aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
7,804 Commits
7 Branches
155 Tags
195 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2e339aa791'
${ noResults }
Commit Graph

7804 Commits (2e339aa7911b090c11ecef5869df43faa633e2d2)
 

Author SHA1 Message Date
Mats Klepsland 2e339aa791 tls-log: log certificate serial number 8 years ago
Mats Klepsland 2b460b8d06 output-json-lua: log certificate serial number 8 years ago
Mats Klepsland 2c1a36dd6e app-layer-tls: decode certificate serial number 8 years ago
Alexander Gozman 310b27a196 af-packet: fix parsing packet in TPACKET_V3 mode 
AFPParsePacketV3() saved tpacket_block_desc structure
instead of tpacket3_hdr. As a result, reconstructed
packets were wrong.

Bug #2044.
 8 years ago
Alexander Gozman e41a9d637b af-packet: get VLAN info for packets in TPACKET_V3 mode 8 years ago
Alexander Gozman ee7e689b54 af-packet: write VLAN info for both TPACKET_V2 and V3 8 years ago
Jason Ish 92db12c349 pidfile: fail if the pid file exists 
Changes the pidfile check function to fail just on the
existence of the file to address issue
https://redmine.openinfosecfoundation.org/issues/1335
but log a message if the pid file appears to be stale.
 8 years ago
David Wharton 1bf7ded224 doc: specify buffers that can be used for fast_pattern 
Updated notes on the following buffers indicating that they can
be used for fast_pattern:
tls_cert_subject
tls_cert_issuer
tls_sni
 8 years ago
David Wharton b1ad770b36 doc: removed references to older Suricata versions 
docs are versioned; references to older Suricata versions undesired.
 8 years ago
Mats Klepsland e91bb09c91 doc: add documentation for TLS eve-log 8 years ago
Mats Klepsland bbd32c1419 output-json-tls: code cleanup 8 years ago
Mats Klepsland 115b3138cc output-json-tls: log certificate and chain 
Log entire certificate and certificate chain Base64 encoded.
 8 years ago
Mats Klepsland 0716199acb output-json-tls: custom tls logging 8 years ago
Jason Ish 89ba5816dc doc: update unified2 section 
Remove documentation on older unified formats that have
been removed.
 8 years ago
Jason Ish 82f6103149 unified2: nostamp and file rotation 
Give unified2 a nostamp option which will create the file
without the timestamp suffix (like Snort's nostamp option).

Also register for rotation notification on SIGHUP so the file
will be recreated if it is removed by an external rotation
program (only when nostamp is used).
 8 years ago
Jason Ish 2c01985e73 autoconf - look for stdbool.h 8 years ago
Jason Ish d8e9e1fd77 unified2: minor cleanups 
- remove unused arguments and make static
 8 years ago
Jason Ish c810748a60 Makefile: fix race condition in make install-full 
Use recursive make for the install process so it
is executed in a predictable order.

Addresses issue:
https://redmine.openinfosecfoundation.org/issues/1470
which triggered on OSX/macOS.
 8 years ago
Mats Klepsland 234a3a890b output-json-alert: print 'tunnel' JSON object if tunnel 
Log src_ip, dst_ip and proto for root packet (p->root) if the
packet that triggered is inside a tunnel, as JSON object
'tunnel'. Also log recursion depth to indicate the depth of
the tunnel.
 8 years ago
Mats Klepsland 7293286f2f output-json: move code to get 5-tuple to own function 
Move code to get 5-tuple in JSON object to own function 'JsonFiveTuple'.
This enables this code to be reused when printing 'parent' JSON object in
output-json-alert.
 8 years ago
Mats Klepsland 8c8db1cf0f output-json-alert: fix wrongful comments 8 years ago
Mats Klepsland 6a382259f8 doc: documentation for custom JSON flags in eve-log 8 years ago
Mats Klepsland 65317ba865 output-json: make JSON flags in eve-log user configurable 8 years ago
Victor Julien d445b4b5fa dce: remove commented out code 8 years ago
Victor Julien 9da7be81f0 flow-worker: clean up thread init 8 years ago
Victor Julien c859d39f4f coverity: suppress CID 1400648 8 years ago
Victor Julien 955c227127 detect-ssh: cleanup duplicate code 8 years ago
Victor Julien 2f30adb08a detect-lua: setup cleanup, fixing a potential int issue 8 years ago
Victor Julien 511e804915 detect: fix missing unlock in error path 8 years ago
Victor Julien f74eff9eac threads: address sleep under lock issue 8 years ago
Victor Julien f380871057 threads: don't sleep under lock 8 years ago
Victor Julien cc4010343d detect: add and use util func for alproto sets 8 years ago
Victor Julien c477c4370e doc: update for unix socket hostbits 8 years ago
Victor Julien 4a49260897 flowvar: shrink flowvar type by using padded space 8 years ago
Victor Julien 99517cbd53 lua: support key/value flowvars in lua 8 years ago
Victor Julien f0af133c5f flowvar: remove unused DETECT_VAR_TYPE_ALWAYS 8 years ago
Victor Julien 71607c905a doc: update unix socket 8 years ago
Victor Julien 8fde6f967f suricatasc: add/list/remove hostbit commands 
Syntax:
    add-hostbit <ip> <bit name> <expire>
Example:
    add-hostbit 1.2.3.4 blacklist 3600

Syntax:
    remove-hostbit <ip> <bit name>
Example:
    remove-hostbit 1.2.3.4 blacklist

Syntax:
    list-hostbit <ip>
Example:
    list-hostbit 1.2.3.4
 8 years ago
Victor Julien 88888c3d8b unix-socket: add/list/remove hostbit commands 
add-hostbit adds a named hostbit with an expire time in seconds.
remove-hostbit removes hostbit by name.

add-hostbit, remove-hostbit return success or failure.

list-hostbit returns a json array of hostbits with their name and
expire time:

    {
        "message": {
            "count": 1,
            "hostbits":
                [{
                    "expire": 3222,
                    "name": "firefox-users"
                }]
        },
        "return": "OK"
    }
 8 years ago
Victor Julien b6e4276792 hostbits: add list API 8 years ago
Victor Julien 996112edf5 pktvars: same name pktvars, key-value vars 8 years ago
Victor Julien 5ca4a2e6fe outputs: vars log 
EVE addition called 'vars' that logs pkt/flow vars for each packet/flow.
 8 years ago
Victor Julien 1a2ad059a1 eve: log pktvars/flowvars/bits/ints 
Optionally logs 'vars' into alerts
 8 years ago
Victor Julien 1ba8c2fe3a pcre: new way of specifying var names 
Until now the way to specify a var name in pcre substring capture
into pkt and flow vars was to use the pcre named substring support:
e.g. /(?P<pkt_somename>.*)/

This had 2 drawbacks:

1. limitations of the name. The name could be max 32 chars, only have
   alphanumeric and the underscore characters. This imposed limitations
   that are not present in flowbits/ints.

2. we didn't actually use the named substrings in pcre through the
   API. We parsed the names separately. So putting the names in pcre
   would actually be wasteful.

This patch introduces a new way of mapping captures with names:

  pcre:"/(.*)/, pkt:somename";
  pcre:"/([A-z]+) ([0-9]+)/, pkt:somename,flow:anothername";

The order of the captures and the order of the names are mapped 1 on 1.
This method is no longer limited by the pcre API's naming limits. The
'flow:' and 'pkt:' prefixes indicate what the type of variable is. It's
mandatory to specify one.

The old method is still supported as well.
 8 years ago
Victor Julien 0f708d427b pkt-var: abuse flowvar postmatch logic for pktvars 
Flowvars were already using a temporary store in the detect thread
ctx.

Use the same facility for pktvars. The reasons are:

1. packet is not always available, e.g. when running pcre on http
   buffers.

2. setting of vars should be done post match. Until now it was also
   possible that it is done on a partial match.
 8 years ago
Victor Julien 5e39486399 pkt-var: use id instead of name pointer 8 years ago
Victor Julien a0bd15a1c4 pcre: support multiple captures 
Support up to 8 substring captures into pkt or flow vars.
 8 years ago
Victor Julien 017b16d421 detect-pcre: small cleanups 8 years ago
Victor Julien ac42a44280 alert-debug: print flowvar/int names 8 years ago
Victor Julien e95a0c1344 alert-debug: print flowbit names from VarNameStore 8 years ago