aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,692 Commits
8 Branches
165 Tags
232 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '6be63bdc4f'
${ noResults }
Commit Graph

248 Commits (6be63bdc4f65fd7cef5df595a047d2a2302a7bbc)

Author SHA1 Message Date
Victor Julien e30b1bfe64 Simple IP reputation implementation 13 years ago
Victor Julien 2a42f554b1 build cleanup, build source files in alphabetical order 13 years ago
Xavier Lange 234922f3c6 Keyword pkt_data 13 years ago
Eric Leblond 3061452c5e suricata: avoid concurrent run in daemon mode 
This patch creates a pid file per default and use it to avoid to be
able to run two Suricata. Separate pid file have to be provided to
be able to do it.
 13 years ago
Matt Keeler 37e3de8425 Refactor Napatech 3GD to just Napatech as Suricata is only going to support 3GD. 
Signed-off-by: Matt Keeler <mk@npulsetech.com>
 13 years ago
Matt Keeler 5786a32d0f Remove Napatech 2GD support 
Removed the Napatech 2GD support

runmode-napatech-3gd.c had an include from runmode-napatech.h which was erroneous and has been removed as well.

Signed-off-by: Matt Keeler <mk@npulsetech.com>
 13 years ago
Matt Keeler 844e4dba11 Napatech 3GD Support 
For use with Network Cards from Napatech utilizing the 3GD driver/api.

    - Implemented new run modes in runmode-napatech-3gd.*
    - Implemented capture/decode threads in source-napatech-3gd.*
    - Integrated the new run modes and source into the build infrastructure.

    New configure switches
    --enabled-napatech-3gd : Turns on the NT 3GD support
    --with-napatech-3gd-includes : The directory containing the NT 3GD header files
    --with-napatech-3gd-libraries : The directory containing the NT 3GD libraries to link against.

    New CLI switch
    --napatech-3gd : Uses the Napatech 3GD run mode

    Runmodes Supported:
    - auto
    - autofp
    - workers

    Notes:
    - tested with 1 Gbps sustained traffic (no drops)

Signed-off-by: Matt Keeler <mk@npulsetech.com>
 13 years ago
Victor Julien 4464657ca2 remove reference to non-existing file from Makefile.am 13 years ago
Victor Julien 7a044a99ee Defrag engine 
Big rewrite of defrag engine to make it more scalable and fix some
locking logic flaws.

Now uses a hash of trackers similar to Flow and Host hashes.
 13 years ago
Victor Julien ec7e79c748 Rule profiling update 
- Remove usage of counters api.
- Store stats in detect engine thread ctx to remove locking
- Support rule reloads
 13 years ago
Victor Julien f58e828c5e luajit: stub detection keyword 13 years ago
Eric Leblond 71b4257bc2 sig: add l3_proto keyword 
This patch adds a l3_proto keyword to the signature language. It
can be used to specify if the signature has to match on IPv4, IPv6
or both. For example, one can write:
  alert http any any -> any 22 (msg: "HTTP v6"; l3_proto:ip6; sid:14;)

This should close #494.
 13 years ago
Victor Julien 8f71333e12 file: implement filesize keyword. #489. 13 years ago
Jean-Paul Roliers 9071bcf983 tls: adding cryptographic functions. 
Adding util-crypt containing cryptographic functions as SHA1 and Base64.
 13 years ago
Jean-Paul Roliers efdf96ccba tls: adding TLS Log support 
Creation of the log-tlslog file in order to log tls message.
Need to add some information into suricata.yaml to work.

  - tls-log:
      enabled: yes	# Log TLS connections.
      filename: tls.log # File to store TLS logs.
 13 years ago
Eric Leblond 6480cd1b9c Teredo tunnel supports 
This patch should fix #480 by adding the support of Teredo tunnel.
The IPv6 content of the tunnel will be parsed in a similar way as
what is done the GRE tunnel. Signatures will then be matched on the
IPv6 content.
 13 years ago
Victor Julien d8356c5ebd Windows build and other misc fixes. 14 years ago
Anoop Saldanha 31eb5fa2f6 Introduce util-signal.[ch]. Move our signal setup functions here 14 years ago
Anoop Saldanha e5edcfaca8 add unittest for atomic operation with void * 14 years ago
Victor Julien c6cac1ef48 build: Use expanded sysconfdir to pass as CONFIG_DIR to the code. 14 years ago
Anoop Saldanha 988c92f71c http user agent keyword + mpm + inspection + fast pattern support added 14 years ago
Eileen Donlon c81020e9a3 feature 349 rule analyzer v1 14 years ago
Eric Leblond 2d22f667c2 config: use config file in sysconfdir by default. 14 years ago
Victor Julien 9f7588a756 Add filemd5 keyword that loads a list of md5's to match a file's md5 against. 14 years ago
Victor Julien 8cfc23ee22 Add a new hash datatype to do speedy lookups of read only uniform data, like md5's. 14 years ago
Anoop Saldanha 69ed12fd28 Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well 14 years ago
Victor Julien 06d7fb5428 Fix CUDA build from a release tarball. 14 years ago
Victor Julien 20c08ca47b hash: add lookup3.c by Bob Jenkins 
Found here:
http://burtleburtle.net/bob/hash/doobs.html
http://burtleburtle.net/bob/c/lookup3.c

From the file header:

lookup3.c, by Bob Jenkins, May 2006, Public Domain.

These are functions for producing 32-bit hashes for hash table lookup.
hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final()
are externally useful functions.  Routines to test the hash are included
if SELF_TEST is defined.  You can use this free for any purpose.  It's in
the public domain.  It has no warranty.
 14 years ago
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message 
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 14 years ago
Pierre Chifflier f77fcdb3e8 Add ASN.1 parser for X509 certificates (in DER format) 
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
 14 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling 
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
 14 years ago
Victor Julien a05df345de Introduce host table, make tag use it 
Add a host table similar to the flow table. A hash using fine grained
locking. Flow manager for now takes care of book keeping / garbage
collecting.

Tag subsystem now uses this for host based tagging instead of the
global tag hash table. Because the latter used a global lock and the
new code uses very fine grained locking this patch should improve
scalability.
 14 years ago
Victor Julien db24258acf Undo changes from 88b8f15663. Atomic stack implementation had a-b-a problem. 14 years ago
Victor Julien 88b8f15663 Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code. 14 years ago
Victor Julien 2197f1a625 file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records. 14 years ago
Anoop Saldanha 2f7717a1a7 delete detect-recursive.[ch] 14 years ago
Anoop Saldanha 35f1f7e8d9 unify payload detection engines + fix other bugs in pcre init 14 years ago
Anoop Saldanha 09313cf9bd Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S 14 years ago
Anoop Saldanha 2007c2711c Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword 14 years ago
Victor Julien 1d9f6ff8f2 Initial Napatech support by Randy Caldejon / nPulse. 14 years ago
Anoop Saldanha 199288309d Support for new MPM ac-bs added 14 years ago
Anoop Saldanha eea5ab4a7a Support for app layer decoder events added + app_layer_event keyword added 14 years ago
Mike Pomraning 914b10a8e6 Touch up Makefile for SCConfLogOpenGeneric. 14 years ago
Victor Julien 4cbaeb408c Add functions to determine whether a path is absolute or relative. 14 years ago
Victor Julien 7adac3048d file-data: create initial keyword registration. 14 years ago
Victor Julien 89f83e714c Introduce http_server_body keyword. 
The http_server_body content modifier modifies the previous content to inspect
the normalized (dechunked, unzipped) http_server_body. The workings are similar
to http_client_body. Additionally, a new pcre flag was introduced "/S".

To facilitate this change the signature flags field was changed to be 64 bit.
 14 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 14 years ago
Eileen Donlon dbdf2d888f Enable/disable core dump in config (feature 319) 14 years ago
Victor Julien e1022ee5ae file-extraction: Disconnect file handling from flow and move into the app layer state. 14 years ago
Victor Julien 27645f64c6 Remove unused util-filetype.[ch] from Makefile.am. 14 years ago