suricata

Commit Graph

Author	SHA1	Message	Date
Anoop Saldanha	081b0e05a2	restructure disabling receive threads. Introduce new flag to indicate that threads have finised running	14 years ago
Eric Leblond	91f42b6f41	pcap: fix "work by luck" code.	14 years ago
Eric Leblond	d8d9b0983f	af_packet: misc improvements. Improve block count and only copy snaplen length to avoid overflow.	14 years ago
Victor Julien	0a80e362aa	Fix some minor clang scan-build warnings.	14 years ago
Victor Julien	4ebb6b7fae	nfq: switch locking code to macro's to lock profiling can track the exact lock locations.	14 years ago
Victor Julien	06d7fb5428	Fix CUDA build from a release tarball.	14 years ago
Anoop Saldanha	fea6a426a5	cleanup killing threads. As a consequence fixes invalid read/writes in tmqh flow	14 years ago
Anoop Saldanha	f0e4578640	cleanup junk code in flow qh	14 years ago
Victor Julien	bf4ab2f7e1	Fix misc issues picked up by coccinelle.	14 years ago
Anoop Saldanha	a8095bd8d6	fix compiler warnings	14 years ago
Victor Julien	af4e480163	Fix __WORDSIZE redeclaration warning on Windows builds.	14 years ago
Jason Ish	105173939b	Implement single, autofp and workers run modes for DAG interfaces. Includes multiple interface support. Remove auto mode due to bad performance.	14 years ago
Victor Julien	8e064001c3	Fix compilation of atomic api spinlocked fallback code.	14 years ago
Anoop Saldanha	b2455b6afa	cuda pb tm should be in a thread of its own + pkt_acq should be as free as possible	14 years ago
Anoop Saldanha	2995867328	b2g cuda up, compiling and running	14 years ago
Anoop Saldanha	f1863370a5	clean log pcap	14 years ago
Anoop Saldanha	6392202872	restructure log pcap to use a different setup, which is resilient to thread failure/restarts	14 years ago
Anoop Saldanha	fd21b83f3e	don't return TM failure on failing to remove log file	14 years ago
Anoop Saldanha	4bc907414b	init every new pf instance in log pcap	14 years ago
Victor Julien	cfd4d07dd0	host: convert host hash to use lookup3.c	14 years ago
Victor Julien	c10370907a	flow: make flow use lookup3.c hashing algorithm. Improves hash table distribution.	14 years ago
Victor Julien	20c08ca47b	hash: add lookup3.c by Bob Jenkins Found here: http://burtleburtle.net/bob/hash/doobs.html http://burtleburtle.net/bob/c/lookup3.c From the file header: lookup3.c, by Bob Jenkins, May 2006, Public Domain. These are functions for producing 32-bit hashes for hash table lookup. hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() are externally useful functions. Routines to test the hash are included if SELF_TEST is defined. You can use this free for any purpose. It's in the public domain. It has no warranty.	14 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Xavier Lange	fea5e68a7b	Include conf_test in special cases for unset RUNMODE	14 years ago
Xavier Lange	1d774dae61	Make conf_test local. Simplify if/else to if.	14 years ago
Xavier Lange	1ae10b9a42	Do not spawn threads for conf test	14 years ago
Xavier Lange	eaacc5d0fe	Added conf_test flag and behavior	14 years ago
Victor Julien	22349f863b	file magic: don't disable inspecting magic for both directions if files in only one direction don't need magic.	14 years ago
Victor Julien	f4b542d703	Enforce memcap limit before allocating hash table in host and flow engines.	14 years ago
Victor Julien	bd66a4bba9	Fix typo in spm prototype declaration.	14 years ago
Anoop Saldanha	4d192a6881	update all spm algos to use 16 bit pattern lengths. Should compress a lot of tables	14 years ago
Victor Julien	8d1fe9f2fa	Make 'autofp' the default runmode. Increase default max-pending-packets to 1024. Move some advanced and uncommonly changed settings down in the stock suricata.yaml. Closes #433 .	14 years ago
Eileen Donlon	da633d490b	fix misleading comment	14 years ago
Eileen Donlon	793478a832	reject rules with invalid hex digits in content	14 years ago
Eileen Donlon	f2e85ab9ee	reject rules with an invalid ttl range	14 years ago
Victor Julien	4157d9408d	Various small flow and host table fixes.	14 years ago
Victor Julien	18e81b7ba9	Bail out early if we're in http tunnel mode.	14 years ago
Victor Julien	0788656ef7	Silence ac-gfbs debug message.	14 years ago
Victor Julien	da3c5bf84d	Minor error message cleanups	14 years ago
Victor Julien	fa22a26366	profiling: fix lock profiling int print issue.	14 years ago
Victor Julien	3b79dac2b7	flow: fix atomic var not being initialized and destroyed.	14 years ago
Victor Julien	60dbd34f93	Fix bug in app layer event handling causing http event rules to fail loading.	14 years ago
Victor Julien	40ed10ab38	Minor flowq updates.	14 years ago
Anoop Saldanha	7115fa3e72	Introduce the address hash based flow q handler	14 years ago
Anoop Saldanha	5ffb050ada	Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET	14 years ago
Anoop Saldanha	3faed5fe79	Support freeing flow q handler out ctx. Adapt unittests to use the same	14 years ago
Anoop Saldanha	d01589c9d8	neaten flow q handler code	14 years ago
Anoop Saldanha	0fa14292c0	Enable unittests for flow q handler	14 years ago
Anoop Saldanha	4e417b72b5	support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well	14 years ago
Anoop Saldanha	e252048900	support for custom flow qhandlers - round robin support added	14 years ago
Pierre Chifflier	d866f38982	TLS: add variable to store the error code in the decoder Use a variable to store the decoding error code if required, and remove the calls to SCLogInfo and SCLogDebug.	14 years ago
Pierre Chifflier	218b5d3ba0	TLS app layer: misc fixes, reorder some fields to same memory	14 years ago
Pierre Chifflier	3df341dbeb	Add TLS decode events	14 years ago
Pierre Chifflier	71fa4a5285	TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Eric Leblond	a9bb17e097	tls-handshake: add sanity checks.	14 years ago
Eric Leblond	01c7e5bde6	tls-handshake: Add some missing free in error handling. When DecodeAsn1BuildValue function fails, it may be necessary to do some clean-up in the calling functions.	14 years ago
Eric Leblond	480db00fd7	tls-handshake: DecodeAsn1BuildValue should return -1 for error This patch modifies DecodeAsn1BuildValue to have it return -1 when there is a too big number of bytes announced in the ASN.1 message.	14 years ago
Eric Leblond	8f885ce810	TLS parser: add sanity checks on loop It was possible in some loop to read data placed after the buffer resulting in invalid/unpredictable value. This patch fixes two of this issues.	14 years ago
Eric Leblond	d1c56e810b	TLS parser: add sanity check	14 years ago
Eric Leblond	cb1a75fc9e	TLS parser: modify OCTETSTRING This patch does on over allocation of 1 for the OCTETSTRING to be able to add a 0 at the end. This will then allow us to use the string in printf.	14 years ago
Pierre Chifflier	5a65a17f00	TLS parser: add handing of UTF8STRING Some certificate contains UTF8STRING which is a subset of OCTETSTRING. This patch adds support for this type of string.	14 years ago
Pierre Chifflier	6c2c6cffac	TLS keywords: fix match regex (remove extra space)	14 years ago
Pierre Chifflier	8457ce3b11	TLS app layer: rewrite decoder to handle multiple messages in records Since we now parse the content of the TLS messages, we need to handle the case multiple messages are shipped in a single TLS record, and taking care of the multiple levels of fragmentation (message, record, and TCP). Additionally, fix a bug where the parser state was not reset after an empty record.	14 years ago
Pierre Chifflier	4bb5e2a79d	TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message. Change the function to return the number of bytes processed, and fix a bug where the input buffer was wrong. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Eric Leblond	38c213cb84	tls app layer: add missing free issuerdn was not freed at exit.	14 years ago
Eric Leblond	fce2437dc2	tls app layer: handle negation on subject and issuerdn. This patch adds negation support for tls.subject and tls.issuerdn matches.	14 years ago
Eric Leblond	ad0e05a112	TLS app layer: Add tls.issuerdn keyword.	14 years ago
Eric Leblond	afba81bb27	decode ASN.1: Factorize value reading This patch factorizes the reading of integer value and fix some indentation. By convention, a value of 0xffffffff is returned if the size of the integer is too big. In this case, the hexadecimal value (which is also read) must be used.	14 years ago
Pierre Chifflier	53e5421a24	TLS handshake: get TLS ciphersuite and compression Decode the SERVER_HELLO message to extract the ciphersuite and compression chosen by the server. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	4be65fd016	TLS handshake: decode the SERVER_CERTIFICATE message Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the certificates and keep the subject name. Add the tls.subject keyword for substring match in rules (TLS layer). Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	f77fcdb3e8	Add ASN.1 parser for X509 certificates (in DER format) Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Victor Julien	0b3f6c464a	Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config.	14 years ago
Anoop Saldanha	109662450d	Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs	14 years ago
Anoop Saldanha	7511fa67cd	Add BUG_ON to avoid overruning AppLayerDetectDirection map array	14 years ago
Eileen Donlon	9376967e65	reject rules with duplicate content modifiers reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.	14 years ago
Eileen Donlon	0bb4ff34b8	added null checks for init_hash to all ac mpms	14 years ago
Eileen Donlon	617edf469c	reject http_client_body with inconsistent flow dir reject http_client_body with flow: to_client or from_server	14 years ago
Victor Julien	feff6f7705	Clean up error message.	14 years ago
Eileen Donlon	85c364da09	disallow-use-of-configuration-file-with-unittests	14 years ago
Victor Julien	d908e707d7	profiling: add per lock location profiling Add profiling per lock location in the code. Accounts how often a lock is requested, how often it was contended, the max number of ticks spent waiting for it, avg number of ticks waiting for it and the total ticks for that location. Added a new configure flag --enable-profiling-locks to enable this feature.	14 years ago
Victor Julien	41e9dba20b	Profile pcap file callback.	14 years ago
Victor Julien	ff8755af5c	Make sure stream debug code is only used in debug mode.	14 years ago
Victor Julien	9696902b68	Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained.	14 years ago
Victor Julien	e581ec7dff	Fix 2 compilation issues.	14 years ago
Victor Julien	c0a2cbd478	Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling.	14 years ago
Victor Julien	a05df345de	Introduce host table, make tag use it Add a host table similar to the flow table. A hash using fine grained locking. Flow manager for now takes care of book keeping / garbage collecting. Tag subsystem now uses this for host based tagging instead of the global tag hash table. Because the latter used a global lock and the new code uses very fine grained locking this patch should improve scalability.	14 years ago
Victor Julien	db24258acf	Undo changes from `88b8f15663`. Atomic stack implementation had a-b-a problem.	14 years ago
Victor Julien	88b8f15663	Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code.	14 years ago
Victor Julien	979edf0b97	Add way to profile mutex/spin locks per thread module.	14 years ago
Victor Julien	fddaca6e8b	Implement stream memcap enforcements using atomics instead of spinlocked counters.	14 years ago
Victor Julien	d72b82fae0	Misc fixes.	14 years ago
Victor Julien	8448333bdd	Remove trailing zero's from some counters output.	14 years ago
Victor Julien	0150e66ede	flow engine: improve scalability Major redesign of the flow engine. Remove the flow queues that turned out to be major choke points when using many threads. Flow manager now walks the hash table directly. Simplify the way we get a new flow in case of emergency.	14 years ago
Victor Julien	da5087a0c0	Fix broken unittest.	14 years ago
Eileen Donlon	aae7ea5e67	add null checks to fix bugs in StreamTcpTest23	14 years ago
Eileen Donlon	1a46d7a53a	fix more invalid content unittests fix invalid unittests with mixed relative and non-relative content modifiers and other issues; DetectContentParse19 still contains some failing dce_stub tests which are commented out.	14 years ago
Eileen Donlon	9b2bd9280a	fix invalid unittests with mixed content modifiers Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.	14 years ago
Eileen Donlon	0bcbd23343	reject mixed relative and non-relative keywords reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)	14 years ago
Eileen Donlon	0b09416a48	reject invalid combinations of pcre modifiers don't allow /B with normalized buffers, and don't mix modifiers for normalized and raw buffers	14 years ago
Victor Julien	8350fdd9be	Do not assume the include dir for nss to be nss. On F16 it's nss3.	14 years ago
Victor Julien	705417434b	Fix json output typo.	14 years ago
Victor Julien	fe9258f0fb	Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness.	14 years ago
Victor Julien	6019ae3dcb	Fix minor memleak in case af-packet init fails.	14 years ago
Victor Julien	385f1dcd25	Fix UTHBuildFlow setup using wrong address.	14 years ago
Victor Julien	e3935a2af2	Improve http filename parsing.	14 years ago
Victor Julien	e237841a8e	Fix compilation with profiling enabled. Minor unittest fixes.	14 years ago
Victor Julien	de5c1d1491	Fix minor fgetc issue.	14 years ago
Victor Julien	0d6f33a15b	Move PACKET_RECYCLE outside of flow lock in FlowForceReassemblyForQ as it confuses static code checkers.	14 years ago
Victor Julien	e21d8cdf01	file extract: improve multipart parsing and set events on some error conditions.	14 years ago
Victor Julien	bfb3f1b7cf	flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic.	14 years ago
Victor Julien	372ab9c433	Another batch of minor fixed for issues found by Coverity.	14 years ago
Victor Julien	11bdf4838f	Various improvements to error handling found by Coverity.	14 years ago
Anoop Saldanha	d6af843860	code cleanup	14 years ago
Victor Julien	cdba2f50d1	Various fixes and improvements based on feedback by Coverity analyzer.	14 years ago
Victor Julien	4b2d94a841	Add line number to warning about mangled yaml parameters. Limit number of warnings to 10.	14 years ago
Nikolay Denev	fb05edeeee	Convert underscores to dashes in thread affinity type names.	14 years ago
Nikolay Denev	7fce226bb8	Fix some warning message still using underscored config vars.	14 years ago
Nikolay Denev	139768dd58	Do not use underscored config vars internally.	14 years ago
Nikolay Denev	6819ec8b54	Remove the underscored "sguil_base_dir" compatibility option.	14 years ago
Nikolay Denev	32e898f2e3	Convert config entries using underscores to dashes and emit deprecation warnings.	14 years ago
Victor Julien	2197f1a625	file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records.	14 years ago
Victor Julien	8b1333a277	Add more flow lock assertions to the debug validation code.	14 years ago
Victor Julien	5ba41c7890	Fix locking error in filestore handling. Add debug validate check for asserting a flow is locked.	14 years ago
Victor Julien	28d88746e4	Fix compiler warning and silence complaining unittests.	14 years ago
Victor Julien	860971eca0	Misc afpacket changes.	14 years ago
Victor Julien	8e48a2edfd	Fix NULL dereference in PacketPatternSearchWithStreamCtx code.	14 years ago
Eric Leblond	34b3f19465	af-packet: Implement zero copy This patch adds support for zero copy to AF_PACKET running mode. This requires to use the 'worker' mode which is the only one where the threading architecture is simple enough to permit this without heavy modification.	14 years ago
Eric Leblond	3593cb051e	decode: add PacketSetData funtion This patch adds a function which can be used to set the payload of a packet when a zero copy mode is used.	14 years ago
Eric Leblond	49b7b00fcf	af-packet: mmap support This patch adds mmap support for af-packet. Suricata now makes use of the ring buffer feature of AF_PACKET if 'use-mmap' variable is set to yes on an interface.	14 years ago
Victor Julien	3702a33ae9	file-inspection: support POST requests that do not use multipart.	14 years ago
Victor Julien	64827e3864	file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests.	14 years ago
Victor Julien	6585cb89d3	Fix UtilMiscParseSizeStringTest01 unittest on 32 bit.	14 years ago
Anoop Saldanha	35435f3284	All http_http_stat_code modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_CODE. Also remove dummy match/free functions for stat code and stat msg	14 years ago
Anoop Saldanha	507e1b66e0	All http_http_stat_msg modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_MSG	14 years ago
Anoop Saldanha	059ee217ff	All http_http_raw_uri modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_URI	14 years ago
Anoop Saldanha	b1a0d35106	All http_http_cookie modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_COOKIE	14 years ago
Anoop Saldanha	49bdad9345	All http_http_method modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_METHOD	14 years ago
Anoop Saldanha	97d8fc9cba	All http_http_raw_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_HEADER	14 years ago
Anoop Saldanha	97308674ee	All http_http_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_HEADER	14 years ago
Anoop Saldanha	1acb7cdc7d	All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY	14 years ago
Anoop Saldanha	a5b46e727c	All http_client_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_CLIENT_BODY	14 years ago
Anoop Saldanha	4810ee9c5f	All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns	14 years ago
Anoop Saldanha	93d7a6e671	code cleanup. Remove unused functions	14 years ago
Anoop Saldanha	eb07c345b8	code cleanup - replace SigMatchAppendThreshold with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	dd7e710f35	code cleanup - replace SigMatchAppendPostMatch with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	a4638fb0ad	code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ff38d42bf1	code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ac68c3f893	code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	6cab663bf0	code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c4cb37b8da	code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c9af50ea0c	code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	bbb9f35f26	code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	ab35b98f76	code cleanup - remove DetectContentGetLastPattern. Replace it with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	d85ab5ab1f	code cleanup - remove DetectContentFindNextApplicableSM	14 years ago
Anoop Saldanha	802350f65a	code cleanup - remove DetectContentHasPrevSMPattern	14 years ago
Anoop Saldanha	9652c3672d	code cleanup - remove SigMatchGetLastPattern	14 years ago
Anoop Saldanha	e851804c92	code cleanup - remove DetectUricontentGetLastPattern	14 years ago
Anoop Saldanha	dcb2afb02f	Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type	14 years ago
Anoop Saldanha	83d9439877	DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent	14 years ago
Victor Julien	154af56b45	Add a print function specially for json output that escapes all characters json requires to be escaped.	14 years ago
Victor Julien	740ee3e7ab	Add referer header to .meta and json file logs.	14 years ago
Victor Julien	337f7861a4	Make sure that if not built against libnss, we still compile. Only no md5 for you then\!	14 years ago
Victor Julien	6752ccae2a	Add line based log file to log-file module that logs each stored file's meta data in json records.	14 years ago
Victor Julien	12e8ce6545	In PrintRawUriFp, consider " unprintable.	14 years ago
Victor Julien	69b3df96fb	Initial on the fly MD5 calculation for extracted files using libnss.	14 years ago
Anoop Saldanha	2f7717a1a7	delete detect-recursive.[ch]	14 years ago
Anoop Saldanha	e682796d03	feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it	14 years ago
Anoop Saldanha	603d4a719a	remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine	14 years ago
Anoop Saldanha	d1d5507679	remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy	14 years ago
Anoop Saldanha	35f1f7e8d9	unify payload detection engines + fix other bugs in pcre init	14 years ago
Anoop Saldanha	9287cce674	raw urilen inspection moves to raw uri list. Won't make any difference wrt inspection	14 years ago
Anoop Saldanha	0677190960	rebase commit for hscd and hsmd patches	14 years ago
Anoop Saldanha	22b1f5b22b	fix seg fault due to wrong sm list access in hscd	14 years ago
Anoop Saldanha	2e2398147c	fast pattern unittests added for http server body	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	2007c2711c	Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword	14 years ago
Victor Julien	9dc153c8f4	Fix path handling for including rule files on win32.	14 years ago
Victor Julien	489b8b8bcc	Allow other yaml files to be included in the main yaml.	14 years ago
Victor Julien	adb5d05fb5	Fix a FP with negated filemagic inspection.	14 years ago
Victor Julien	0b9038b971	Add atomics to ticks unittests.	14 years ago
Victor Julien	f77c475c85	Minor layout fixes.	14 years ago
Victor Julien	e1a309a6b2	Napatech code formatting fixes.	14 years ago
Victor Julien	95a5bebb6a	Fix compilation without napatech tech support enabled.	14 years ago
Victor Julien	1d9f6ff8f2	Initial Napatech support by Randy Caldejon / nPulse.	14 years ago
Anoop Saldanha	60553f3753	fix compilation error for the new http response header mpm feature	14 years ago
Anoop Saldanha	716afac5a2	fix debug messages that have references to the old mpm contexts	14 years ago
Anoop Saldanha	9a665e035b	code cleanup over last 2 commits	14 years ago
Anoop Saldanha	55c4e419fd	if a signature is non-tcp, it's always a packet sig	14 years ago
Anoop Saldanha	419cdc8558	support splitting mpm ctxs based on direction v2	14 years ago
Anoop Saldanha	0a91d824bf	Fix bug in ac-bs search function	14 years ago
Anoop Saldanha	db859cc56e	treate ac-bs auto as single context	14 years ago
Anoop Saldanha	199288309d	Support for new MPM ac-bs added	14 years ago
Victor Julien	e244934566	Disable unittest that fails without libnet support.	14 years ago
Anoop Saldanha	c2d47718c1	bug #411 - fix failing unittest	14 years ago
Anoop Saldanha	6556b4c62b	bug #411 - don't modify within/distance at setup time	14 years ago
Anoop Saldanha	37329f85d4	bug #412 - rebase commit. Remove the previous references to SigInitReal() with SigInit()	14 years ago
Anoop Saldanha	3b5d95547d	bug #412 - Remove the commented out SigInitReal()	14 years ago
Anoop Saldanha	6cbd3a1046	bug #412 - Unify SigInit() and SigInitReal(). Remove any use of SigInitReal()	14 years ago
Anoop Saldanha	acccf3a5a5	Add function declaration for SigInitReal	14 years ago
Anoop Saldanha	88ad3691d1	bug #405 - fix bug where raw uri inspection sigs were not treated as stateful sigs	14 years ago
Anoop Saldanha	0b43f2a5fd	Use SigInitReal() instead of SigInit() in raw uri tests. This should show that we have unittests failing, thus highlighting bug 411. The next commit is the fix for this bug	14 years ago
Victor Julien	6aa0ad1c5f	Remove unused definitions in pcre code.	14 years ago
Victor Julien	bb6f93e675	Fix unittest missing a flow direction in the rule.	14 years ago
Eileen Donlon	39b8cc2f8b	fixed relative handling for pcre cookie and method	14 years ago
Eileen Donlon	d55fef2d75	Cleaned up some error messages for detect distance and offset.	14 years ago
Victor Julien	b16a71020d	Make 'make check' happy in a ipproto unittest.	14 years ago
Anoop Saldanha	5b3c8566dd	bug #403 - add unittests	14 years ago
Anoop Saldanha	a19a249230	Set the packet protocol only if it can parsed without error	14 years ago
Anoop Saldanha	2fa55a86fa	Fix csum validation functions to not carry out csum calculation if respective headers are not present	14 years ago
Anoop Saldanha	b8997b415c	bug #403 - fix setting ip proto for ipv6 packets	14 years ago
Anoop Saldanha	87c2dae010	bug #403 - fix setting ip proto for packets	14 years ago
Victor Julien	18d458870f	1.3 branch has opened	14 years ago
Victor Julien	706b046966	Convert missing coredump config to debug.	14 years ago
Victor Julien	2d9449d060	Make code default for pcre match limit match the suricata.yaml default.	14 years ago
Victor Julien	c8c4a76dc6	Move threshold to it's own sig match list.	14 years ago
Victor Julien	0983f1d0a6	Only force a pseudo packet inspection cycle for TCP streams in a state >= established.	14 years ago
Victor Julien	eba3cecc5d	Fix unified2 records generated based on reassembled stream data.	14 years ago
Victor Julien	93d121bf21	Update app layer events for HTTP now that libhtp has fixes for some response errors.	14 years ago
Victor Julien	87e6be610a	Issue warning if libhtp version used is not up to date.	14 years ago
Victor Julien	02e1229565	Enforce flow direction for http_raw_header sigs. Fix unittests that missed the flow direction.	14 years ago
Victor Julien	80fb33c651	Fix libhtp htp_tx_get_response_headers_raw 'detection' for bundled libhtp.	14 years ago
Victor Julien	5fa195ffb3	Allow log-pcap to use both absolute and relative sguil-base-dir settings when in 'sguil' mode.	14 years ago
Victor Julien	4cd2938c68	Fix PathIsAbsolute function not dealing with CYGWIN. Handle absolute paths in logfile api.	14 years ago
Victor Julien	7066a79c10	Register HTTP logger at registration, not thread init.	14 years ago
Victor Julien	146ff9d66e	Suppress ac-gfbs debug message being printed at info level.	14 years ago
Victor Julien	cd987ae7a5	Threading: do not keep a slots post_pq locked while processing the packets.	14 years ago
Victor Julien	e81f94cd83	Fix flowbits sigmatch structure added to the match and post-match list, causing corruption of the prev ptr. This lead to an endless loop condition in the thresholding code. Thanks to Chris Wakelin for reporting the issue.	14 years ago
Victor Julien	39ef24ccc4	Fix pcap -i mode.	14 years ago
Victor Julien	ae27333458	Make live worker runmode threads adhere to the 'detect' cpu affinity settings.	14 years ago
Victor Julien	e526525f83	Fix pcap -i <ip>.	14 years ago
Victor Julien	35467db151	Indicate that the Suricata version used is a release or a git checkout.	14 years ago
Victor Julien	28e15be526	Clean up default output. Use simpler output format for releases.	14 years ago
Victor Julien	ff9fb7e1b5	Assume offloading in use if 1/10th of the packets has a bad checksum.	14 years ago
Victor Julien	9bea84918c	Fix checksum offloading auto detection typo: it should be 1/5th instead of 1/10th.	14 years ago
Victor Julien	c4b34e6ef7	Fix various minor clang/scan-build warnings.	14 years ago
Victor Julien	791fc2f6ea	Adapt signature ordering to new flowbits post-match handling.	14 years ago
Victor Julien	8339ca6d4e	Implement post match support for ip-only.	14 years ago
Victor Julien	e69c584317	Let timing out flow use pseudo packets also if state is not fully closed.	14 years ago
Victor Julien	6eeab37ab3	Add post-match list, move flowbits set, etc functions to it. Move flowint set, etc functions to it as well.	14 years ago
Victor Julien	0818a151ec	Add reject support to live single, autofp and workers runmodes.	14 years ago
Eric Leblond	0b2c7dfa5d	runmode: Add Reject to IPS worker mode.	14 years ago
Victor Julien	515d070554	Print elapsed time with millisecond precision.	14 years ago
Victor Julien	aac2d91bcc	Set DROP flag for reject action so in addition to sending the rst, in IPS mode also drop the offending packet.	14 years ago
Victor Julien	f084874998	Fix HTTP state and raw stream not being inspected at the same time. Adds an exception to transaction id handling for HTTP.	14 years ago
Victor Julien	16cfae2f51	Trigger raw stream reassembly on receiving a full HTTP request or response.	14 years ago
Victor Julien	f773942ce0	Disable printing dreaded app layer error messages to the screen: app layer events are here to safe us.	14 years ago
Victor Julien	f713b653ab	Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well.	14 years ago
Victor Julien	e55390e4e7	Add check to invalidate signatures that inspect raw http headers in the to_client direction (response headers) if libhtp hasn't been patched yet. Also add hack to disable the test for unittests, many tests fail and we'll fix those ASAP.	14 years ago
Victor Julien	1ac6054c23	Clean up configure check for htp_tx_get_response_headers_raw. Misc changes.	14 years ago
Anoop Saldanha	4acd5a04e6	Enable http raw response header inspection only if libhtp supports raw response header buffering which should be available post 0.2.6	14 years ago

... 3 4 5 6 7 ...

3122 Commits (22957776915bac6bbf204d98ac56f0109171453a)