suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	92536c4952	Fix address test on big-endian.	15 years ago
Victor Julien	e0afe96920	Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6.	15 years ago
Victor Julien	f5a2017f3c	Fix counter unittest on big endian.	15 years ago
Victor Julien	6817824c92	Fix bloomfilter issue on big endian.	15 years ago
Victor Julien	e197f50727	Fix IP-Only unittests failing on Big Endian.	15 years ago
Victor Julien	b8cf50678f	Fix many address unittests using explicit byte order and thus failing on big-endian systems.	15 years ago
Victor Julien	c865ee2217	Fix compilation for nfq_set_mark code when NFQ is not enabled.	15 years ago
Eric Leblond	ee6552f25e	nfq_set_mark: handle feature in NFQ. This patch implements the nfq_set_mark related modification of verdict handling.	15 years ago
Eric Leblond	9beebf621a	Add support for 'nfq_set_mark' keyword This patch introduces 'nfq_set_mark' which is new rules option. If a packet matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask specified in the option during the verdict. It is thus possible to trigger different behaviour on the packet inside Linux/Netfilter.	15 years ago
Victor Julien	f90a5cfffd	Misc pcap logging cleanups.	15 years ago
William Metcalf	023a0f94a2	first stab at pcap logging no rotating buff etc	15 years ago
Anoop Saldanha	1f7e4bada1	add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup	15 years ago
Victor Julien	71d0eabdec	Add a few extra safety checks in new SSL code.	15 years ago
Anoop Saldanha	c105a739e9	support for ssl_state keyword added	15 years ago
Anoop Saldanha	013d3aea1c	update ssl parser test. Some minor indentation changes	15 years ago
Anoop Saldanha	7a2046328c	some naming changes in ssl parser and ssl related keywords	15 years ago
Anoop Saldanha	4c570777c4	delete files app-layer-tls.[ch]	15 years ago
Anoop Saldanha	b639718787	replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch]	15 years ago
Anoop Saldanha	cacf0a9017	disabled sslv23 proto detection which we enabled previously. Although this is right, need to test a couple of things	15 years ago
Anoop Saldanha	4e8de99dcd	tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch]	15 years ago
Anoop Saldanha	8b17275451	dcerpc parser todo update	15 years ago
Anoop Saldanha	8c6d4531ee	sslv23 support with ssl2 record format with version set to 3.0	15 years ago
Victor Julien	07a85427dd	Add --build-info command line option to output some basic build settings.	15 years ago
Victor Julien	174db08567	Force reassembly of unack'd data on receiving a valid RST packet.	15 years ago
Victor Julien	b9429ecec1	Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set.	15 years ago
Victor Julien	cb67d61ab5	Fix broken setup of end of stream pseudo packet.	15 years ago
Victor Julien	99fca03810	Move unittest code into UNITTESTS ifdefs in the HTP parser. Fixes a compiler warning.	15 years ago
Victor Julien	0dc6333d22	Fix compiler warnings about unused IPv6 Address code.	15 years ago
Victor Julien	b9fd978253	Fix compiler warnings in two unittests.	15 years ago
Victor Julien	a3be22cd5a	Fix compiler warning in isdataat keyword setup code.	15 years ago
Victor Julien	bbe071252b	Make sure PID is logged as well in alert-syslog output.	15 years ago
Victor Julien	da423a59d5	Allow users of the alert-syslog to set the identity.	15 years ago
Victor Julien	07776c113b	Fix valgrind error on pfring_recv, rename threads from RecvPfring to RxPfring so the name still looks right for 100+ threads. Add --pfring commandline option that just enables pfring, then takes interface from config.	15 years ago
Victor Julien	3aeb86d836	Fix header_len in GRE decoder getting out of control in some cases.	15 years ago
Victor Julien	1c9e48ae98	Fix compilation error on non-pfring systems.	15 years ago
Victor Julien	91f28afef4	Add option to PF_RING to have multiple reader threads. Improve general performance of the PF_RING module.	15 years ago
Victor Julien	edeec290f6	Fix missing rename for request-body-limit to request_body_limit.	15 years ago
Eric Leblond	3b3a8ffb94	detect-gid: suppress unused type The DetectGidData type is not used in the code. This patch removes the type definition from code.	15 years ago
Eric Leblond	ad44f1cfc1	fix possible typo in strtoul error handling.	15 years ago
Eric Leblond	04f2afa81b	nfq: fix exit function Exit function was trying to close the nfq handler even if it was null. This was causing a crash.	15 years ago
Eric Leblond	277a384af7	Use already defined macro instead of integer Code was using a integer instead of the already defined macro.	15 years ago
Pablo Rincon	ce3b76a102	Fix compilation on Mac OS X (it was missing IPPROTO_SCTP definition)	15 years ago
Victor Julien	153f9298e7	Fix priority handling during the signature parsing stage. Fixes #275 .	15 years ago
Gurvinder Singh	27f67c97de	log error on duplicate sig and also for dup sig with newer revision	15 years ago
Victor Julien	8a390971e7	Print [drop] as well for syslog output.	15 years ago
Victor Julien	0377ae0817	Reduce SCTP_HEADER_LEN to reflect actual pkt header size.	15 years ago
Eric Leblond	005dc599a6	detect.c: Fix usage of integer standing for protocol This patch fixes direct usage of integer to code protocol value.	15 years ago
Eric Leblond	2c80f18dc9	detect: Add sctp detection and parsing. This patch adds the support of SCTP in signature subsystem.	15 years ago
Eric Leblond	674b0bfae7	flow: Add basic SCTP support This patch adds a basic flow support to SCTP. SCTP specificities like the verification tag are not taken into account.	15 years ago
Eric Leblond	01e955bc27	Add SCTP to packet validation Validation util was missing a test on sctph which can not be null for SCTP packets.	15 years ago
Eric Leblond	a823160384	detect: Add support for sctp option in rule 'sctp' can now be used as a keyword in signature. It is at the same level as the 'tcp' or 'udp' keywords.	15 years ago
Eric Leblond	482991ad6d	decode: add support for SCTP protocol This patch adds a new counter for SCTP and defines some macros needed for SCTP support.	15 years ago
Eric Leblond	8be92fdd99	SCTP support: add parsing of sctp This patch adds support of SCTP in all part of the code in charge of decoding packets.	15 years ago
Eric Leblond	e1d966eaf6	Makefile: add sctp files to build This patch simply adds decode-sctp files to the compilation.	15 years ago
Eric Leblond	b69fd02284	decode sctp: basic SCTP decoding. This files are basically a dummy conversion of UDP one. It provides basic decoding (source port and destination port). There is no chunk hanldling which means that suricata regexp will match on all packet content except initial header and not only on userspace data.	15 years ago
Eric Leblond	17af1ca123	decode-event: Add SCTP event Almost empty now, because the only definition is packet too small.	15 years ago
Victor Julien	987ce57a02	Wrap a number of BUG_ON's in the detection engine in DEBUG ifdefs as the conditions they check for are not serious enough to abort the engine.	15 years ago
Victor Julien	a3303fcf9d	Rename request-body-limit to request_body_limit to remain consistant with other options. Keep old notation around for compatibility.	15 years ago
Victor Julien	0d6d0ae371	Increase logline max length.	15 years ago
Victor Julien	6047a9b562	Improve byte to numeric value error reporting and testing.	15 years ago
Victor Julien	b233105cc2	Fix a issue in stream reassembly causing the segment list getting into a inconsistent state.	15 years ago
Eric Leblond	4e9231266a	Compilation fix for OpenBSD and win32. This patch fixes compilation on OpenBSD platform. It is running fine on a pcap file. The patch should also fix compilation on WIN32 platform but this is not tested.	15 years ago
Victor Julien	a8db8b334b	Remove debug stream testing code from non-debug builds.	15 years ago
Victor Julien	477bc1d050	Set DROP flag on a packet in addition to the REJECT flags. This makes sure we not only send a reject, but also drop the offending packet. Closes #248 .	15 years ago
Pablo Rincon	fb5fb3ab3f	IPOnly module fix for building stage. Radix Tree fix inserting diferent netmask user datas	15 years ago
Pablo Rincon	35c168ab03	Fix CPU_* macros for Mac OS X	15 years ago
Eric Leblond	0cf05856d0	Fix Packet usage. This patch suppresses remaining direct access to pkt and pktlen in the Packet structure.	15 years ago
Victor Julien	cec7ece697	Don't print drop log on pseudo packet.	15 years ago
Victor Julien	1ace091bd4	Minor drop log cleanups.	15 years ago
Gurvinder Singh	7d0781b349	added support to log dropped packet as netfilter logs while in inline mode	15 years ago
Victor Julien	1681705e62	Don't print errors/warnings based on malformed traffic.	15 years ago
Anoop Saldanha	9845718138	fix detect-ssl-version.c unittests to accomodate new changes	15 years ago
Anoop Saldanha	95f9f2c28d	minor indentation changes	15 years ago
Gurvinder Singh	8f8b1212af	support for ssl_version keyword	15 years ago
Eric Leblond	a8417377e7	Don't use direct pkt access pkt field in Packet needs to be accessed via macro. This patch supress some direct access.	15 years ago
Victor Julien	addab7b5ee	Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection.	15 years ago
Victor Julien	a2465ffc1c	Fix FreeBSD's compilation of the new affinity code.	15 years ago
Victor Julien	b963890de1	Reenable SSE3 memcmp and switch AC memcmp to use the SCMemcmp wrapper.	15 years ago
Victor Julien	6f58ef13c4	Improve error cleanup in output function. Thanks to iswalker.	15 years ago
Eric Leblond	183af9ada5	Replace malloc by SCMalloc in util-mpm-ac	15 years ago
Eric Leblond	c732351077	Replace free and malloc by SC functions.	15 years ago
Victor Julien	35b938a8db	Don't pass config to unittests run in make check.	15 years ago
Eric Leblond	0044bb221b	Add suricata unittests to 'make check' This patch adds a run of suricata's unittests to 'make check'	15 years ago
Eric Leblond	66a15e2d6d	Fix some Packet initialisation. This patch fixes Packet initialisation. In some place the pkt field was not set after a memset used to zero the structure and this could lead to some problems.	15 years ago
Anoop Saldanha	8e95884333	Use normal memcmp in ac. Improves perf	15 years ago
Martin Beyer	66d496c255	Added case sensitive unit test to util-mpm-ac	15 years ago
Anoop Saldanha	79b9eba0f0	fix case sensitive bug in ac	15 years ago
Victor Julien	1c7b7a01a6	Add option to set the syslog level for the alerts. Minor cleanups.	15 years ago
Gurvinder Singh	e5edc6e8e3	add the support to log the fast.log alerts type to syslog	15 years ago
Victor Julien	d424ac7c61	Fix nfq lockup due to improper handling of PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c9f9e3f9a4	Add configure check for signed or unsigned nfq_get_payload, adapt code.	15 years ago
Eric Leblond	aedb61b7d2	affinity: lock get next cpu function The function getting next CPU to use need to be locked as init of the threads are done concurrently.	15 years ago
Eric Leblond	0b5e5b8772	affinity: change config format and misc fixes This patch fixes some problem with affinity work and modify the configuration file format. For example, the detect cup set can be formatted as follow: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus prio: low: [ 0 ] # threads on CPU 0 have low prio medium: [ "1-2" ] # threads on CPU 1 and 2 have medium prio high: [ 3 ] # threads on CPU 3 have high prio default: "medium" #default priority is "medium"	15 years ago
Eric Leblond	c74116949c	source-nfq: improve nfq option system This patch modifies the NFQ option system to avoid implicit choice. 'nfq.mode' is now a string which can take a value in the 'accept', 'repeat' and 'route' set. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	94596ff282	source-nfq: add queue redirect support This patch adds the support of queue redirect. If 'next_queue' variable is set, the verdict sent to kernel is modified to contain the indication of a queue number (equal to 'next_queue') which will receive the packet after the verdict. This feature can be used to chain easily tools using NFQUEUE. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	aded7b4fae	source-nfq: add detection of already treated packet. This patch adds detection of already treated packet. If a packet is coming with an already set mark, it will be accepted and the processing of the packet is aborted. The patch display a message when the problem occurs but the number of message is limited to a fix counter in a way to avoid flooding the log. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	e399e74fc1	source-nfq: Factorize buffer usage A big sized buffer was allocated at each packet parsing. This patch uses a per-thread variable to have a persistent memory usage. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1e600c1054	source-nfq: add simulated non-terminal NFQUEUE verdict This patch adds a new mode for NFQ inline mode. The idea is to simulate a non final NFQUEUE rules. This permit to do send all needed packets to suricata via a simple FORWARD rule: iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE And below, we have a standard filtering ruleset. To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and put a mark ($MARK) with respect to a mask ($MASK) on the handled packet. NF_REPEAT verdict has for effect to have the packet reinjected at start of the hook after the verdict. As it has been marked by suricata during the verdict it will not rematch the initial rules and make his way to the following classical ruleset. Mode, mark and mask can be configured via suricata.yaml file with the following syntax: nfq: repeat_mode: (false\|true) mark: $MARK mask: $MASK Default is false to preserve backward compatibility. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	72ec56ab23	source-nfq: autodetection of queue max length function Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	8330747234	Add multi queue support to NFQ run mode This patch adds support for multiple Netfilter queue in the NFQ run mode. Suricata can now be started on multiple queue by using a comma separated list of queue identifier on the command line. The following syntax: suricata -q 0 -q 1 -c /opt/suricata/etc/suricata.yaml will start a suricata listening to Netfilter queue 0 and 1. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1375e90030	Prepare multi queue support in NFQ This patch prepare support for multiqueue in the source file. The NFQ vars contained in Packet structure has a new member. It is a reference to the NFQ thread var it comes from. The behaviour is modified as a single verdict thread treat packet for all Netfilter queues. Locking is done in the verdict function to ensure that simultaneous modifications of counters can not occur. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	d0faa6c96e	Fix some spacing. This trivial patch fixes some indentation problems. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	88fb3a641e	Delete some commented code in runmodes This patch simply suppress some commented code in runmodes.c. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	f9e453e14c	affinity: Use configured 'threads' value if set This patch modifies runmodes to make them use the new 'threads' variable. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	fb3641982f	affinity: 'threads' param to configure threads number This patch adds a new parameter the affinity. The 'threads' keyword is used to set the number of threads to start for a family. It can only be used on family where multiple thread are laucnh in the running mode. This is mainly the case of the detect threads. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	789d46cc3c	Add per-cpu prio handling This patch updates affinity setting to add a support for per cpu priority setting. In exclusive mode a thread is dedicated to a CPU. This patch adds the ability to set the thread prio for all threads of a family running on a given CPU. With this patch we can write - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] medium_prio: [ "1-2" ] high_prio: [ 3 ] With this configuration, detect threads assigned to cpu 0 will have a low priority. Detect threads on cpus 1 and 2 will have prio medium... The previous configuration is equivalent to: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] high_prio: [ 3 ] prio: "medium" because the prio value is used a default. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	a11e40dedf	Pcapfile mode: support for cpu affinity settings This patch adds support for cpu affinity setting in the pcapfile runmode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	9d5f08e0d9	Pcap mode: use CPU affinity setting This patch adds support for CPU affinity settings in pcap mode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	51df6beb26	Convert RunModeIpsNFQAuto to new affinity mode. The default NFQ run mode is now using the new affinity system. It thus can be configured via suricata.yaml. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	ea566d6601	Handle management thread with corresponding affinity This patch implement the setting of each management threads in the corresponding thread affinity. This is done by modifiying thread creation function. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	0809deafc4	Implement function needed for affinity in tm-threads This patch features the implementation of affinity related changes in tm-threads. In place code has been used but some refactoring has been done to avoid code duplication. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	77f2b6a7a9	Make runmode parse affinity settings. This patch modifies runmode to parse configuration file related to affinity settings. It also prepare the export of the set_cpu_affinity which was previously local. It is now used in the affinity and tm-threads files. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	2011366429	Include affinity in runmodes and threadvars. This small patch add inclusion of util-affinity.h in the files that will have to use affinity related features. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	37ee483b75	Add affinity util function and related files This patch adds two new files which implement advanced affinity settings. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	96e3852191	source-nfq: add define of SOL_NETLINK Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Martin Beyer	396b750414	Fixed optional args in SCCudaModuleGetGlobal	15 years ago
Martin Beyer	5dc5d73a66	fixed NULL checks in util-cuda	15 years ago
Martin Beyer	0d4ac48aa0	added texture reference api to util-cuda	15 years ago
Victor Julien	d10cf5b4e3	Increase stream msg size.	15 years ago
Victor Julien	ec5b622553	Inspect all stream msgs at any time when running in stream-inline mode. Skip detection for packets flagged for dropping before detect.	15 years ago
Victor Julien	48c7f18453	Fix bug in the segment insert code causing an inconsistent segment list in some overlap conditions.	15 years ago
Victor Julien	929ce0bb9b	Add a counter to NFQ for modified packets.	15 years ago
Victor Julien	05539d7357	Fix a reassembly overlap issue. Fix a inline reassembly gap handling issue.	15 years ago
Victor Julien	00e4dde6a6	Fix PKT_STREAM_EOF never being set, resulting in some raw stream chunks never being inspected. Improve debug output.	15 years ago
Victor Julien	e92ab40d39	Fix compilation for non-DEBUG case.	15 years ago
Victor Julien	1dca88fe69	Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine.	15 years ago
Victor Julien	2db06cc79e	Improve Inline reassembly wrt to GAP handling. Add more tests.	15 years ago
Victor Julien	29e02abc94	Expand and fix stream unittest helpers.	15 years ago
Victor Julien	121e9c72aa	Add more debug printing of reassembled data into the app layer api.	15 years ago
Victor Julien	4c82c0e750	Improve RawInline reassembly: remove unnecessary segments from the stream in an earlier stage. Test this properly.	15 years ago
Victor Julien	668bd46c1c	Add flow prune debug counters (disabled by default).	15 years ago
Victor Julien	4bf4382354	Make sure tunnel packets (and pseudo packets) properly decrement the flow use counter in all cases.	15 years ago
Victor Julien	37587c0b7d	Add missing stream inline files.	15 years ago
Victor Julien	3a774165fa	Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly.	15 years ago
Victor Julien	abdffadc1c	Add a new app layer reassembly function that is for inline use, and use it when the stream engine is in inline mode.	15 years ago
Victor Julien	8cacd5fe50	Fix the stream.inline config option. Set PKT_STREAM_EST flag also for packets that are part of a session in a state beyond TCP_ESTABLISHED.	15 years ago
Victor Julien	a8bb98836b	Don't handle and validate the TCP timestamp at the same time. Instead validate first, then later when all other validation has been done as well, handle.	15 years ago
Victor Julien	8d3f9c53a9	Minor cleanups.	15 years ago
Victor Julien	bff70eed6d	Update to depth code. Get segment from the correct pool when a payload is truncated.	15 years ago
Victor Julien	66c40f782c	Have reassembly errors also set a stream event.	15 years ago
Victor Julien	0f072648e6	Another iteration of the reassembly depth enforcement, now considering retransmissions.	15 years ago
Victor Julien	935958219d	Rename RST validation function to match convention	15 years ago
Victor Julien	94fe0d5fa2	Add ACK validation to Reset/RST validation code.	15 years ago
Victor Julien	16cd31a408	Remove unused pseudo packet reassembly code.	15 years ago
Victor Julien	bf88a6de09	Add depth comment.	15 years ago
Victor Julien	a26768ce7a	Change the way the reassembly depth is enforced. Ignore retransmissions, get rid of per session counter.	15 years ago
Victor Julien	7af9c58af7	Improve ACK value validation, timestamp checking code. Overall layout.	15 years ago
Victor Julien	0f5b6a8bd7	Fix minor comment typo.	15 years ago
Victor Julien	aa04d9eefb	Improve stream gap handling. Instead of giving up as soon as we see a gap we now wait much longer before we decide it's a gap.	15 years ago
Victor Julien	6ffb9da9be	Better support ack/psh data packets on several states. Updates to ack validation code.	15 years ago
Victor Julien	6fca55e068	Add some debug output to app-layer-htp.	15 years ago
Victor Julien	25f5589078	First round of adding 'stream events'. Basic stream tracking events added.	15 years ago
Victor Julien	2849d2b1d3	Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data.	15 years ago
Victor Julien	3857154f4b	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	8b5f553a35	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	55a863359c	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	cc116d71ef	Fix unittests after merge.	15 years ago
Gurvinder Singh	2beb7af7f8	support for validating the ACK before updating the last_ack field and also update next_seq if we missed the last packet	15 years ago
Victor Julien	acc38c9ebf	Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c955254b4e	Adapt stream code to packet memory allocation changes.	15 years ago
Victor Julien	44e678b86b	Comment out disabled unittests.	15 years ago
Victor Julien	a622ad5047	Fix new unittests introduced by rebase with next branch.	15 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Victor Julien	fadd6d6361	Add pseudo packet counter.	15 years ago
Victor Julien	f606621e8c	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	b0901ab30d	Fix compilation with --enable-debug	15 years ago
Victor Julien	6482c34909	Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets.	15 years ago
Victor Julien	2072ad80af	Never create a pseudo packet based on a pseudo packet.	15 years ago
Victor Julien	61a9936d55	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	00f21f34e8	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	8fa5a2c025	Split applayer and raw stream reassembly Split stream reassembly in 2 parts: a part that sends ack'd data to the app layer parsers as soon as it's available, and another part that queues up data into larger chunks for raw inspection.	15 years ago
Victor Julien	dda6d3e07b	Add error counters.	15 years ago
Victor Julien	3b239b3e48	Cleanup and document AppLayerHandleTCPData	15 years ago
Victor Julien	fe6bf728d3	Create a AppLayerHandleTCPData function to directly feed data from the reassembly engine to the app layer parsing.	15 years ago
Victor Julien	b5a5ef14b9	Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple.	15 years ago
Victor Julien	24f071cabb	Make sure http_cookie inspects all HTTP transactions. Clean up error messages. Get rid of unused code and dead comments.	15 years ago
Anoop Saldanha	c9897a44a4	fast pattern support for http_cookie. Also support relative modifiers	15 years ago
Anoop Saldanha	bbbedaf963	fast pattern support for http_method. Also support relative modifiers	15 years ago
Anoop Saldanha	2321a4dd58	support isdataat negation. Also fix addiing isdataat to appropriate lists	15 years ago
Victor Julien	4ae7144876	Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly.	15 years ago
Eric Leblond	9c2bdc6d0c	Main loop: increase timer. Timer in the main loop was of 100 usec. This patch increases it to 10 ms which should be a reasonnable delay to declare some threads dead. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	89558ab9a4	RFC: modify error treatment in PacketCopyData Hello Victor This patch modifies error treatment following our discussion on IRC. It tries to follow the error treatment guideline I've been able to read in the different files. I will merge this patch in the original commit if the error treatment seems ok for you. BR, Eric	15 years ago
Eric Leblond	49adc264bc	Don't print message after SCMalloc failure. This patch generated via coccinelle is getting rid of logging message after a SCMalloc failure. They were useless as SCMalloc already displays a message.	15 years ago
Eric Leblond	67b95c8c4d	Auto discovery of default packet size If default-packet-size is not set, it is possible in some case to guess a correct value. If PCAP or PF_RING are used we are linked to a "physical" interface. Thus, it is possible to get information about the link MTU and hardware header size. This give us the ability to auto discover a decent default-packet-size. If suricata is running under a different running-mode, it will default to 1514.	15 years ago
Eric Leblond	3eada85ff8	Add interface setting discovery via ioctl This patch adds support for MTU discovery of link following idea of go.ph1g. It also adds some function to give a approximation of link header length.	15 years ago
Eric Leblond	1db4aadd16	Supress usage of Packet declaration in tests. For convenience, a massive usage of 'Packet p;' declaration has been done in the tests function. Although this was completely legal, this is not possible anymore because of the new Packet allocation structure. This massive patch modifies all suricata files to use a SCMalloc allocated pointer to Packet instead. This patch has been done using coccinelle (http://coccinelle.lip6.fr) which is a semantic patching tool. This ensures that things like call to SCFree() should have not been forget because the semantic patch explicitly forces the call to SCFree(p) before each return. With this patch all unittests are running fine with a small and a big default packet size.	15 years ago
Eric Leblond	156b202597	Fix decode part of source-nfq	15 years ago
Eric Leblond	dd038c1906	Modify files to avoid direct pckt payload access This patch implements the needed modification of payload access in a Packet structure to support the abstraction introduced by the extended data system.	15 years ago
Eric Leblond	e802e1ed16	Modify Packet structure and prepare accessor. This patch modifies decode.c and decode.h to avoid the usage by default of a bigger than 65535 bytes array in Packet structure. The idea is that the packet are mainly under 1514 bytes size and a bigger size must be supported but should not be the default. If the packet length is bigger than DFLT_PACKET_SIZE then the data are stored in a dynamically allocated part of the memory. To ease the modification of the rest of the code, functions to access and set the payload/length in a Packet have been introduced. The default packet size can be set at runtime via the default-packet-size configuration variable.	15 years ago
Eric Leblond	8471626916	Fix error message and adds information to config This patch fixes a typo in an error message and add some information to the checksum verification option.	15 years ago
Anoop Saldanha	6fc5dae2f9	fix leak for accepted uuid list in dcerpc state	15 years ago
Victor Julien	3409513a44	Fix FlowTest* unittests to fail sometimes.	15 years ago
Eric Leblond	a69bb94335	Checksum match: fix logic problem This patch fixes a logic error in the checksum matches. In case the protocol is not the one tested, the test must return 0 and not 1 (test matched). Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	878d3d87db	Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported.	15 years ago
Victor Julien	18b4e3380f	Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code.	15 years ago
Victor Julien	6131dec8a1	Fix a compiler warning due to a broken prototype declaration.	15 years ago
Victor Julien	e3bde3e95d	Add a simple revision based on the git rev to the version number, like a build number.	15 years ago
Eric Leblond	56c95bf622	Convert thread PRIO to a enum This patch converts thread prio value to an enum. This can add some useful check by gcc in switch. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	62cf7eea4c	util-cpu: fix trivial typo in documentation This patch fixes a trivial typo in a documentation message. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	ffcd512167	Clean up packet pool handler on shutdown.	15 years ago

... 2 3 4 5 6 ...

2033 Commits (313067f47f27f949bfc74c1367144adbdd8f376d)