Commit Graph

35 Commits (cfdd934aba2ccda93afa95345b97a9aeb0dd29f2)

Author SHA1 Message Date
Jason Ish bbaa79b80e DNP3: Application layer decoder.
Decodes TCP DNP3 and raises some DNP3 decoder alerts.
9 years ago
Victor Julien 0d4b93cafd tls-rules: install on 'make install-full' 9 years ago
Eric Leblond 50ad1ce307 build: install app-layer-events.rules 10 years ago
Victor Julien 3a6b7a1cd6 make install-rules: update URL to https and 3.0 10 years ago
Jason Ish 2b81caf73e Respect DESTDIR in install-conf and install-rules. 11 years ago
DIALLO David 5a0409959f App-layer: Add Modbus protocol parser
Decode Modbus request and response messages, and extracts
MODBUS Application Protocol header and the code function.

In case of read/write function, extracts message contents
(read/write address, quantity, count, data to write).

Links request and response messages in a transaction according to
Transaction Identifier (transaction management based on DNS source code).

MODBUS Messaging on TCP/IP Implementation Guide V1.0b
(http://www.modbus.org/docs/Modbus_Messaging_Implementation_Guide_V1_0b.pdf)
MODBUS Application Protocol Specification V1.1b3
(http://www.modbus.org/docs/Modbus_Application_Protocol_V1_1b3.pdf)

Based on DNS source code.

Signed-off-by: David DIALLO <diallo@et.esia.fr>
11 years ago
Victor Julien a746095569 make install-full: get correct version of ET
Version 2.0.
12 years ago
Eric Leblond f9f1a666f0 dns: rules files was not installed
Installed dns-events.rules files in rules directory with install-rules.
12 years ago
Eric Leblond daa9dcb75f Use wget or curl to download ruleset. 12 years ago
Eric Leblond 50ac3e0498 autotools: workaround on partial cleaning 12 years ago
Victor Julien aafc65c757 Autotools: move libhtp conditionals to configure
In preparation of the libhtp upgrade, move all libhtp related conditionals
to configure. This allows for one set of build scripts that works regardless
of the presence of a local libhtp dir.
12 years ago
Victor Julien 55625d738a TLS: create certs dir on 'make install-full'. Bug #711. 12 years ago
Eric Leblond 20a8b9dbe5 unix-manager: add unix command socket and associated script
This patch introduces a unix command socket. JSON formatted messages
can be exchanged between suricata and a program connecting to a
dedicated socket.
The protocol is the following:
 * Client connects to the socket
 * It sends a version message: { "version": "$VERSION_ID" }
 * Server answers with { "return": "OK|NOK" }
If server returns OK, the client is now allowed to send command.

The format of command is the following:
 {
   "command": "pcap-file",
   "arguments": { "filename": "smtp-clean.pcap", "output-dir": "/tmp/out" }
 }
The server will try to execute the "command" specified with the
(optional) provided "arguments".
The answer by server is the following:
 {
   "return": "OK|NOK",
   "message": JSON_OBJECT or information string
 }

A simple script is provided and is available under scripts/suricatasc. It
is not intended to be enterprise-grade tool but it is more a proof of
concept/example code.  The first command line argument of suricatasc is
used to specify the socket to connect to.

Configuration of the feature is made in the YAML under the 'unix-command'
section:
  unix-command:
    enabled: yes
    filename: custom.socket
The path specified in 'filename' is not absolute and is relative to the
state directory.

A new running mode called 'unix-socket' is also added.
When starting in this mode, only a unix socket manager
is started. When it receives a 'pcap-file' command, the manager
start a 'pcap-file' running mode which does not really leave at
the end of file but simply exit. The manager is then able to start
a new running mode with a new file.

To start this mode, Suricata must be started with the --unix-socket
 option which has an optional argument which fix the file name of the
socket. The path is not absolute and is relative to the state directory.

THe 'pcap-file' command adds a file to the list of files to treat.
For each pcap file, a pcap file running mode is started and the output
directory is changed to what specified in the command. The running
mode specified in the 'runmode' YAML setting is used to select which
running mode must be use for the pcap file treatment.

This requires modification in suricata.c file where initialisation code
is now conditional to the fact 'unix-socket' mode is not used.

Two other commands exists to get info on the remaining tasks:
 * pcap-file-number: return the number of files in the waiting queue
 * pcap-file-list: return the list of waiting files
'pcap-file-list' returns a structured object as message. The
structure is the following:
 {
  'count': 2,
  'files': ['file1.pcap', 'file2.pcap']
 }
13 years ago
Eric Leblond 1c3546fec1 install: create state dir with install-conf 13 years ago
Victor Julien e2c7078cc3 Add contrib dir and it's content to the dist. Bug 567 13 years ago
Victor Julien eb5dbc305f Add threshold.config example to EXTRA_DIST as well. 13 years ago
Eric Leblond 95cd8bf67e Add threshold.config file.
This patch adds an example file and modify Makefile to have it
installed by 'make install-conf' command.
13 years ago
Victor Julien d8356c5ebd Windows build and other misc fixes. 13 years ago
Eric Leblond a5268088cd OpenBSD: fix tar command. 14 years ago
Eric Leblond d0e3df6057 Autotools: make 'install-full' now run 'install' too. 14 years ago
Victor Julien 697e9e660f Config should be set up in sysconfdir/suricata. Add reference to oinkmaster guide. 14 years ago
Eric Leblond 338608842e Improve output 14 years ago
Eric Leblond 25804f5aa8 Add install-conf command to build system.
This patch adds support for customisation of suricata.yaml and
automatic download of emerging threat GPL rules. By running
'make install-full' after 'make install', files necessary to run
suricata are copied in the configuration directory and the latest
ruleset is downloaded and installed. Suricata can then be run
without files edition.
This patch has a special treatment for the windows build which
requires some different paths.
suricata.yaml is also updated to load all rules files provided by
emergingthreat ruleset.
14 years ago
Victor Julien 227d6e058c Make sure new rule and doc files are part of the dist. 14 years ago
Eric Leblond a7fa081ad2 Add stream-events.rules to distribution.
This should fix #360.
14 years ago
Victor Julien d9e541337a Add decoder-events to Makefile.am as well. 15 years ago
Eric Leblond 7c841e1d7c Add coccinelle check to 'make check'
This patch adds coccinelle checking to the autotools
'make check'.
15 years ago
Victor Julien 0e8b041151 Add missing 'reference' to reference.config to Makefile.am. 15 years ago
William Metcalf 62dd11c0a2 add missing docs to Makefile.am 16 years ago
Victor Julien 6d39ffc2be Add classification.config to Makefile.am as well. 16 years ago
William Metcalf 0fe4373b67 Rolled back to 0.2.x branch renamed htp to libhtp 16 years ago
William Metcalf f7111f3847 import of integrated htp lib and small libnet fixes 16 years ago
Gurvinder Singh 5293681860 b86 16 years ago
Steve Grubb f853da7940 Get make distcheck working
Hello,

Below is a patch that gets "make distcheck" working. Its against the
current code in git. The project version was set to 0.1 in configure,
I changed that to 0.8.1 just so its actually relevant. You might want
to set that to something else.

After checking this patch, I find that there are several source code
files in src/ that are not getting compiled:

-app-layer-detect.c
-app-layer-detect.h
-app-layer-http.c
-reputation.h

Are these new or abandoned? Anyways...here's the patch.

-Steve
16 years ago
Victor Julien bab4b62376 Initial add of the files. 16 years ago