aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,331 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2295777691'
${ noResults }
Commit Graph

3122 Commits (22957776915bac6bbf204d98ac56f0109171453a)

Author SHA1 Message Date
Victor Julien 705417434b Fix json output typo. 14 years ago
Victor Julien fe9258f0fb Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness. 14 years ago
Victor Julien 6019ae3dcb Fix minor memleak in case af-packet init fails. 14 years ago
Victor Julien 385f1dcd25 Fix UTHBuildFlow setup using wrong address. 14 years ago
Victor Julien e3935a2af2 Improve http filename parsing. 14 years ago
Victor Julien e237841a8e Fix compilation with profiling enabled. Minor unittest fixes. 14 years ago
Victor Julien de5c1d1491 Fix minor fgetc issue. 14 years ago
Victor Julien 0d6f33a15b Move PACKET_RECYCLE outside of flow lock in FlowForceReassemblyForQ as it confuses static code checkers. 14 years ago
Victor Julien e21d8cdf01 file extract: improve multipart parsing and set events on some error conditions. 14 years ago
Victor Julien bfb3f1b7cf flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic. 14 years ago
Victor Julien 372ab9c433 Another batch of minor fixed for issues found by Coverity. 14 years ago
Victor Julien 11bdf4838f Various improvements to error handling found by Coverity. 14 years ago
Anoop Saldanha d6af843860 code cleanup 14 years ago
Victor Julien cdba2f50d1 Various fixes and improvements based on feedback by Coverity analyzer. 14 years ago
Victor Julien 4b2d94a841 Add line number to warning about mangled yaml parameters. Limit number of warnings to 10. 14 years ago
Nikolay Denev fb05edeeee Convert underscores to dashes in thread affinity type names. 14 years ago
Nikolay Denev 7fce226bb8 Fix some warning message still using underscored config vars. 14 years ago
Nikolay Denev 139768dd58 Do not use underscored config vars internally. 14 years ago
Nikolay Denev 6819ec8b54 Remove the underscored "sguil_base_dir" compatibility option. 14 years ago
Nikolay Denev 32e898f2e3 Convert config entries using underscores to dashes and emit deprecation warnings. 14 years ago
Victor Julien 2197f1a625 file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records. 14 years ago
Victor Julien 8b1333a277 Add more flow lock assertions to the debug validation code. 14 years ago
Victor Julien 5ba41c7890 Fix locking error in filestore handling. Add debug validate check for asserting a flow is locked. 14 years ago
Victor Julien 28d88746e4 Fix compiler warning and silence complaining unittests. 14 years ago
Victor Julien 860971eca0 Misc afpacket changes. 14 years ago
Victor Julien 8e48a2edfd Fix NULL dereference in PacketPatternSearchWithStreamCtx code. 14 years ago
Eric Leblond 34b3f19465 af-packet: Implement zero copy 
This patch adds support for zero copy to AF_PACKET running mode.
This requires to use the 'worker' mode which is the only one where
the threading architecture is simple enough to permit this without
heavy modification.
 14 years ago
Eric Leblond 3593cb051e decode: add PacketSetData funtion 
This patch adds a function which can be used to set the payload
of a packet when a zero copy mode is used.
 14 years ago
Eric Leblond 49b7b00fcf af-packet: mmap support 
This patch adds mmap support for af-packet. Suricata now makes
use of the ring buffer feature of AF_PACKET if 'use-mmap' variable
is set to yes on an interface.
 14 years ago
Victor Julien 3702a33ae9 file-inspection: support POST requests that do not use multipart. 14 years ago
Victor Julien 64827e3864 file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests. 14 years ago
Victor Julien 6585cb89d3 Fix UtilMiscParseSizeStringTest01 unittest on 32 bit. 14 years ago
Anoop Saldanha 35435f3284 All http_http_stat_code modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_CODE. Also remove dummy match/free functions for stat code and stat msg 14 years ago
Anoop Saldanha 507e1b66e0 All http_http_stat_msg modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_MSG 14 years ago
Anoop Saldanha 059ee217ff All http_http_raw_uri modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_URI 14 years ago
Anoop Saldanha b1a0d35106 All http_http_cookie modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_COOKIE 14 years ago
Anoop Saldanha 49bdad9345 All http_http_method modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_METHOD 14 years ago
Anoop Saldanha 97d8fc9cba All http_http_raw_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_HEADER 14 years ago
Anoop Saldanha 97308674ee All http_http_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_HEADER 14 years ago
Anoop Saldanha 1acb7cdc7d All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY 14 years ago
Anoop Saldanha a5b46e727c All http_client_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_CLIENT_BODY 14 years ago
Anoop Saldanha 4810ee9c5f All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns 14 years ago
Anoop Saldanha 93d7a6e671 code cleanup. Remove unused functions 14 years ago
Anoop Saldanha eb07c345b8 code cleanup - replace SigMatchAppendThreshold with SigMatchAppendSMToList 14 years ago
Anoop Saldanha dd7e710f35 code cleanup - replace SigMatchAppendPostMatch with SigMatchAppendSMToList 14 years ago
Anoop Saldanha a4638fb0ad code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList 14 years ago
Anoop Saldanha ff38d42bf1 code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList 14 years ago
Anoop Saldanha ac68c3f893 code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha 6cab663bf0 code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList 14 years ago
Anoop Saldanha c4cb37b8da code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList 14 years ago
Anoop Saldanha c9af50ea0c code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList 14 years ago
Anoop Saldanha bbb9f35f26 code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists 14 years ago
Anoop Saldanha ab35b98f76 code cleanup - remove DetectContentGetLastPattern. Replace it with SigMatchGetLastSMFromLists 14 years ago
Anoop Saldanha d85ab5ab1f code cleanup - remove DetectContentFindNextApplicableSM 14 years ago
Anoop Saldanha 802350f65a code cleanup - remove DetectContentHasPrevSMPattern 14 years ago
Anoop Saldanha 9652c3672d code cleanup - remove SigMatchGetLastPattern 14 years ago
Anoop Saldanha e851804c92 code cleanup - remove DetectUricontentGetLastPattern 14 years ago
Anoop Saldanha dcb2afb02f Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type 14 years ago
Anoop Saldanha 83d9439877 DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent 14 years ago
Victor Julien 154af56b45 Add a print function specially for json output that escapes all characters json requires to be escaped. 14 years ago
Victor Julien 740ee3e7ab Add referer header to .meta and json file logs. 14 years ago
Victor Julien 337f7861a4 Make sure that if not built against libnss, we still compile. Only no md5 for you then\! 14 years ago
Victor Julien 6752ccae2a Add line based log file to log-file module that logs each stored file's meta data in json records. 14 years ago
Victor Julien 12e8ce6545 In PrintRawUriFp, consider " unprintable. 14 years ago
Victor Julien 69b3df96fb Initial on the fly MD5 calculation for extracted files using libnss. 14 years ago
Anoop Saldanha 2f7717a1a7 delete detect-recursive.[ch] 14 years ago
Anoop Saldanha e682796d03 feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it 14 years ago
Anoop Saldanha 603d4a719a remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine 14 years ago
Anoop Saldanha d1d5507679 remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy 14 years ago
Anoop Saldanha 35f1f7e8d9 unify payload detection engines + fix other bugs in pcre init 14 years ago
Anoop Saldanha 9287cce674 raw urilen inspection moves to raw uri list. Won't make any difference wrt inspection 14 years ago
Anoop Saldanha 0677190960 rebase commit for hscd and hsmd patches 14 years ago
Anoop Saldanha 22b1f5b22b fix seg fault due to wrong sm list access in hscd 14 years ago
Anoop Saldanha 2e2398147c fast pattern unittests added for http server body 14 years ago
Anoop Saldanha 09313cf9bd Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S 14 years ago
Anoop Saldanha 2007c2711c Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword 14 years ago
Victor Julien 9dc153c8f4 Fix path handling for including rule files on win32. 14 years ago
Victor Julien 489b8b8bcc Allow other yaml files to be included in the main yaml. 14 years ago
Victor Julien adb5d05fb5 Fix a FP with negated filemagic inspection. 14 years ago
Victor Julien 0b9038b971 Add atomics to ticks unittests. 14 years ago
Victor Julien f77c475c85 Minor layout fixes. 14 years ago
Victor Julien e1a309a6b2 Napatech code formatting fixes. 14 years ago
Victor Julien 95a5bebb6a Fix compilation without napatech tech support enabled. 14 years ago
Victor Julien 1d9f6ff8f2 Initial Napatech support by Randy Caldejon / nPulse. 14 years ago
Anoop Saldanha 60553f3753 fix compilation error for the new http response header mpm feature 14 years ago
Anoop Saldanha 716afac5a2 fix debug messages that have references to the old mpm contexts 14 years ago
Anoop Saldanha 9a665e035b code cleanup over last 2 commits 14 years ago
Anoop Saldanha 55c4e419fd if a signature is non-tcp, it's always a packet sig 14 years ago
Anoop Saldanha 419cdc8558 support splitting mpm ctxs based on direction v2 14 years ago
Anoop Saldanha 0a91d824bf Fix bug in ac-bs search function 14 years ago
Anoop Saldanha db859cc56e treate ac-bs auto as single context 14 years ago
Anoop Saldanha 199288309d Support for new MPM ac-bs added 14 years ago
Victor Julien e244934566 Disable unittest that fails without libnet support. 14 years ago
Anoop Saldanha c2d47718c1 bug #411 - fix failing unittest 14 years ago
Anoop Saldanha 6556b4c62b bug #411 - don't modify within/distance at setup time 14 years ago
Anoop Saldanha 37329f85d4 bug #412 - rebase commit. Remove the previous references to SigInitReal() with SigInit() 14 years ago
Anoop Saldanha 3b5d95547d bug #412 - Remove the commented out SigInitReal() 14 years ago
Anoop Saldanha 6cbd3a1046 bug #412 - Unify SigInit() and SigInitReal(). Remove any use of SigInitReal() 14 years ago
Anoop Saldanha acccf3a5a5 Add function declaration for SigInitReal 14 years ago
Anoop Saldanha 88ad3691d1 bug #405 - fix bug where raw uri inspection sigs were not treated as stateful sigs 14 years ago
Anoop Saldanha 0b43f2a5fd Use SigInitReal() instead of SigInit() in raw uri tests. This should show that we have unittests failing, thus highlighting bug 411. The next commit is the fix for this bug 14 years ago
Victor Julien 6aa0ad1c5f Remove unused definitions in pcre code. 14 years ago
Victor Julien bb6f93e675 Fix unittest missing a flow direction in the rule. 14 years ago
Eileen Donlon 39b8cc2f8b fixed relative handling for pcre cookie and method 14 years ago
Eileen Donlon d55fef2d75 Cleaned up some error messages for detect distance and offset. 14 years ago
Victor Julien b16a71020d Make 'make check' happy in a ipproto unittest. 14 years ago
Anoop Saldanha 5b3c8566dd bug #403 - add unittests 14 years ago
Anoop Saldanha a19a249230 Set the packet protocol only if it can parsed without error 14 years ago
Anoop Saldanha 2fa55a86fa Fix csum validation functions to not carry out csum calculation if respective headers are not present 14 years ago
Anoop Saldanha b8997b415c bug #403 - fix setting ip proto for ipv6 packets 14 years ago
Anoop Saldanha 87c2dae010 bug #403 - fix setting ip proto for packets 14 years ago
Victor Julien 18d458870f 1.3 branch has opened 14 years ago
Victor Julien 706b046966 Convert missing coredump config to debug. 14 years ago
Victor Julien 2d9449d060 Make code default for pcre match limit match the suricata.yaml default. 14 years ago
Victor Julien c8c4a76dc6 Move threshold to it's own sig match list. 14 years ago
Victor Julien 0983f1d0a6 Only force a pseudo packet inspection cycle for TCP streams in a state >= established. 14 years ago
Victor Julien eba3cecc5d Fix unified2 records generated based on reassembled stream data. 14 years ago
Victor Julien 93d121bf21 Update app layer events for HTTP now that libhtp has fixes for some response errors. 14 years ago
Victor Julien 87e6be610a Issue warning if libhtp version used is not up to date. 14 years ago
Victor Julien 02e1229565 Enforce flow direction for http_raw_header sigs. Fix unittests that missed the flow direction. 14 years ago
Victor Julien 80fb33c651 Fix libhtp htp_tx_get_response_headers_raw 'detection' for bundled libhtp. 14 years ago
Victor Julien 5fa195ffb3 Allow log-pcap to use both absolute and relative sguil-base-dir settings when in 'sguil' mode. 14 years ago
Victor Julien 4cd2938c68 Fix PathIsAbsolute function not dealing with CYGWIN. Handle absolute paths in logfile api. 14 years ago
Victor Julien 7066a79c10 Register HTTP logger at registration, not thread init. 14 years ago
Victor Julien 146ff9d66e Suppress ac-gfbs debug message being printed at info level. 14 years ago
Victor Julien cd987ae7a5 Threading: do not keep a slots post_pq locked while processing the packets. 14 years ago
Victor Julien e81f94cd83 Fix flowbits sigmatch structure added to the match and post-match list, causing corruption of the prev ptr. This lead to an endless loop condition in the thresholding code. Thanks to Chris Wakelin for reporting the issue. 14 years ago
Victor Julien 39ef24ccc4 Fix pcap -i mode. 14 years ago
Victor Julien ae27333458 Make live worker runmode threads adhere to the 'detect' cpu affinity settings. 14 years ago
Victor Julien e526525f83 Fix pcap -i <ip>. 14 years ago
Victor Julien 35467db151 Indicate that the Suricata version used is a release or a git checkout. 14 years ago
Victor Julien 28e15be526 Clean up default output. Use simpler output format for releases. 14 years ago
Victor Julien ff9fb7e1b5 Assume offloading in use if 1/10th of the packets has a bad checksum. 14 years ago
Victor Julien 9bea84918c Fix checksum offloading auto detection typo: it should be 1/5th instead of 1/10th. 14 years ago
Victor Julien c4b34e6ef7 Fix various minor clang/scan-build warnings. 14 years ago
Victor Julien 791fc2f6ea Adapt signature ordering to new flowbits post-match handling. 14 years ago
Victor Julien 8339ca6d4e Implement post match support for ip-only. 14 years ago
Victor Julien e69c584317 Let timing out flow use pseudo packets also if state is not fully closed. 14 years ago
Victor Julien 6eeab37ab3 Add post-match list, move flowbits set, etc functions to it. Move flowint set, etc functions to it as well. 14 years ago
Victor Julien 0818a151ec Add reject support to live single, autofp and workers runmodes. 14 years ago
Eric Leblond 0b2c7dfa5d runmode: Add Reject to IPS worker mode. 14 years ago
Victor Julien 515d070554 Print elapsed time with millisecond precision. 14 years ago
Victor Julien aac2d91bcc Set DROP flag for reject action so in addition to sending the rst, in IPS mode also drop the offending packet. 14 years ago
Victor Julien f084874998 Fix HTTP state and raw stream not being inspected at the same time. Adds an exception to transaction id handling for HTTP. 14 years ago
Victor Julien 16cfae2f51 Trigger raw stream reassembly on receiving a full HTTP request or response. 14 years ago
Victor Julien f773942ce0 Disable printing dreaded app layer error messages to the screen: app layer events are here to safe us. 14 years ago
Victor Julien f713b653ab Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well. 14 years ago
Victor Julien e55390e4e7 Add check to invalidate signatures that inspect raw http headers in the to_client direction (response headers) if libhtp hasn't been patched yet. Also add hack to disable the test for unittests, many tests fail and we'll fix those ASAP. 14 years ago
Victor Julien 1ac6054c23 Clean up configure check for htp_tx_get_response_headers_raw. Misc changes. 14 years ago
Anoop Saldanha 4acd5a04e6 Enable http raw response header inspection only if libhtp supports raw response header buffering which should be available post 0.2.6 14 years ago
Anoop Saldanha 9c4954ff42 support http response raw header inspection + carry out hrhd mpm on both request/response headers + add unittests for the same 14 years ago
Anoop Saldanha 1b434f5fff hhd unittests for response headers 14 years ago
Anoop Saldanha e5c3e2cdb1 carry out hhd mpm on both request/response headers 14 years ago
Anoop Saldanha 30247dce8c bug 389 - support http response header inspection + fix bug with stateful inspection for sigs that would have both request/response inpection 14 years ago
Victor Julien 64f717c880 Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv. 14 years ago
Victor Julien 026a4efc57 Make sure that continued stateful detection only inspects sigs in the proper direction. 14 years ago
Victor Julien 21ee59e6f3 Add signature direction (flow:toserver/flow:toclient) as a signature flag. 14 years ago
Victor Julien d5402d33d4 Simplify detection loop. Inspect packet keywords before the state. 14 years ago
Victor Julien 7fa22e8453 Rename app_layer_events to app-layer-events. Misc fixes/changes. 14 years ago
Victor Julien ecd457db7b Allow flowint names to have dots in them. 14 years ago
Anoop Saldanha 5311cd4866 Support for smtp decoder events 14 years ago
Anoop Saldanha eea5ab4a7a Support for app layer decoder events added + app_layer_event keyword added 14 years ago
Victor Julien 4c1e417d49 Allow non-existing flowints to be incremented. A 'set' to 0 is implied in this case. 14 years ago
Victor Julien d24b3a0e50 Clean up csum detection output, misc fixes. 14 years ago
Eric Leblond 9a2a4802f4 pf-ring: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Supported mode are yes, no, auto and rx-only.
 14 years ago
Eric Leblond 0399a06f4f pcap: fix typo 14 years ago
Eric Leblond db5ca0f3a4 pcap: add auto mode support 14 years ago
Eric Leblond a565148fb1 af-packet: fallback if 'kernel' mode is not supported 
This patch adds a fallback to full checksum validation if 'kernel'
mode is not supported by the running kernel.
 14 years ago
Eric Leblond 51eb96053c af-packet: auto mode support 14 years ago
Eric Leblond c3eaa6cc60 Add per-interface counter for invalid checksum. 
This patch adds a per-device counter for invalid checksum as
well as a simple packet counter.
 14 years ago
Eric Leblond 745b61171a Introduce LiveGetDevice function 14 years ago
Eric Leblond e893e860d4 Rename LiveGetDevice to LiveGetDeviceName 
The function LiveGetDevice is returning a point to
the name of the interface. This patch renames it to
LiveGetDeviceName which is more appropriate.
 14 years ago
Eric Leblond 1d1271fd38 pcap: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Eric Leblond 6062e00c2b af-packet: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Eric Leblond 551cb3e4c2 decode: introduce checksum mode enum. 14 years ago
Eric Leblond 623bb38d1c af-packet: Fix typo in error message. 14 years ago
Eric Leblond 8d635ddfc2 detect-csum: incomplete checksum is a valid checksum 
This patch modify checksum match to not alert on packet with
incomplete checksum. They will be checksummed later and thus
can be considered as valid one.
 14 years ago
Eric Leblond 67f791e891 af-packet: add variable to disable offloading detection 
This flag adds variable to disable offloading detection. The effect
of the flag is to avoid to transmit auxiliary data at each packet.
This could result in a potential performance gain.
 14 years ago
Eric Leblond f6ddaf3341 af-packet: parse message to find lack of checksum 
Emitted packet can have checksum offloading. This patch reads
af-packet message parameter to see if the kernel has sent a non
checksummed packet.
 14 years ago
Eric Leblond 5dc46ae7c7 pf-ring: Mark emitted traffic as non checksummed 
The traffic sent by an interface is potentially offloaded. This
patch adds detection of TX packets and set the corresponding flag.
 14 years ago
Eric Leblond 81bc6f5518 Treat incomplete checksum. 
Checksum of local traffic is often offloaded to the network device.
This causes some problems on parsing of this traffic. This patch
introduces a PKT_INCOMPLETE_CHECKSUM flag which can be used to
indicate that the checksum is not computed/correct for good reason.
 14 years ago
Victor Julien 9324ed7b90 Fix icmpv6 ip-only rule not firing. #363. 14 years ago
Anoop Saldanha 517040c4af indentation fix 14 years ago
Anoop Saldanha 37b223645a fix detection engine for alert stability. Fix cases where we have multiple rules having same pattern. We should see good perf increase(~5%) with this change, now that we avoid unnecessary inspection" 14 years ago
Anoop Saldanha 42bc22cfa5 indendation fix 14 years ago
Anoop Saldanha ecc7a769a7 reclaim mpm contexts if no patterns are added to it, even in non-full mode 14 years ago
Anoop Saldanha 1389cf6913 update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda 14 years ago
Anoop Saldanha 92643f6110 introduce separate mpm ctxs for tcp/udp/other_protos 14 years ago
Anoop Saldanha a5dec3cb2e refactor all http mpm engine code 14 years ago
Anoop Saldanha 34cf557abf fix indentation 14 years ago
Anoop Saldanha 5b91cec4ae remove unnecessary if/else checks 14 years ago
Victor Julien ada4066238 Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251. 14 years ago
Victor Julien 298289f43f Let flow:only_stream and flow:no_stream set the require packet and require stream flags. Toss out sigs with conflicting settings. Rename flow:stream_only to flow:only_stream. Fixes #261. 14 years ago
Victor Julien c04f45ccb9 Add tcp-pkt and tcp-stream 'protocols' to force a signature to inspect only packet or stream data. 14 years ago
Victor Julien 2c62b50ed5 Fix 2 compiler warnings. 14 years ago
Mike Pomraning cfced01641 Use strlcpy 14 years ago
Mike Pomraning 914b10a8e6 Touch up Makefile for SCConfLogOpenGeneric. 14 years ago
Mike Pomraning dfec9c0f6a Switch 'fast', 'http-log', 'drop' and 'alert-debug' to SCConfLogOpenGeneric. 14 years ago
Mike Pomraning dec34afa40 SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs. 
util-logopenfile.[ch] implements the abstraction; util-error.[ch]
modified to include a socket-specific error code; output.h adds a
default filetype for logs ("regular").
 14 years ago
Victor Julien a1cb769205 Switch log-file module to use new absolute path detection code. 14 years ago
Victor Julien 4cbaeb408c Add functions to determine whether a path is absolute or relative. 14 years ago
Victor Julien a397599fbb file extraction: add waldo option to file log module. This will store the last used file_id so extracted files won't get overwritten is Suricata is restarted. 14 years ago
Victor Julien effe01ae7b Add Init and DeInit calls to the thread module API. 14 years ago
Eric Leblond 7fb78a0ff6 Fix compilation warning. 14 years ago
Victor Julien 08f3ef7685 Reshuffle version printing so -V prints it only once. 14 years ago
Eric Leblond 1bebb9831d logging: don't display debug message before setting params. 14 years ago
Eric Leblond 05f562fdc3 logging: use SCLogDebug instead of printf 
This patch uses SCLogDebug instead of printf to enable filtering
of the log message by the log filtering option.
 14 years ago
Eric Leblond 9545a56426 ipfw: suppress poll before sendto 
Calling poll before using sendto seems a bit overkill.
 14 years ago
Eric Leblond 6f1b40dd4b ipfw: don't use socket lock in 'worker' mode 
This patch is the IPFW version of NFQ latest patch.
 14 years ago
Eric Leblond 58855494c1 nfq: do not use mutex in 'worker' mode 
Using a mutex on the queue handle is not necessary in 'worker' mode
as there is no concurrent access to it.
 14 years ago
Eric Leblond ef3951d914 runmode: export running mode 
This will permit to put some optimisation in different components.
This is done via the RunmodeGetActive() function.
 14 years ago
Victor Julien c908574545 Use strtoul instead of strtol for sid parsing. Fixes parsing of really large sid numbers. Fixes #393. 14 years ago
Victor Julien c1a40447c1 IP Only cleanup: make most functions static. Add error message on address parsing issues. 14 years ago
Victor Julien e0cf2ccb91 Fix invalid direction error message. 14 years ago
Eric Leblond db19680794 pcap: fix auto runmode 
This patch fixes initialization of a pointer. The lack of it was
causing an invalid interface value to be given to suricata (in
the case no interface was given on the command line).

Reported-by: Delta Yeh <delta.yeh@gmail.com>
 14 years ago
Victor Julien 5a769c02ee Stream engine: handling packets with ACK|CWR. 14 years ago
Anoop Saldanha 999c34111e bug #341 - support for urilen check on both norm and raw buffers 14 years ago
Victor Julien 158d72e7f3 file-inspection: inspect new files in same tx but opposite direction as well. 14 years ago
Victor Julien a6e75aff21 file-extraction: improve handling of complex multipart bodies. 14 years ago
Victor Julien 4eda31df4d file inspection: unset new file available flag when appropriate, prevents duplicate alerts. 14 years ago
Anoop Saldanha 6e2c921037 indentation fixes for ac-gfbs 14 years ago
Anoop Saldanha 2eb3aff0af Further improve compression for ac-gfbs. Character codes shifted to 8 bits from 16/32 bits 14 years ago
Victor Julien 0712300a1c Remove stream BUG_ON's that could fire on TCP session reuse. 14 years ago
Anoop Saldanha 0cde8072f4 fix ffr shutdown segv. We need to supply stream TV the the stream engine 14 years ago
Anoop Saldanha 5620844f7d ac-gfbs fix output presence combination with mod table 14 years ago
Anoop Saldanha 153f2ad3eb ac-gfbs update. Minor improvement of compression for state 0. Improves performance 14 years ago
Anoop Saldanha c6cd59bda4 Update ac-gfbs with some rearrangement. Increased performance from 4-10% 14 years ago
Anoop Saldanha e18cf72c13 fix bug in size parsing API. Pass the string returned by pcre_get_substring and not the passed arg. Also use strtod. Solves usage issues on windows 14 years ago
Victor Julien 842b01cc9c Remove duplicate sys/prctl.h configure check. Wrap another include in HAVE_SYS_PRCTL_H. 14 years ago
Eileen Donlon aaa5a78dfe Moved prctl.h check to configure 14 years ago
deltay 37dc83d411 ignore signal SIGPIPE and SIGSYS 14 years ago
Victor Julien c2c539942b Rework the way the http parser can tell the de_state to reset it's file section on arrival of new files in the same tx. Fixes a dead lock in the auto runmode. 14 years ago
Victor Julien 679b8ec1ba Fix filestore match code not expecting NULL file ptr. 14 years ago
Victor Julien 18d79c4215 file store: respect flowbits and other keywords 
The filestore keyword until now flagged a file, tx or ssn for storage as soon
as the keyword was inspected. This happens before flowbits and some other
keywords, so files were stored that weren't supposed to.

This patch makes the filestore keyword fill an array in the detect engine
thread ctx. Then if the full signature matches, a post-match filestore
function makes the store final.
 14 years ago
Victor Julien 7173256754 Fix compiler warnings in a couple of unittests. 14 years ago
Victor Julien 6d8aa6829d Remove unused variable. 14 years ago
Anoop Saldanha b164247fb8 Changed my email address to anoopsaldanha@gmail.com from my current one - Should have been an amend over my previous commit, but that commit's pushed out 14 years ago
Anoop Saldanha f514b141ce fix ipv6 header setup in pseudo pkt creation 14 years ago
Victor Julien 416b463c51 file-data: add more unittests 14 years ago
Victor Julien 296ce8b5f9 file-data: make bytejump, bytetest, byteextract and isdataat work better with file_data. 14 years ago
Victor Julien 077970051e file-data: implement relative pcre support. 14 years ago
Victor Julien 07e560b137 file-data: initial file_data support 
Support file_data for: content, pcre (relative), byte_test, byte_jump,
byte_extract, isdataat.

File_data support is handled at signature parsing time, all matches
occurring after the file_data in the rule are converted to http_server_body
matches.

Content matches relative to the file_data are converted. Within to depth,
distance to offset. Relative to the start of the body buffer.
 14 years ago
Victor Julien 7adac3048d file-data: create initial keyword registration. 14 years ago
Anoop Saldanha 420befb180 Changed my email address to anoopsaldanha at gmail dot com from my current one 14 years ago
Victor Julien fa0152fa80 Shrink signature flags field to 32 bits. 14 years ago
Victor Julien dd9da1a56f Merge all http mpm related signature flags into a single set: SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_HTTP_NEG. 14 years ago
Victor Julien d5ed28b065 Remove SIG_FLAG_MPM flag. 14 years ago
Victor Julien fe48920514 Remove per sgh mpm_streamcontent_maxlen variable. It was checked but never set. 14 years ago
Victor Julien 4992f7c417 Remove SIG_FLAG_MPM_URI flag. It was checked but never set. 14 years ago
Victor Julien 2650551192 Rename signature init flags to indicate they are init flags. 14 years ago
Victor Julien 6ebd71545b Fix signature flag definitions on 32 bit. 14 years ago
Victor Julien 291ddd95f2 Detection engine -- mpm 
Each signature is in one mpm ctx at max, but there were 3 separate
id's in use: packet, stream, http. Merged them all into one.

Could shrink the SignatureHeader structure with 8 bytes because of this,
should lead to better caching performance.
 14 years ago
Victor Julien 7db72bce75 Optimize detection engine prefiltering logic. 14 years ago
Victor Julien 89f83e714c Introduce http_server_body keyword. 
The http_server_body content modifier modifies the previous content to inspect
the normalized (dechunked, unzipped) http_server_body. The workings are similar
to http_client_body. Additionally, a new pcre flag was introduced "/S".

To facilitate this change the signature flags field was changed to be 64 bit.
 14 years ago
Eric Leblond 6e7a8f38bf ipfw: Add support for autofp and worker runmode 
This patch convert ipfw code to the PcktAcqLoop API and
rework the running mode to use the running mode wrapper
already used by NFQ.
 14 years ago
Eric Leblond c1ad64b333 ips: update copyright date and author list. 14 years ago
Eric Leblond d4cbc7c38c ipfw: funnier to manage capability in running code. 14 years ago
Eric Leblond f1cb4da442 ipfw: fix indentation of the file. 
I will have to work a lot on this one. It will be easier with a
correct indentation.
 14 years ago
Eric Leblond acc9634106 nfq: add some comments about possible evolution 14 years ago
Eric Leblond 9ca7257279 nfq: suppress unused functions. 14 years ago
Eric Leblond 58b20359a7 nfq: add worker runmode support. 14 years ago
Eric Leblond aee2e3ddd6 nfq: Add autofp mode support 14 years ago
Eric Leblond 115c3499d2 nfq: factorize auto mode 14 years ago
Eric Leblond 70c574fb63 runmode: Add support for IPS running mode 
This patch adds the 'auto', 'autofp' and 'worker' runmode for
IPS. It provides a set of ready-to-use functions that can be
used by NFQ and IPFW to implement this running mode.
 14 years ago
Eric Leblond 5cfdd7594f util-device: Modify function name. 
This patch modifies LiveBuildQueueList name to LiveBuildDeviceList
to have a consistent naming accross function. It also adds a
doxygen comment to add author and description of util-device.c
file.
 14 years ago
Eric Leblond 7096e11ab5 af-packet: simplify code. 14 years ago
Eric Leblond 5cec22ac37 threads: Add sanity check. 14 years ago
Eileen Donlon 327fd048a0 Fixed coredump windows compile issue 14 years ago
Eric Leblond 6c55af847b 'auto' running mode does not support 'threads' var. 
This patch modifies the RunModeSetLiveCaptureAuto() prototype to
be able to detect that a 'threads' variable (telling how much
threads must listen to one socket in IDS mode) has been used
in the configuration file. It then print a warning message
if this is the case.
 14 years ago
Victor Julien 6f0ca120d1 Make sure existing log-pcap and unified2-alert 'limit' settings don't break. 14 years ago
Victor Julien 678213c9f4 Fix ParseSizeString return code and a compiler warning. 14 years ago
Anoop Saldanha 4b8ebb5c53 set default response body limit for specific http server conf 14 years ago
Anoop Saldanha 6240131a4e updates to accomodate master rebase 14 years ago
Anoop Saldanha 7c9d1b80fd Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls 14 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 14 years ago
Eileen Donlon 79e0299643 Fixed coredump compile problems on bsd, windows 14 years ago
Anoop Saldanha b970273163 fix broken unittest 14 years ago
Anoop Saldanha 651f91e4de fix setting pseudo packet from this commit: 
commit 259e022f721a7c3a70c26447b1cf730bb8a1f6cd
Author: Anoop Saldanha <poonaatsoc@gmail.com>
Date:   Sun Dec 4 13:20:43 2011 +0530

    fix setting ipv4 header in pseudo packet
 14 years ago
Anoop Saldanha d40fb5b933 Remove unnecessary flow NULL check 14 years ago
Anoop Saldanha 8533cd2cdf fix mapping of tcp states to flow_established and flow_closed. Improves accuracy 14 years ago
Anoop Saldanha cc7db6315c Move setting packet iponly flags from decode section to stream section 14 years ago
Anoop Saldanha eaf15911e7 fix setting ipv4 header in pseudo packet 14 years ago
Victor Julien 322779fb23 flow engine: release flow lock earlier in flow kill/prune process. Minor cleanups. 14 years ago
Victor Julien 5401764697 flow engine: minor cleanup. 14 years ago
Victor Julien bfa872b9b7 flow engine: no longer allow FlowRequeue to be called with the same src and dst queue. 14 years ago
Victor Julien 84c7480c06 flow engine: convert flow hash code FlowRequeue call to FlowEnqueue. 14 years ago
Victor Julien ad4e016288 flow engine: make FlowEnqueue lock the queue. Adapt callers. 14 years ago
Victor Julien fbbdbb251f flow engine: remove unneeded 'need_srclock' argument for FlowRequeue 14 years ago
Victor Julien 0331da9773 flow engine: introduce FlowRequeueMoveToSpare 
As part of a clean up of how FlowRequeue is used, introduce
FlowRequeueMoveToSpare for moving a flow from a locked queue to the
spare queue.
 14 years ago
Victor Julien 7fa3df33f2 flow engine: introduce FlowRequeueMoveToBot 
As part of a clean up of how FlowRequeue is used, introduce
FlowRequeueMoveToBot for moving a flow to the bottom of it's queue.
 14 years ago
Victor Julien ae1e4c1d7d Add missing hash row unlock. 14 years ago
Victor Julien f47f601f09 Fix unified2 setting the wrong eth_type. 14 years ago
Eric Leblond 9422a36851 unified2: avoid to log RAW packet 
If the packet datalink is ethernet, we add a fake ethernet
header to stream logging to avoid that barnyard2 create
different files.
 14 years ago
Eric Leblond fc56abfcd0 unified2: log an ethernet header for stream alert. 
If packet is a of type ethernet, we log the alert reconstructed
payload as an ethernet packet and not a raw packet. This will avoid
to confuse barnyard2 pcap output.
 14 years ago
Victor Julien 49d6885ec7 Improve debug validation code for packet, add new macro for flow. 14 years ago
Victor Julien 3009429e3c HTTP transaction handling improvement 
In some cases AppLayerTransactionGetInspectId can return -1, which is
now handled by all it's callers.

Improve logic of selecting which transactions are inspected by the various
HTTP keywords.
 14 years ago
Eileen Donlon dbdf2d888f Enable/disable core dump in config (feature 319) 14 years ago
Victor Julien 7b0f261fdc Add some debug statements for debugging a smtp issue. 14 years ago
Victor Julien 004b5dde88 Support libhtp's different handling of CONNECT requests. 14 years ago
Victor Julien 117d51c965 Fix a compile warning when debug is enabled. 14 years ago
Victor Julien 1df3304655 Clean up for unittests code: only compile unittest api code when unittests are enabled. Fix unittest code that wasn't wrapped in the proper UNITTESTS ifdefs. 14 years ago
Victor Julien a138b32533 flow manager: timing change 
Set default timeout for the flow manager to wake up to 1 second. The 0.4 sec
performed best on a Xeon, but in kvm vm's it was horrible:

32 bit vm: 60% cpu for flowmgr when idle.
64 bit vm: 30% cpu for flowmgr when idle.

With the 1 second timeout both are at 0.3% cpu.
 14 years ago
Victor Julien 786148319c Lower flow manager wake up timer to 0.4 seconds as that performs 2% better in my tests. 14 years ago
Anoop Saldanha 776bf633e3 flow manager code cleanup. Remove unused code + fix indentation. Remove unused vars 14 years ago
Anoop Saldanha 5133098bd6 Accomodate pcap-file mode to signal flow mgr to wakeup when it exceeds a certain time interval. This let's the flow mgr keep in sync with pcap timestamp changes 14 years ago
Anoop Saldanha 9917744707 separate timers for flow mgr thread for normal and emerg mode. Signal flow mgr thread when in emerg mode 14 years ago
Eric Leblond 5a63662766 Flow: use condition system instead of short sleep 
Short sleep can lead to some really annoying performance issue in
some environnement like virtual systems. This technic was used in
the flow manager. This patch uses an alternate approach based on
a timed condition which is triggered each time a new flow has to
be created. This avoid to run out of flow. A counter is also done
to be able not to run the cleaning code at each new flow.
 14 years ago
Victor Julien 34450b9b57 Don't parse layers / ext headers above ipv6 frag header. This is taken care of by defrag. 14 years ago
Victor Julien 938e9b3db0 Fix filestore related segv. 14 years ago
Victor Julien e6d8d0443c Unify output functions for alert-debug for IPv4 and IPv6. 14 years ago
Victor Julien 3c7f09d1ea Add debug output to engine event. 14 years ago
Victor Julien e6af837b25 Convert StreamTcpSetEvent function into macro. Eases debug. 14 years ago
Victor Julien 58011554b0 Don't consider payload len in ACK value validation check. 14 years ago
Victor Julien 9878eca086 file handling: expand filestore keyword 
Filestore keyword by default (... filestore; ... ) marks only the file in the
same direction as the rule match for storing. This makes sense when inspecting
individual files (filemagic, filename, etc) but not so much when looking at
suspicious file requests, where the actual file is in the response.

The filestore keyword now takes 2 optional options:

filestore:<direction>,<scope>;

By default the direction is "same as rule match", and scope is "currently
inspected file".

For direction the following values are possible: "request" and "to_server",
"response" and "to_client", "both".

For scope the following values are possible: "tx" for all files in the current
HTTP/1.1 transation, "ssn" and "flow" for all files in the session/flow.

For the above case, where a suspious request should lead to a response file
download, this would work:

alert http ... content:"/suspicious/"; http_uri; filestore:response; ...
 14 years ago
Victor Julien ddfa5c49c6 Stream engine: gap handling 
Set a stream event for stream gaps.
Add a (disabled by default) signature to the stream-event.rules.
 14 years ago
Victor Julien 45d86ff58a Stream reassembly / app layer: disable gap errors 
Gap errors on the app layer are now silently handled. No longer printed
to the screen.
 14 years ago
Victor Julien 425294f912 stream reassembly: account stream gaps 
Add counter to the stream reassembly engine to count stream gaps. Stream gaps
are the result of missing packets (usually due to packet loss). This missing
data stops the reassembly for the app layer.
 14 years ago
Victor Julien d8d8fdd9f5 Improve handling of packets when stream is in the fin_wait1 or fin_wait2 state. 14 years ago
Victor Julien b74c73309b file handling: improve filestore keyword handling 
In stateful detection only inspect the file portion of the rule after all
other conditions matched. This to prevent "filestore" from tagging files
for storage during a partial match.

Add a couple of unittests to test the behaviour change.
 14 years ago
Victor Julien 4cbe7519fa Add missing file util code. 14 years ago
Victor Julien 56b96363b8 Fix merge artefact. 14 years ago
Victor Julien 63c9a3ab85 Remove duplicate include. 14 years ago
Victor Julien 042fd850fc Make sure we check the sgh for no magic and no store once per flow direction. 14 years ago
Victor Julien f3fbc1a44c file handling: filemagic matching improvement 
Magic buffer is a null terminated string. Allow matching on the final
\0 using filemagic:"somevalue|00|"; so we can anchor to the end of the
buffer.
 14 years ago
Victor Julien 2ccd35c6e4 Fix code after rebase. 14 years ago
Victor Julien 33848124d1 Fix a multipart body parsing issue. 14 years ago
Victor Julien 96d20098b0 file inspect: stateful inspection split 
Split stateful detection of the files in a HTTP state between toserver
and toclient inspection.
 14 years ago
Victor Julien d59ca75e46 file extract: split toserver and toclient tracking 
Split toserver and toclient file tracking for the http state.
 14 years ago
Victor Julien 04ea70ccf7 file extract: pruning 
Add pruning of files in memory so we keep only memory what we really need.
Fix magic logic.
Reset file part of the de_state on receiving another file in the same tx.
 14 years ago
Victor Julien 1c934acc85 Don't store fd per file (too many fd's). Enable IPv6 storing. Close file on receiving stream end flag. 14 years ago
Victor Julien b402d97179 File carving -- enable reponse file extraction 
- Enable response body tracking
- Enable file extraction for responses
- File store meta file includes magic, close reason.
- Option to force magic lookup for all stored files.
- Fix libmagic calls thead safety.
 14 years ago
Victor Julien 66a3cd96a8 Prepare HTTP response body tracking. 14 years ago
Victor Julien 417495e542 file-extraction: remove no longer used files. 14 years ago
Victor Julien e1022ee5ae file-extraction: Disconnect file handling from flow and move into the app layer state. 14 years ago
Victor Julien 27645f64c6 Remove unused util-filetype.[ch] from Makefile.am. 14 years ago
Victor Julien 9b62ec65ab Make sure filemagic works properly regardless of filestore being in use for a flow. 14 years ago
Victor Julien 5945e652d6 Initial implementation of filemagic keyword. 14 years ago
Victor Julien f4a6f4b293 Add libmagic detection, linking and a basic API. 14 years ago
Victor Julien 23e01d23d3 Implement filestore keyword, including a way for the stateful detection engine to conclude that a file will never have to be stored. 14 years ago
Victor Julien 3e7baa6810 Fix improper error handling in http body chunk function. 14 years ago
Victor Julien 403b2788d6 Add support for extracting PUT files. 14 years ago
Victor Julien 59cda9a358 Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test. 14 years ago
Victor Julien ef0536794c Adding comments, some cleanups. 14 years ago
Victor Julien 21acd72adf Cleanups to the Multipart parsing code. Fixes to negation in filename and fileext. 14 years ago
Victor Julien 70f0d3d2e7 Add negation to filename and fileext, use same syntax as with content. 14 years ago
Victor Julien 32fb9f375d log-file log-dir option added, meta file created, fixes. 14 years ago
Victor Julien a6b7a560f1 Fix a bug in the HTTP file closing. 14 years ago
Victor Julien 7e3d537338 Fix setting libhtp personality. 14 years ago
Victor Julien 1eef36b011 Initial checkin of a log-file module, that can write files extracted from flows to disk. 14 years ago
Victor Julien 3c1edf3763 Add a file descriptor to the flow file structure. 14 years ago