aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,845 Commits
10 Branches
154 Tags
166 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c4b34e6ef7'
${ noResults }
Commit Graph

114 Commits (c4b34e6ef73f9915b4da1d52673279ea7537f6f0)

Author SHA1 Message Date
Victor Julien d00c6172c9 Update stream section of example configuration. 14 years ago
Eric Leblond e802e1ed16 Modify Packet structure and prepare accessor. 
This patch modifies decode.c and decode.h to avoid the usage
by default of a bigger than 65535 bytes array in Packet structure.
The idea is that the packet are mainly under 1514 bytes size and
a bigger size must be supported but should not be the default.

If the packet length is bigger than DFLT_PACKET_SIZE then the
data are stored in a dynamically allocated part of the memory.

To ease the modification of the rest of the code, functions to
access and set the payload/length in a Packet have been introduced.

The default packet size can be set at runtime via the default-packet-size
configuration variable.
 14 years ago
Eric Leblond 8471626916 Fix error message and adds information to config 
This patch fixes a typo in an error message and add some
information to the checksum verification option.
 14 years ago
Gurvinder Singh f4392e1dcc added support for appending the log files 14 years ago
Pierre Chifflier de41612ea1 Add options to choose if we log header and content in Prelude alert module. 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 14 years ago
Victor Julien e66b3e3ee7 Switch mpm-algo in example suricata.yaml to ac 14 years ago
Victor Julien 355f237bfd Fix compiler warnings, cleanup counters config code. 14 years ago
Gurvinder Singh ba18110abd support for stats.log configurable and fixed timezone issue in faslog and debuglog 14 years ago
Martin Beyer b1c577f829 cuda streams support in b2g-cuda MPM 14 years ago
Anoop Saldanha c734cd1bdd make cuda mpm parameters configurable 14 years ago
Victor Julien 0dd07df60d Add reference to suricata.yaml documentation in our redmine wiki. 14 years ago
Victor Julien 6ebe7b7cd3 Change the way the request body limit is enforced. 14 years ago
Anoop Saldanha 778ec0939c make client body buffer limit configurable. Also some minor changes 14 years ago
Jason Ish a4d19e4130 Add new profiling sort option, maxticks. 14 years ago
Anoop Saldanha 5d9a453e0d find an optimal value for detect-engine:inspection-recursion_limit + unittest 14 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 14 years ago
Victor Julien 344ea14695 Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility. 14 years ago
Victor Julien 3bd7441ea5 Default to 'single' ctx for ac-gfbs as well. 14 years ago
Anoop Saldanha 62f814a4c3 change default value for detect-engine.sgh_mpm_context to auto 14 years ago
Anoop Saldanha b367c37ae6 suricata.yaml conf update to support single mpm context distribution over multiple sghs + code to parse this conf 14 years ago
Anoop Saldanha a85fa6b792 support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis 14 years ago
Pablo Rincon b3a8f0a90f Fix asn1 decoder frame oob mem. Adding max stack frames to suricata.yaml 14 years ago
Victor Julien b4454b6846 Switch to b2gc as default pattern matcher as it uses less memory and is a little faster. 14 years ago
Victor Julien 87f88867f4 Further improve B2gc. Add B2gm. Improve memory layout. 14 years ago
Victor Julien 9dfbab42f8 WIP B2gc 14 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 14 years ago
Victor Julien 875184a4ba Cleanup suricata.yaml. 14 years ago
Gurvinder Singh f0928a4555 support for enforcing the depth until when the reassembly will be performed 14 years ago
Victor Julien cbebc44fb2 Fix config file typo. 14 years ago
Anoop Saldanha 07491f8887 add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer 14 years ago
Gurvinder Singh 8b0ca4f628 support for seperate memcaps for reassembly and stream engine 14 years ago
Victor Julien 2c5c0d54f3 Add comments on CUDA usage in suricata.yaml. 15 years ago
Victor Julien c67cf593c2 Disable alert-debuglog and unified1 in the default config. Add comments to the default config about pending packets, alert log types. 15 years ago
Victor Julien 6519a86ec7 Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros. 15 years ago
Pablo Rincon 9d114eaffb Adding threshold.config example at suricata.yaml 15 years ago
Victor Julien 49d68169ea Allow the user to disable setting cpu affinity and allow configuring the number of detect threads relative to the number of CPU's/CPU cores. 15 years ago
Victor Julien 2fd31a1a11 Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory. 15 years ago
Pablo Rincon 4775f67ba1 Adding emergency mode recovery options on config 15 years ago
Jason Ish 18e5ac8cde Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules. 15 years ago
Pablo Rincon 1238668961 Adding actions order and suport for rule action "pass" 15 years ago
Jason Ish 00974d157b Fix issue 131. 
Flow-timeouts likely don't need to be a sequence, but rather mappings.  We'd only need a sequence if you wanted to list something like "tcp" twice which I don't think makes sense for configuration section.

Also fixup flow.c to not attempt to use the sequence, and put the timeouts into their correct place.
 15 years ago
Victor Julien 4875c2daf4 Console logging settings are now overridden by env vars. 15 years ago
Brian Rectanus a9cdd2bbae Add htp personality configuration. 15 years ago
William Metcalf b0faeb91d7 small PF_RING update cmd line opts changed 15 years ago
root ddf995da3b pfring support lb type, and now uses logging subsys 15 years ago
Jason Ish eab93e766a Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag. 15 years ago
Jason Ish 5c3ab2b73f Load host OS info from the configuration. 15 years ago
Victor Julien 0693dc1a50 Fix typo in example config. 15 years ago
Pablo Rincon 38dc7ffebc Adding settings for detect engine group config 15 years ago
Jason Ish fbdf1baf1c - rebase 
Provide limits to the unified outputs.
 15 years ago
Jason Ish 7142fdb780 quick way to make max_pending configurable. 15 years ago
Gurvinder Singh 999a200bc9 pattern matcher options support 15 years ago
Jason Ish c72d6be58b Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available. 15 years ago
Pierre Chifflier 4515ae13e4 Add Prelude output plugin 
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.

Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)

libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).

Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 15 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 15 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 15 years ago
Victor Julien f08d01a8e8 Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine. 15 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 15 years ago
Jason Ish 4e1acf5fd2 Require that the configuration file begins with a valid YAML version. At this time this means the configuration file must begin with 
%YAML 1.1
 15 years ago
Jason Ish 844c444af1 Use the configuration file to setup alert logging (and http logging). 
Only setup for the live pcap modes at the moment.
 15 years ago
Victor Julien bea22d91ed Set default-rule-path in example config to /etc/suricata/rules/ 15 years ago
Victor Julien d284f0d333 Set default classification file location in the config file. 15 years ago
Will Metcalf 87a435cd0d updated to include more rulesets more sane vars 15 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 15 years ago