suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	35be8385eb	detect: tcp.hdr sticky buffer Sticky buffer to inspect the TCP header.	6 years ago
Victor Julien	66648df099	detect: add tcp.mss keyword Allows matching on TCP option MSS. Syntax: tcp.mss:<value>; tcp.mss:<value1>-<value2>; tcp.mss:<op><value>; Operator can be: >, <.	6 years ago
Pierre Chifflier	9dfec7e734	SNMP: add the "snmp.pdu_type" detection keyword	6 years ago
Pierre Chifflier	e1dd19a0eb	SNMP: add the "snmp.community" detection keyword	6 years ago
Pierre Chifflier	aa608e0ca2	SNMP: add the "snmp.version" detection keyword	6 years ago
Mats Klepsland	0b489f329c	detect: add (mpm) keyword ja3s.string Match on JA3S string using ja3s.string keyword, e.g: alert tls any any -> any any (msg:"ja3s.string test"; ja3s.string; content:"10-11-12"; sid:1;)	6 years ago
Mats Klepsland	80cee50916	detect: add (mpm) keyword ja3s.hash Match on JA3S hash using ja3s.hash keyword, e.g: alert tls any any -> any any (msg:"ja3s.hash test"; ja3s.hash; content:"b26c652e0a402a24b5ca2a660e84f9d5"; sid:1;)	6 years ago
Mats Klepsland	ba857e9739	detect: add tls.certs keyword Add keyword to do "raw" matching on each of the certificates in the TLS certificate sticky buffer. Example: alert tls any any -> any any (msg:"tls.certs test"; tls.certs; \ content:"\|01 02 03 04\|"; sid:1;)	6 years ago
Victor Julien	84da0376fb	detect/http.host: rename file for consistency	6 years ago
Victor Julien	ccdafe6697	detect/http-server-body: move tests to tests/	7 years ago
Victor Julien	64987f36fb	detect/file-data: move tests into tests/	7 years ago
Victor Julien	9a8092249e	detect/http-client-body: move tests into tests/	7 years ago
Victor Julien	76fd666cad	detect/http_raw_header: move tests into tests/	7 years ago
Victor Julien	ab027cb481	detect/http_cookie: move tests into tests/	7 years ago
Victor Julien	2f342da048	detect/http_stat_code: move tests into tests/	7 years ago
Victor Julien	5dfba01b2e	detect/http_stat_msg: move tests to tests/	7 years ago
Victor Julien	b469938998	detect/http_raw_host: move raw into regular host logic	7 years ago
Victor Julien	dc43f35427	detect/http_host: move tests into tests/	7 years ago
Victor Julien	cb332b4cda	detect/http_method: move all tests into tests/	7 years ago
Victor Julien	0a405e27a0	detect/http_raw_uri: code reorganization Move registration into http_uri logic, move tests into the other uri tests. Switch to v2 mpm/inspect APIs.	7 years ago
Victor Julien	10e2731f18	detect/http-uri: move tests into tests/	7 years ago
Victor Julien	3111910fc6	detect/http_user_agent: move tests into tests/	7 years ago
Victor Julien	33b81f7439	detect: add verbosity of --list-keywords Add indicators of content modifier or sticky buffer, and also allow registering an alternative to a keyword.	7 years ago
Victor Julien	eb73008ccf	detect/transform: add to_sha1 keyword	7 years ago
Victor Julien	75f9c1ae9f	detect/transform: add to_md5 keyword	7 years ago
Victor Julien	ecb5d6419b	rules/transform: add to list-keywords	7 years ago
Jason Ish	35fd10bc2e	rust: app-layer detect template for rust parsers	7 years ago
Victor Julien	486054595a	detect/template2: template with prefilter (copy of ttl)	7 years ago
Victor Julien	af6f52cc09	rules: hide 'template' from --list-keywords	7 years ago
Victor Julien	b0577402b6	rules: hide internal keywords from --list-keywords	7 years ago
Pierre Chifflier	1076c7cd47	Add krb5_err_code detection keyword	7 years ago
Pierre Chifflier	d6b9c0294a	Add krb5_cname and krb5_sname detection keywords	7 years ago
Pierre Chifflier	0bd81ff838	Add krb5_msg_type detection keyword	7 years ago
Mats Klepsland	6e23ae230b	detect: add (mpm) keyword ja3_string Match on JA3 string using ja3_string keyword, e.g: alert tls any any -> any any (msg:"JA3 string test"; ja3_string; content:"65-68-69-102"; sid:1;)	7 years ago
Mats Klepsland	6c7aacce9e	detect: add (mpm) keyword ja3_hash Match on JA3 hash using ja3_hash keyword, e.g: alert tls any any -> any any (msg:"JA3 hash test"; ja3_hash; content:"e7eca2baf4458d095b7f45da28c16c34"; sid:1;)	7 years ago
Victor Julien	75d7c9d64a	rust/smb: initial support Implement SMB app-layer parser for SMB1/2/3. Features: - file extraction - eve logging - existing dce keyword support - smb_share/smb_named_pipe keyword support (stickybuffers) - auth meta data extraction (ntlmssp, kerberos5)	7 years ago
Victor Julien	4d1fa4aaf9	detect: bsize keyword Allows matching on stickybuffers. Like dsize, it allows matching on exact values, greater than and less than, and ranges. For streaming buffers, such as HTTP bodies, the final size of the body is only known at the end of the transaction.	8 years ago
Victor Julien	7f97fc40d5	detect/transform: initial to_sha256 implementation Takes input buffer and replaces it with hash value for that buffer. Hash value is in raw bytes.	8 years ago
Victor Julien	016d65fdf8	detect/transform: initial compress_whitespace implementation	8 years ago
Victor Julien	38ed6cd050	detect/transform: initial strip_whitespace implementation	8 years ago
Victor Julien	a499a44f7a	detect: move buffer type map into detect ctx Move previously global table into detect engine ctx. Now that we can register buffers at rule loading time we need to take concurrency into account. Move DetectBufferType to detect.h and update DetectBufferCtx API calls to include a detect engine ctx reference.	8 years ago
Eric Leblond	9ecd60c7a2	detect-ftpdata: register keyword Keyword registration was missing so the keyword was not existing.	8 years ago
Victor Julien	746638b220	cuda: remove Remove CUDA support as it has been broken for a long time. Ticket #2382.	8 years ago
Victor Julien	ac0ae2dcd1	file_data: smtp file_data to generic file_data Generalize the SMTP file_data inspection into a 'files' file_data inspection that can be used for any protocol that uses the File API.	8 years ago
Victor Julien	c374324916	detect: move keyword registration into own file	8 years ago

45 Commits (47919fd0e468e49354c7ca513bc1620149c96cc2)