanha 4a038511ff Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes 15 years ago
Anoop Saldanha ede7be34b5 replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH] 15 years ago
Anoop Saldanha 3d2f81d978 replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH] 15 years ago
Anoop Saldanha a7353be20d replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH] 15 years ago
Anoop Saldanha e0476242c6 replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH] 15 years ago
Anoop Saldanha e54358a9e1 replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH] 15 years ago
Anoop Saldanha 82fd581b64 replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH] 15 years ago
Victor Julien afdb39e5f6 Print an error if the protocol field of a signature contains a unknown/invalid value. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha fe700737a3 fix null dereference in detect parse test - clang fix 15 years ago
Anoop Saldanha f094523eb1 clang fix - some minor fixes for unittests 15 years ago
Pablo Rincon bbab0f9987 Set default gid to 1 on Sig init 15 years ago
Victor Julien c62a3d995e Fix signatures with trailing spaces being rejected by the regex. Add test. 15 years ago
Victor Julien 05ae4f99d8 Kick out invalid signature with uricontent and flow:to_client or flow:from_server. 15 years ago
Pablo Rincon c6e090f72c App layer proto specific sigs (use the app layer to match proto) 15 years ago
Victor Julien 102092a89c Make signature address matching more cache efficient. 15 years ago
Anoop Saldanha 89e3d92cdb fix creating a static array of length 0 in SigMatchGetLastSMFromLists - clang fix 15 years ago
Pablo Rincon 693d4f54eb Load signatures with incompatible fast_pattern option (due to design differences for optimization) 15 years ago
Anoop Saldanha 673322f01f unittests for dce_stub_data content based singature parsing + fixes 15 years ago
Anoop Saldanha ce8d27425d fix signature parsing to how snort does it for content based keywords along with dce_stub_data 15 years ago
Anoop Saldanha 5fb6981e9e content handling changes in detect-engine-payload.c for multiple relative matches 15 years ago
Victor Julien 393acd77d2 Detection improvements: uricontent escaping now working, better negated pattern (content) handling. 15 years ago
Victor Julien 7454336ef5 Make SigWrapper private to detect-parse.c and rename to SigDuplWrapper to reflect it's use and purpose. 15 years ago
Anoop Saldanha 9ecade76b9 in case of duplicate signatures used the one with the latest revision 15 years ago
Pablo Rincon b931895901 Fixing flow cleanup and ctx initialization 15 years ago
Pablo Rincon eed0ef6e69 Adding tag keyword support 15 years ago
Victor Julien 37442a8a84 Prefilter signatures before fully scanning them. 15 years ago
Anoop Saldanha 45ea0d914e dce stub content keywords support using dcepayload.c support for all dce related content keywords 15 years ago
Victor Julien 0a607fce3d Finish http_uri keyword, fix invalid read issue in one of the tests. 15 years ago
Gurvinder Singh cda664a8c4 memroy leaks fixes in detection module, app layer and counters 15 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine. 
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
 15 years ago
Victor Julien 7a427ec7f4 Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach. 15 years ago
Gurvinder Singh 3721037de5 unittests for bug 134&139 and some typo correction 15 years ago
William Metcalf 5fb405335e Small wrapper fixes to allow for windows compilation 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 15 years ago
Victor Julien 565b44a7e5 Improve sig parsing unittest error handling. 15 years ago
Gurvinder Singh 69a4fee757 fixed the API and logic error reported by clang tool 15 years ago
Victor Julien fe7ece997a Different approach to the reference keyword. Lots of cleanups, bug fixes in reference keyword code and tests. 15 years ago
Breno Silva 89baf93a40 Reference Support 15 years ago
Victor Julien 01c0e316b9 Cleanup of libnet patch. 15 years ago
William Metcalf 3678dda185 libnet now optional 15 years ago
Pablo Rincon e7a989e305 IP Only Engine using radix trees 15 years ago
Pablo Rincon c7350a8ac6 Fixing some naming convention issues and incorrect error messages 15 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 15 years ago
Victor Julien c1a19bcd6b Fix compilation of new detect-filter code, fix ip-only compatibility of detect-filter code. 15 years ago
Victor Julien 80dc4f1dbe Further simplify content api: merge flags that indicate a next relative match, remove chunks as they are unnecessary now, make negated a bitflag. 16 years ago
Victor Julien f298fec872 Make sure nocase applies to the last pattern, content or uricontent. 16 years ago
Victor Julien 0e7cb90212 Fix broken pmatch list handling. 16 years ago
Victor Julien 8b30226914 Detection keyword cleanup 16 years ago
Victor Julien 6637873348 Update prev ptrs in SigMatchReplaceContent 16 years ago
Victor Julien b259e362cd Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now. 16 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Gerardo Iglesias Galvan ba6d807a6e Improve information about errors on signature failure 16 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 16 years ago
Victor Julien 2481f2102b Add missing return value evaluation in port parsing and fix broken unittest. 16 years ago
Victor Julien 4284276b11 Merge applayer detect function into normal match function. Should speed up detection. 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Pablo Rincon 0c9f51498a Small fixes at unittest helper functions and TestBidirec03 16 years ago
Pablo Rincon c80160b96d More examples of unittest helper functions usage reference 16 years ago
Pablo Rincon b6a3395c08 Adding unittest helper functions for building generic packets, checking arrays of expected match results, perform generic tests, etc. Look at util-unittest-helper.c and detect-ipproto.c for references 16 years ago
Gerardo Iglesias Galvan 40c514f295 Fix bug in logging msg when using --init-errors-fatal 16 years ago
Brian Rectanus c22d42693a Added http_method rule keyword. 16 years ago
Victor Julien ecab1fae36 Remove contents of VRT classification.config. 16 years ago
Anoop Saldanha 011b74df63 Modify the classification config tests to use the buffer than a temp file and also fix an invalid free 16 years ago
Anoop Saldanha bc4df59414 Support for Classtype keyword and Classification Config file 16 years ago
Victor Julien ae94b102cb Improve distance/within/nocase handling, sig parsing error reporting. 16 years ago
Will Metcalf f2b1e66a6a fixes for init failure stuff 16 years ago
Victor Julien 778228d1c5 Flags keyword fix. Fatal init fix. 16 years ago
Victor Julien 310a182217 Fix signatures not being initialized properly 16 years ago
Victor Julien 9fd46e9425 Support for sigs with both pkt and applayer detect 
Sets a flowbit with the sig id if the packet matches match. Checks
on that if the app layer matches match. Currently misuses the
flowbits api for this in a way that needs fixing.
 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Gurvinder Singh a0f184866c http_cookie keywork support 16 years ago
Gerardo Iglesias Galvan b254719ffc Add fatal failures on unittest and siginit failure (using Conf API) 16 years ago
Pablo Rincon 658eac2825 Adding max pattern length for bidirectional operator. Please, use DetectEngineAppendSig() at the unittests. Look at the bidirectional operator unittests for a usage reference. 16 years ago
Pablo Rincon 6206ffb530 Adding bidirectional operator support and unittests 16 years ago
Victor Julien 2cfa284999 Fix app layer detect to actually work. 16 years ago
Victor Julien a1d33e2d0b Compilation fixes after merge. 16 years ago
Victor Julien f1f7df0766 First iteration of doing app layer detection. 16 years ago
Anoop Saldanha bb5bd91045 Support to get the last sigmatch of a particular type. To be used for content and its modifiers 16 years ago
Pablo Rincon 9a3c21fbf3 Updating real unittests. Small fix on TestWithinDistanceOffsetDepth to skip to the next DETECT_CONTENT SigMatch. Adding some checks on within/distance setups. 16 years ago
Pablo Rincon 7e4377224a Small fix at detect-parse.c, need to continue with MatchTest05 16 years ago
Anoop Saldanha dc44700ce5 Support vars lookup from conf file. Current patch support address and port group vars lookup 16 years ago
Victor Julien d6be6ceb19 Fixup artifact from automatic renames: rename DetectAddresssHead to DetectAddressHead. 16 years ago
Victor Julien de8caa7964 Rename DetectAddressGroup* to DetectAddress* 16 years ago
Victor Julien 2d0e9658f8 Speed up per sgh content maxlen calc. Remove mpm ptrs from mpm ctx. Add unittests testing the detection engine internals. 16 years ago
Victor Julien 7a7bb7a390 Get rid of global mpm_ctx. 16 years ago
Victor Julien fbe87a3ad5 Bunch of mostly unittest related memleak fixes. 16 years ago
Anoop Saldanha 0815ed7c9e Some refactoring of the code, error handling done 16 years ago
Anoop Saldanha fbc4d11ed4 Some code refactoring 16 years ago
Victor Julien 5ffb7a7bd7 Add a few more tests for portrange validation. 16 years ago
Breno Silva c43319c337 Regular expression for UnitTests 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
William Metcalf 69e57e5e23 remove invalid dir from pcre + unit test 16 years ago
Victor Julien 968d8df12b More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function. 16 years ago
Victor Julien 91bc83e5c6 More logging API usage changes. 16 years ago
Victor Julien 4cc24fe463 Improve the handling of addresses and ports. Properly detect !any, other full negation. Fix [80:!80] syntax errors being undetected. 16 years ago
Victor Julien 0d0ffb9963 Reorganize header inclusions. 16 years ago
Victor Julien 733c3bcb8c Fix "ip" rules not ending up in the tcp and udp sig group heads correctly. 16 years ago
Victor Julien 0242fad770 Fix error in freeing the ctx of a SigMatch. 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
William Metcalf 413efe8668 fix regression in detect-parse.c 16 years ago
Breno Silva c90b4e6fcd Decode event rule 16 years ago
William Metcalf d79b85d251 Small regex fix for portlists in detect-parse.c 16 years ago
Victor Julien 51a9e36e10 Remove vips references. Rename to eidps. 16 years ago
Victor Julien 657be002d1 Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping. 16 years ago
Victor Julien 5df5b35e90 Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups. 16 years ago
Victor Julien efb10fc0d6 big update 16 years ago
Victor Julien 0250642cc0 Fix negated variables, add tests. 16 years ago
Victor Julien 3f7195454b Big detection engine update. 16 years ago
Victor Julien 54ffe2053e Large detection engine update. 16 years ago
Victor Julien f3a94413db Properly support 'alert ip' rules. Add support for handling ip only rules differently. 16 years ago
Victor Julien 171c8c777d Group signatures by protocol. 16 years ago
William Metcalf 0ffa1c2465 updates for configure.in, added reject code, some decode stuff for tcp 16 years ago
Victor Julien a603577132 Small update to the pcre used for signature parsing. 16 years ago
Victor Julien 84087e7077 Fix a memory error in the addresslist parsing code. Add a functions aimed at speeding up the signature initialization code. 16 years ago
Victor Julien 0726efead9 Support address lists. 16 years ago
Victor Julien eaaeb30cd6 Add noalert keyword for use with sigs that are used for capturing only. 16 years ago
Victor Julien 63bb777100 Use a default prio of 3. 16 years ago
Victor Julien dc224cb2d2 Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 16 years ago
Victor Julien b7bc35e8b2 support for 'negation' in addresses and the 'any' special case. 16 years ago
Victor Julien 876f0c95c7 Signature rule keywords are case insensitive. Support that. 16 years ago
Victor Julien d036264f80 Cleanup signature parsing and other detect.c parts. 16 years ago