aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,354 Commits
8 Branches
163 Tags
185 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2953b3f640'
${ noResults }
Commit Graph

4017 Commits (2953b3f6403e94874c0c7b19faf52706cff66138)

Author SHA1 Message Date
Victor Julien a8c416fc8b flowint: fix setup memory leaks 12 years ago
Victor Julien 16130cc974 ssh: fix memleaks during ssh.softwareversion init and cleanup 12 years ago
Victor Julien ec724a1e56 urilen: fix memory leak when freeing the rule 12 years ago
Anoop Saldanha cfa2cda42b fix for bug #973. 
An alternative solution for bug #970.

For chopped patterns, which in it's whole is a duplicate of another
pattern we assign an unique content id.
 12 years ago
Anoop Saldanha 4da2f29054 Unittest for bug #973. 12 years ago
Victor Julien 0bfba8352d pcre: check for pcre_free_study, fall back to pcre_free if it unavailable 12 years ago
Victor Julien dd76e679fe mpm: clean up stream thread ctx 12 years ago
Victor Julien 6f450785fc profiling: properly clean up thread local memory. 12 years ago
Victor Julien eca1a8d73a profiling: don't alloc 0 bytes block if no rules are used 12 years ago
Victor Julien 468a8e1ca3 Properly cleanup NSS ctx 12 years ago
Victor Julien eedd4329da Change ParseSize api to not leak memory and only setup pcre once. 12 years ago
Victor Julien 3d78cc8ca6 DNS: free TX events using proper function 12 years ago
Victor Julien 6f2cb141cf Http: improve tx data cleanup 12 years ago
Victor Julien 239ab202c9 stream: clean up queue list in all cases 12 years ago
Victor Julien 67c12c61d3 Http: fix memory leaks when cleaning up our per-tx storage 12 years ago
Victor Julien 6aed56d093 Dns: fix memory leak when events are set 12 years ago
Anoop Saldanha cd80dcbfd4 bug #955 - Fix SSL parsing issue. 
The parser wasn't carrying out a bounds check on record length while
in the middle of parsing a handshake.  As a result we would step onto the
next record header and consider it a part of the current handshake.

- Contains an unittest to test the issue.
- Disable the duplicate parser unittest registration.

The issue came to light through an irregular ssl record, which was
reported by Sebastian Roschke, via CVE-2013-5919.

Thanks to Sebastian Roschke for reporting this issue.
 12 years ago
Anoop Saldanha 8c1e855632 fix for bug #970(ac-gfbs). 
Content strings that are a duplicate of a pattern from another sig, but
have a fast_pattern chop being applied, would end up being assigned the
same pattern id as the duplicate string.  But the string supplied to the
mpm would be the chopped string, which might result in the state_table
output_state content entry being over-riden by the the fuller string at
the final state of the smaller content length, because of which during a
match we might end up inspecting the search buffer against the fuller
content pattern, instead of the chopped pattern, which would end up being
an inspection beyond the buffer bounds.
 12 years ago
Anoop Saldanha 92a8b2b738 Unittest to display bug #970(ac-gfbs). 12 years ago
Anoop Saldanha 496f30a5e4 fix for bug #970(ac-bs). 
Content strings that are a duplicate of a pattern from another sig, but
have a fast_pattern chop being applied, would end up being assigned the
same pattern id as the duplicate string.  But the string supplied to the
mpm would be the chopped string, which might result in the state_table
output_state content entry being over-riden by the the fuller string at
the final state of the smaller content length, because of which during a
match we might end up inspecting the search buffer against the fuller
content pattern, instead of the chopped pattern, which would end up being
an inspection beyond the buffer bounds.
 12 years ago
Anoop Saldanha af95df67a5 Unittest to display bug #970(ac-bs). 12 years ago
Victor Julien 68ba9df8a0 Fix valgrind warning on memrchr unittest. 12 years ago
Anoop Saldanha d2ea799d38 fix for bug #970. 
Content strings that are a duplicate of a pattern from another sig, but
have a fast_pattern chop being applied, would end up being assigned the
same pattern id as the duplicate string.  But the string supplied to the
mpm would be the chopped string, which might result in the state_table
output_state content entry being over-riden by the the fuller string at
the final state of the smaller content length, because of which during a
match we might end up inspecting the search buffer against the fuller
content pattern, instead of the chopped pattern, which would end up being
an inspection beyond the buffer bounds.
 12 years ago
Anoop Saldanha da75db9330 Unittest to display bug #970. 12 years ago
Victor Julien 397a55457d Add sanity checks for command line argument handling 
Coverity 1075221.

Normally getopt_long should cover this case, but can't hurt to
add in some extra checks.
 12 years ago
Victor Julien c8b71938ff Add a fallback memrchr implementation for those platforms that dont support it. Bug #963. 12 years ago
Victor Julien e77b21a7f7 Suppress compiler warning about comparing signed and unsigned vars 12 years ago
Victor Julien bb8298ffa2 Move header thread_affinity declaration to extern to avoid duplicate declarations. 12 years ago
Victor Julien 3470b07ea5 Fix several compile and runtime warnings found by clang 3.2 with the -fsanitize=address option. 12 years ago
Victor Julien c82ecf553a Tag: document in the code that 'tag' is compatible with ip only 12 years ago
Victor Julien d12761233c Don't set tag on pseudo packets 12 years ago
Victor Julien 02cbbd0b89 unified2: fix tags not being logged. Bug #968 12 years ago
Anoop Saldanha 3749fc98fd Modify handling of negated content. 
The old behaviour of returning a failure if we found a pattern while
matching on negated content is now changed to continuing searching
for other combinations where we don't find the pattern for the
negated content.

Thanks to Will Metcalf for reporting this.
 12 years ago
Victor Julien 8539791c7e Coverity 1038102: remove dead code from host hash 12 years ago
Victor Julien 8237bbf18a Coverity 1038101: remove dead code from host hash timeout code 12 years ago
Victor Julien 440124a4b9 Coverity 1038100: remove dead code from flow hash timeout code(2) 12 years ago
Victor Julien 243060a6b7 Coverity 1038099: remove dead code from flow hash timeout code 12 years ago
Victor Julien 2e82772a0a Coverity 1038098: remove dead code from flow hash 12 years ago
Victor Julien aecefd00bd Coverity 1038095: remove dead code from defrag hash timeout code 12 years ago
Victor Julien 16056d51f2 Coverity 1038094: remove dead code from defrag hash 12 years ago
Victor Julien 32503bafaa Coverity 1038089: error check fseek call 12 years ago
Victor Julien 4827a4dcef Coverity 400477: pcre_get_substring retval 
Add missing return code check to pcre_get_substring call.
 12 years ago
Victor Julien 790866656b Coverity 1038129 fix 
Don't leak memory on malloc error in b2gm mpm implementation.
 12 years ago
Victor Julien 33919559d0 Fix memory leak on invalid luajit signature. Coverity 1038520. 12 years ago
Victor Julien 51c6a333d9 geoip: never try to store more locations than possible (Coverity 1038517) 12 years ago
Victor Julien 3cf3b485f2 Coverity 1038138 fix 
Clean up parsing code to suppress Coverity:
Dereference before null check (REVERSE_INULL)

Proper checking was already done.
 12 years ago
Victor Julien 27ea4232fe Coverity 1038134 fix 
Cleaned up error check. "ipdup" can only be non-NULL there, so remove check
that confused coverity.
 12 years ago
Victor Julien ecd5c7573b Coverity 1038135 fix 
Small cleanup in the error handling. The extra null check confused
Coverity.
 12 years ago
Victor Julien 38b6103ff5 Coverity 1038133 fix 
Clean up parsing code to suppress Coverity:
Dereference before null check (REVERSE_INULL)

Proper checking was already done.
 12 years ago
Ken Steele 50f859e9f2 Move SIMD implementations out of detect.c 
Move SIMD the implementations of SigMatchSignaturesBuildMatchArray()
for SSE3 and Tile out of detect.c to reduce the size of the file.

Also moved SIMD unit tests to detect-simd.c
 12 years ago
Victor Julien 7f140f6726 Coverity 1038111: fix local overrun of a string in app layer proto detect setup code. 12 years ago
Ken Steele eb4f0da97f Change one more atomic size in detect.h 
Change uint16_t to int for better tile atomic performance. Checked with
pahole that it doesn't increase the size of the structure.
 12 years ago
Ken Steele b08ddfa7f1 Support for Tile Gx atomic instructions 
Tilera's GCC supports the GCC __sync_ intrinsics.

Increase the size of some atomic variables for better performance on
Tile.  The Tile-Gx architecture has native support for 32-bit and
64-bit atomic operations, but not 8-bit and 16-bit, which are emulated
using 32-bit atomics, so changing some 16-bit and 8-bit atomic into
ints improves performance.

Increasing the size of the atomic variables modified in this change
does not increase the total size of the structures in which they
reside because of existing padding requirements. The one case that
would increase the size of the structure (Flow_) was confitionalized
to only change the size on Tile.
 12 years ago
Anoop Saldanha 54847e396f unittests for gzip, deflate http compression, multiple stacked 
compressions, cunning compression that's not what it says it is, etc.

These unittests are tweaked to pass.  When libhtp fixes these issues
we will have to reenable them.
 12 years ago
Anoop Saldanha 94e2527606 Introduce a saner way to validate the completion of request and 
response bodies.

Also don't change app state for http from inside inspection.
 12 years ago
Anoop Saldanha dcdcbd9721 Fix creating a backup of htp config. This is used by unittests that 
changed htp config.
 12 years ago
Ken Steele 62540eff3e Align some structures to cacheline 
Align strucutres with pthread mutex locks to start on cachelines to keep
the lock within one cacheline.
 12 years ago
Ken Steele d84079ba7d Move FlowIncrUsecnt to header file to allow for inlining. 
Move FlowIncrUsecnt() and FlowDecrUsecnt() from flow.c to flow.h to
allow for inlining.
 12 years ago
Ken Steele e05034f5dd New Multi-pattern matcher, ac-tile, optimized for Tile architecture. 
Aho-Corasick mpm optimized for Tilera Tile-Gx architecture. Based on the
util-mpm-ac.c code base. The primary optimizations are:
1) Matching function used Tilera specific instructions.
2) Alphabet compression to reduce delta table size to increase cache
   utilization  and performance.

The basic observation is that not all 256 ASCII characters are used by
the set of multiple patterns in a group for which a DFA is
created. The first reason is that Suricata's pattern matching is
case-insensitive, so all uppercase characters are converted to
lowercase, leaving a hole of 26 characters in the
alphabet. Previously, this hole was simply left in the middle of the
alphabet and thus in the generated Next State (delta) tables.

A new, smaller, alphabet is created using a translation table of 256
bytes per mpm group. Previously, there was one global translation
table for converting upper case to lowercase.

Additional, unused characters are found by creating a histogram of all
the characters in all the patterns. Then all the characters with zero
counts are mapped to one character (0) in the new alphabet. Since
These characters appear in no pattern, they can all be mapped to a
single character and still result in the same matches being
found. Zero was chosen for the value in the new alphabet since this
"character" is more likely to appear in the input. The unused
character always results in the next state being state zero, but that
fact is not currently used by the code, since special casing takes
additional instructions.

The characters that do appear in some pattern are mapped to
consecutive characters in the new alphabet, starting at 1. This
results in a dense packing of next state values in the delta tables
and additionally can allow for a smaller number of columns in that
table, thus using less memory and better packing into the cache. The
size of the new alphabet is the number of used characters plus 1 for
the unused catch-all character.

The alphabet size is rounded up to the next larger power-of-2 so that
multiplication by the alphabet size can be done with a shift.  It
might be possible to use a multiply instruction, so that the exact
alphabet size could be used, which would further reduce the size of
the delta tables, increase cache density and not require the
specialized search functions. The multiply would likely add 1 cycle to
the inner search loop.

Since the multiply by alphabet-size is cleverly merged with a mask
instruction (in the SINDEX macro), specialized versions of the
SCACSearch function are generated for alphabet sizes 256, 128, 64, 32
and 16.  This is done by including the file util-mpm-ac-small.c
multiple times with a redefined SINDEX macro. A function pointer is
then stored in the mpm context for the search function. For alpha bit
sizes of 8 or smaller, the number of states usually small, so the DFA
is already very small, so there is little difference using the 16
state search function.

The SCACSearch function is also specialized by the size of the value
stored in the next state (delta) tables, either 16-bits or 32-bits.
This removes a conditional inside the Search function. That
conditional is only called once, but doesn't hurt to remove
it. 16-bits are used for up to 32K states, with the sign bit set for
states with matches.

Future optimization:

The state-has-match values is only needed per state, not per next
state, so checking the next-state sign bit could be replaced with
reading a different value, at the cost of an additional load, but
increasing the 16-bit next state span to 64K.

Since the order of the characters in the new alphabet doesn't matter,
the new alphabet could be sorted by the frequency of the characters in
the expected input stream for that multi-pattern matcher. This would
group more frequent characters into the same cache lines, thus
increasing the probability of reusing a cache-line.

All the next state values for each state live in their own set of
cache-lines. With power-of-two sizes alphabets, these don't overlap.
So either 32 or 16 character's next states are loaded in each cache
line load. If the alphabet size is not an exact power-of-2, then the
last cache-line is not completely full and up to 31*2 bytes of that
line could be wasted per state.

The next state table could be transposed, so that all the next states
for a specific character are stored sequentially, this could be better
if some characters, for example the unused character, are much more
frequent.
 12 years ago
Victor Julien 77b429c402 xff: fix unittest crashes 12 years ago
Victor Julien 05d68ce394 xff: don't do xff check if there are no alerts anyway. 12 years ago
Duarte Silva 7dbb305255 Adds X-Forwarded-For support to the Unified2 output format 
- Added the Unified2 file format related constants
 - Added IPv6 support
 - Two modes of operation with a fall-back to "extra-data" mode if
   "overwrite" mode is not applicable
 - Changed the configuration loading code to handle the new
   configuration structure
 - When creating the packet that fakes the one that generated the alert
   the flow direction wasn't taken into account in overwrite mode
 - Fixed BUG_ON condition
 12 years ago
Victor Julien 900918a5d1 Bug #948: detect thread local storage support 12 years ago
Ken Steele 0861d3a2a3 Minor optimization in time caching code. 
Reduced the size of the cached string buffer from 128 to 32, which is
still larger than the largest possible time string, which is 26
characters.

Added a check for the user passing in an output buffer that is smaller
than the cached string. Previously, the code would have copied past
the end of the users buffer.
 12 years ago
Anoop Saldanha 49dcb0ca84 fix for #925. 
Log sensible error message when the user doesn't supply a value for
stream.prealloc-sessions or when the values supplied in invalid and
the engine resorts to using a default.
 12 years ago
Anoop Saldanha db6ef81fb0 fix for #926. 
Supply meaningful error message when user supplies invalid value for
host.prealloc.
 12 years ago
Anoop Saldanha b90a56b626 fix for #927. 
Print an error message when the user supplies an invalid value for
detect-thread-ratio in the conf file.
 12 years ago
Anoop Saldanha bed3f605fa Fix for #922. 
Add more relevant error message when we supply invalid value for
defrag.trackers and defrag.hash-size
 12 years ago
Anoop Saldanha 6608e7f523 Introduce generic utility API to log message on invalid config entry. 12 years ago
Victor Julien 6d34834623 Runmode fixes and cleanups 
Bug #939: thread name buffers are sized inconsistently
These buffers are now all fixed at 16 bytes.

Bug #914: Having a high number of pickup queues (216+) makes suricata crash
Fixed so that we can now have 256 pickup queues, which is the current built-in
maximum. Improved the error reporting.

Bug #928: Max number of threads
Error reporting improved. Issue was the same as #914.
 12 years ago
Anoop Saldanha 56143131da Fix unittests that use chunked encoding. 12 years ago
Nelson Escobar ef4d11aeb5 Use the Async versions of SCCudaMemcpy* to improve gpu performance. 12 years ago
Eric Leblond 77f2b9968e autotools: use builddir instead of srcdir 
srcdir is supposed to be read-only when running distcheck so it is better to
create the log directory in builddir.
 12 years ago
Ignacio Sanchez 1b2f251866 Various custom http logging improvements 
Cookie is parsed now using uint8_t pointers (inliniac PR comments)
Changed buffer size to a power of 2 (8192) and cookie value extraction function to static (inliniac PR comments)
Added %b for request size (vinfang patch)
Writing "-" if an unknown % directive is used (vinfang patch)
Fixed bug in cookie parser
Fixed format string issue logging literal values
Improve error handling (Victor Julien comments)

(patchset rebased and reworded by Victor Julien)
 12 years ago
Ignacio Sanchez 8051dc8a6a Added modifications suggested by Charles Smutz (https://redmine.openinfosecfoundation.org/issues/602) 12 years ago
Ignacio Sanchez 796bfab231 Added support for %{cookiename}C 
Added support for the definition of maximun length. ie: %[50]{user-agent}i
Some small bugfixes
 12 years ago
Eric Leblond 3dbf6c6fee solaris: fix compilation failure 
This patch fixes a compilation failure on Solaris. Compiler does
not support when a function returning void is used in return of
an other function returning void.
 12 years ago
Ken Steele a2b502a30c Formatting change for function call. 
Put open brace { for function on a new line to match coding standard.

Changed:

int foo(int x) {
}

to:

int foo(int x)
{
}
 12 years ago
Ken Steele d4dd18eb85 Clean up SCLocalTime() usage 
Remove cast of return type from SCLocalTime() as it is not needed.
Replace last use of localtime_r() with SCLocalTime().
 12 years ago
Ken Steele 77fae5313d On Open BSD systems don't cache time. 
Open BSD doesn't support __thread, which is used for time caching, so
don't do time chaching for BSD systems.
 12 years ago
Ken Steele 2feb37c155 Cache time conversions for localtime() and CreateTimeString() 
When converting a time in seconds (64-bit seconds since 1970) to
Month/Day/Year hours minutes, Suricata calls localtime_r(), which
always aquires a lock and then does complex comutation based on the
current time zone. The time zone can be specified in the TZ
environment variable, which is only parsed the first time it is used,
or from a file. The default file is /etc/localtime. The file is
checked each time to see if it might have changed and is reparsed if
it has changed.

The GLIBC library has a lock inside localtime_r(), which limits
parallelism, which is a problem when the rate of generating alerts is
high, since Suricata generates a new ascii time string for each alert
into fast.log.

This change caches the value returned by localtime_t() and then sets
the seconds within the minute based on the cached start-of-minute
time. All of the values return, expect for the seconds, is constant
within the same minute. Switching to a new seconds could change all
the other values, year, month, day, hour. The cache stores the current
and previous minute values.

The same trick is used in CreateTimeString() for generated time
string. The string, up to the minutes, is cached and then copied into
the result string, followed by printing the new seconds into the
result string.

The seconds within a minute are calculated as the difference in
seconds from the start of the current minute.
 12 years ago
Ken Steele 68d26dcec7 Merge multiple copies of CreateTimeString() to one copy. 
There were 8 identical copies of CreateTimeString() in 8 files.
Most used SCLocalTime, to replace localtime_r(), but some did not.
Created one copy in util-time.c.
 12 years ago
Ken Steele 5532af4621 Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER 
This allows replacing pthread mutexes with other types of mutex.
 12 years ago
Ken Steele 784843b146 Use Tilera SIMD for Signature matching ala SSE3 
Makes use of 8-wide byte compare instructions in signature matching.

For allocating aligned memory, _mm_malloc() is SSE only, so added
check for __tile__ to use memalign() instead.

Shows a 13% speed up.
 12 years ago
Ken Steele 22225a7e99 Tile SIMD implementation of SCMemcmp and SCMemcmpLowercase 
Based on the SSE3 implementation, it checks 8 bytes at a time.
 12 years ago
Anoop Saldanha e68d44b051 fix for #932. 
ipv6 tunnel decoder wrongly treats the tunneled ipv6 packets as an ipv4
packet.
 12 years ago
Anoop Saldanha e2f4144d99 fix for #920. 
Cull the space before the address specified in address var variables.
 12 years ago
Duarte Silva ab215c72f6 Now using the common functions 12 years ago
Duarte Silva 0a5c798729 Now using the common functions 
- Removed some non printable ANSI characters
- Removed unecessary include
 12 years ago
Duarte Silva 8ce95af09c Added the new files containing the repeated functions 
- Renamed the functions to something more generic
- Added the source and include files to the Makefile
 12 years ago
Anoop Saldanha a44d42b124 Fixes segv inside rule swap under low mem conditions. 
We now gracefully exit rule swap on any allocation or other failures.
 12 years ago
Anoop Saldanha 8516ba24c9 Rearrange ac state. 
Notice a minor speed bump of around 2% on runs.  More updates to follow.
 12 years ago
Ken Steele 4b8bb11454 Enable using Tile cycle counter. 
The Tile processors all have a cycle counter with a simple interface. Use
that for UtilCpuGetTicks.
 12 years ago
Victor Julien 38aaae1fd7 IsRuleReloadSet() shouldn't return an uninitialized value 12 years ago
Eric Leblond 189327981a unittests: fix stream-tcp.c 
Lock and recycle fixes for stream-tcp.c
 12 years ago
Eric Leblond cd3e32ce19 unittests: some functions needs a flow lock. 
In debug validation mode, it is required to call application layer
parsing and other functions with a lock on flow. This patch updates
the code to do so.
 12 years ago
Eric Leblond c5bd04f102 unittest: recycle packet before exit 
To avoid an issue with flow validation, we need to recycle the packet
before cleaning the flow.
 12 years ago
Anoop Saldanha d292f1a529 fix for #915. Fix segv when we send NULL to snprintf. 12 years ago
Eric Leblond c6e8c5bf1f pf_ring: avoid to ask for extended header. 
This patch update pf_ring capture to avoid to ask for extended
header. They are only needed when rxonly checksum checks is used
and this is only possible when interface is not a DNA interface.
 12 years ago
Victor Julien ff668c2030 Fix Tile compile 12 years ago
Eric Leblond 20ca270dc3 fix pf_ring build 12 years ago
Eric Leblond 2a46f0dae4 suricata: rename SuriInstance to SCInstance. 12 years ago
Eric Leblond 9b422f3a8c suricata: suppress Suri prefix 
Suppress Suri prefix in internal function name.
 12 years ago
Eric Leblond 18ced653c3 Use a typedef for SuriInstance. 12 years ago
Eric Leblond 2d77e53f2c Add offline flag to SuriInstance and some refactoring 12 years ago
Eric Leblond 34abd818dd Prefix util-conf function with Config 12 years ago
Eric Leblond 7242cb30e7 Move CreateLowercaseTable to GLobalInits 12 years ago
Eric Leblond 02e9851315 Generic code don't need ifdef 12 years ago
Eric Leblond 8c00a963aa Use function for delayed detect setup. 12 years ago
Eric Leblond 4296e5f29e Add functions for elapsed time computation. 12 years ago
Eric Leblond 9d1d08c7a4 Factorize Signature loading 12 years ago
Eric Leblond 20c5683b60 Use function for daemonification and signal handler 12 years ago
Eric Leblond 90aaf55201 set rule_reload as part of SuriInstance 12 years ago
Eric Leblond bb19ce1847 SetBPfString is part of command line parsing 12 years ago
Eric Leblond 1a6983ee19 suricata: use function to print version 12 years ago
Eric Leblond 4f789dbe84 Add function for internal running mode 12 years ago
Eric Leblond d3cb043001 suricata: windows specific in one function 12 years ago
Eric Leblond 4401c048ba Running mode is set earlier so out earlier 12 years ago
Eric Leblond 40a25112a0 kill remaining run_mode usage 12 years ago
Eric Leblond 75fa1e20d7 engine analysis is a running mode 12 years ago
Eric Leblond c0d5ee77f9 get (almost) rid of run_mode variable. 12 years ago
Eric Leblond 80542816cd add internal running mode 12 years ago
Eric Leblond e07fdb20a8 Add SuriInstance structure 
To be able to split code in functions in main, we need to pass
information about the current running Suricata to functions.
For that we create a structure to store suricata run parameters.

In this patch it allows to separate command line parsing and to
treat internal running mode in a switch just after command line
parsing.
 12 years ago
Eric Leblond 325462d396 Export IsRuleReloadSet and use it. 12 years ago
Eric Leblond 6d9a66d522 unittest: make check use a qa/log dir for logging 
This patch is using the qa/log directory to store the output
of the check. In case of success, the directory is deleted.
In case of failure, the directory remains in place.

This should fixes #910.
 12 years ago
Eric Leblond 4424f5a231 af-packet: add sanity check in free function 12 years ago
Eric Leblond 8e68b357c7 Suppress Suri prefix. 12 years ago
Eric Leblond 42011e2d32 suricata: function for lowercase table creation 12 years ago
Eric Leblond 132bebb2b2 Simplify code by removing comment 12 years ago
Eric Leblond 07ef1f9837 suricata: add wrapper for interface listing 12 years ago
Eric Leblond 54006de40c Use new function GetLogDirectory() 12 years ago
Eric Leblond 2be7c8aea8 Add util-conf for config util 12 years ago
Eric Leblond 27752818c2 suricata: add some wrapper for config file handling 12 years ago
Eric Leblond b2fa4edd36 move unittest out of suricata.c 12 years ago
Eric Leblond 9a0bf0956b suricata: list cuda cards in separate function 12 years ago
Eric Leblond bed48e3a54 suricata: separate keyword and app layer listing code 
The list-keyword and app-layer listing code was spread over all the
init code. This patch introduces a separate file to store non standard
running mode like these ones.
 12 years ago
Eric Leblond 135ef0186b runmodes: fix comment 12 years ago
Victor Julien 5a7bf53a6b Storage: rename Init to Alloc to reflect actual functioning. Comment updates. 12 years ago
Victor Julien f06694d0c1 Storage API: add safety check for cases when there is no storage used. 12 years ago
Eric Leblond caf730d988 engine-tag: rename var and add sanity check 12 years ago
Eric Leblond fb55931c30 flow tag: conversion to flow storage API 
This patch is updating the flow tag system to use the flow
storage API. The tag_list member of Flow structure is suppressed
and its cleaning operation are suppressed too as this is handled
transparently by the flow storage API.
 12 years ago
Eric Leblond 4db2fc2cbb Add per-flow generic storage 
This patch adds a per-flow storage that can be created via the functions
available in flow-storage.c.
 12 years ago
Eric Leblond 6d08807b2d Host: use global free storage function 
This patch is here to avoid that all modules using a local storage
have to update host code to add their free function. It modifies
previous behavior by calling HostFreeStorage in any case.
 12 years ago
Victor Julien 27023872de Use Host Storage API for per host thresholding 12 years ago
Victor Julien c08b395c2c Init storage api at start up 12 years ago
Victor Julien 5919901675 Storage API: add registration check closed test in debug mode. 12 years ago
Victor Julien 3447324c36 Move Host Tag storage to Host Storage API. 12 years ago
Victor Julien 0d2a6e515e Add Host specific wrapper to StorageRegister() 12 years ago
Victor Julien b5ccf0b9c7 storage: allow preallocated storage 12 years ago
Victor Julien e2b006f523 host: use storage api 12 years ago