aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,071 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9f3e2f7a92'
${ noResults }
Commit Graph

314 Commits (9f3e2f7a927d19ba69db8ddaa10aedbc78274c91)

Author SHA1 Message Date
Pablo Rincon b3a8f0a90f Fix asn1 decoder frame oob mem. Adding max stack frames to suricata.yaml 15 years ago
Gurvinder Singh 3eab715153 support for printing protocol names for known protocol 15 years ago
Victor Julien 1859ed54c7 Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp. 15 years ago
Victor Julien 3971bcc83a Switch to faster tolower function for u8_tolower. 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Pablo Rincon 9d7baa7a9f Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion 15 years ago
Anoop Saldanha 07491f8887 add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer 15 years ago
Anoop Saldanha 33f4beb0bc batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms 15 years ago
Victor Julien 8cdd02877f Add unittests for ringbuffer. 15 years ago
Anoop Saldanha 36e4b1830e add pcre with U modifiers to the umatch sigmatch list. fix for bug 155 15 years ago
Pablo Rincon eed0ef6e69 Adding tag keyword support 15 years ago
Kirby Kuehl c3b9305259 dcerpc udp support 15 years ago
Victor Julien 6519a86ec7 Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros. 15 years ago
Victor Julien 012e602c3f Add a (disabled by default) flow pinned runmode for file pcap. 15 years ago
Anoop Saldanha 45ea0d914e dce stub content keywords support using dcepayload.c support for all dce related content keywords 15 years ago
Jason MacLulich 835630efbd Add initial support for reading packets from a DAG card, we only support reading from a single stream at this time. 
Use the --dag <dagname> cmd line option to specify from which DAG card to read pkts
from.

Issue at the moment with pkts being ejected during shutdown -- at the moment we
ignore any packets that are not of link type Ethernet.
 15 years ago
Ondrej Slanina 6bf7d76005 added possibility to run suricata as WIN32 service 15 years ago
Ondrej Slanina 79443b1991 added INT and TERM signals on WIN32 15 years ago
William Metcalf 9ce1399db8 Add option for setting pcap buffer size if it is available 15 years ago
Victor Julien 4e7df60b2f Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this. 15 years ago
Victor Julien 6f502f0da5 lockfree ringbuffer wip2, including proper shutdown. 15 years ago
Jason Ish a93b2e6b84 Support for reading ERF files. 15 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 15 years ago
Victor Julien 2910759943 Rename TranslateIPToPcapDev to PcapTranslateIPToDevice and make the length argument size_t. 15 years ago
Ondrej Slanina 55d0d1e7a1 added support for finding pcap device via it's IP. 15 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 15 years ago
Victor Julien b8641f300d Rename asn1 files, fix an invalid free, fix improper init of vars in one unittest. 15 years ago
Pablo Rincon 3fa3229e01 ASN1 decoder and keyword implementation 15 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine. 
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
 15 years ago
Jason Ish 18e5ac8cde Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules. 15 years ago
William Metcalf b629b7c5c1 only show cli opts via help that we have support for 15 years ago
Victor Julien 692eb935ea Fix updated memory api using debug mode by default. Small cleanups. 15 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 15 years ago
Victor Julien e741bd0202 Cleanup packet recycling code. Fix issues in the packet tunnel/pseudo code. 15 years ago
Victor Julien e1a8c8f76c Switch time api from mutex to spinlock. 15 years ago
Victor Julien 19584d0416 Fix tunneled and defrag reassembled packets with the new pending limits. 15 years ago
Victor Julien ccf22cf563 Move to different way of enforcing max_pending. Should require less locks. 15 years ago
William Metcalf 5fb405335e Small wrapper fixes to allow for windows compilation 15 years ago
Pablo Rincon 1238668961 Adding actions order and suport for rule action "pass" 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 15 years ago
Anoop Saldanha 0b6dc3e8d5 Fix globalinit memset for trans_q 15 years ago
Victor Julien 2797e67a79 Print Suricata version after initializing logging subsys. 16 years ago
Victor Julien 71b327bd23 Improve error detection in the pidfile api. 16 years ago
Pablo Rincon 9803def006 Adding pidfile support (thanks to Steve Grubb for the patch) 16 years ago
Anoop Saldanha 9e94768385 fix for bug 108 16 years ago
Anoop Saldanha 97d49d8f5e support for http_client_body keyword 16 years ago
Breno Silva 67f2026279 Global Threshold config 16 years ago
William Metcalf b0faeb91d7 small PF_RING update cmd line opts changed 16 years ago
Jason Ish acaee78b1c Fix bug 125. - Always bail on parse errors. - Exit if loading the config file fails. - Display the line number where the parsing failed. 16 years ago
root ddf995da3b pfring support lb type, and now uses logging subsys 16 years ago
Jason Ish 5c3ab2b73f Load host OS info from the configuration. 16 years ago
Victor Julien 80dc4f1dbe Further simplify content api: merge flags that indicate a next relative match, remove chunks as they are unnecessary now, make negated a bitflag. 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Jason Ish 7537013e16 Fix bug 99. 
- Handle the case where the parent node already exists in ConfSet.
- Deal with allow_override properly when a node has already been
  set with ConfSet.
 16 years ago
Pablo Rincon 7719216575 Setting thread priorities with nice 16 years ago
Jan Jezek fe6a72befc Code is now compilable on the Win32 platform 16 years ago
Anoop Saldanha 1a5ee37bd3 Added cuda logs for the engine, which shows device info and memory usage 16 years ago
Anoop Saldanha 8cf60d6645 Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher. 16 years ago
Anoop Saldanha c26e92733d handle the cuda cleanup at shutdown. should get rid of any errors from the call to SigGroupCleanup 16 years ago
Victor Julien d281a6b8ac CUDA build system support & compile fixes 
- add configure support for CUDA
- make sure all code compiles if CUDA is disabled
- fix compiler warnings
 16 years ago
Anoop Saldanha a2948fc25c valgrind fixes for b2g cuda mpm 16 years ago
Anoop Saldanha 41e6735b92 mpm b2g cuda support added 16 years ago
Anoop Saldanha 84df26d3fd cuda interface 16 years ago
Pablo Rincon b482471a7d Adding auto runmodes based on available core/cpu's. Setting thread priorities 16 years ago
Breno Silva b02bb6b6b4 VLAN Support 16 years ago
Pablo Rincon 0165b3f0d8 pcre P modifier support (pcre match over http body requests) 16 years ago
Victor Julien 2cb2989ad8 Apply configurable max pending packets to nfq and ipfw 16 years ago
Jason Ish 7142fdb780 quick way to make max_pending configurable. 16 years ago
Pablo Rincon d0404d8447 Renaming errors with naming conventions 16 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 16 years ago
Victor Julien e0aacac4c6 Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit. 16 years ago
William Metcalf ba46c16aac bpf support for pcap modes 16 years ago
Pierre Chifflier 4515ae13e4 Add Prelude output plugin 
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.

Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)

libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).

Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 16 years ago
Gurvinder Singh cf5266094d bug 66 patch 16 years ago
Gurvinder Singh 3cad20946d bug 64 patch 16 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 16 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 16 years ago
Pablo Rincon 7f250a814a Fixing redeclaration of run_mode 16 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 16 years ago
Jason Ish 0a5bc2d600 Fix issue 74. separate initialization of run modes from adding them to a thread. - fixes issues with multiple output threads. 16 years ago
Pablo Rincon 260e581929 First version of the reputation API 16 years ago
Pablo Rincon 256d745b39 Including header file for cpu detection 16 years ago
Pablo Rincon 17cd010b0c Detect the number of CPUs configured and online. Printing a small summary at the startup 16 years ago
Victor Julien d446b85237 Remove obsolete files. 16 years ago
William Metcalf 82978f9f27 new pfring runmode for quad core, other small pfring fixes 16 years ago
Pablo Rincon 705471e4ee Adding single pattern matcher algorithms. If you cannot store a context for the patterns, use SpmSearch() macro. Adding unittests and stats 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
William Metcalf 8a64321340 raw pcap support additionl ipv4/6 validation 16 years ago
Pablo Rincon b6a3395c08 Adding unittest helper functions for building generic packets, checking arrays of expected match results, perform generic tests, etc. Look at util-unittest-helper.c and detect-ipproto.c for references 16 years ago
Jason Ish 095f2cf6ef Consistency fix.. Xxxlog -> XxxLog. 16 years ago
Jason Ish e204d07717 Have output modules register themselves so run mode configurator becomes aware of them for purposes of being configured from the config file. 16 years ago
Victor Julien 56556eb550 Set payload no inspect flag for packets with encapsulated packets as these are inspected separately 16 years ago
Victor Julien 9ececacda3 Fix packet timestamp handling for encapsulated packets. 16 years ago
Jason Ish cf95fa7c74 configurable outputs for nfq and pcap file. 16 years ago
Jason Ish a05436af8c Configurable alert outputs for PF_RING modes. 16 years ago
Jason Ish 844c444af1 Use the configuration file to setup alert logging (and http logging). 
Only setup for the live pcap modes at the moment.
 16 years ago
Victor Julien b7bac14040 Fixup code to compile with -Wall -Werror -Wextra -Wno-unused-parameter compiler options. 16 years ago
Victor Julien 1f09a88c93 Improve default-log-dir error checking and reporting. 16 years ago
Anoop Saldanha 750600ab17 check for the existance of default logging directory 16 years ago
Anoop Saldanha bc4df59414 Support for Classtype keyword and Classification Config file 16 years ago
Victor Julien 4862488dac add version output, -V option 16 years ago
Will Metcalf f2b1e66a6a fixes for init failure stuff 16 years ago
Victor Julien 778228d1c5 Flags keyword fix. Fatal init fix. 16 years ago
Will Metcalf cc3c1779cd more project name updates 16 years ago
Gurvinder Singh b92886a79a bug#18 and some minor changes 16 years ago
Pablo Rincon f2f9b83280 Adding FTP app layer parser and ftpbounce detection at L7 16 years ago
Gurvinder Singh 8c8b8596c8 fixed bug 18 16 years ago
Victor Julien 493715c0d2 Implement alert sid storage in the flow so we can check previous alerts in the flow. 16 years ago
Jason Ish 28cad3429c An example of how logging could be configured from the log file. 16 years ago
Gerardo Iglesias Galvan 5471baf8f4 Change case values to their corresponding enum values 16 years ago
Gerardo Iglesias Galvan e917065e26 Add support for daemon, checking for valid combination of modes 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago