aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,864 Commits
8 Branches
163 Tags
184 MiB
main-7.0.x
main-8.0.x
main
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '396b750414'
${ noResults }
Commit Graph

1768 Commits (396b750414590e66325b46dd59429483a80042c0)

Author SHA1 Message Date
Victor Julien ac97bb7799 Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init. 15 years ago
Victor Julien b600c9ac09 Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6. 15 years ago
Victor Julien 1112e103a8 Disable DBG_PERF by default except for when DEBUG is enabled. 15 years ago
Victor Julien 6af30e5b2e Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error. 15 years ago
Victor Julien 743ed7626c Fix potential null deref (introduced a few commits ago) found by clang. 15 years ago
Victor Julien 3d60e9bfeb Clean up output. 15 years ago
Victor Julien 3fcfaef9f7 Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well. 15 years ago
Gurvinder Singh 791d177c7f fixed the timestamp issue in http.log 15 years ago
Victor Julien 355f237bfd Fix compiler warnings, cleanup counters config code. 15 years ago
Gurvinder Singh ba18110abd support for stats.log configurable and fixed timezone issue in faslog and debuglog 15 years ago
Anoop Saldanha 58c228a56b fix sig ordering bugs. Flowvars and pktvars user type retrieval should be from pmatch list, as well as from match list. Also fix lousy unit tests 15 years ago
Victor Julien c64b9362cf Remove unused stream flag. 15 years ago
Victor Julien 4cacb1e970 Disable adding to unregistered mbit/s counter. 15 years ago
Anoop Saldanha dc2c8be583 always read config.h header file first 15 years ago
Victor Julien 40de0b0270 Have each output use the global log format if none is specified for that specific output. 15 years ago
Anoop Saldanha d241e51b32 adapt fast pattern engine analysis to reflect the new changes made to your mpm design 15 years ago
Anoop Saldanha 54854d74c1 add some header files that we missed while rebasing 15 years ago
Anoop Saldanha 05adf2de41 fix live runmode decode TM for cuda 15 years ago
Anoop Saldanha 42c1287028 renintroduce g_u8_lowercase_table for b2g cuda 15 years ago
Anoop Saldanha 1fb121d0ba wrap cuda based util-mpm.c tests in __SC_CUDA_SUPPORT__ ifdef 15 years ago
Martin Beyer b1c577f829 cuda streams support in b2g-cuda MPM 15 years ago
Martin Beyer 0ce86efe40 cuda handlers support multiple CUmodules per context 15 years ago
Martin Beyer 621815ded0 cuda-packet-batcher timeout supports float values 15 years ago
Anoop Saldanha 7dd2392dea updated cuda todos. Please look at cuda-packet-batcher.c to have a look at the new todos 15 years ago
Anoop Saldanha c734cd1bdd make cuda mpm parameters configurable 15 years ago
Anoop Saldanha 2c08aebec1 enable write combined memory for cuda mpm. Some other minor cleanup 15 years ago
Martin Beyer 8adff3c63c use of pagelocked memory for CUDA 15 years ago
Victor Julien 0e8e8e3728 Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing. 15 years ago
Victor Julien b7a5f16b69 Fix FlowBitsTestSig06 test no longer working properly. 15 years ago
Victor Julien 39dea56a84 Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check. 15 years ago
Victor Julien 6943a7eb8c Move updating the time from the pcap callback to the decoding stage in file mode. 15 years ago
Anoop Saldanha ceb7fd748e support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine 15 years ago
Victor Julien 16e4e3fe50 Fix request-body-limit option for libhtp config. 15 years ago
Victor Julien 39a5348d2b Remove dead pcre code. 15 years ago
Victor Julien 6ebe7b7cd3 Change the way the request body limit is enforced. 15 years ago
Victor Julien 0cd2bce7da Manually add unittest by Pablo Rincon from bug #210. 15 years ago
Anoop Saldanha 8bd6a38318 support relative pcre for http header. All pcre processing for http header moved to hhd engine 15 years ago
Anoop Saldanha 2b781f00d7 support relative pcre for client body. All pcre processing for client body moved to hcbd engine 15 years ago
Victor Julien 0a58f0728a Remove redundant checks in http header and http client body code. 15 years ago
Anoop Saldanha 8c21511c99 don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage 15 years ago
Victor Julien 2422c7471a Reduce number of locks required for http_header and http_client_body inspection. 15 years ago
Victor Julien 55ca988222 Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere. 15 years ago
Victor Julien 435d0fb327 Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering. 15 years ago
Victor Julien 169aa5581a Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose. 15 years ago
Victor Julien d7b92d9bfe Consolidate several signature flags into one. 15 years ago
Victor Julien 2102a54c26 Cleanup and rearrange detection code slightly. 15 years ago
Anoop Saldanha 25588b6910 comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well 15 years ago
Anoop Saldanha e50503e820 cleanup/remove dead code 15 years ago
Anoop Saldanha 93fa7ea828 modify detection engine to run hrhd mpm before building the match array 15 years ago
Anoop Saldanha ea3fd38291 fix lock issue with mpms inspecting http state for body, header 15 years ago
Anoop Saldanha b140ed1c9c modify detection engine to run hhd mpm before building the match array 15 years ago
Anoop Saldanha 4e273f2c8b modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set 15 years ago
Anoop Saldanha 72b0fcf419 modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set 15 years ago
Anoop Saldanha 6648d1faf0 allow sigs for http uri of the form content:one; content:two; distance:0; http_[raw_]header; 15 years ago
Anoop Saldanha 8f1d17846f allow sigs for http uri of the form content:one; content:two; distance:0; http_uri; 15 years ago
Anoop Saldanha 07f20674ac allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body; 15 years ago
Victor Julien 6a5d2cb40d Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code. 15 years ago
Anoop Saldanha eecf2d7e13 Add the makefile.am addition that I forgot to add in the previous commit for http_raw_header 15 years ago
Anoop Saldanha 7ec0382774 support fast pattern for http raw header. Also support relative modifiers for http raw header 15 years ago
Victor Julien 0c806f70bb Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled. 15 years ago
Victor Julien 1a32d9b5ec Fix printing unprintable characters in the engine-analysis fast_pattern mode. 15 years ago
Anoop Saldanha 075719ea8c fix fast pattern unittests 15 years ago
Victor Julien 18d3c87947 Add check to fast pattern keyword to make sure that the offset and length don't exceed the actual pattern length. 15 years ago
Anoop Saldanha c61c68fd36 mpm and fast pattern support for http_header. Also support relative modifiers for http_header 15 years ago
Anoop Saldanha 778ec0939c make client body buffer limit configurable. Also some minor changes 15 years ago
Anoop Saldanha fc46f216ca detect-http-header.c cleanup before we start working on it 15 years ago
Anoop Saldanha 302011dbca fix compilation issues with debug enabled. 15 years ago
Anoop Saldanha 0aa5cffb12 fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added 15 years ago
Anoop Saldanha c227aeeacb remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine 15 years ago
Anoop Saldanha bbd0c5056b store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq 15 years ago
Anoop Saldanha 68b78664fa Add unittests for checking content flags. Fix indentation in PopulateMpmAddPatternToMpm(). Also fix DETECT_CONTENT_IS_SINGLE 15 years ago
Anoop Saldanha b15ada8102 set content_packet_mpm and content_stream_mpm flag for content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 67aecc73c2 set content_uri_mpm flag for uri content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 1cd8bd3d3c make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c 15 years ago
Anoop Saldanha 6df051321f fix fp when content is negated and also added to mpm 15 years ago
Anoop Saldanha 5c6a65dc58 support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch] 15 years ago
Victor Julien 234656e5f6 Fix compilation in --enable-debug mode. 15 years ago
Anoop Saldanha eade60f0fd make some name changes. break PopulateMpm(). Set the avoid mpm double check flags 15 years ago
Anoop Saldanha 96bf15bd74 unifying content structure - http_stat_msg now uses DetectContentData 15 years ago
Anoop Saldanha 4c53a9d606 unifying content structure - http_header now uses DetectContentData 15 years ago
Anoop Saldanha 1957eee389 unifying content structure - http_method now uses DetectContentData 15 years ago
Anoop Saldanha 041f5b1a4f unifying content structure - http_cookie now uses DetectContentData 15 years ago
Anoop Saldanha f05b0f4e1e unifying content structure - http_client_body now uses DetectContentData 15 years ago
Anoop Saldanha 4883efd0f6 unifying content structure - uricontent now uses DetectContentData 15 years ago
Anoop Saldanha 3b0a9ca97e add support for http_uri; content fast_patterns 15 years ago
Anoop Saldanha 3c73854d2d completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx 15 years ago
Anoop Saldanha fde2c64ea7 fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format 15 years ago
Anoop Saldanha a6899218fc remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm() 15 years ago
Anoop Saldanha 6eaba8941c Use new flags to indicate uricontent has a mpm set 15 years ago
Anoop Saldanha 46b4806d8e use a single populatempm() function to add the right content for mpm 15 years ago
Anoop Saldanha 4a038511ff Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes 15 years ago
Anoop Saldanha ede7be34b5 replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH] 15 years ago
Anoop Saldanha 3d2f81d978 replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH] 15 years ago
Anoop Saldanha a7353be20d replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH] 15 years ago
Anoop Saldanha e0476242c6 replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH] 15 years ago
Anoop Saldanha e54358a9e1 replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH] 15 years ago
Anoop Saldanha 82fd581b64 replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH] 15 years ago
Anoop Saldanha 3656879aa0 fix some dce opnum/stub tests that would have shown success always irrespective of test results 15 years ago
Anoop Saldanha 4b77f132df add support for sigs with uricontent fast_pattern 15 years ago
Anoop Saldanha ea8eaf31aa Fix fast_pattern tests that always showed success, irrespective of test results 15 years ago
Victor Julien 966c7349d3 Make sure we have a response message before inspecting it in http_stat_msg. 15 years ago
Victor Julien 07ec1ee10e Slightly cleanup detect-engine.sgh-mpm-context option parsing. 15 years ago
Anoop Saldanha c89507836b if sgh-mpm-context is not available in conf, alias the auto case inside the engine 15 years ago
Victor Julien bac621760e Fix a potential invalid memory read in the protocol name code used by alert-fastlog. 15 years ago
Gurvinder Singh f92ba23331 add the support for >= and <= operator for byte_test 15 years ago
Victor Julien 412498f4e4 Converts port vars in http logger from uint32_t to Port and update output. 15 years ago
Gurvinder Singh b7ff6537d2 fixed the incorrect port issue in http.log 15 years ago
Victor Julien 275bd3b7d7 Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests. 15 years ago
Victor Julien dec4218d62 Layout updates to NFQ runmode. 15 years ago
Victor Julien 7e49aa7f76 Simplify NFQ runmode reducing the number of threads and thus queues. 15 years ago
Victor Julien 7e6f01765f Change default of detect-engine.sgh-mpm-context to auto. 15 years ago
Victor Julien 001f91056e Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242. 15 years ago
Victor Julien 4598274d07 Fix depth error messages referring to distance instead of depth, fix their layout. 15 years ago
Victor Julien afdb39e5f6 Print an error if the protocol field of a signature contains a unknown/invalid value. 15 years ago
Victor Julien 8d0bc27fc4 Fix a case where alerting in inline mode would lead dropping on alert sigs. 15 years ago
Victor Julien 5a10eac5bd Cleanup http_stat_code unittests, shrink data structure. 15 years ago
Victor Julien 1636152e32 Fix negated http_method not working properly, causing false positives. 15 years ago
Gurvinder Singh b7da115e6d support for http_stat_code keyword has been added to detection module 15 years ago
Gurvinder Singh 1deae70cf7 added http_stat_msg keyword support for detection module 15 years ago
Jason Ish a4d19e4130 Add new profiling sort option, maxticks. 15 years ago
Anoop Saldanha 59923316bc change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval 15 years ago
Anoop Saldanha 5d9a453e0d find an optimal value for detect-engine:inspection-recursion_limit + unittest 15 years ago
Anoop Saldanha bc99328ec8 define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code 15 years ago
William Metcalf efeab331ea compilation fix missing UT ifdef wrapper in reference code 15 years ago
Victor Julien 746ef0d2f8 Remove stray newline char from profiling output. 15 years ago
Victor Julien 3062b19068 Clean up output of signature ordering module. 15 years ago
Victor Julien 001dcaae84 Minor reference.config support changes: improve error handling, reduce hash table size. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha f5a02833dd code cleanup in detect-reference.c 15 years ago
Victor Julien 344ea14695 Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility. 15 years ago
Victor Julien 41fd7e51c6 Really add secunia reference support. 15 years ago
Victor Julien 33170fd181 Add secunia reference pending our reference.config support. 15 years ago
Anoop Saldanha 067e53403c add missing sig_app_layer flags for dce sigs 15 years ago
Victor Julien 26fd2a0afd Add telus and bid references for etpro. 15 years ago
Victor Julien 2b187a2721 Remove a BUG_ON statement from the payload inspection code. 15 years ago
Victor Julien f2e6ec7374 Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc). 15 years ago
Anoop Saldanha 2cdb5be391 Print out file name for fast_pattern engine_analysis. Also add some info logs 15 years ago
Anoop Saldanha 0c5b82d891 provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern 15 years ago
Victor Julien 3bd7441ea5 Default to 'single' ctx for ac-gfbs as well. 15 years ago
Anoop Saldanha e072841e93 hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones 15 years ago
Anoop Saldanha de5db1a730 support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table 15 years ago
Anoop Saldanha 8628c572df update todos for ac. Cleanup some memory as well. 15 years ago
Anoop Saldanha a2d04a94b5 selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise 15 years ago
Anoop Saldanha 5cc7f90f45 fix hash bug in ac-gfbs. Should reduce the no of patterns added for single context ac-gfbs from a million to a couple of thousands. Also support no case handling. \todo support insertion of final state presence into goto_table and failure table state transitions 15 years ago
Anoop Saldanha ded1f63323 fix ac nocase handling 15 years ago
Anoop Saldanha 174048544d fix hash generation in b2g and ac addpattern. Brings down the no of patterns added from close to a million to a couple of thousands 15 years ago
Anoop Saldanha 29b5cb9abd respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh 15 years ago
Anoop Saldanha 0ef684705c support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup 15 years ago
Anoop Saldanha b367c37ae6 suricata.yaml conf update to support single mpm context distribution over multiple sghs + code to parse this conf 15 years ago
Anoop Saldanha 4b2cf7e125 fix ac, ac-gfbs to support new changes to util-mpm.h + remove some junk code 15 years ago