* First sketch of fuzzing
* Add m4 script
The script is used in the fuzzing build
* Add stub sources in the makefile
* [Fuzz] Add RedisStub
* Add gitignore for fuzz dir
* Remove definition of non-implemented method
* [Fuzz] Refactoring code
* [Fuzz] Separate the protobuf support in the makefile
* Clean fuzzing related object files
* [Fuzz] Fix makefile
* Change gitignore
* [Fuzz] Separate headers
* [Fuzz] Add README.md
* [Fuzz] Change make target
* [Fuzz] Update README.md
* Add compatibilty with autoconf < 2.71
* Optionally disable hiredis integration
* Include hiredis only for production build
* [Fuzz] Disable period activities
* Remove unused dependencies for librrd
* Optionally use static linking for zmq library
* Add debug output regarding the linking of libzmq
* [Fuzz] Do not run on empty input
* Optionally use static linking for libjson-c
* Optionally use static linking for libmaxminddb
* Make mysqlclient dependency as optional
* Change gitignore
* [Fuzz] Add corpus for fuzz_dissect_packet
* [Fuzz] Refactor fuzz_dissect_packet
* Change gitignore
* [Fuzz] Use correct naming for corpus
* [Fuzz] Add dictionary
* [Fuzz] Fix declaration of LLVMFuzzerInitialize
* [Fuzz] Refactor onefile
* [Fuzz] Fix the initialization memory leaks
* [Fuzz] Fix invocation of LLVMFuzzerInitialize
* Remove double githooks folder
* [Fuzz] Set interface pcap_data_link
* Change gitignore
* Use pkg-config for detecting protobuf libraries
* Add license
* Improve error message
This option works on CentOS 7 (GCC 4.8) and above, other Linux OSes have been upgraded to higher GCC, so CentOS 7 needs to be considered, C++1y (before C++14) is what it can do.
The point for advanced versions of C++ is that we can use a lot of libraries. There are currently a lot of libraries that need to be basically C++11.
* build: move away from configure.seed -> configure.ac
Analogous to the change in nDPI [0].
[0] cf931fda6b
Signed-off-by: Sam James <sam@gentoo.org>
* build: use $(MAKE)
This ensures that parallel make works correctly, as otherwise, a fresh
make job will be started without the jobserver fd, and hence
not know about its parent, forcing -j1.
Signed-off-by: Sam James <sam@gentoo.org>
* build: respect CXX, CXXFLAGS, LDFLAGS/LIBS
- Use standard CXX variable for the C++ compiler
- Respect CXXFLAGS from the environment
- LDFLAGS needs to be before objects in order for some flags to work
like -Wl,--as-needed
Signed-off-by: Sam James <sam@gentoo.org>
* build: add comment for dynamic linking nDPI
It seems to work for me but add a commented
in line for now for convenience, not actually
changing behaviour right now.
(May want to make it a proper configure option
in future.)
Signed-off-by: Sam James <sam@gentoo.org>
Allow overriding choice of pkg-config binary (this is useful
for cross-compilation in particular) within the Makefiles.
Not yet touching configure, so some work to be done still.
Signed-off-by: Sam James <sam@gentoo.org>
Scaffolding code of the host scripts
Scaffolding code for host alerts
Adds host_callbacks/ for .cpp files
Implements all classes for host callbacks
Removes pro/enterprise host callbacks
Adds typedefs with callback deltas
Compilation fix
Creates instances of host callbacks in loader
Link fix
Removes redundant/non-necessary host alerts
Merges Scan and Flood callbacks together
Removes outdated API files
Refactors alert keys into entity|id
Refactors all flow alert_{...} into flow_alert_{...}
Refactors C++ flow alert_{...} into flow_alert_{...}
Reworks alert ids to include an entity type
Cleanup and merge alertTypeRaw with getAlertType
Minor fix
Refactors alert definitions and keys into sub directories
Implement host alert callback execution and trigger/release logic
Update callbacks API
Adds base CallbacksLoader for {Host,Flow}CallbacksLoader
Implements load of host user scripts with periodicities
Implements runtime reload of host callbacks
Add logic for periodic callbacks
Add 'expired' flag to host alerts
Implements execution of host callbacks and SYN flood checks
Adds triggerAlertAsync calls to SYNFlood
Implements JSON host alert generation info
Handle callback getPeriod. Optimize callback lookup.
Implements host recipients in C++
Add callback status
Define destructor
Iterator fixes
Cleanup host Lua calls (now performed in C++)
Changes to show new host alerts in SQLite
Adds release/engage action on alert JSON
Move AlertableEntity to OtherAlertableEntity, inheriting from a new AlertableEntity. Add HostAlertableEntity.
Implements SYN Flood Attacker with params
Uses parametrized thresholds to trigger syn flood alerts
Implements build alert of both attacker and victim
Implement HostAlertableEntity
Implements SYN scan attacker/victim alerts
Implements flow flood attacker/victim alerts
Removes a debug flag
Add virtual allocStatus
Add HostAlert disableAutoRelease()
Add Ãexplicit releaseAlert()
Implements SYNFloodHostCallbackStatus
Implements SYNScanHostCallbackStatus
Implements FlowFloodHostCallbackStatus
Change trigger API to handle cli/src score
Implements {DNS,SMTP,NTP}ServerContactsAlert
Reworks ServerContacts host alerts
Implement exclusion bitmaps for host alerts
Implements {SMTP,DNS,NTP}ServerContactsAlert
Adds host_info to the generated alert JSON
Minor cleanup
Optimize access to callback status
Move RepliesRequestsRatio to pro
Rework triggerAlert on host to avoid multiple call and unneeded status data
Compilation fix
Reworked host alerts API (wip)
Cleanup unused host callbacks
Compilation fixes
Finishes backend implementation of host alerts exclusions
Rework host callbacks executor
Implements disable of host alerts
Port SYNFlood to the new api
Cleanup
Reduce duplicated code
Comments
Port ServerContacts to the new api
Clenaup
Adds parsing of configuration for host callbacks
Port SYNScanAlert to the new API
Port FlowFlood to the new API
Cleanup unused HostAlert getName
Reworks DNSRequestsErrorsRatioAlert
Adds JSON for DNSTrafficAlert
Adds FlowsAlert
Adds P2PTrafficAlert
Add RepliesRequestsRatioAlert
Adds ScoreAlert
Adds ThroughputAlert
Adds TrafficAlert
Fixes for scan/flood alerts
DNS ratio alert support
Add HTTP stats getters
Implements deltas for many host callbacks
Host score inc
Adds missing Alert params to host alerts
Release all host alerts on idle
Refactors score classes
Implements class Score to contain scores for hosts, flows, etc
Adds scores to VLANs, Networks, ASes and Countries
Host callbacks can trigger a single alert now
FlowFlood, SYNFloo, SYNScan now inherit from FlowHits
Move severity and score to constructor
Add else branch to hits callbacks
Alert definition update for flows_flood, syn_flood, syn_scan
Update field name
Engaged alert init
Adds score incs/decs for AS, VLAN, country, os and network
Restore network scripts
Restored other alert definitions for floods
Handle decreasing alert score
Removes include
Rename flows_flood to flow_flood for consistency
Restored alert_tcp_syn_flood_victim alert_tcp_syn_scan_victim definitions
Fixes for non-host engaged/release alerts
Cleanup LuaEngineFlow and LuaEngineHost classes
Fixes old calls to host lua during shutdown
Removes AlertCheckLuaEngine instance
Fixes purging of flows
Fixes alerts release upon shutdown causing wrong uses
Removes a debug flag
Fix getNumEngagedAlerts
Cleanup unnecessary host callbacks
Removes array of callback statuses inside host
Bitmap fixes
Refactors Bitmap into Bitmap128
Implements 16-bits bitmaps for host alerts
Adds class HostCallbacksStatus
Moves callback status p2p and DNS inside HostCallbacksStatus
Removes unused callbacks in typedefs
Minor cleanup
Adds trigger/release for DNS/p2p alerts
Reworks UI of hosts user scripts
Rename HostCallbackType to HostCallbackID, getType to getID, others
