aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,229 Commits
10 Branches
154 Tags
165 MiB
dependabot/github_actions/actions/checkout-4.2.1
dependabot/github_actions/github/codeql-action-3.26.12
dependabot/github_actions/actions/upload-artifact-4.4.3
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f08fc8d7c5'
${ noResults }
Commit Graph

3229 Commits (f08fc8d7c57cf8248dbd4842601ac2f1dfee1c10)
 

Author SHA1 Message Date
Victor Julien 416b463c51 file-data: add more unittests 13 years ago
Victor Julien 296ce8b5f9 file-data: make bytejump, bytetest, byteextract and isdataat work better with file_data. 13 years ago
Victor Julien 077970051e file-data: implement relative pcre support. 13 years ago
Victor Julien 07e560b137 file-data: initial file_data support 
Support file_data for: content, pcre (relative), byte_test, byte_jump,
byte_extract, isdataat.

File_data support is handled at signature parsing time, all matches
occurring after the file_data in the rule are converted to http_server_body
matches.

Content matches relative to the file_data are converted. Within to depth,
distance to offset. Relative to the start of the body buffer.
 13 years ago
Victor Julien 7adac3048d file-data: create initial keyword registration. 13 years ago
Anoop Saldanha 420befb180 Changed my email address to anoopsaldanha at gmail dot com from my current one 13 years ago
Victor Julien fa0152fa80 Shrink signature flags field to 32 bits. 13 years ago
Victor Julien dd9da1a56f Merge all http mpm related signature flags into a single set: SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_HTTP_NEG. 13 years ago
Victor Julien d5ed28b065 Remove SIG_FLAG_MPM flag. 13 years ago
Victor Julien fe48920514 Remove per sgh mpm_streamcontent_maxlen variable. It was checked but never set. 13 years ago
Victor Julien 4992f7c417 Remove SIG_FLAG_MPM_URI flag. It was checked but never set. 13 years ago
Victor Julien 2650551192 Rename signature init flags to indicate they are init flags. 13 years ago
Victor Julien 6ebd71545b Fix signature flag definitions on 32 bit. 13 years ago
Victor Julien 291ddd95f2 Detection engine -- mpm 
Each signature is in one mpm ctx at max, but there were 3 separate
id's in use: packet, stream, http. Merged them all into one.

Could shrink the SignatureHeader structure with 8 bytes because of this,
should lead to better caching performance.
 13 years ago
Victor Julien 7db72bce75 Optimize detection engine prefiltering logic. 13 years ago
Victor Julien 89f83e714c Introduce http_server_body keyword. 
The http_server_body content modifier modifies the previous content to inspect
the normalized (dechunked, unzipped) http_server_body. The workings are similar
to http_client_body. Additionally, a new pcre flag was introduced "/S".

To facilitate this change the signature flags field was changed to be 64 bit.
 13 years ago
Eric Leblond 6e7a8f38bf ipfw: Add support for autofp and worker runmode 
This patch convert ipfw code to the PcktAcqLoop API and
rework the running mode to use the running mode wrapper
already used by NFQ.
 13 years ago
Eric Leblond c1ad64b333 ips: update copyright date and author list. 13 years ago
Eric Leblond d4cbc7c38c ipfw: funnier to manage capability in running code. 13 years ago
Eric Leblond f1cb4da442 ipfw: fix indentation of the file. 
I will have to work a lot on this one. It will be easier with a
correct indentation.
 13 years ago
Eric Leblond acc9634106 nfq: add some comments about possible evolution 13 years ago
Eric Leblond 9ca7257279 nfq: suppress unused functions. 13 years ago
Eric Leblond 58b20359a7 nfq: add worker runmode support. 13 years ago
Eric Leblond aee2e3ddd6 nfq: Add autofp mode support 13 years ago
Eric Leblond 115c3499d2 nfq: factorize auto mode 13 years ago
Eric Leblond 70c574fb63 runmode: Add support for IPS running mode 
This patch adds the 'auto', 'autofp' and 'worker' runmode for
IPS. It provides a set of ready-to-use functions that can be
used by NFQ and IPFW to implement this running mode.
 13 years ago
Eric Leblond 5cfdd7594f util-device: Modify function name. 
This patch modifies LiveBuildQueueList name to LiveBuildDeviceList
to have a consistent naming accross function. It also adds a
doxygen comment to add author and description of util-device.c
file.
 13 years ago
Eric Leblond 7096e11ab5 af-packet: simplify code. 13 years ago
Eric Leblond 5cec22ac37 threads: Add sanity check. 13 years ago
Eileen Donlon 327fd048a0 Fixed coredump windows compile issue 13 years ago
Eric Leblond 6c55af847b 'auto' running mode does not support 'threads' var. 
This patch modifies the RunModeSetLiveCaptureAuto() prototype to
be able to detect that a 'threads' variable (telling how much
threads must listen to one socket in IDS mode) has been used
in the configuration file. It then print a warning message
if this is the case.
 13 years ago
Victor Julien 6f0ca120d1 Make sure existing log-pcap and unified2-alert 'limit' settings don't break. 13 years ago
Victor Julien 678213c9f4 Fix ParseSizeString return code and a compiler warning. 13 years ago
Anoop Saldanha 4b8ebb5c53 set default response body limit for specific http server conf 13 years ago
Anoop Saldanha 6240131a4e updates to accomodate master rebase 13 years ago
Anoop Saldanha 7c9d1b80fd Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls 13 years ago
Anoop Saldanha 52b37fef3e Update yaml size params to use kb, mb, gb to indicate size, in place of raw bytes 13 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 13 years ago
Eileen Donlon 79e0299643 Fixed coredump compile problems on bsd, windows 13 years ago
Anoop Saldanha b970273163 fix broken unittest 13 years ago
Anoop Saldanha 651f91e4de fix setting pseudo packet from this commit: 
commit 259e022f721a7c3a70c26447b1cf730bb8a1f6cd
Author: Anoop Saldanha <poonaatsoc@gmail.com>
Date:   Sun Dec 4 13:20:43 2011 +0530

    fix setting ipv4 header in pseudo packet
 13 years ago
Anoop Saldanha d40fb5b933 Remove unnecessary flow NULL check 13 years ago
Anoop Saldanha 8533cd2cdf fix mapping of tcp states to flow_established and flow_closed. Improves accuracy 13 years ago
Anoop Saldanha cc7db6315c Move setting packet iponly flags from decode section to stream section 13 years ago
Anoop Saldanha eaf15911e7 fix setting ipv4 header in pseudo packet 13 years ago
Victor Julien 322779fb23 flow engine: release flow lock earlier in flow kill/prune process. Minor cleanups. 13 years ago
Victor Julien 5401764697 flow engine: minor cleanup. 13 years ago
Victor Julien bfa872b9b7 flow engine: no longer allow FlowRequeue to be called with the same src and dst queue. 13 years ago
Victor Julien 84c7480c06 flow engine: convert flow hash code FlowRequeue call to FlowEnqueue. 13 years ago
Victor Julien ad4e016288 flow engine: make FlowEnqueue lock the queue. Adapt callers. 13 years ago