suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	8350fdd9be	Do not assume the include dir for nss to be nss. On F16 it's nss3.	14 years ago
Victor Julien	2197f1a625	file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records.	14 years ago
Victor Julien	337f7861a4	Make sure that if not built against libnss, we still compile. Only no md5 for you then\!	14 years ago
Victor Julien	69b3df96fb	Initial on the fly MD5 calculation for extracted files using libnss.	14 years ago
Victor Julien	18d79c4215	file store: respect flowbits and other keywords The filestore keyword until now flagged a file, tx or ssn for storage as soon as the keyword was inspected. This happens before flowbits and some other keywords, so files were stored that weren't supposed to. This patch makes the filestore keyword fill an array in the detect engine thread ctx. Then if the full signature matches, a post-match filestore function makes the store final.	14 years ago
Victor Julien	9878eca086	file handling: expand filestore keyword Filestore keyword by default (... filestore; ... ) marks only the file in the same direction as the rule match for storing. This makes sense when inspecting individual files (filemagic, filename, etc) but not so much when looking at suspicious file requests, where the actual file is in the response. The filestore keyword now takes 2 optional options: filestore:<direction>,<scope>; By default the direction is "same as rule match", and scope is "currently inspected file". For direction the following values are possible: "request" and "to_server", "response" and "to_client", "both". For scope the following values are possible: "tx" for all files in the current HTTP/1.1 transation, "ssn" and "flow" for all files in the session/flow. For the above case, where a suspious request should lead to a response file download, this would work: alert http ... content:"/suspicious/"; http_uri; filestore:response; ...	14 years ago
Victor Julien	4cbe7519fa	Add missing file util code.	14 years ago

7 Commits (988c92f71c7b83454aa3effb1f6160a2cbba109a)