suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	5611f9ddbd	detect/modbus: convert to v2 inspect API	5 years ago
Victor Julien	6ab323d323	detect: hide RegisterTests behind ifdef UNITTESTS Update all callers to more aggressively use UNITTESTS guards as well.	5 years ago
Shivani Bhardwaj	d5a672fbcf	modbus: make subfunction uint16_t	5 years ago
Shivani Bhardwaj	0dac699197	src: remove multiple uses of atoi atoi() and related functions lack a mechanism for reporting errors for invalid values. Replace them with calls to the appropriate ByteExtractString* functions. Closes redmine ticket 3053.	5 years ago
Victor Julien	26bcc97515	detect/keywords: dynamic version part of doc URL	5 years ago
Jeff Lucovsky	d3a65fe156	detect: Provide `de_ctx` to free functions This commit makes sure that the `DetectEngineCtx *` is available to each detector's "free" function.	5 years ago
Jeff Lucovsky	4b0085b03c	detect: Update to take advantage of PCRE refactor This commit changes the keyword detectors to use the refactored PCRE modifications from detect-parse.[ch]	5 years ago
Shivani Bhardwaj	d801c3e588	detect: Make keyword description consistent Closes redmine ticket #3137.	6 years ago
Shivani Bhardwaj	b5b429c288	detect: Add missing keyword URLs and description Add missing keyword URLs and their description. Fix the ones that were incorrect. Partially closes redmine ticket #2974.	6 years ago
David DIALLO	c2236ea2b3	modbus: Support Unit Identifier When destination IP address does not suffice to uniquely identify the Modbus/TCP device. Some Modbus/TCP devices act as gateways to other Modbus/TCP devices that are behind this gateways.	7 years ago
David DIALLO	6c643d8975	modbus: duplicate alerts unaware of direction Remove DetectAppLayerInspectEngineRegister for TOCLIENT direction because Modbus inspection engine is only performing in request (TOSERVER). Detect Value keyword in read access rule. In read access, match on value is not possible. Update Modbus keyword documentation.	8 years ago
Victor Julien	ab1200fbd7	compiler: more strict compiler warnings Set flags by default: -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wcast-align -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char Fix minor compiler warnings for these new flags on gcc and clang.	8 years ago
Victor Julien	d304be5bc3	detect: register progress in inspect engines Register required progress so we can stop inspecting as soon as the progress isn't far enough yet.	8 years ago
Victor Julien	cc4010343d	detect: add and use util func for alproto sets	9 years ago
Victor Julien	775e182531	detect: remove AppLayerMatch API call	9 years ago
Victor Julien	8bd1422948	detect: detect engine registration cleanup	9 years ago
Victor Julien	f2393c1ae0	modbus: dynamic buffer	9 years ago
Jason Ish	5c80a3edf7	modbus: fix format string compiler warnings	9 years ago
Victor Julien	08d0fe0916	modbus detect: register inspect engine from keyword	9 years ago
Victor Julien	9030e89c94	detect: don't set alproto while registering keyword The field is not used except for some printing, and is wrong for many keywords.	9 years ago
Victor Julien	e67ae0f174	detect keywords: use parse regex util func	9 years ago
Jason Ish	796dd5223b	tests: no longer necessary to provide successful return code 1 pass, 0 is fail.	9 years ago
DIALLO David	0bdf494b54	fix Cygwin build fails: array subscript has type char	11 years ago
Ken Steele	18e2de320b	Coding style cleanup in detect-modbus files.	11 years ago
DIALLO David	b3bf2f9939	Detect: Add Modbus keyword management Add the modbus.function and subfunction) keywords for public function match in rules (Modbus layer). Matching based on code function, and if necessary, sub-function code or based on category (assigned, unassigned, public, user or reserved) and negation is permitted. Add the modbus.access keyword for read/write Modbus function match in rules (Modbus layer). Matching based on access type (read or write), and/or function type (discretes, coils, input or holding) and, if necessary, read or write address access, and, if necessary, value to write. For address and value matching, "<", ">" and "<>" is permitted. Based on TLS source code and file size source code (address and value matching). Signed-off-by: David DIALLO <diallo@et.esia.fr>	11 years ago

25 Commits (e9494ddd8ffa8c14e82fdaed673b49ddbf82368c)