aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,460 Commits
8 Branches
165 Tags
231 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '623c2e78fd'
${ noResults }
Commit Graph

310 Commits (623c2e78fdd7ed952e52aca92b240109019aad04)

Author SHA1 Message Date
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 14 years ago
Anoop Saldanha 64625675ce set stream_eof flag per stream, only when the stream initiates a close. Fix htp parser to close connection per direction based on this 14 years ago
Victor Julien 19a7e7f395 flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default. 14 years ago
Victor Julien fddaca6e8b Implement stream memcap enforcements using atomics instead of spinlocked counters. 14 years ago
Victor Julien 0150e66ede flow engine: improve scalability 
Major redesign of the flow engine. Remove the flow queues that turned
out to be major choke points when using many threads. Flow manager now
walks the hash table directly. Simplify the way we get a new flow in
case of emergency.
 14 years ago
Eileen Donlon aae7ea5e67 add null checks to fix bugs in StreamTcpTest23 14 years ago
Victor Julien 372ab9c433 Another batch of minor fixed for issues found by Coverity. 14 years ago
Victor Julien cdba2f50d1 Various fixes and improvements based on feedback by Coverity analyzer. 14 years ago
Nikolay Denev 139768dd58 Do not use underscored config vars internally. 14 years ago
Victor Julien 8b1333a277 Add more flow lock assertions to the debug validation code. 14 years ago
Victor Julien 28e15be526 Clean up default output. Use simpler output format for releases. 14 years ago
Victor Julien c4b34e6ef7 Fix various minor clang/scan-build warnings. 14 years ago
Eric Leblond c3eaa6cc60 Add per-interface counter for invalid checksum. 
This patch adds a per-device counter for invalid checksum as
well as a simple packet counter.
 14 years ago
Eric Leblond 81bc6f5518 Treat incomplete checksum. 
Checksum of local traffic is often offloaded to the network device.
This causes some problems on parsing of this traffic. This patch
introduces a PKT_INCOMPLETE_CHECKSUM flag which can be used to
indicate that the checksum is not computed/correct for good reason.
 14 years ago
Victor Julien ada4066238 Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251. 14 years ago
Victor Julien 5a769c02ee Stream engine: handling packets with ACK|CWR. 14 years ago
Victor Julien 0712300a1c Remove stream BUG_ON's that could fire on TCP session reuse. 14 years ago
Anoop Saldanha f514b141ce fix ipv6 header setup in pseudo pkt creation 14 years ago
Anoop Saldanha 7c9d1b80fd Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls 14 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 14 years ago
Anoop Saldanha 651f91e4de fix setting pseudo packet from this commit: 
commit 259e022f721a7c3a70c26447b1cf730bb8a1f6cd
Author: Anoop Saldanha <poonaatsoc@gmail.com>
Date:   Sun Dec 4 13:20:43 2011 +0530

    fix setting ipv4 header in pseudo packet
 14 years ago
Anoop Saldanha 8533cd2cdf fix mapping of tcp states to flow_established and flow_closed. Improves accuracy 14 years ago
Anoop Saldanha eaf15911e7 fix setting ipv4 header in pseudo packet 14 years ago
Victor Julien e6af837b25 Convert StreamTcpSetEvent function into macro. Eases debug. 14 years ago
Victor Julien 58011554b0 Don't consider payload len in ACK value validation check. 14 years ago
Victor Julien 425294f912 stream reassembly: account stream gaps 
Add counter to the stream reassembly engine to count stream gaps. Stream gaps
are the result of missing packets (usually due to packet loss). This missing
data stops the reassembly for the app layer.
 14 years ago
Victor Julien d8d8fdd9f5 Improve handling of packets when stream is in the fin_wait1 or fin_wait2 state. 14 years ago
Victor Julien 06904c9024 App Layer cleanup 
Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate.
Various cleanups and dead code removal from the app layer API.
Should safe 100+ bytes memory per flow on 64 bit.
Updated lots of unittests to reflect these changes.
 14 years ago
Victor Julien 7e3c15e54a stream: improve TCP ssn reuse cleanup. 14 years ago
Victor Julien c9960473bb Fix stream reassembly engine rejecting valid packet for reassembly. 14 years ago
Victor Julien b8659daef7 Add stream engine counters 
Added stream counters:
- tcp.reassembly_memuse -- current memory use by reassembly in bytes
- tcp.memuse -- current memory use by stream tracking in bytes
- tcp.reused_ssn -- ssn reused by new session with identical tuple
- tcp.no_flow -- TCP packets with no flow - indicating flow engine memory at its limits
 14 years ago
Eric Leblond 4071d3cf57 PACKET_INITIALIZE is enough for packet init. 14 years ago
Victor Julien 30d84ab20d Unlock flow in StreamTcpSegmentForEach if there is no TCP session. 14 years ago
Eric Leblond 628bfcc1b9 stream: Change return of StreamSegmentForEach 
The function now returns the number of segment where the callback
has ben runned successfully.
 14 years ago
Eric Leblond 4f0cdf28a3 Introduce StreamSegmentForEach function 
This patch introduces a function called StreamMsgForEach which
can be used to run a callback on all segments of a stream. This
is currently only supported for TCP as this is the only streaming
aware protocol.
 14 years ago
Victor Julien f5ef842752 Implement a counter for TCP packets with invalid checksums: tcp.invalid_checksum. Bug #311. 14 years ago
Victor Julien 8208eacd79 Convert stream memcaps to u64. Bug #332. 14 years ago
Eric Leblond de59c9f4b1 Add and use utility functions for checksum computing. 14 years ago
pilcrow ed69eeab14 Safer macro parenthesization and do/while use 14 years ago
Anoop Saldanha 8363533a02 support for forced stream reassembly for to be pruned flows 14 years ago
Anoop Saldanha c365bafbf6 We now inspect timed out streams + streams not processed as yet, at engine shutdown 14 years ago
Eileen Donlon 89599d3b9b fixed bug 288; corrected config boolean parsing problems 14 years ago
Eric Leblond 7425bf5ca6 Rename some decode event structure and macro. 
This patch renames DECODER_SET_EVENT, DECODER_ISSET_EVENT and some
other structures to ENGINE equivalent to take into account the fact
the event list is now related to all engines and not only to decoder.
 14 years ago
Victor Julien fca541f40e Add per app layer parser profiling 
Per packet per app layer parser profiling. Example summary output:

Per App layer parser stats:

App Layer              IP ver   Proto   cnt        min      max          avg
--------------------   ------   -----   ------     ------   ----------   -------
ALPROTO_HTTP            IPv4       6    163394        126     38560320     42814
ALPROTO_FTP             IPv4       6       644        117        26100      2566
ALPROTO_TLS             IPv4       6       670        117         7137       799
ALPROTO_SMB             IPv4       6    114794        126       225270       957
ALPROTO_DCERPC          IPv4       6      5207        126        25596      1266

Also added to the csv out.

In the csv out there is a new column "stream (no app)" that removes the
app layer parsers from the stream tracking. So raw stream engine performance
becomes visible.
 14 years ago
Victor Julien 820b0ded82 Add per packet profiling. 
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
 14 years ago
Victor Julien add02a4ef3 Fix handling of FIN/ACK packet on TCP state TCP_FIN_WAIT2. 15 years ago
Victor Julien 4025567a5a Fix a number of unittests not properly initializing a packet causing issues on some archs. 15 years ago
Gerardo Iglesias Galvan dd5e438d6f Make all access to memory tracking counters in stream engine lock protected 15 years ago
Victor Julien e1d4e16645 Simplify packet decoding macro's. 15 years ago
Victor Julien 54cd3552e1 Remove tunnel_proto field from Packet structure. 15 years ago
Victor Julien 8999de2f93 Add proper RST handling to all TCP states. 15 years ago
Victor Julien 1578ef1e3e Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST. 15 years ago
Victor Julien 14ad853b94 Process a stream end pseudo packet when going from TIME_WAIT to CLOSED. 15 years ago
Victor Julien d0374ced38 Implement SACK in the stream engine. 15 years ago
Victor Julien 892a8a4985 Make stream inline use the chunk size settings. 15 years ago
Victor Julien 2dc057d1b1 Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record. 15 years ago
Victor Julien 4f5aad1476 Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates. 15 years ago
Victor Julien 936b34ddf6 Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet. 15 years ago
Victor Julien bc7e21aee6 Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic. 15 years ago
Eric Leblond 9be1f1a31c Use GET_PKT macros. 15 years ago
Victor Julien 174db08567 Force reassembly of unack'd data on receiving a valid RST packet. 15 years ago
Victor Julien b9429ecec1 Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set. 15 years ago
Victor Julien cb67d61ab5 Fix broken setup of end of stream pseudo packet. 15 years ago
Eric Leblond a8417377e7 Don't use direct pkt access 
pkt field in Packet needs to be accessed via macro. This
patch supress some direct access.
 15 years ago
Victor Julien 00e4dde6a6 Fix PKT_STREAM_EOF never being set, resulting in some raw stream chunks never being inspected. Improve debug output. 15 years ago
Victor Julien 1dca88fe69 Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine. 15 years ago
Victor Julien 3a774165fa Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly. 15 years ago
Victor Julien 8cacd5fe50 Fix the stream.inline config option. Set PKT_STREAM_EST flag also for packets that are part of a session in a state beyond TCP_ESTABLISHED. 15 years ago
Victor Julien a8bb98836b Don't handle and validate the TCP timestamp at the same time. Instead validate first, then later when all other validation has been done as well, handle. 15 years ago
Victor Julien 8d3f9c53a9 Minor cleanups. 15 years ago
Victor Julien 0f072648e6 Another iteration of the reassembly depth enforcement, now considering retransmissions. 15 years ago
Victor Julien 935958219d Rename RST validation function to match convention 15 years ago
Victor Julien 94fe0d5fa2 Add ACK validation to Reset/RST validation code. 15 years ago
Victor Julien 7af9c58af7 Improve ACK value validation, timestamp checking code. Overall layout. 15 years ago
Victor Julien 6ffb9da9be Better support ack/psh data packets on several states. Updates to ack validation code. 15 years ago
Victor Julien 25f5589078 First round of adding 'stream events'. Basic stream tracking events added. 15 years ago
Victor Julien 2849d2b1d3 Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data. 15 years ago
Victor Julien 3857154f4b Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state. 15 years ago
Gurvinder Singh 55a863359c support for pseudo packet creation from reassembled stream segments 15 years ago
Gurvinder Singh 2beb7af7f8 support for validating the ACK before updating the last_ack field and also update next_seq if we missed the last packet 15 years ago
Victor Julien c955254b4e Adapt stream code to packet memory allocation changes. 15 years ago
Victor Julien fadd6d6361 Add pseudo packet counter. 15 years ago
Victor Julien f606621e8c Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state. 15 years ago
Victor Julien 6482c34909 Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets. 15 years ago
Victor Julien 2072ad80af Never create a pseudo packet based on a pseudo packet. 15 years ago
Victor Julien 61a9936d55 Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected. 15 years ago
Gurvinder Singh 00f21f34e8 support for pseudo packet creation from reassembled stream segments 15 years ago
Victor Julien 8fa5a2c025 Split applayer and raw stream reassembly 
Split stream reassembly in 2 parts: a part that sends ack'd data to the app
layer parsers as soon as it's available, and another part that queues up
data into larger chunks for raw inspection.
 15 years ago
Victor Julien b5a5ef14b9 Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple. 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Eric Leblond 8471626916 Fix error message and adds information to config 
This patch fixes a typo in an error message and add some
information to the checksum verification option.
 15 years ago
Victor Julien c64b9362cf Remove unused stream flag. 15 years ago
Anoop Saldanha e47a9b59e9 accept tcp packets with syn+urg+push 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Victor Julien 0eb0d48f35 Disable broken unittests and fix one. 15 years ago
Victor Julien f1e6e80a1e Properly set tmp_ra_base_seq in streams. By Gurvinder. 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Victor Julien c25921edf0 Add config output for new stream settings. 16 years ago
Gurvinder Singh 7577823cdf support for stopping the evasion, which is caused by the use of TCP RST packets for linux based systems 16 years ago
Gurvinder Singh f0928a4555 support for enforcing the depth until when the reassembly will be performed 16 years ago
Gurvinder Singh 8b0ca4f628 support for seperate memcaps for reassembly and stream engine 16 years ago
Victor Julien 18c923318a Fix bug where valid FIN packets would be rejected. 16 years ago
Victor Julien 05d382f533 Fix broken stream engine config initialization: due wrong casts settings could be overwritten in memory. 16 years ago
Victor Julien 580b09c2b8 Make sure we inspect all outstanding reassembled stream chunks (smsg) if the stream is shutting down. Make sure to do inspect signatures that use dsize against the tcp packet payload, even if that payload was already added to the stream. Likewise, the dsize signatures are not inspected against the reassembled stream. 16 years ago
Victor Julien b8fec77f37 Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id. 16 years ago
Anoop Saldanha 015385c6bd changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not 16 years ago
Anoop Saldanha 45ea0d914e dce stub content keywords support using dcepayload.c support for all dce related content keywords 16 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 16 years ago
Victor Julien a0c1209a44 Inspect the reassembled stream together with the packet payload in the same direction. 16 years ago
Victor Julien 9f95ab7441 Make sure a stream that has a failing app layer inspection module no longer stops reassembly, but only app layer inspection. This way we can continue to inspect the reassembled stream. 16 years ago
Victor Julien 4e7df60b2f Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this. 16 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 16 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 16 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 16 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 16 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 16 years ago
Gurvinder Singh e0b4838471 fix bug 133, error caused by seq mismatch in fin_wait_2 state, whis was dicarding the packet which should be accepted 16 years ago
Victor Julien 0eabde4a9b Gnu99 inline fixes for stream engine. 16 years ago
Victor Julien eeb98c6900 Move SCSetThreadName to proper functions. 16 years ago
Gerardo Iglesias Galvan 9f35a24a1f Set threads name. Fix bug #83 16 years ago
Victor Julien ad02732907 Properly cleanup stream engine spinlocks and mutexes at shutdown. Fixes drd errors in unittests. 16 years ago
Pablo Rincon 2ce728d019 Adding support for ecn flags after the handshake 16 years ago
Victor Julien 2b3479577b Fix ecn/cwr unittests 16 years ago
Victor Julien 5eb4095b9a Comment ECN/CWR changes more. 16 years ago
Pablo Rincon 83ddc5813a Support for ecn/cwr TCP sessions 16 years ago
Gurvinder Singh 8e444f1772 stream and application layer improvements 16 years ago
Victor Julien f4ee4f5670 Properly clear list tail ptr in segment list. 16 years ago
Jason Ish eab93e766a Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag. 16 years ago
Gurvinder Singh 7438f981da stream memory leaks fixed and unit tests added 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Jan Jezek 4e72ccf987 Fixed Win32 compilation, unit tests now compile. 16 years ago
Victor Julien 60685f8b3c Make unittests run more quiet. 16 years ago
Pablo Rincon d0404d8447 Renaming errors with naming conventions 16 years ago
Victor Julien 53977fded6 Small compilation fixes when debugging is disabled. 16 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 16 years ago
Victor Julien f08d01a8e8 Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine. 16 years ago
Victor Julien 0d34990d7f Add OpenBSD's strlcpy and strlcat and replace all strcat/strcpy/strncat/strncpy by those calls. 16 years ago
Victor Julien 434da6b965 Set no reassembly flags on sessions we don't recognize the protocol for. 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Victor Julien eb67bb442e Fixup unittests that use buffers that simulate configuration files. They now include the YAML header. 16 years ago
Victor Julien 9ececacda3 Fix packet timestamp handling for encapsulated packets. 16 years ago
Victor Julien c1283a6628 Fix app layer proto detection code not being thread safe. 16 years ago
Gurvinder Singh fde948f488 bug 41 patch 16 years ago
Victor Julien 6b36e23e45 Fix not decreasing the flow use_cnt reference counter in some cases from the app layer detection code. This caused some streams to never fully time out and thus clutter up the flow table and session pool. 16 years ago
Gurvinder Singh a66c6752d5 stream os_policy support 16 years ago
Gurvinder Singh 567bbf604b stream reassembling fixes 16 years ago
Victor Julien 9b422c443e Fix up initialization and hopefully make the SEQ macro's fix up an 64bit issue we're seeing... 16 years ago
Victor Julien 4824868766 Application layer detection improvements 
- improve locking of application layer handling, making sure that the flow cannot be freed/cleared when the detection engine is still working with it.
- add a check to the app layer detection to make sure that a match function will only inspect an app layer state if it's of the right type.
 16 years ago