10027 Commits (2a778e439a41b66b06136a71438dce93bd615448)

 

All Branches   

Search

Author	SHA1	Message	Date
Victor Julien	2a778e439a	detect/build: minor code cleanups	6 years ago
Victor Julien	a01df4b86b	doc: document tcp.mss keyword	6 years ago
Victor Julien	66648df099	detect: add tcp.mss keyword ... Allows matching on TCP option MSS. Syntax: tcp.mss:<value>; tcp.mss:<value1>-<value2>; tcp.mss:<op><value>; Operator can be: >, <.	6 years ago
Jeff Lucovsky	d2fdbc7d6f	output/json: Avoid use of uninitialized value ... In JsonPacket, a Base64Decode error could cause an uninitialized variable to be used because its return value is ignored.	6 years ago
Jeff Lucovsky	6911cc01ad	rust/snmp: Support get-info-by-id	6 years ago
Jeff Lucovsky	7560b75591	rust/ntp: Support get-info-by-id	6 years ago
Jeff Lucovsky	12c2d18c8b	rust/krb: Support get-info-by-id	6 years ago
Jeff Lucovsky	fb01641629	rust/ikev2: Support get-info-by-id	6 years ago
Jeff Lucovsky	e3ca6b43fc	rust/dhcp: Support get-info-by-id	6 years ago
Jeff Lucovsky	a5d9d37c34	rust/parser: Extend Rust parser for event-by-id ... Extend the Rust parsing infrastructure with the "get event info by id" calls. This changeset extends the parser structure, the C-based registration handlers and the template parser.	6 years ago
Jeff Lucovsky	294d0e8cba	snmp: Fix type	6 years ago
Jeff Lucovsky	9ccc28baeb	rust/smb: Implement get event by id	6 years ago
Jeff Lucovsky	643864a8f5	rust/snmp: fix libc deprecation warnings	6 years ago
Victor Julien	3f6624bf16	rust: remove libc crate dependency ... Use std::os::raw instead.	6 years ago
Victor Julien	28ed0d3a18	nfs: implement get_event_info_by_id callback	6 years ago
Victor Julien	429ca858dc	rust/gen: turn *mut*const T into const T **	6 years ago
Jeff Lucovsky	6cd39c5cfb	userguide: Document app-layer anomaly items ... This changeset expands the anomaly section to include newly added app-layer items.	6 years ago
Jeff Lucovsky	d568e7fadd	eve/logging: 2991 Optimize logging by TX ... This changeset makes changes to the TX logging path. Since the txn is passed to the TX logger, the TX can be used directly instead of through the TX id.	6 years ago
Jeff Lucovsky	488446cf37	logging/anomaly: Track event log progress ... This changeset adds a mechanism to track when individual events are logged. Transactions can be provided more than once; track events to prevent event re-logging.	6 years ago
Jeff Lucovsky	4a39d7a1ee	app-layer: Extend event container with progress	6 years ago
Jeff Lucovsky	07c05f7dd8	logging/anomaly: TX based logging addition	6 years ago
Jeff Lucovsky	36644907f5	app-layer/logging Add TX packet logging support ... Add transactional logging support for packet based loggers, like the anomaly logger.	6 years ago
Jeff Lucovsky	f7b934f83f	app-layer/logging: protocol parser updates	6 years ago
Jeff Lucovsky	49438569a2	logging: anomaly log updates	6 years ago
Jeff Lucovsky	50e23ba93a	app-layer: Initial app layer logging	6 years ago
Victor Julien	4e8d38348f	flow: no bypass manager for Windows	6 years ago
Victor Julien	287b87b81b	bypass: switch to gettimeofday	6 years ago
Victor Julien	d8614a15c6	mingw: fix compile error ... Declare _POSIX_C_SOURCE before sys/time.h to avoid: util-time.c: In function 'SCUtcTime': util-time.c:222:12: error: implicit declaration of function 'gmtime_r'; did you mean 'gmtime_s'? [-Werror=implicit-function-declaration] 222 | return gmtime_r(&timep, result); | ^~~~~~~~ | gmtime_s util-time.c:222:12: warning: returning 'int' from a function with return type 'struct tm *' makes pointer from integer without a cast [-Wint-conversion] 222 | return gmtime_r(&timep, result); | ^~~~~~~~~~~~~~~~~~~~~~~~ util-time.c: In function 'SCLocalTime': util-time.c:305:9: error: implicit declaration of function 'localtime_r'; did you mean 'localtime_s'? [-Werror=implicit-function-declaration] 305 | localtime_r(&timep, &cached_local_tm[lru]); | ^~~~~~~~~~~ | localtime_s util-time.c:321:56: warning: comparison between pointer and integer 321 | if (localtime_r(&timep, &cached_local_tm[lru]) == NULL) | ^~ cc1.exe: some warnings being treated as errors Tickets: #2994 #3051	6 years ago
Eric Leblond	1f151dd8a6	doc: address norg comments on eBPF doc	6 years ago
Eloïse Brocas	8692aac97f	doc: specify config file in ebpf doc ... This patch updates the ebpf-xdp.rst file to specify which configuration file has to be modified.	6 years ago
Eric Leblond	6126f105ea	util-ebpf: fix creation of flow from pinned maps	6 years ago
Eric Leblond	7df3007066	af-packet: xdp pinned maps need to be read	6 years ago
Eric Leblond	4ba02830b6	flow-bypass: registration of non periodic check ... This patch adds the capability to register a set of functions without providing a periodic check function. This permit to run a task only at init.	6 years ago
Eric Leblond	3e8fd26ee3	flow-hash: real hash computation for FlowKey	6 years ago
Eric Leblond	0963fea390	util-ebpf: log bypassed flow maps count	6 years ago
Eric Leblond	eea3c6b610	doc: info for new bypass counters	6 years ago
Eric Leblond	7e5439bc15	bypass: add counter for local captured bypass ... Packets from captured bypassed flows that are received by Suricata before the capture method start to bypass them can represent an important part due to various buffer and insertion delay. This patch adds a two counters to know the number of packets and bytes in this case.	6 years ago
Eric Leblond	de52e78e65	bypass: flow bypass is not ebpf only	6 years ago
Eric Leblond	c938dbde27	util-ebpf: early exit if no map	6 years ago
Eric Leblond	e5d325a6ca	util-ebpf: reindex	6 years ago
Eric Leblond	aa989a7445	af-packet: some conditional fields	6 years ago
Eric Leblond	e3dccb2400	doc: update bypass stats doc	6 years ago
Eric Leblond	abbb066a96	bypass: bytes and pkts counters for local bypass	6 years ago
Eric Leblond	9206b30fe1	af-packet: better accounting and error handling ... This patch improves the bypass error handling add adds more counters to the interface so it is possible to get a view on success and failure of insertion in the eBPF maps via the `iface-bypassed-stat` command.	6 years ago
Eric Leblond	aeb2bd3aa1	util-ebpf: optimization on flow storage queries	6 years ago
Eric Leblond	288f335aa5	util-ebpf: simplify free function ... First key can't be null.	6 years ago
Eric Leblond	f4abe2f9c0	util-ebpf: set livedev in flow ... This will fix the accounting for pinned maps as the livedev field of Flow is used to do the accounting of bypass flows.	6 years ago
Eric Leblond	98e7d9d1c0	util-device: introduce bypassed stats sub function	6 years ago
Eric Leblond	f29a4b8bee	flow-manager: move bypass timeout to a inline func	6 years ago
Eric Leblond	89e8cb50ed	util-ebpf: case is not possible so remove warning	6 years ago