aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,870 Commits
7 Branches
154 Tags
168 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7d706563ef'
${ noResults }
Commit Graph

3870 Commits (7d706563ef87a3f99cd8598263ac8e5f77b16754)
 

Author SHA1 Message Date
Eric Leblond 36519fb4e4 suricatasc: real cmd line parsing and verbose mode 
This patch adds commandline parsing and help to suricatasc. It also
adds a verbose mode (-v) where the send and received JSON object are
shown. This should ease development of unix socket client.
 12 years ago
Eric Leblond 84322fa556 unix socket: add 'conf-get' command 
This patch adds a 'conf-get' command which get the configuration
value from suricata. Argument of the command is the name of the
variable to fetch.
The command syntax is the following:
{
 "command": "conf-get",
 "arguments": { "variable":value}
}
 12 years ago
Eric Leblond c961056ed8 unix socket: add 'capture-mode' command 
This patch displays what capture mode is used.
 12 years ago
Eric Leblond 74a9fc4b66 Add function to display current capture mode 
This patch adds a function to display the capture mode.
 12 years ago
Eric Leblond 2f30485f7b unix socket: add 'runnning-mode' command 
This command displays the active running mode ('autofp' for
example).
 12 years ago
Eric Leblond f4faff6ff9 unix socket: add 'uptime' command 
This command displays the nuber of second since the start of
Suricata.
 12 years ago
Eric Leblond c6b38ebf67 unix socket: add 'version' command 12 years ago
Eric Leblond e3df0d4f5d suricatasc: display command list 12 years ago
Eric Leblond bb639e4a6d suricatasc: add readline completion 12 years ago
Eric Leblond 68c1276433 suricatasc: factorize code and use dynamic commands 
This patch factorize the recv code and uses the new 'command-list'
to get the list of existing commands from suricata. This allows
suricatasc to be able to call any new command if this command does
not require an argument.
 12 years ago
Eric Leblond 78b5812ae6 unix runmode: add 'pcap-current' command 
This command outputs the currently processed file name or 'None'
if no file is currently processed.
 12 years ago
Eric Leblond fc7e6c4a3d unix socket: implement command-list command 12 years ago
Eric Leblond 346d5662b5 cuda: fix invalid use of sizeof 12 years ago
Eric Leblond aa9f795800 cocci test: add sizeof test 
This patch adds a new semantic patch taken from
http://coccinellery.org/. This patch tests if a sizeof take size
of pointer and not of pointed value.
 12 years ago
Anoop Saldanha 71609229cc sigorder cleaned up. 12 years ago
Eric Leblond 21dda8674d Fix build with old pcap library. 
Pcap snaplen related modification broke compilation of Suricata for
system having old pcap library. This patch fixes the issue and allow
old pcap library to honour the snaplen value.
 12 years ago
Eric Leblond 6d225378e4 Workaround function missing in libhtp include 
As reported in bug #688, htp_config_set_path_decode_u_encoding
function is not included in libhtp header before 0.3.0. Result
is that suricata compilation fail with an external htp library.
The following patch detect the issue and adds the missing
declaration.
 12 years ago
Eric Leblond d472d606e9 configure: update htp version dependancy 12 years ago
Anoop Saldanha 66f3c37016 code cleanup + unittests added against http_host and http_raw_host keywords, 
against various combinations of hostname in uri and host header.
 12 years ago
Anoop Saldanha 3511f91bba Add support for the new keyword - http_raw_host header. 
The corresponding pcre modifier would be 'Z'.
 12 years ago
Anoop Saldanha c4ce19a1be Add support for a new keyword to inspect http_host header. 
The corresponding content keyword would now be - http_host.
The corresponding pcre modifier would be W.
 12 years ago
Matt Keeler ebccb9ffcd Added host buffer allowance and stream configuration for Napatech 3GD 
Added a napatech section in the yaml configuration.
	hba - host buffer allowance
	use-all-streams - whether all streams should be used
	streams - list of stream numbers to use when use-all-streams is no

The source-napatech.* files were modified to support the host buffer allowance configuration.
The runmode-napatech.c file was modified to support both the host buffer allowance configuration and stream configuration

Signed-off-by: Matt Keeler <mk@npulsetech.com>
 12 years ago
Anoop Saldanha 0c24a8a92f fix(more like a feature update) for bug #708. 
Add support for flowint based sig ordering.
 12 years ago
Eric Leblond 2f0927fe9b pcap: add snaplen YAML variable 
This patch introduces 'snaplen' a new YAML variable in the pcap section.
It can be set per-interface to force pcap capture snaplen. If not set
it defaults to interface MTU if MTU can be known via a ioctl call and to
full capture if not.
 12 years ago
Eric Leblond e14a817fbd pfring: delete unused define. 12 years ago
Eric Leblond 786cbb1244 log-pcap: don't limit snaplen. 12 years ago
Eric Leblond e8aa66a44c pcap: add 'promisc' YAML configuration variable 
This patch adds a promisc variable to pcap configuration. It is
used to decided if interface is switched to promiscuous mode.
 12 years ago
Eric Leblond 1aaa828b63 pcap: set snaplen to MTU if available. 
Main objective of this patch is to use a dynamic snaplen to avoid
to truncate packet at the currently fixed snaplen.

It set snaplen to MTU length if the MTU can be retrieved. If not, it
does not set the snaplen which results in using a 65535 snaplen.

libpcap is trying to use mmaped capture and setup the ring by using buffer_size
as the total memory. It also use "rounded" snaplen as frame size. So if we set
snaplen to MTU when available we are optimal regarding the building of the ring.
 12 years ago
Victor Julien cc51eec59d Use new libhtp query string normalization. Bug #739. 12 years ago
Victor Julien d41c762689 Add separate libhtp query string normalization function and configuration toggles for it. 12 years ago
Eric Leblond 2732faf05c teredo: update protocol decoding. 
This patch fixes an error in pointer arythmetic and add some
comments to increase maintanability of the code. It also
simplify the decoding code as a careful RFC reading indicate
that if we discard packet containing an authentication field,
it is only possible to have a single origin indication field.
 12 years ago
Eric Leblond 8d7b9703af Fix latest build-info modification 
The creation of build-info.h should have been made in build
directory and not in source directory. This should fix changes
introduced in #738.
 12 years ago
Eric Leblond 84f50ba49f build-info: use printf instead of SCLogInfo 
This change results in a more readable and reusable output.
 12 years ago
Eric Leblond 668113af77 add configure summary to build-info output 12 years ago
Eric Leblond f5ba8eb6db suricata: add information to build-info 
This patch adds information about luajit and jansson to the
output of --build-info command. This should fix #696.
 12 years ago
Anoop Saldanha 5fe9394d07 bug #737. Display a more apt error message when wrong argument's supplied to 
reference keyword.
 12 years ago
Jake Gionet bf0ebcbef7 Adding comment in suricata.yaml.in to indicate sensor-id option. 12 years ago
Jake Gionet 1ac8938787 Adding support for Feature #667 12 years ago
Victor Julien d0c1410cf5 Fix sig grouping bug when certain sigs are mixed. Add tests. 12 years ago
Victor Julien afb2d4eddf Fix stateful inspection not always inspecting at stream end. 12 years ago
Anoop Saldanha f59ce70c17 fix for #694. 
Invalidate any address/port vars in the conf that uses a sequence
without quotes.
 12 years ago
Anoop Saldanha 51868f17ae unittest to show the seg fault from bug_694 12 years ago
Victor Julien 8f19024999 geoip: add Fedora pkg hint to configure check 12 years ago
Anoop Saldanha 34a9c047fc updated to fix unix shutdown sequence 
Should fix crashes occuring from unix mode shutdown/cleanup phase.
 12 years ago
Ignacio Sanchez d771e08156 Adds support for the geoip keyword 
Adds support for match-on conditions (src, dst, any, both)
Uses GEOIP_MEMORY_CACHE for performance reasons
Adds support for negation and multiple countries in the same rule

Bug fixes

Changed to take flow direction from rule, if present

Comments addressed. Unit tests added.
 12 years ago
Eric Leblond 6dfd106139 conf: add unittest for WithDefault functions. 12 years ago
Eric Leblond f59c63c457 pcap: add support for 'default' interface 12 years ago
Eric Leblond feabe6e9a2 pfring: add support for 'default' interface 12 years ago
Eric Leblond 4ae27756b0 af-packet: add support for 'default' interface 
This patch adds support for 'default' interface which is used to get
parameter values when per-interface is not defined.
 12 years ago
Eric Leblond 0bddf4f02f conf: introduce WithDefault function 
This patch introduces a new set of functions to the ConfGetChildValue
family. They permit to look under a default node if looking under
base node as failed. This will be used to access to default parameters
for a data type (for instance, first usage will be interface).
 12 years ago