suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	43c7fd7585	file inspection: improve logging when stream.depth limit is reached. #493 .	13 years ago
Victor Julien	88a21456e3	stream: keep segments in memory until we are sure the stream/state is inspected.	13 years ago
Victor Julien	16cfae2f51	Trigger raw stream reassembly on receiving a full HTTP request or response.	13 years ago
Victor Julien	425294f912	stream reassembly: account stream gaps Add counter to the stream reassembly engine to count stream gaps. Stream gaps are the result of missing packets (usually due to packet loss). This missing data stops the reassembly for the app layer.	13 years ago
Victor Julien	b8659daef7	Add stream engine counters Added stream counters: - tcp.reassembly_memuse -- current memory use by reassembly in bytes - tcp.memuse -- current memory use by stream tracking in bytes - tcp.reused_ssn -- ssn reused by new session with identical tuple - tcp.no_flow -- TCP packets with no flow - indicating flow engine memory at its limits	14 years ago
Victor Julien	cb67d61ab5	Fix broken setup of end of stream pseudo packet.	14 years ago
Victor Julien	3a774165fa	Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly.	14 years ago
Victor Julien	0f072648e6	Another iteration of the reassembly depth enforcement, now considering retransmissions.	14 years ago
Gurvinder Singh	00f21f34e8	support for pseudo packet creation from reassembled stream segments	14 years ago
Gurvinder Singh	892dea31e4	added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit	15 years ago
Gurvinder Singh	6a5bc52461	support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them	15 years ago
Anoop Saldanha	45ea0d914e	dce stub content keywords support using dcepayload.c support for all dce related content keywords	15 years ago
Victor Julien	ba12f3c109	Applayer to flow fixes and cleanups.	15 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	15 years ago
Victor Julien	9f95ab7441	Make sure a stream that has a failing app layer inspection module no longer stops reassembly, but only app layer inspection. This way we can continue to inspect the reassembled stream.	15 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	15 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	15 years ago
Gurvinder Singh	8e444f1772	stream and application layer improvements	15 years ago
Jason Ish	eab93e766a	Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag.	15 years ago
Victor Julien	6a53ab9c5a	Stream engine memory handling update The stream engine memory handling needed updating as it didn't scale. Changes: - pools can now be initialized to size 0, meaning unlimited - stream engine uses a memcap setting. Sessions, segments and aldata is part of this, app layer state isn't. - memory is accounted using a global int that is spinlocked. - a counter for sessions that have not been picked up because of memcap was added. - all reassembly errors are converted to debug msgs.	15 years ago
Gurvinder Singh	5c8d90afc8	memory leak fixes	15 years ago
Victor Julien	c1283a6628	Fix app layer proto detection code not being thread safe.	15 years ago
Gurvinder Singh	a66c6752d5	stream os_policy support	15 years ago
Gurvinder Singh	567bbf604b	stream reassembling fixes	15 years ago
Gurvinder Singh	88fbfb3e65	fix an issue	16 years ago
Victor Julien	be3bbe0a85	Fix segv in reassembly. Fix sequence gap handling tests.	16 years ago
Victor Julien	5ecd187b6f	Tie app layer parsing to the stream engine.	16 years ago
Victor Julien	edfddcb282	Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe.	16 years ago
Victor Julien	b102ea2123	Big update: - Implement "closing" state in flow. - Add protocol specific timeouts. - Lots of stream tracking updates, fixing a lot of out of window issues. - Stream reassembly fixes. - Implement a new IDS runmode with 4 stream and detect threads. - Added a BUG_ON macro that aborts the engine if the expression is true. - Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently). - Simplify application level protocol in the Tcp Session. - Add some debugging memory counters.	16 years ago
Gurvinder Singh	6824eddb0f	New function for task3	16 years ago
Brian Rectanus	fa5939ca91	64 bit cleanup part2	16 years ago
Victor Julien	387472185d	Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly.	16 years ago
Gurvinder Singh	994473cea0	Target Based Stream Reassembly with comments	16 years ago
Victor Julien	51a9e36e10	Remove vips references. Rename to eidps.	16 years ago
Victor Julien	668e9514d7	Pool update. Stream reassembly start.	16 years ago

35 Commits (48cf0585fb69c9bad712377d82796e191e24af47)