aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,470 Commits
7 Branches
161 Tags
204 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e75a93b125'
${ noResults }
Commit Graph

354 Commits (e75a93b1256e604d2528baff76b9c236057dba64)

Author SHA1 Message Date
Anoop Saldanha 97d49d8f5e support for http_client_body keyword 16 years ago
Victor Julien 26e8a0a06a Cleanup global threshold code. 16 years ago
Breno Silva 67f2026279 Global Threshold config 16 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 16 years ago
Victor Julien e3552a8e3f Add more comments to detect and flow structures. 16 years ago
Gerardo Iglesias Galvan ef2ae76c42 Add support for detection_filter keyword 16 years ago
Victor Julien 297001c6d9 Only process a app layer sig if it has the proper state. Make sure a sig can't have conflicting sigmatches, such as ftpbouce and uricontent. 16 years ago
Victor Julien ec47f840f3 Remove more scan references. 16 years ago
Victor Julien bee4e04664 More scan/search related cleanups. 16 years ago
Victor Julien f298fec872 Make sure nocase applies to the last pattern, content or uricontent. 16 years ago
Victor Julien 8b30226914 Detection keyword cleanup 16 years ago
Victor Julien b259e362cd Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now. 16 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago
Victor Julien 50e41817a7 Share content id's between identical patterns. 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Victor Julien dc11247511 Change the way we replace contents by http_method and http_cookie, fixing #90. 16 years ago
Pablo Rincon 38dc7ffebc Adding settings for detect engine group config 16 years ago
Anoop Saldanha 8cf60d6645 Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher. 16 years ago
Anoop Saldanha 41e6735b92 mpm b2g cuda support added 16 years ago
Victor Julien defc6595c6 Make pcre P have it's own sm type. 16 years ago
Breno Silva 7e299834d2 FragOffset Rule Keyword 16 years ago
Victor Julien b3bcba077f Only inspect http flows against uri sigs, clean up uri scanning code. 16 years ago
Gurvinder Singh 356a8bf385 applayer uri match and modified http handling 16 years ago
Gurvinder Singh f6b0c481b0 urilen support for engine 16 years ago
Breno Silva 1d055b0e09 ICMP Seq Rule Keyword 16 years ago
Brian Rectanus c22d42693a Added http_method rule keyword. 16 years ago
Anoop Saldanha f684989f98 dce_iface, dce_opnum, dce_stub_data keyword support 16 years ago
Anoop Saldanha bc4df59414 Support for Classtype keyword and Classification Config file 16 years ago
Victor Julien d5c732f1f9 Add tag keyword stub 16 years ago
Victor Julien 4824868766 Application layer detection improvements 
- improve locking of application layer handling, making sure that the flow cannot be freed/cleared when the detection engine is still working with it.
- add a check to the app layer detection to make sure that a match function will only inspect an app layer state if it's of the right type.
 16 years ago
Pablo Rincon f2f9b83280 Adding FTP app layer parser and ftpbounce detection at L7 16 years ago
Victor Julien 6ab64706b0 Improve threshold hash table handling. 16 years ago
Gerardo Iglesias Galvan 7e87f373b9 Add icmp_id keyword support 16 years ago
Victor Julien 493715c0d2 Implement alert sid storage in the flow so we can check previous alerts in the flow. 16 years ago
Victor Julien 9fd46e9425 Support for sigs with both pkt and applayer detect 
Sets a flowbit with the sig id if the packet matches match. Checks
on that if the app layer matches match. Currently misuses the
flowbits api for this in a way that needs fixing.
 16 years ago
Breno Silva 69eb869cc9 Threshold Rule 16 years ago
Gurvinder Singh a0f184866c http_cookie keywork support 16 years ago
Gerardo Iglesias Galvan b254719ffc Add fatal failures on unittest and siginit failure (using Conf API) 16 years ago
Pablo Rincon 1ad6d75dfe Added rpc keyword support at packet level 16 years ago
Pablo Rincon a8d7b71490 First version of flowints 16 years ago
Gerardo Iglesias 991d421394 Changed printf's to logging API functions 16 years ago
Pablo Rincon 6206ffb530 Adding bidirectional operator support and unittests 16 years ago
Victor Julien f1f7df0766 First iteration of doing app layer detection. 16 years ago
Anoop Saldanha 6ca5dbc9e9 Support fast_pattern modifier keyword for content 16 years ago
Anoop Saldanha 1c7ac13c25 Support for negated content 16 years ago
Pablo Rincon f233f9fa31 Adding detect_content chunks handling for max_pattern_length and unittests. Updating modifiers to use it. 16 years ago
Victor Julien d6be6ceb19 Fixup artifact from automatic renames: rename DetectAddresssHead to DetectAddressHead. 16 years ago
Gurvinder Singh cacbf31aad support for ttl keyword 16 years ago
Victor Julien de8caa7964 Rename DetectAddressGroup* to DetectAddress* 16 years ago
Victor Julien 3c7a038477 Further memory cleanups. Split out init only vars out of the sig group head. 16 years ago
Victor Julien 32e51e5e5a Replace sgh refcnt by a flag. 16 years ago
Victor Julien 2d0e9658f8 Speed up per sgh content maxlen calc. Remove mpm ptrs from mpm ctx. Add unittests testing the detection engine internals. 16 years ago
Victor Julien e4c98c562c Merge DetectAddressData and DetectAddressGroup 16 years ago
Victor Julien 15ab5d7003 More engine init memleaks fixed. HashListTable remove function fixed. 16 years ago
Victor Julien 7a7bb7a390 Get rid of global mpm_ctx. 16 years ago
Brian Rectanus ed30067bd7 Ack/Seq Keywords 16 years ago
Brian Rectanus ec6c5258b6 Sameip Keyword 16 years ago
Breno Silva 15a8f34d36 Gid Keyword 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Breno Silva 6100a7f610 FragBits Keyword 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Victor Julien 4dbcf5fbac Add support for moving detection tests outside of detect.c and move the 'id' tests to it's own file. 16 years ago
Pablo Rincon 1a983fd316 Adding id keyword and unittests 16 years ago
Victor Julien 085b7a3c0e Move unittests away from detect.c 16 years ago
Breno Silva 7dc985aa4e Signature Flags Keyword 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Brian Rectanus e28647032d Add ip_proto support. 16 years ago
Gurvinder Singh a991ab0a19 added sigmatch payload flag 16 years ago
Anoop Saldanha f658ffbc9c Order the signatures based on certain rule parameters like actions, flowbits, flowvar, pktvar, priority etc 16 years ago
Breno Silva 27c61ac148 IpOpts Rule Keyword 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Pablo Rincon bdf119ade3 Adding window and isdataat keyword and some unittests 16 years ago
Brian Rectanus 02a8b583c9 Added byte_test and byte_jump support. 16 years ago
Gurvinder Singh ac53ca5b27 Stream Size rule option 16 years ago
Anoop Saldanha 22c0ec2bc5 Added support for the csum-<protocol> rules keyword to the detection engine. Keywords added are ipv4-csum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum 16 years ago
Victor Julien 6eaff4be12 Fixes for issues found by static code analyzer. 16 years ago
Victor Julien b26b5aa462 More cleanups. 16 years ago
Victor Julien 85abc3ef62 Complete removal of global de_ctx. UtRuntests now returns the number of failed tests or 0 on none. Program exits with code 1 on failed tests, code 0 otherwise. Removal of broken http uri test. 16 years ago
Victor Julien b9972a9d2c Cleanups 16 years ago
Victor Julien 97854cf4bb Fixup some rule parser memleaks 16 years ago
Anoop Saldanha 244f5d547a new registration functions for the stats api, with local thread storage for counter ids 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Anoop Saldanha 8af9f902e8 additional support for type qualifier for the stats api 16 years ago
William Metcalf dd86b51dbc added optional option to specify signature file to load 16 years ago
Breno Silva c90b4e6fcd Decode event rule 16 years ago
Victor Julien 689bbfdc45 Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. 
Remove the Trie multi pattern matcher code. It wasn't used anymore.
 16 years ago
Victor Julien ff4b5a5db7 Add support for flowbits. 16 years ago
Victor Julien 657be002d1 Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping. 16 years ago
Victor Julien 5df5b35e90 Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups. 16 years ago
Victor Julien efb10fc0d6 big update 16 years ago
Victor Julien 69e056e33f Add the scanning to uricontent as well. 16 years ago
Victor Julien fedcc397de Detection engine improvement: don't run pattern matcher on packets with payload sizes less that the biggest content we need to match. Add some extra stats. 16 years ago
Victor Julien dce2c12915 Add Scan before Search to the detection engine. 16 years ago
Victor Julien c4f2fe4bd7 Implement per packet variables and switch the http stuff to it. 16 years ago
Victor Julien 3f7195454b Big detection engine update. 16 years ago
Victor Julien 54ffe2053e Large detection engine update. 16 years ago
Victor Julien f3a94413db Properly support 'alert ip' rules. Add support for handling ip only rules differently. 16 years ago
Victor Julien dc48c58473 Switch to using a detection engine ctx. 16 years ago
Victor Julien 171c8c777d Group signatures by protocol. 16 years ago
Victor Julien eb1c4e4987 Large update to the detection engine. Greatly improve initialization speed and memory usage. 16 years ago
Victor Julien b50fc8aecd Speed up appending of sigs to a sig group head by using a tail ptr. 16 years ago
Victor Julien eaaeb30cd6 Add noalert keyword for use with sigs that are used for capturing only. 16 years ago
Victor Julien f0ed41fb0a Support priority keyword, add priority to alert-fastlog. 16 years ago
Victor Julien dc224cb2d2 Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 16 years ago
William Metcalf 559edc01e3 NFQUE drop support added with ident of 4 :-( 16 years ago
Victor Julien b8ad4adf81 complete rename of address2 to address 16 years ago
Victor Julien 7aada782a4 WIP address matching stuff 16 years ago
Victor Julien bab4b62376 Initial add of the files. 16 years ago