aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,489 Commits
7 Branches
161 Tags
202 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2ce03fbabb'
${ noResults }
Commit Graph

139 Commits (2ce03fbabb3468c72cf7d4c27fa64f557c97d10c)

Author SHA1 Message Date
Victor Julien fa121a1dd4 filemd5: handle case where no md5 support is compiled it. 13 years ago
Victor Julien 9f7588a756 Add filemd5 keyword that loads a list of md5's to match a file's md5 against. 13 years ago
Anoop Saldanha 4689783342 bug #454 - rebase fix. Also use better error code to indicate invalid address var yaml entry 13 years ago
Anoop Saldanha 678763c3f4 bug #454 - global check to see if address and port vars are properly configured 13 years ago
Anoop Saldanha d39b7b72bd Add a nice error message when we exceeded address buffer limit for a rule 13 years ago
Anoop Saldanha 69ed12fd28 Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well 13 years ago
Victor Julien 4157d9408d Various small flow and host table fixes. 14 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling 
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
 14 years ago
Nikolay Denev 32e898f2e3 Convert config entries using underscores to dashes and emit deprecation warnings. 14 years ago
Victor Julien 1d9f6ff8f2 Initial Napatech support by Randy Caldejon / nPulse. 14 years ago
Victor Julien 87e6be610a Issue warning if libhtp version used is not up to date. 14 years ago
Victor Julien e526525f83 Fix pcap -i <ip>. 14 years ago
Mike Pomraning dec34afa40 SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs. 
util-logopenfile.[ch] implements the abstraction; util-error.[ch]
modified to include a socket-specific error code; output.h adds a
default filetype for logs ("regular").
 14 years ago
Victor Julien 07e560b137 file-data: initial file_data support 
Support file_data for: content, pcre (relative), byte_test, byte_jump,
byte_extract, isdataat.

File_data support is handled at signature parsing time, all matches
occurring after the file_data in the rule are converted to http_server_body
matches.

Content matches relative to the file_data are converted. Within to depth,
distance to offset. Relative to the start of the body buffer.
 14 years ago
Anoop Saldanha 420befb180 Changed my email address to anoopsaldanha at gmail dot com from my current one 14 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 14 years ago
Victor Julien 8cc82c7241 Add -S commandline option that loads a rule file exclusively. Issue #338. 14 years ago
Eric Leblond e80b30c082 af-packet: finalize code 
This patch handles the end of AF_PACKET socket support work. It
provides conditional compilation, autofp and single runmode.

It also adds a 'defrag' option which is used to activate defrag
support in kernel to avoid rx_hash computation in flow mode to fail
due to fragmentation.

This patch contains some fixes by Anoop Saldanha, and incorporate
change following review by Anoop Saldanha and Victor Julien.

AF_PACKET support is only build if the --enable-af-packet flag is
given to the configure command line. Detection of code availability
is also done: a check of the existence of AF_PACKET in standard
header is done. It seems this variable is Linux specific and it
should be enough to avoid compilation of AF_PACKET support on other
OSes.
Compilation does not depend on up-to-date headers on the system. If
none are present, wemake our own declaration of FANOUT variables. This
will permit compilation of the feature for system where only the kernel
has been updated to a version superior to 3.1.
 14 years ago
Victor Julien 681f8329a6 Make error on <- direction operation use more explicit. 14 years ago
Victor Julien 8978266a91 If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit. 14 years ago
Anoop Saldanha d7c707e656 modify runmodes to take all arguments from the conf API 14 years ago
Victor Julien 140eb4fde8 Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures. 15 years ago
Victor Julien bc7e21aee6 Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic. 15 years ago
Gurvinder Singh 27f67c97de log error on duplicate sig and also for dup sig with newer revision 15 years ago
Victor Julien 24f071cabb Make sure http_cookie inspects all HTTP transactions. Clean up error messages. Get rid of unused code and dead comments. 15 years ago
Victor Julien 878d3d87db Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha 658ff5753d aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Pablo Rincon 693d4f54eb Load signatures with incompatible fast_pattern option (due to design differences for optimization) 15 years ago
Anoop Saldanha 98433f407c dce rpc stub data held in separate buffers for request and response pdus 15 years ago
Jason MacLulich 835630efbd Add initial support for reading packets from a DAG card, we only support reading from a single stream at this time. 
Use the --dag <dagname> cmd line option to specify from which DAG card to read pkts
from.

Issue at the moment with pkts being ejected during shutdown -- at the moment we
ignore any packets that are not of link type Ethernet.
 15 years ago
Ondrej Slanina 6bf7d76005 added possibility to run suricata as WIN32 service 15 years ago
Pablo Rincon 29a6fc2f03 Adding some flow improvements and recovery on emergency mode 15 years ago
William Metcalf 9ce1399db8 Add option for setting pcap buffer size if it is available 15 years ago
William Metcalf b629b7c5c1 only show cli opts via help that we have support for 15 years ago
Pablo Rincon 1238668961 Adding actions order and suport for rule action "pass" 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 15 years ago
Victor Julien 79a780ffe4 Improve a number of error and info messages. 15 years ago
Victor Julien 71b327bd23 Improve error detection in the pidfile api. 15 years ago
Pablo Rincon 9803def006 Adding pidfile support (thanks to Steve Grubb for the patch) 15 years ago
Victor Julien fe7ece997a Different approach to the reference keyword. Lots of cleanups, bug fixes in reference keyword code and tests. 15 years ago
William Metcalf 3678dda185 libnet now optional 15 years ago
Pablo Rincon e7a989e305 IP Only Engine using radix trees 15 years ago
Breno Silva 81abe635c8 Global Threshold config 15 years ago
Breno Silva 67f2026279 Global Threshold config 15 years ago
Gurvinder Singh 4879045c6f bug 102 patch 16 years ago
Victor Julien 4fd4c1331e Fix broken unittest, improve within error messaging. 16 years ago
root ddf995da3b pfring support lb type, and now uses logging subsys 16 years ago
Victor Julien 297001c6d9 Only process a app layer sig if it has the proper state. Make sure a sig can't have conflicting sigmatches, such as ftpbouce and uricontent. 16 years ago
Victor Julien 80dc4f1dbe Further simplify content api: merge flags that indicate a next relative match, remove chunks as they are unnecessary now, make negated a bitflag. 16 years ago
Victor Julien dd846c9b0e Remove all search code from the pattern matchers, cleanup mpm api, remove unused http code, more cleanups. 16 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago
Pablo Rincon 7719216575 Setting thread priorities with nice 16 years ago
Anoop Saldanha 8cf60d6645 Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher. 16 years ago
Anoop Saldanha c26e92733d handle the cuda cleanup at shutdown. should get rid of any errors from the call to SigGroupCleanup 16 years ago
Anoop Saldanha 41e6735b92 mpm b2g cuda support added 16 years ago
Pablo Rincon 29d51a6182 Using the loggin API in source-pcap and source-pcap-file 16 years ago
Gurvinder Singh 5293681860 b86 16 years ago
Gerardo Iglesias Galvan ba6d807a6e Improve information about errors on signature failure 16 years ago
Pablo Rincon d0404d8447 Renaming errors with naming conventions 16 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 16 years ago
Jason Ish c72d6be58b Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available. 16 years ago
Victor Julien 53c9276d51 Cleanup pcap output. 16 years ago
William Metcalf ba46c16aac bpf support for pcap modes 16 years ago
Gurvinder Singh 3cad20946d bug 64 patch 16 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 16 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 16 years ago
Breno Silva 1d055b0e09 ICMP Seq Rule Keyword 16 years ago
Victor Julien 1f09a88c93 Improve default-log-dir error checking and reporting. 16 years ago
Victor Julien f5ef0cc3b8 Exit if no classification.config has been found. 16 years ago
Victor Julien 4c2782e971 Improve depth and offset setup error reporting 16 years ago
Victor Julien 7b2610ba1f Fix extra spaces confusing content and uricontent. 16 years ago
Victor Julien ae94b102cb Improve distance/within/nocase handling, sig parsing error reporting. 16 years ago
Will Metcalf f2b1e66a6a fixes for init failure stuff 16 years ago
Victor Julien 778228d1c5 Flags keyword fix. Fatal init fix. 16 years ago
Gurvinder Singh 8cfdf6c666 bug 18 patch update 16 years ago
Victor Julien 6ab64706b0 Improve threshold hash table handling. 16 years ago
Anoop Saldanha 4d430060d2 fix for unclear error messages bug 15 16 years ago
Jason Ish 28cad3429c An example of how logging could be configured from the log file. 16 years ago
Gurvinder Singh d8433c7255 fixed-pool-error-and-tcp-state-transition 16 years ago
Pablo Rincon 7473f716bd Improving error report on runmodes and daemon compatibility 16 years ago
Pablo Rincon a67bd2457b Loading rules from config support 16 years ago
Gurvinder Singh c1e485cc44 app layer error handling 16 years ago
Gurvinder Singh 91407e0938 fixed DetectByteTest bug 16 years ago
William Metcalf 0db1d01b0c port space negation notification 16 years ago
William Metcalf 88497ec539 detect-dsize regex doxygen logging subsys changes 16 years ago
Anoop Saldanha 157d5e8113 Implementation of the logging module 16 years ago