Victor Julien
6645620c03
Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same for the _NEG variant.
11 years ago
Victor Julien
43ba5a677e
DNS: enable mpm/fast_pattern support for dns_query
11 years ago
Victor Julien
4817e1305f
DNS: add /F modifier to pcre to inspect DNS query name
11 years ago
Victor Julien
4f20f72f4d
DNS: add event rules file
11 years ago
Victor Julien
e567e12230
DNS: add unittests for UDP and TCP for dns_query keyword
11 years ago
Victor Julien
f10dd603ff
DNS: adding dns_request content modifier
11 years ago
Victor Julien
6674f4892c
DNS: add per tx internal id
...
Add per TX id. Rename transaction_cnt to transaction_max (id) and increment it on tx creation.
11 years ago
Victor Julien
59780ca770
Hacks to enable alert dns even though we have dnstcp and dnsudp parsers. Needs proper solution later.
11 years ago
Victor Julien
8e01cba85d
DNS TCP and UDP parser and DNS response logger
11 years ago
Eric Leblond
4521de2dfd
Use PACKET_* macro instead of UPDATE
...
Setting the ACTION_DROP flag can be done via PACKET_DROP instead
of using PACKET_UPDATE_ACTION.
11 years ago
Eric Leblond
c0c59fbd17
decode: factorize macro code
...
PACKET_* are now wrapper to the newly introduced PACKET_SET_ACTION
macro.
11 years ago
Eric Leblond
3f107fa130
decode: Packet action start with PACKET
...
Rename all Packet action macro to have them prefixed by PACKET.
11 years ago
Anoop Saldanha
3304c91c91
Don't let geoip match on pseudo packets.
11 years ago
Anoop Saldanha
1fb4aae993
Coverity 1038523: Fix using cuda buffer slice that has been returned to the pool.
11 years ago
Victor Julien
51cdd464a6
stream: detect keep-alive and keep-alive ACK
11 years ago
Victor Julien
03c3ff5632
stream: fix typo in function name
11 years ago
Eric Leblond
4c6595f437
Coverity 1038106: fix FP out-of-bond access
...
A cast during the reading of a configuration variable was invalid
because a 16 bit integer was cast to a 32 bit integer. The called
function is only setting the pointer value to 1 or 0 so there is
no real issue there.
11 years ago
Eric Leblond
7df156ef50
Coverity: 1038139 suppress sanity check
...
The sanity check was really useless as the NULL value is checked in
the code flow.
11 years ago
Eric Leblond
75cd1f6096
Coverity 1038515: check function return
...
This is more cosmetic than useful but it is cleaner anyway.
11 years ago
Anoop Saldanha
b4e750068f
Cuda make distcheck fix for cuda-ptxdump.h
11 years ago
Anoop Saldanha
7d46d59cdd
Coverity 1038522: fix memset inside cuda code. Wrong size specified to memset.
11 years ago
Victor Julien
d6fcd07a31
Coverity 1038085: remove 'default' statement in SCErrorToString. This way a warning will be given if an error is defined w/o updating this function.
11 years ago
Victor Julien
e2444f0ed5
Coverity 1038092 & 1038093: remove dead code
11 years ago
Victor Julien
0902c7f3aa
Coverity 1038518: fix wrong error check
11 years ago
Victor Julien
db1dad8cc6
Coverity 1038124: memory leak on 'seq' keyword parsing failure
11 years ago
Victor Julien
b2e962da03
Coverity 1038123: memory leak on 'flowint' keyword parsing failure
11 years ago
Victor Julien
5c5b2f98dd
Coverity 1038116 & 1038117: memory leaks on 'app-layer-event' keyword parsing failure
11 years ago
Victor Julien
778851626c
Coverity 1038115: memory leak on 'ack' keyword parsing failure
11 years ago
Victor Julien
98dbf3e62c
Coverity 1038113: possibly out of bounds read
11 years ago
Anoop Saldanha
602c91ed41
Minor cosmetic changes to the cuda code.
...
Moved a couple of functions to more cuda relevant files;
Re-structured some data types.
11 years ago
Anoop Saldanha
c9f076def3
Modified CudaBufferCullCompletedSlices.
...
Allow readers specify max size of data they want to read.
11 years ago
Anoop Saldanha
70cb4d30eb
Add a usleep to CudaBuffer culling process. Would lead to a situation where the thread wouldn't care to yield to others."
11 years ago
Anoop Saldanha
17c763f855
Version 1 of AC Cuda.
11 years ago
Anoop Saldanha
2de59fc235
Version 1 of CudaBuffer API. Introduced to buffer data to the gpu.
...
This version allows async writes to a buffer by threads. Allows only
sequential reads though.
11 years ago
Anoop Saldanha
557cab3dc9
We call packet and stream mpm as late as possible now. Won't affect the working of the engine.
...
The rationale behind this is, if we have pkt buffered to the gpu, we'd want
to delay processing the pkt as much as possible.
11 years ago
Anoop Saldanha
d2063d98ad
pool now uses a queue kinda behaviour when getting/inserting data through poolbuckets.
11 years ago
Anoop Saldanha
f4c719b83a
code refactoring. Call mpmprefilter slightly later than where it's called atm
11 years ago
Anoop Saldanha
b787da5643
Remove all cuda related code in the engine except for the cuda api wrappers
11 years ago
Anoop Saldanha
e2a6cfb6a6
update cuda API wrappers
11 years ago
Eric Leblond
f7c5026c31
Add one shot run option to suri-graphite.
11 years ago
Eric Leblond
0d2f3bfa16
Import suri-graphite script
...
This patch import suri-graphite into suricata contrib directory.
This script reads counters from suricata unix socket and send them
to a Graphite graphing server.
11 years ago
Eric Leblond
d8ce2b1ca4
unix-socket: fix OSX build
...
MSG_NOSIGNAL is not defined on macOSX and SO_NOSIGPIPE is used
instead.
11 years ago
Eric Leblond
ce95fbdda0
action handling: add test to avoid direct access
...
Direct access to the action field of Packet structure is not
allowed.
11 years ago
Eric Leblond
a35c367942
action handling: use macro for test.
...
Use test macro instead of direct access to action field.
This patch has been obtained by using the following
spatch file:
@@
Packet *p;
expression E;
@@
- p->action & E
+ TEST_PACKET_ACTION(p, E)
11 years ago
Eric Leblond
efaa9a7302
action handling: define and use macros
...
The action field in Packet structure should not be accessed
directly as the tunneled packet needs to update the root packet
and not the initial packet.
This patch is fixing issue #819 where suricata was not able to
drop fragmented packets in AF_PACKET IPS mode. It also fixes
drop capability for tunneled packets.
11 years ago
Anoop Saldanha
429b5cec10
Fix magic unittets.
...
Fix segv, when magic_load() fails due to the non-availability of default
magic files.
11 years ago
Anoop Saldanha
058e9278c5
Fix wrong casting of htp pointer. Fixed it back to (HTPState *) inside
...
htp utility functions.
11 years ago
Anoop Saldanha
21f9cc3a39
discontinue matching on buffer if urilen returns a match failure.
12 years ago
Victor Julien
56c6dd9bb2
bytetest: add unittest showing missed detection
...
Tests recursive and relative negative byte_test matching.
12 years ago
Anoop Saldanha
c3d98f9640
Fix the bug specified in the previous commit.
...
Bug emanates from byte_test, byte_jump and byte_extract keyword being
unable to handle negative offsets when the inspection pointer is at the
end of the buffer.
12 years ago