aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,084 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '77119a3186'
${ noResults }
Commit Graph

6084 Commits (77119a31863ee9cc3bedcd8abf007914ba7942cc)
 

Author SHA1 Message Date
Jason Ish c1b921265f app-layer: template for application layer parser 10 years ago
Eric Leblond bcfb3fd5d5 docker: add ASAN to pcaps build 10 years ago
Victor Julien a4bce14770 development tools: add script to setup detect module 
Simplify creation of a new detect module by creating a copy of the
detect template. It sets the name and registers it in the build
system. Finally it's registration function is called.
 10 years ago
Victor Julien cb060f16fd detect plugin: add template 10 years ago
Victor Julien 85b00dcfa0 development tools: add script to setup new decoder 
Simplify creation of a new decoder.
 10 years ago
Victor Julien 830dd32417 decoder: add template/example 
Add fictional example / template for a packet decoder. It's not invoked
anywhere.
 10 years ago
Victor Julien 371648a8c6 lua: TLS support 
Support TLS in Lua detection scripts.

function init (args)
    local needs = {}
    needs["tls"] = tostring(true)
    return needs
end

function match(args)
    version, subject, issuer, fingerprint = TlsGetCertInfo();
    if version == nil then
        return 0
    end
    str = string.format("Version %s\nIssuer %s\nSubject %s\nFingerprint %s",
                        version, issuer, subject, fingerprint)
    SCLogInfo(str);
    return 1
end
 10 years ago
Victor Julien 1e84950017 detect-lua: set direction 10 years ago
Victor Julien 8b3afb6986 lua: add direction support 10 years ago
Victor Julien a798cf9518 DNS: refactor tx completion logic 
Use simple bool values to track the transaction state in both directions.

A tx is only created in two cases:
1. full request parsed
2. response parsed (request missing)

This is true even for multi-packet TCP requests.

This leads to the following tx completion logic for the request side:
the presence of a tx implies the request is complete

On the response side, we consider the tx complete when we have seen
the response. If the DNS parser thinks the response was lost, we also
flag the response side as complete.
 10 years ago
Victor Julien 7281ae6e80 yaml: add missing ippair section 10 years ago
Eric Leblond 3054af7900 af-packet: don't activate rollover by default 
Rollover option is causing issue with TCP streaming code because
packets from the same flow to be treated out of order. As long as
the situation is not fixed in the streaming engine, it is a bad idea
to enable it by default.
 10 years ago
Victor Julien 6b2fb3fd5d Fix minor format string issues 10 years ago
Victor Julien ba81c4d290 autotools: cleanup 
Remove most of the CFLAGS updates from configure. Flags are now (mostly)
set in AM_CLFLAGS.

Update all -DBLAH additions to CFLAGS to use AC_DEFINE([BLAH], ...)

Improve Lua vs LuaJIT checking.

Improve the configure output a bit.

Lots of smaller cleanups.
 10 years ago
Antti Tönkyrä 63a47967d7 source-pfring: don't set cluster mode when using ZC and VLAN tracking is disabled 10 years ago
gureedo c31660e5fd netmap: enable zero-copy mode only when copy-mode is specified. 
Perform zero-copy checks only when copy-mode is specified.
 10 years ago
gureedo a7a902a071 netmap: extended comments for options in configuration file. 
Added extended description of the use of OS endpoint with copy mode.
 10 years ago
Victor Julien cbf46c44ec transaction inspection: fix limit enforcement 
Make sure we're never wrapping around the size value.
 10 years ago
Antti Tönkyrä 834c36659e Allow colon in SSH version, at least some trojaned PuTTY clients have version like Putty-Local: Timestamp HH:MM:SS 10 years ago
Victor Julien 1235c578b2 xff: support ports and more ipv6 notations 
It's not uncommon to see an header like:
X-Forwarded-For: 1.2.3.4:56789

This patch recognizes this case and ignores the port. It also supports
this for IPv6 if the address has the following notation:
X-Forwarded-For: [12::34]:1234

This patch also adds unittests.
 10 years ago
Victor Julien 979bd35277 detect loader: move to own file 10 years ago
Victor Julien cfeaf42cab detect-loaders: configurable amount of loaders 10 years ago
Victor Julien f871c0e1b8 debug: packet pool init/destroy validation 
Validate packet pool handling:
- pools are initialized before use
- pools are not used after destroy
- pools are not double initialized/destroyed
 10 years ago
Victor Julien e44fd97d72 unittests: use a global packetpool 10 years ago
Victor Julien 99c0a7ad72 multi-detect: improve memory handling of setup code 10 years ago
Victor Julien b7b27684c2 multi-detect: detect loader for unix socket 
Move the tenant load and reload commands to be executed by the detect
loader thread(s).

Limitation: no yaml parsing in parallel. The Conf API is currently not
thread safe, so don't load the tenant config (yaml) in parallel.
 10 years ago
Victor Julien eb09118d64 detect: create loader threads 
To speed up startup with many tenants, tenant loading will be parallelized.
As no tempary threads should be used for these memory allocation heavy
tasks, this patch adds new type of 'command' thread that can be used to
load and reload tenants.

This patch hardcodes the number of loaders to 4. Future work will make it
dynamic.

The loader thread essentially sleeps constantly. When a tasks is sent to
it, it will wake up and execute it.
 10 years ago
Victor Julien 82aa419431 multi-detect: set tenant id on pseudo packets 
Store the tenant id in the flow and use the stored id when setting
up pesudo packets.

For tunnel and defrag packets, get tenant from parent. This will only
pass tenant_id's set at capture time.

For defrag packets, the tenant selector based on vlan id will still
work as the vlan id(s) are stored in the defrag tracker before being
passed on.
 10 years ago
Victor Julien e19c41a807 multi-detect: hash lookup for tenants 
Use hash for storing and looking up det_ctxs.
 10 years ago
Victor Julien 722c56dbf3 detect: clean up thread free code 
Introduce DetectEngineThreadCtxFree that doesn't need a 'ThreadVars'
pointer.
 10 years ago
Victor Julien 4f77e8967b multi-detect: make threshold prefix aware 
Make threshold loading prefix aware, so it can be part of tenant
configuration.

If the setting is missing from the tenant, the global setting is tried
and if that too is missing, the global default is used.

Note: currently per host thresholds are tracked globally and NOT per
tenant.
 10 years ago
Victor Julien a6e3cec9e5 multi-detect: make reference prefix aware 
Make reference loading prefix aware, so it can be part of tenant
configuration.

If the setting is missing from the tenant, the global setting is tried
and if that too is missing, the global default is used.
 10 years ago
Victor Julien 5fff250749 multi-detect: make classification prefix aware 
Make classification loading prefix aware, so it can be part of tenant
configuration.

If the setting is missing from the tenant, the global setting is tried
and if that too is missing, the global default is used.
 10 years ago
Victor Julien 4d0975eeac multi-detect: implement reload tenant in suricatasc 10 years ago
Victor Julien d8181802d3 multi-detect: add reload-tenant command 
Allow for a tenant to be reloaded. The command is the same as the
register-tenant command, so with a yaml and tenant-id as argument.
However this replaces an existing tenant.
 10 years ago
Victor Julien 8673801ea3 multi-detect: add tenant id to alert json output 
Add a integer field "tenant_id" to the JSON alert output.
 10 years ago
Victor Julien f4c9915066 multi-detect: store tenant id in packet 
Store tenant id in the packet so that the output API's can log it.
 10 years ago
Victor Julien 642c267dc4 multi-detect: refuse to add duplicate tenant 
Generate error if tentant to be added is already loaded.
 10 years ago
Victor Julien 4e0683c3f5 multi-detect: cleanup, reuse tenant loading code 
Reuse tenant loading from YAML code for Unix Socket.
 10 years ago
Victor Julien 646eb4c2a8 multi-detect: load tenants from yaml file 
Load tenants and mappings from the suricata.yaml when available.
 10 years ago
Victor Julien a20e43f97c suricatasc: add unregister-tenant-handler 10 years ago
Victor Julien a21e88d955 suricatasc: add register-tenant-handler command 
Arguments:
- tenant id (int)
- name of handler (string)
- traffic id related to handler (int, optional)

Examples:
- register-tenant-handler 1 vlan 1111
- register-tenant-handler 8 pcap
 10 years ago
Victor Julien 216638c342 multi-detect: implement unregister-tenant-handler 
Remove a tenant handler from the list and apply it.
 10 years ago
Victor Julien 93f856a1b3 detect: don't error out on no de_ctx 
This can happen on a multi-detect setup with no registered
engines yet.
 10 years ago
Victor Julien b6f290fac7 multi-detect: set selector from yaml 
Yaml setting is: multi-detect.selector

Implement 'vlan' and 'direct'.
 10 years ago
Victor Julien c72b7f83b8 multi-detect: error on start if no selector registered 
Force user to select the method at startup.
 10 years ago
Victor Julien 1127ad66b4 multi-detect: register counters on 'master' det_ctx 
Otherwise counters are only registered after the stats api is
already fixed.
 10 years ago
Victor Julien 7c581c0ffc multi-detect: allow start up with 0 tenants 10 years ago
Victor Julien 6d92e8d220 unix-socket: implement register-tenant-handler 
Register tenant handlers/selectors based on what the unix command
"register-tenant-handler" tells.

Check traffic id before adding it. No duplicated registrations for
a traffic id are allowed.
 10 years ago
Victor Julien 1893c5edb1 multi-detect: initial selectors for tenants 
The Detection Thread has the TenantGetId pointer which allows it
to select a tenant id based on the packet.
 10 years ago