aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,864 Commits
8 Branches
163 Tags
187 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '396b750414'
${ noResults }
Commit Graph

1768 Commits (396b750414590e66325b46dd59429483a80042c0)

Author SHA1 Message Date
Anoop Saldanha 816d2ef0c0 if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this 15 years ago
Anoop Saldanha 5c5d8f8a5d indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch 15 years ago
Anoop Saldanha 38e26e5186 modify the dce parser to accept context ids that start with a non-zero value 15 years ago
Anoop Saldanha d57428471c fix endianness handling for bindacksecondaryaddrlen 15 years ago
Anoop Saldanha ba9355d688 Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well. 15 years ago
Anoop Saldanha 00f21252fa support fragmented pdus in dce + unittest 15 years ago
Anoop Saldanha ebc1f62050 some additional indentation changes in DCERPCParser 15 years ago
Anoop Saldanha c2bc8ca252 fix mem leak in tailq that holds dce uuids 15 years ago
Anoop Saldanha 1c443677b2 fix indentation in DCERPCParser 15 years ago
Anoop Saldanha fe700737a3 fix null dereference in detect parse test - clang fix 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Victor Julien 1c1c8cef89 Print engine uptime on the same line as date and time. 15 years ago
Gurvinder Singh 1d0492e2e7 added support to print the engine uptime in stats.log 15 years ago
Victor Julien e7cb7c6b97 Make outputs part of the flowpinned threads in the AutoFp runmode. 15 years ago
Victor Julien 99ad338e91 Bump version to 1.0.2 15 years ago
Victor Julien 0eb0d48f35 Disable broken unittests and fix one. 15 years ago
Victor Julien f1e6e80a1e Properly set tmp_ra_base_seq in streams. By Gurvinder. 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Victor Julien bc55fb27dc Compiler warning fix for memory macro's. Small layout changes. 15 years ago
Pablo Rincon 06a65cb460 moving http_client_body logic to use it per transactions. Adding unittests 15 years ago
Pablo Rincon ee34c70ad8 Reference atomic vars with SC_ATOMIC_EXTERN properly (considering if we support atomic operations or not) 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Anoop Saldanha eb9adf8129 fix NULL indirection while parsing dce sigs - clang fix 15 years ago
Anoop Saldanha f094523eb1 clang fix - some minor fixes for unittests 15 years ago
Pablo Rincon bbab0f9987 Set default gid to 1 on Sig init 15 years ago
Pablo Rincon 8f3322ef73 Fix segv condition on DetectHttpMethodMatch (if the applayer unset the connp) 15 years ago
Pablo Rincon f225bd1428 Adding modifiers /C /H and /M to pcre (http cookie, header and method) 15 years ago
Victor Julien 1d73e1fb7e Small update to the ssh module: fix a valgrind warning and a couple of compiler warnings. Do a few small style updates. 15 years ago
Pablo Rincon 9d7baa7a9f Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion 15 years ago
Gurvinder Singh 0dab0e3935 fix the reassembly depth test (bug 216) 15 years ago
Victor Julien 610b7702ba Bump version to 1.0.1 15 years ago
Victor Julien 04d3832d8f Remove ports check and fix small typo. 15 years ago
Victor Julien a492518e7a Properly detect detect-event-only sigs. 15 years ago
Pablo Rincon 21d79b05ad Fix for bug221 (avoid considering sig as "decoder event only" if ports are specified). Now the sig gets grouped to get a sgh at SigMatchSignatures 15 years ago
Victor Julien f081577fe4 Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1. 15 years ago
Victor Julien 6299fbfb0f Fix stream msg content inspection not inspecting the correct id. 15 years ago
Anoop Saldanha 526a782002 temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus 15 years ago
Anoop Saldanha 361cf14f50 fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id 15 years ago
Anoop Saldanha 8c774a1e2a fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting 15 years ago
Anoop Saldanha 52bb4c0670 fix endless loop in dce parser. fix parsing error of secondaryaddrlen for bindack 15 years ago
Anoop Saldanha cda1efff29 fix mem leak in tailq that holds dce uuids 15 years ago
Anoop Saldanha 154a48fada parse fragmented dce rpc headers correctly. Also some other minor fixes 15 years ago
Anoop Saldanha c7fdc5ebda do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus) 15 years ago
Anoop Saldanha 73241fc86c support fragmented puds in dce + unittest 15 years ago
Anoop Saldanha 3ae45e5bbc fix indentation in DCERPCParser 15 years ago
Victor Julien c62a3d995e Fix signatures with trailing spaces being rejected by the regex. Add test. 15 years ago
Anoop Saldanha 60c770c434 make pcre respect discontinue_matching flag in content matching functions 15 years ago
Kirby Kuehl e8ecc94d6a fix multiple dcerpc fragments in one packet 15 years ago
Anoop Saldanha ce4bc5a63b some minor modifications to the b2g cuda tests 15 years ago
Victor Julien c25921edf0 Add config output for new stream settings. 15 years ago
Anoop Saldanha 3a0dadc0f3 Fix seg fault while running cuda tests. Don't set the alarm while running unittests, inside cuda-packet-batcher.c. Will result in a seg while the sig handler for ALRM in invoked 15 years ago
Anoop Saldanha 3536ba7348 fix seg fault due to premature cleanup/double cleanup for byte(jump|test), isdataat, on seeing no previous relative keywords 15 years ago
Pablo Rincon c1486d7f2e Fix bug 217 (segv on profiling summary if no rule was specified 15 years ago
Victor Julien d1ce1c502b Fix -Wall -Werror compilation after unittests update. 15 years ago
Pablo Rincon 0c3906a99b Fix for bug 204 (signature ordering with flowbit priority) 15 years ago
Victor Julien 1071a53210 Fix unittests after ip_proto keyword change. 15 years ago
Pablo Rincon 70bda6506d Fix for bug 180 (check proto specified at the IP hdr) 15 years ago
William f7ab84ca83 PF_RING hang at exit fix 15 years ago
Victor Julien 1bd2d59253 Merge decode and stream threads in RunModeIdsPcapAuto like in the file runmode. Fix these runmodes not adhering to the cpu affinity setting if CUDA is compiled in. 15 years ago
Anoop Saldanha ead29dc691 make detection engine use dce alstate(if present), on seeing smb traffic 15 years ago
Victor Julien 7acb97da9d Use same mpm prepare procedure for uricontent as for normal content. More cleanups. 15 years ago
Victor Julien 9ba11dbfbd Clean up detection engine mpm initialization phase. 15 years ago
Victor Julien 37ca07b687 Fix segv on loading signatures with unsupported combinations of pcre and the relative flag. 15 years ago
Victor Julien 0d008c8135 Change stateful detection engine to be able to start the stateful detection separate from other sigs. Fixes bugs #213, #214, #215. 15 years ago
Victor Julien 05ae4f99d8 Kick out invalid signature with uricontent and flow:to_client or flow:from_server. 15 years ago
Victor Julien a9e78871fe Really fix bug 205 this time, repair a broken unittest. 15 years ago
Pablo Rincon 34bb107f2c Fix for bug 207 (depth/offset not correctly updated on certain cases) 15 years ago
Victor Julien ef27234959 Comment out broken SSLParserTest03 test. 15 years ago
Victor Julien 196e572daa Make sure holding up to_client reassembly stops after the proto is detected or we're sure we'll never detect it. Fixes issues related to bug 205. 15 years ago
Victor Julien 689d05b10b Add missing protocol check in the sig matching process. This prevents FP's such as the one reported in bug #209. 15 years ago
Pablo Rincon 4c94a27b71 Fix bug 205 (at stream-tcp-reassemble) 15 years ago
Anoop Saldanha b7a57c5210 fix setting the right value for parsed bytes in case of fragmented BIND dce PDUs 15 years ago
Anoop Saldanha b94eaec7c2 implement relative pcre matching in detect-engine-(payload|uri|dcepayload).c. Also fix within/distance handling of RELATIVE_NEXT flag for uricontent 16 years ago
Anoop Saldanha 3a375aa43a fix relative contents with a negated content for detect-engine-(uri|dcepayload).c like how we did for detect-engine-payload.c 16 years ago
Anoop Saldanha ae3148aded fix false positives for a negated content case 16 years ago
Victor Julien 0219b767b8 Fix a content pattern matching bug related to signature grouping and mpm_ctx sharing. In certain conditions (signature combinations) the mpm_stream_ctx (the ctx that handles stream pattern scanning) wasn't properly setup. 16 years ago
Kirby Kuehl 18840bd96e properly handle bytecount of 0 16 years ago
Gurvinder Singh 7577823cdf support for stopping the evasion, which is caused by the use of TCP RST packets for linux based systems 16 years ago
Gurvinder Singh f0928a4555 support for enforcing the depth until when the reassembly will be performed 16 years ago
Victor Julien 13045683ff Reenable and fix AlpDetectTestSig5 16 years ago
Pablo Rincon c6e090f72c App layer proto specific sigs (use the app layer to match proto) 16 years ago
Victor Julien 102092a89c Make signature address matching more cache efficient. 16 years ago
Victor Julien 1eec149f5e Use Address structure in DetectAddress struct. 16 years ago
Victor Julien 66dee577d7 Force stream reassembly on streams where we didn't yet detect the protocol if the stream is closing. 16 years ago
Anoop Saldanha 07491f8887 add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer 16 years ago
Anoop Saldanha 89e3d92cdb fix creating a static array of length 0 in SigMatchGetLastSMFromLists - clang fix 16 years ago
Gurvinder Singh 8b0ca4f628 support for seperate memcaps for reassembly and stream engine 16 years ago
Victor Julien c6ddcda7f8 Improve out of memory handling during initialization. 16 years ago
Victor Julien 718fecb6fc Better handle low memory conditions. 16 years ago
Victor Julien f07997fd4a Don't set negated uricontent signature flag twice. 16 years ago
Pablo Rincon b7076a8ea0 Don't avoid inspecting uricontents if we get no match. It can be negated uricontents (and urilens/pcre..). But at least skip the search if we get no match 16 years ago
Anoop Saldanha 016af36051 todo list for cuda-packet-batcher 16 years ago
Anoop Saldanha 42830d1c5b fixes for dce_stub_data and content data sig parsing + more unittests 16 years ago
Pablo Rincon 169cb22dc6 Updating other http modifiers for sigs with fast_pattern option 16 years ago
Pablo Rincon e7b537cec3 Fixing unittests for fast_pattern options compatibility 16 years ago
Victor Julien bfd167521e Fix DCERPC over SMB/SMB2 detection issues. Fix not updating transaction id in a stream direction if there was no sgh. 16 years ago
Victor Julien a4951286e9 Bump version to 1.0.0 16 years ago
Pablo Rincon cc8068be0a Print also the Signature raw string 16 years ago
Pablo Rincon 742f066fa2 Updating the http modifers that cannot be loaded with fast_pattern 16 years ago
Pablo Rincon 693d4f54eb Load signatures with incompatible fast_pattern option (due to design differences for optimization) 16 years ago
William Metcalf 50eb3cba6a seems to be a race between FlowTestPrune and FLOW_DESTROY in FlowTest0* comment out the later for now 16 years ago
Victor Julien b4db93fa94 Remove leftover printf. 16 years ago
Anoop Saldanha 673322f01f unittests for dce_stub_data content based singature parsing + fixes 16 years ago
Anoop Saldanha ce8d27425d fix signature parsing to how snort does it for content based keywords along with dce_stub_data 16 years ago
Victor Julien 1fb11e939a Improve configure messages. Make sure CUDA doesn't try to process packets that are too big. 16 years ago
Victor Julien e14331cbb2 Fix PACKET_RECYCLE not cleaning all of the packet. 16 years ago
Victor Julien 8d737310aa Use 'simple' queue for cuda too. Fix hanging in cuda mode. 16 years ago
Victor Julien 3c1ae607cf Fix cuda compilation. 16 years ago
Anoop Saldanha 33f4beb0bc batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms 16 years ago
Victor Julien b3c22cd512 Improve app layer proto check. 16 years ago
Victor Julien 39cb1bdbda Fix app layer sigs being recognized as decoder event only or ip only. 16 years ago
Victor Julien 587a53b904 Disable per second counters as they are unreliable. 16 years ago
Pablo Rincon 8f9bcef0e2 This patch for app-layer-ssl fix the bug #198 (SSLParserTest01). It seems that with -O2 and -O3, the compiler doesn't handle the initialization correctly (weird..) 16 years ago
Pablo Rincon 7003dc5c0d Fix valgrind ctx error on asn1 test 06 16 years ago
Victor Julien d41b5645ef Make sure decoder event rules are inspected even if the packet is invalid and has no addesses or proto. Update fast log and alert debug log to display the alerts. Fixes #179. 16 years ago
Victor Julien 92858a211d Fix STREAM_EOF flag overwriting STREAM_START flag on short streams. This made us miss short HTTP sessions. 16 years ago
Victor Julien 634b328d38 In case of error in pcap file reading mode, we shut the engine down hard instead of gracefully. 16 years ago
Victor Julien 426a7de5f2 Fix compiler warning about incomplete prototype (2). 16 years ago
Victor Julien 18c923318a Fix bug where valid FIN packets would be rejected. 16 years ago
Victor Julien 67429e523f Fix compiler warning about incomplete prototype. 16 years ago
Anoop Saldanha fa373516c5 fixes the offset case for content matches + a case not handled by the prevous fix for multiple relative content matches. fix for payload.c dcepayload.c and uri.c 16 years ago
Anoop Saldanha 92eb380594 multiple relative content matches changes for detect-engine-dcepayload.c and detect-engine-uri.c like how we did for detect-engine-payload.c 16 years ago
Anoop Saldanha 5fb6981e9e content handling changes in detect-engine-payload.c for multiple relative matches 16 years ago
Anoop Saldanha a059ff276e byte test and byte jump update dce matching option 16 years ago
Victor Julien 05d382f533 Fix broken stream engine config initialization: due wrong casts settings could be overwritten in memory. 16 years ago
Victor Julien ec277b292c Fall back to the old mutex based queue's to see if that fixes an obscure lockup at higher optimization levels in gcc in file pcap mode. 16 years ago
Victor Julien ecb5fd3298 Add missing util-validate.h 16 years ago
Pablo Rincon b8b511a54e Avoid mem allocations while searching on radix trees (temporal prefix) 16 years ago
Victor Julien 1d74797b17 Attempt to work around NULL packets we're seeing ending up in queues when the compiler has optimized our code. 16 years ago
Pablo Rincon 868d4614b9 Tag engine improvements. Output tags only on unified format. Added atomic counter for tagged hosts/sessions 16 years ago
Victor Julien 8cdd02877f Add unittests for ringbuffer. 16 years ago
Victor Julien e685579231 Add optional structure validation code. 16 years ago
Victor Julien b67fb5229b Fix pcap file auto flow pinned runmode (disabled by default). 16 years ago
Victor Julien 393acd77d2 Detection improvements: uricontent escaping now working, better negated pattern (content) handling. 16 years ago
Gurvinder Singh 154a8b1ed9 fixed the build failure with profiling enabled 16 years ago
Victor Julien 37eb2290b0 Add some checks for 'impossible' conditions that become possible after enabling optimizations :-/ 16 years ago
Victor Julien 017b95f9ef More thoroughly cleanup a Packet when we recycle it. Fixes a corner case where we'd have a invalid tcp packet but p->proto would still say IPPROTO_TCP because of a previous run. Fixes bug #187. 16 years ago
William Metcalf 5580f3d9c2 PacketQueue postp added to TmEcodes for ipfw and pf_ring to silence compiler warnings 16 years ago
William Metcalf 876057a4da missing flow init in DetectTagTestPacket04 fix ut lockup on older os's 16 years ago
Victor Julien 7454336ef5 Make SigWrapper private to detect-parse.c and rename to SigDuplWrapper to reflect it's use and purpose. 16 years ago
Anoop Saldanha 9ecade76b9 in case of duplicate signatures used the one with the latest revision 16 years ago
Pablo Rincon eedafa3a17 Adding unittests for anchored pcres for anchored 16 years ago
Pablo Rincon bcb0b9ef9b Moving urilen inspection to detect-engine-uri. Adding unittests for pcre /U and urilen, in combination with uricontent 16 years ago
Anoop Saldanha 36e4b1830e add pcre with U modifiers to the umatch sigmatch list. fix for bug 155 16 years ago
Gurvinder Singh 8852b83fa7 flowbits, flowvars, pktvars, flow flags and app layer info added to alert-debug.log 16 years ago
Pablo Rincon 95fef55507 Fix threshold handling ip addr 16 years ago
Victor Julien 580b09c2b8 Make sure we inspect all outstanding reassembled stream chunks (smsg) if the stream is shutting down. Make sure to do inspect signatures that use dsize against the tcp packet payload, even if that payload was already added to the stream. Likewise, the dsize signatures are not inspected against the reassembled stream. 16 years ago
Victor Julien a3ff0e7210 Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185. 16 years ago
Victor Julien d500a52b58 Fix valgrind error in tls unittest. 16 years ago
Victor Julien cff0a0bda2 Fix segv conditions caused by broken flow cleanup code. 16 years ago
Pablo Rincon a8cb8d830b Fix for bug 186 and thresholding issue handling ip versions 16 years ago
Victor Julien 6eb7eea705 Fix a data race for packet pool packets when defrag/tunnel code needs a packet. 16 years ago
Victor Julien a4cb7fced0 Fix thresholding code for packets that are neither (valid) ipv4 and ipv6. 16 years ago
Jason MacLulich ae095e585b o Changed SCMalloc to DecodeThreadVarsAlloc in Decode thread initialization. (Ish) o Changed htons to noths. (Ish) o Added support for handling DAG cards running DSM modules and other non-standard ETH ERF types. o Added support for allowing gracefull restarts of the fetch thread if it fails to read an ERF properly. 16 years ago
William Metcalf d5590962ff change LogInfo to LogDebug for icmp seq matches 16 years ago
Victor Julien 38c9d843fd Compiler warning fix for tag, make sure we do timeout checks under lock protection as well. 16 years ago
Pablo Rincon b931895901 Fixing flow cleanup and ctx initialization 16 years ago
Pablo Rincon eed0ef6e69 Adding tag keyword support 16 years ago
Kirby Kuehl 83c2cdabcd remove printf 16 years ago
Kirby Kuehl f49c743d44 dont alloc 0 length fragment 16 years ago
Victor Julien 6d68d7a450 Disable condition based waiting in ringbuffers until we fix lockup issues. 16 years ago
Victor Julien 0231ec612d Atomic macro's typo fix. 16 years ago
Victor Julien 8615e87623 Fix dcerpc unittest, add comments. 16 years ago
Kirby Kuehl 3a985a9f5f fix smb leak 16 years ago
Kirby Kuehl 4545d755dd add uuid to uuid_list for udp 16 years ago
Kirby Kuehl c3b9305259 dcerpc udp support 16 years ago
Kirby Kuehl 22d44b0677 dcerpc udp support 16 years ago
Victor Julien 6519a86ec7 Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros. 16 years ago
Victor Julien cb2fef8680 In the ringbuffers spin before the wait 16 years ago
Victor Julien c7a744c937 Split ringbuffer queue handler into multiple, for mrsw, srsw, srmw modes. 16 years ago
Victor Julien 1ad289dfff Add thread cond_t based waiting in the ringbuffer. 16 years ago
Victor Julien dce323b1f4 Fix SCondWait -> SCCondWait typo. 16 years ago
Victor Julien 167c0295af Merge different ringbuffer structures. 16 years ago
Victor Julien 012e602c3f Add a (disabled by default) flow pinned runmode for file pcap. 16 years ago
Pablo Rincon 6950537a76 Move rate_filter rule tracking data from Signature to Threshold context 16 years ago
Pablo Rincon 1ae36b9a6a Adding rate_filter support for threshold.config, multiline support and unittests 16 years ago
Victor Julien ca7f54de25 Make sure ICMP unreach packets are not inspected against the flow sgh as it's for the original protocol, not for the ICMP packet. Fixes #174. 16 years ago
Victor Julien b8fec77f37 Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id. 16 years ago
Victor Julien 26f69aa3a6 Bump version to 0.9.2. 16 years ago
Victor Julien e46b72758a Small decode-event code cleanup. 16 years ago
Victor Julien cdc9570f0e Have the detect.alerts counter count actual alerts. 16 years ago
Anoop Saldanha bbb5bf5c51 allow counters clubbing for detect TM 16 years ago
Victor Julien cb94748dab Add missing include resulting in a compiler warning. 16 years ago
William Metcalf 0e4235cc94 FLOW_DESTROY added to clean-up UT's that init flow 16 years ago
William Metcalf 9f0bf35cfd Set -std=gnu99 CFLAG always and Use -march=native by default if supported by installed version of gcc 16 years ago
Victor Julien 2f29b8a724 Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166. 16 years ago
Victor Julien 37442a8a84 Prefilter signatures before fully scanning them. 16 years ago
Anoop Saldanha 60668fd01d Reset the flags used during stateful detection in ContinueDetection(). Made the tests more descriptive as well 16 years ago
Anoop Saldanha bb8937477d dce tests to check SigMatchSignatures()'s working against new dce transactions 16 years ago
Victor Julien d6709b0961 Fix a segv caused by invalidly accessing the smsg_pmq array. 16 years ago
Victor Julien 8cea3779fa Move dce payload inspection to stateful detection engine. 16 years ago
Anoop Saldanha 015385c6bd changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not 16 years ago
Anoop Saldanha 45ea0d914e dce stub content keywords support using dcepayload.c support for all dce related content keywords 16 years ago
Anoop Saldanha 98433f407c dce rpc stub data held in separate buffers for request and response pdus 16 years ago
Victor Julien 31261e7583 Improve B2g performance by merging pattern array and hash. 16 years ago
Victor Julien 83b2c8abdb Improve stateful uri detection code. 16 years ago
Victor Julien 9dd753b5f3 Scan uricontent mpm on demand. 16 years ago
Victor Julien dd88e46f0c Fix detect engine state unittest, add another. 16 years ago
Victor Julien e8fce5f7fa Convert uricontent scanning to use the detect engine state. 16 years ago
Jason MacLulich 835630efbd Add initial support for reading packets from a DAG card, we only support reading from a single stream at this time. 
Use the --dag <dagname> cmd line option to specify from which DAG card to read pkts
from.

Issue at the moment with pkts being ejected during shutdown -- at the moment we
ignore any packets that are not of link type Ethernet.
 16 years ago
Victor Julien 49d68169ea Allow the user to disable setting cpu affinity and allow configuring the number of detect threads relative to the number of CPU's/CPU cores. 16 years ago
Victor Julien cb0bb668eb Add support for retrieving float and double variables from the configuration. 16 years ago
Victor Julien b60d2c4345 Fix flags mixup issue in the app layer. 16 years ago
Victor Julien ba12f3c109 Applayer to flow fixes and cleanups. 16 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 16 years ago
Ondrej Slanina 6bf7d76005 added possibility to run suricata as WIN32 service 16 years ago
William Metcalf cc76aa4bc6 properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks 16 years ago
Victor Julien a24f288074 Moving the stream content scanning to have it's own mpm ctx. 16 years ago
Victor Julien 9a08d6c11c Fixes to stream pattern matching. 16 years ago
Victor Julien a0c1209a44 Inspect the reassembled stream together with the packet payload in the same direction. 16 years ago
Victor Julien 9f95ab7441 Make sure a stream that has a failing app layer inspection module no longer stops reassembly, but only app layer inspection. This way we can continue to inspect the reassembled stream. 16 years ago
Victor Julien 81f2499834 Store stream msgs processed by the app layer in the tcp session so they can be inspected by the detection module as well. The detection module returns them to the pool. 16 years ago
Victor Julien 3005297af2 Check for being properly setup before activating a thread. Fixes a potential although unlikely null-dereference. 16 years ago
Victor Julien 6c6e6321fc Fix HTTP HEAD detection code. 16 years ago
Victor Julien fdd0f3939e Reduce size of event bit array in the packet structure. 16 years ago
Victor Julien c26434fef1 Move flow use cnt to atomic and outside of the flow mutex protection. 16 years ago
Victor Julien 87345e5c60 Switch flow memuse counter to the atomic api. 16 years ago
Victor Julien 749fc2613d Add subtracktion wrapper to the atomic api. 16 years ago
Victor Julien 3484e2abde Fix flow engine memory handling. 16 years ago
Victor Julien 4dd0169499 Fix detection_filter issue. 16 years ago
Victor Julien 4c3e17d4ab Fix thresholding issues. 16 years ago
Ondrej Slanina 79443b1991 added INT and TERM signals on WIN32 16 years ago
Pablo Rincon b491ef2be0 Removing FlowAllocDirect since it's not needed anymore 16 years ago
Victor Julien 2fd31a1a11 Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory. 16 years ago
Victor Julien b657705d8c Fix pcap file mode not shutting down on ctrl-c 16 years ago
Victor Julien dff6795df5 Detect cleanups. 16 years ago
Victor Julien 8e7b147a23 Fix a endless loop condition introduced by the threshold cleanup. 16 years ago
Victor Julien d470e11352 Disable flowbits stats. 16 years ago
Victor Julien d8ad975d09 Clean up flags keyword. 16 years ago
Victor Julien 3a8c0d2cfe Fix ringbuffer number wrap around issue causing buffer items getting overwritten and thus lost. 16 years ago
Victor Julien 8514132851 Cleanup thresholding code. 16 years ago
Victor Julien f80016530c Remove unnecessary locking for thread-local packet-queues breaking on Win32. 16 years ago
Anoop Saldanha f4120ff5d5 wrap multi line macros in do while 16 years ago
Ondrej Slanina 1357914d23 added support for synchronous log output on WIN32 16 years ago
Victor Julien 32e3fea9e6 Exclude parts of a flow that are not changing after init from the flow mutex. Cleanup flow-hash function. 16 years ago
Pablo Rincon 29a6fc2f03 Adding some flow improvements and recovery on emergency mode 16 years ago
Victor Julien 329742c10e Small ip to pcap dev cleanup. 16 years ago
Victor Julien 1e707803c0 Enable perf counter updates in the ringbuffer queue handler. 16 years ago
William Metcalf a42fff541f fix for potential NULL deref on error in detect-http-method.c 16 years ago
Victor Julien 0140a14a15 Introduce atomic operations API that supports GCC's atomic operations and a fallback using (spin)locks. Convert ringbuffer api to use the new atomic api. 16 years ago
Victor Julien daea85e491 Lock detection state reset function properly. 16 years ago
Victor Julien 0a0b33ef79 Fix adding the http_uri sigmatch to the uri list twice. 16 years ago
Victor Julien e3fc53ecb9 Fix a corner case where the pcap receive modules could alloc packets at line rate until memory was depleted. 16 years ago
Victor Julien 0a607fce3d Finish http_uri keyword, fix invalid read issue in one of the tests. 16 years ago
Gerardo Iglesias Galvan 55dfa36963 Add support for http_uri keyword 16 years ago
Victor Julien 2fe77bf65e Use ringbuffers in the pcap live auto runmode as well. 16 years ago
Pablo Rincon 3b0c4133fc Fixing asn1 relative offset, negative values 16 years ago
Gurvinder Singh cda664a8c4 memroy leaks fixes in detection module, app layer and counters 16 years ago
Pablo Rincon 18954a2c4c app layer ftp fix (mem leak) 16 years ago
William Metcalf 9ce1399db8 Add option for setting pcap buffer size if it is available 16 years ago
Gurvinder Singh a0fa924c15 fixed the memory leaks in htp and radix tree 16 years ago
Victor Julien 7a6d4b57f0 Add support for class id in classification code. Submitted by firnsy@securixlive.com, thanks. 16 years ago
Gurvinder Singh a8ca5719f6 fixed the typo in byte_jump and host.c, Thanks to rmkml for pointing out 16 years ago
Gurvinder Singh 0881be3b17 added the support for setting up distance sig when previous keyword is byte_jump (bug 163) 16 years ago
Jason Ish ea4b7cc33b add profiling to stateful detection engine + other fixups. 16 years ago
Jason Ish a9ed9a8196 In profiling output, include a % for each rule. 16 years ago
Victor Julien 53acf08996 Add multi packet reading for pcap live mode. Add a partly lock free multi writer, multi reader ringbuffer. 16 years ago
Victor Julien 4e7df60b2f Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this. 16 years ago
Victor Julien 6f502f0da5 lockfree ringbuffer wip2, including proper shutdown. 16 years ago
Victor Julien a48a767efc Lockfree ringbuffer wip. 16 years ago
Victor Julien 7f29166aa8 Improve memory handling in error conditions in the radix implementation. 16 years ago
Victor Julien c73e9318b0 Bump version 0.9.1. 16 years ago
Victor Julien 10a3d7343d Remove unnecessary header inclusion in app layer ssl. 16 years ago
Victor Julien bc7c9d928f Fix radix and stateful detect engine memory leaks. 16 years ago
Victor Julien 747daf4bce Fix typo in depth changes. 16 years ago
Victor Julien dab679889c Properly update depth if offset+content_len < depth. Fixes #164. 16 years ago
William Metcalf e704d90aaa set proper caps based run_mode 16 years ago
Jason Ish a93b2e6b84 Support for reading ERF files. 16 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 16 years ago
William Metcalf 0fc8f6cc37 More null deref fixes for util-radix-tree.c 16 years ago
William Metcalf 54da99fe53 compilation fixes for PF_RING and IPFW after removal of mutex_pending 16 years ago
Victor Julien c2fb90c745 Fix thresholding 'both'. Fixes bug #160. 16 years ago
Victor Julien 2c8282a70b Fix small memleak in ip only parsing code. 16 years ago
Victor Julien 54c2804ce4 Fix malformed ipv6 packet causing an endless loop in exthdr decoding. 16 years ago
Victor Julien 2910759943 Rename TranslateIPToPcapDev to PcapTranslateIPToDevice and make the length argument size_t. 16 years ago
Ondrej Slanina 55d0d1e7a1 added support for finding pcap device via it's IP. 16 years ago
William Metcalf 179372978f Null deref fix for detect-id.c 16 years ago
William Metcalf 9728e49773 Null deref fix for detect-tls-version.c 16 years ago
William Metcalf 32a2da147b Null deref fix for detect-engine-iponly.c 16 years ago
William Metcalf 73d2349149 Null deref fix for detect-engine-port.c 16 years ago
William Metcalf afa8a2b8ba Null deref fixe for detect-engine-address.c 16 years ago
William Metcalf b856e607c9 Null deref fixes for util-radix-tree.c 16 years ago
Victor Julien 98c3f0149c Improve SSL input validation. 16 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 16 years ago
Victor Julien b8641f300d Rename asn1 files, fix an invalid free, fix improper init of vars in one unittest. 16 years ago
Pablo Rincon 3fa3229e01 ASN1 decoder and keyword implementation 16 years ago
Gurvinder Singh 6b49a90353 added support for setting up bytejump relative when previous keyword is byte_jump (bug 165) 16 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine. 
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
 16 years ago
Jason Ish 18e5ac8cde Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules. 16 years ago
William Metcalf b629b7c5c1 only show cli opts via help that we have support for 16 years ago
Victor Julien 42eeb84c9a Properly lock flow before setting IP only action flags. Small alert api cleanups. 16 years ago
Pablo Rincon 9bae6a8628 Moving alert logic to detect-engine-alert.c 16 years ago
Victor Julien 692eb935ea Fix updated memory api using debug mode by default. Small cleanups. 16 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 16 years ago
Victor Julien a8dd484aba Fix small potential bug in debug mode found by clang. 16 years ago
William Metcalf 8d66323f62 clang fixes for null derefrences 16 years ago
Gurvinder Singh 32a2658233 support setting up byte_test/relative when byte_jumo is previous keyword 16 years ago
Gurvinder Singh 9378bdbad4 set the byte_jum/byte_test with relative keyword when pcre is previous keyword (bug 142) 16 years ago
Gurvinder Singh ea3165b198 support setting up within keyword when previous keyword is pcre (bug 145) and added unit test for the same 16 years ago
Gurvinder Singh 07e10681d6 fixed a typo in the detect-content.h 16 years ago
Gurvinder Singh 2ea8205063 fixed the flags checking and make it more strict in default case (bug 153) 16 years ago
Victor Julien bb685751d9 Fix NFQ receive/verdict race condition in cases where the packetpool is empty. 16 years ago
Victor Julien 647b1c0eba Fix NFQ compilation. 16 years ago
Victor Julien f4812586de Fix broken ICMPv4 unittests. Fixes #161. 16 years ago
Victor Julien ecf5a8fbcc Fix broken stream unittest. 16 years ago
Victor Julien 76d62778c3 Use bigger stream msg. 16 years ago
Victor Julien 61099cd725 Fix compilation if debug is disabled. 16 years ago
Victor Julien e741bd0202 Cleanup packet recycling code. Fix issues in the packet tunnel/pseudo code. 16 years ago
Victor Julien e1a8c8f76c Switch time api from mutex to spinlock. 16 years ago
Victor Julien 19584d0416 Fix tunneled and defrag reassembled packets with the new pending limits. 16 years ago
Victor Julien ccf22cf563 Move to different way of enforcing max_pending. Should require less locks. 16 years ago
Victor Julien 42c4b5d53c Use one less thread in pcap file mode. Reduces locking overhead. 16 years ago
Victor Julien 53b388b669 Improve flow hash debugging, switch to csv output. 16 years ago
Victor Julien 548a3b2c93 Improve flow hash debugging functions. Make sure ICMP errors don't create flows. Handle ICMP DEST UNREACH errors in the flow they are sending the error about. 16 years ago
Victor Julien 2dc5405d3a Add debug code for tracking flow hash distribution. Only add ICMP DEST_UNREACH packets to the flow engine. 16 years ago
Gurvinder Singh a4625bd333 fixed setting up byte_test relative when byte_jump is previous keyword (bug 146) 16 years ago
Gurvinder Singh b05762a575 added unit test for the bug 144 to test isdataat setup 16 years ago
Gurvinder Singh fdc3f728af set the isdataat keyword when previous sigmatch is either content or pcre (bug 144) 16 years ago
Victor Julien 8dceb2784e Small ICMPV6PayloadTest01 unittest cleanup. 16 years ago
Gurvinder Singh 9a2bcb6a3c added unittest to check the payload setup, which causes the segv in detection module 16 years ago
Gurvinder Singh 21a89e22de fixed the segv caused by null payload due to incorrect icmpv6 decoding 16 years ago
Victor Julien 0ebf7cbc5e Convert flow bucket lock from mutex to spinlock. Locks should be very short, so spinlocks should be faster. 16 years ago
Victor Julien e27cefa6f7 Complete conversion of pattern id mpm storage vs sig id storage. 16 years ago
Victor Julien 46831e0f8f Fix signature grouping bug for protocols without ports. Add debugging code. 16 years ago
Victor Julien 7a427ec7f4 Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach. 16 years ago
William Metcalf 41172f0024 increment packet count before assigning value, tshark/wireshark starts with pkt no 1 so should we 16 years ago
Pablo Rincon 46187bfe73 Fix action logic after last pass changes 16 years ago
Gurvinder Singh 2db6756048 added unit test for the icmp dsize (bug 151) 16 years ago
Gurvinder Singh ad9ec4dbe9 fixed the payload_len for icmpv6 (bug 151) 16 years ago
Gurvinder Singh 3721037de5 unittests for bug 134&139 and some typo correction 16 years ago
Victor Julien 52cdfb332e Fix a compiler warning, add some comments, cleanup layout of smb parser. 16 years ago
root 73c6fb16ba Return 0 instead of -1 when SMB and DCERPC encounter non fatal errors to clean up errors emitted in AppLayerParse. 16 years ago
William Metcalf 7d63fbdaea small CentOS 4 workarounds 16 years ago
William Metcalf 5fb405335e Small wrapper fixes to allow for windows compilation 16 years ago
Victor Julien a372c1d14e Fix/workaround a strange detection issue. 16 years ago
Victor Julien bca75f6255 Bump version to 0.9.0. 16 years ago
Victor Julien ce90e87304 Fix failing thresholding unittests 16 years ago
Pablo Rincon e18e2ec998 Changing threshold logic 16 years ago
Pablo Rincon 8bcdf29ab7 Small fix on pass action handling and added more unittests 16 years ago
Pablo Rincon 1238668961 Adding actions order and suport for rule action "pass" 16 years ago
Victor Julien 6dd5446893 Use proper tcp/udp macro's in alert-debuglog 16 years ago
Victor Julien 26ef58342d Fix typo in uricontent within handling causing within to be wrong. 16 years ago
Victor Julien cc5c78dae9 Add tcp seq info and pcap file packet number to the alert-debuglog. 16 years ago
Victor Julien 543abf145c Fix a within calculation bug for cases where distance + pattern length > within setting. Fixes #148. 16 years ago
Pablo Rincon 9ccfda22ec Radix tree issue fix (from Steve Grubs report) 16 years ago
Victor Julien 2576f4a149 Fix a bug in the signature grouping code that didn't properly setup the mpm ctx's in some cases. 16 years ago
Victor Julien b90ebc1ce5 Add a packet count var for pcap file mode to the Packet structure to ease debugging. 16 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 16 years ago
Victor Julien c3392b7c22 Fix checking for the stream GAP after the ssn ptr was initialized. 16 years ago