suricata

Commit Graph

Author	SHA1	Message	Date
Anoop Saldanha	0d7159b525	App layer protocol detection updated and improved. We now use confirmation from both directions and set events if there's a mismatch between the 2 directions. FPs from corrupt flows have disappeared with this.	12 years ago
Anoop Saldanha	ddde572fba	Introduce new options into the conf file to enable/disable - 1. Proto detection 2. Parsers For app layer protocols. libhtp has now been moved to the section under app-layer.protocols.http, but we still provide backward compatibility with older conf files.	12 years ago
Eric Leblond	cd3e32ce19	unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.	12 years ago
Victor Julien	9faa4b740d	Add --unittests-coverage option to list how many code modules have tests	13 years ago
Victor Julien	f59f90331d	Applayer: remove obsolete StateUpdateTransactionId Also, update StateTransactionFree to take an u64 tx id, so it's consistant with the rest of the engine. To reflect these changes, AppLayerRegisterTransactionIdFuncs has been renamed to AppLayerRegisterTxFreeFunc. HTP, DNS, SMB, DCERPC parsers updated.	13 years ago
Anoop Saldanha	c6d50764e5	temporarily patched smb + dcerpc parsers for direction demaraction.	13 years ago
Victor Julien	0c84a7a2a9	Use _mm_free for memory allocated by _mm_alloc. Bug 703. Minor compiler warning fixes.	13 years ago
Last G	8ae11f73b2	Added parentheses to fix Eclipse static code analysis Fixed bug in action priority (REJECT_DST had lowest prio)	13 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Victor Julien	a08a0e9161	Minor output cleanup	13 years ago
Victor Julien	2055b509a3	dcerpc/smb/smb2: more robust error checking, cosmetic code updates.	14 years ago
Anoop Saldanha	1f5469fa5a	bug #458 - unittest that uses clamav FPing payload disabled for now. Needs to be rewritten though with new payloads	14 years ago
Anoop Saldanha	109662450d	Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs	14 years ago
Anoop Saldanha	420befb180	Changed my email address to anoopsaldanha at gmail dot com from my current one	14 years ago
Anoop Saldanha	9a6aef459e	modify all relevant app layer API calls to accomodate passing parser local storage argument	14 years ago
Victor Julien	06904c9024	App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.	14 years ago
Anoop Saldanha	4650bf7170	minor code cleanup. remove commented out code	14 years ago
Anoop Saldanha	78e6a7f713	enable toclient alproto detection. Detection all current alproto toclient PMP patterns	14 years ago
Anoop Saldanha	63ed36a892	Replace all reallocs with SCReallocs	14 years ago
Anoop Saldanha	4307ea2348	Replace all frees with SCFrees	14 years ago
Anoop Saldanha	b4427e81ec	minor fixes in endianness handling in dcerpc and dce detection engine	15 years ago
Kirby Kuehl	acfc9a8ab0	Improve DCERPC big endian support when parsing BIND CTX Items (UUID). Make default byte packing order for the slow path little endian. Byte swapping on slow path will occur if big endian. This is a readability change, not a functional change.	15 years ago
Anoop Saldanha	000ce98cd1	push all proto detection code into their respective app parser register functions for every alproto	15 years ago
Victor Julien	076d77cd80	Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat.	15 years ago
Anoop Saldanha	8b17275451	dcerpc parser todo update	15 years ago
Anoop Saldanha	6fc5dae2f9	fix leak for accepted uuid list in dcerpc state	15 years ago
Victor Julien	f1ea68e316	Store the first frag flag in the uuid as the pfc_flags field is overwritten. Part of fixing #206 .	15 years ago
Victor Julien	b81280524c	change dcerpc warnings into debugs.	15 years ago
Anoop Saldanha	6e5a48c92c	temporary fix, in case we still have any corner cases remaining in dce parser	15 years ago
Anoop Saldanha	24a88a689a	fix opnum parsing for fragmented request dce pdus	15 years ago
Anoop Saldanha	1097de0d9d	changed the endianness comparison to & for dcerpc pdus	15 years ago
Anoop Saldanha	a3280c1a20	throw out malformed pdus, that result the parser having parsed the required data, but we still havne't thit the frag length limit for the parser	15 years ago
Anoop Saldanha	1aea3e56be	for now ignore pdus with auth verifier. We will get back to this in the coming iteration	15 years ago
Anoop Saldanha	fc37e9d6ee	add internal ids to uuids. Use these internal ids to match uuids from bind and bind_ack. Create a new uuid list to hold all accepted uuids. Modifications to dce-iface to accomodate these changes as well + unittests	15 years ago
Anoop Saldanha	816d2ef0c0	if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this	15 years ago
Anoop Saldanha	5c5d8f8a5d	indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch	15 years ago
Anoop Saldanha	38e26e5186	modify the dce parser to accept context ids that start with a non-zero value	15 years ago
Anoop Saldanha	d57428471c	fix endianness handling for bindacksecondaryaddrlen	15 years ago
Anoop Saldanha	ba9355d688	Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well.	15 years ago
Anoop Saldanha	00f21252fa	support fragmented pdus in dce + unittest	15 years ago
Anoop Saldanha	ebc1f62050	some additional indentation changes in DCERPCParser	15 years ago
Anoop Saldanha	c2bc8ca252	fix mem leak in tailq that holds dce uuids	15 years ago
Anoop Saldanha	1c443677b2	fix indentation in DCERPCParser	15 years ago
Victor Julien	f081577fe4	Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1.	16 years ago
Anoop Saldanha	526a782002	temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus	16 years ago
Anoop Saldanha	361cf14f50	fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id	16 years ago
Anoop Saldanha	8c774a1e2a	fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting	16 years ago
Anoop Saldanha	52bb4c0670	fix endless loop in dce parser. fix parsing error of secondaryaddrlen for bindack	16 years ago
Anoop Saldanha	cda1efff29	fix mem leak in tailq that holds dce uuids	16 years ago
Anoop Saldanha	154a48fada	parse fragmented dce rpc headers correctly. Also some other minor fixes	16 years ago

1 2 3

103 Commits (0d7159b525f36dd77c68fee22d6c6ef363e084cd)