Victor Julien
3d0355bae8
Compile fix.
15 years ago
William Metcalf
c3e70accd2
pcap and pfring exit stats
15 years ago
Victor Julien
b99e10236c
Fix a endless loop condition in the smb parser and make dcerpc parser more quiet.
15 years ago
Victor Julien
16aebe5add
Fixup smb tests.
15 years ago
Kirby Kuehl
957b43b3d6
signed unsigned comparision cleanup
15 years ago
Kirby Kuehl
40a0fd5e97
fix warning
15 years ago
Kirby Kuehl
4b05bc281d
fix padding bug
15 years ago
Kirby Kuehl
6aac8d55a6
reset smb bytesprocessed when complete
15 years ago
Kirby Kuehl
4dd2f621ac
smb writeandx dcerpc over smb
15 years ago
Pablo Rincon
583c686170
Allowing no case options for flow keyword. Adding unittests for this
15 years ago
Victor Julien
194015c6cf
Fix reject code to not send resets for all alerts.
15 years ago
William Metcalf
f925ac9351
printf to logging subsys conversion for src/detect-bytejump.c
15 years ago
Gurvinder Singh
999a200bc9
pattern matcher options support
15 years ago
Pablo Rincon
d0404d8447
Renaming errors with naming conventions
15 years ago
Pablo Rincon
ad2c136e8f
Renaming errors (naming conventions)
15 years ago
Jason Ish
8f618b2121
- actually re-inject ipv6 re-assembled packets. - set the next header.
15 years ago
Jason Ish
8570976ee0
Fix for lists that are children of another list. Fix memory leak by only setting the sequence index value to the first item found.
15 years ago
Victor Julien
501c8814b6
fix crash in urilen
15 years ago
Victor Julien
ed7762e843
Disable unused jabber proto detection as it made the proto detection code look way more into the stream than without it.
15 years ago
Jason Ish
6f73aca1e8
I know Snort defaults to syslog in daemon mode, but should we?
...
Stick to the logging configuration defined in the config file
in daemon mode.
15 years ago
Jason Ish
c72d6be58b
Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available.
15 years ago
Breno Silva
a857fa7170
FragOffset Rule Keyword
15 years ago
Breno Silva
7e299834d2
FragOffset Rule Keyword
15 years ago
Victor Julien
f96511a8b1
Check reassembly limits against correct stream direction. Set proper direction flag in stream msgs.
15 years ago
Gurvinder Singh
ed99e73622
bug 78
15 years ago
Kirby Kuehl
58c8103a4b
fix unittest
15 years ago
Victor Julien
53c9276d51
Cleanup pcap output.
15 years ago
Victor Julien
e0aacac4c6
Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit.
15 years ago
William Metcalf
ba46c16aac
bpf support for pcap modes
15 years ago
Victor Julien
424ff432ec
Build update
15 years ago
Victor Julien
faf6e82aa4
Build sys update after applying prelude patches.
15 years ago
Pierre Chifflier
4515ae13e4
Add Prelude output plugin
...
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.
Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)
libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).
This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
15 years ago
Pierre Chifflier
eb33dc163f
Prelude plugin: add detection in configure script
...
Add the --enable-plugin option to configure script (disabled by default).
Signed-off-by: Pierre Chifflier <chifflier@inl.fr>
15 years ago
Gurvinder Singh
cf5266094d
bug 66 patch
15 years ago
Victor Julien
148883cedf
Work around for unsupported CONNECT support handling.
15 years ago
Victor Julien
7deb4e9f09
Cleanup AppLayerDetectGetProto a bit.
15 years ago
Victor Julien
fd409049cb
First step for proper HTTP CONNECT handling.
15 years ago
Victor Julien
9f3f9e9ba1
Fix ipfw verdict.
15 years ago
Gurvinder Singh
3cad20946d
bug 64 patch
15 years ago
Victor Julien
53977fded6
Small compilation fixes when debugging is disabled.
15 years ago
Victor Julien
6a53ab9c5a
Stream engine memory handling update
...
The stream engine memory handling needed updating as it didn't scale. Changes:
- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
added.
- all reassembly errors are converted to debug msgs.
15 years ago
Victor Julien
df4c642c70
Fix weird compile error
15 years ago
Victor Julien
b1531f7244
Manually merge Pablo's IPFW action patch.
15 years ago
Pablo Rincon
51dc773eec
Changing the veredict actions to flags to allow simultaneous veredict
15 years ago
Nick Rogness
2b7b78f1bf
Intial IPFW support FreeBSD and OSX
15 years ago
Jason Ish
fbf03a927d
Fix issue 71. The insert and re-assemble need to be done under the same tracker lock.
15 years ago
Victor Julien
f7f33ec889
Fix the flow manager sleeping for way too long in some situations.
15 years ago
Kirby Kuehl
298bf4cc88
dcerpc over smb for transact
15 years ago
Victor Julien
bbfe1d293e
Fix merge artifact.
15 years ago
Victor Julien
f08d01a8e8
Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine.
15 years ago