Anoop Saldanha
|
6e0d98d9c4
|
fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx
|
14 years ago |
Anoop Saldanha
|
7f8fb0f00d
|
fix bounds checking in smb probing parser
|
14 years ago |
Victor Julien
|
149ee6b648
|
Disable to_client http detection. Libhtp expects to_server data first.
|
14 years ago |
Victor Julien
|
8999de2f93
|
Add proper RST handling to all TCP states.
|
14 years ago |
Victor Julien
|
9a58a02559
|
Wrap HTP code that is only used in debug mode in debug ifdefs.
|
14 years ago |
Victor Julien
|
a5d9c86dd3
|
Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's.
|
14 years ago |
Anoop Saldanha
|
61635f302c
|
indentation changes in app-layer-smb.c
|
14 years ago |
Anoop Saldanha
|
a40fdc794e
|
Added probing parser for nbss/smb on port 139
|
14 years ago |
Anoop Saldanha
|
b7b7bbec37
|
code indentation changes in app-layer-smb.c
|
14 years ago |
Anoop Saldanha
|
7c31a2327e
|
Add support for port based probing parsers for alproto detection
|
14 years ago |
Anoop Saldanha
|
fe6e41e3ef
|
Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags
|
14 years ago |
Anoop Saldanha
|
0c94d910e4
|
Removed FLOW_AL_STREAM_TOSERVER and FLOW_AL_STREAM_TOCLIENT. Use STREAM_TOSERVER and STREAM_TOCLIENT instead
|
14 years ago |
Anoop Saldanha
|
ac5584a863
|
Removed FLOW_AL_PROTO_DETECT_DONE. Replaced it with FLOW_ALPROTO_DETECT_DONE, stored it in Flow->flags
|
14 years ago |
Anoop Saldanha
|
49e2b580cb
|
Removed FLOW_AL_PROTO_UNKNOWN. We don't need this flag
|
14 years ago |
Anoop Saldanha
|
38fe2b9070
|
Removed FLOW_AL_STREAM_START, EOF and GAP flags. We don't need these. Just use STREAM_* flags
|
14 years ago |
Anoop Saldanha
|
000ce98cd1
|
push all proto detection code into their respective app parser register functions for every alproto
|
14 years ago |
Anoop Saldanha
|
aab4a43145
|
Add C and E flags to flags keyword. We still support 1 and 2 for backward compatibility
|
14 years ago |
Anoop Saldanha
|
78bf2579aa
|
move pseudo packet creation outside defragreassemble loop
|
14 years ago |
Victor Julien
|
f303f3f523
|
Fix a logic error in the SACK list cleanup causing a memleak and invalid memory access at the same time.
|
14 years ago |
Victor Julien
|
1578ef1e3e
|
Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST.
|
14 years ago |
Victor Julien
|
83c3f15812
|
Minor fixes in defrag engine, shrink DefragTracker_ structure.
|
14 years ago |
Jason Ish
|
0385f72669
|
Use separate frag decoder events for IPv4 and IPv6.
|
14 years ago |
Jason Ish
|
de1c40c44f
|
Set decoder event on fragment overlaps.
|
14 years ago |
Jason Ish
|
7f5e120d60
|
Cleanup assignment of the default defrag policy.
|
14 years ago |
Jason Ish
|
6da9c64a28
|
Set decoder event when re-assembled fragments would exceed max IP packet size.
|
14 years ago |
Victor Julien
|
96c2f2c877
|
Fix 2 stream reassembly unittests
|
14 years ago |
Victor Julien
|
14ad853b94
|
Process a stream end pseudo packet when going from TIME_WAIT to CLOSED.
|
14 years ago |
Victor Julien
|
3b40b02a1b
|
Stream reassembly fixes.
|
14 years ago |
Victor Julien
|
c88630639e
|
Fix setting libhtp personality.
|
14 years ago |
Victor Julien
|
6aa551c558
|
Small optimizations to IPV4 and TCP header parsing.
|
14 years ago |
Victor Julien
|
d0374ced38
|
Implement SACK in the stream engine.
|
14 years ago |
Victor Julien
|
6fc075d4ae
|
Add TCP packet SACK option decoding.
|
14 years ago |
Victor Julien
|
dbe291bc50
|
Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing.
|
14 years ago |
Victor Julien
|
136f55efc7
|
Fix a memory leak in flow recycle code causing the detection engine state not to be fully freed (recycled) but reference to memory removed anyway.
|
14 years ago |
Victor Julien
|
d9e541337a
|
Add decoder-events to Makefile.am as well.
|
14 years ago |
Victor Julien
|
6a048f2d69
|
Include initial version of decoder-event rules.
|
14 years ago |
Victor Julien
|
38a7d1777f
|
Bump version to 1.1beta2
|
14 years ago |
Victor Julien
|
c3c03b5d77
|
Add qa/wirefuzz.pl to release tarball.
|
14 years ago |
Eric Leblond
|
7227f93032
|
Add coccinelle files
This patch adds coccinelle related files to EXTRA_DIST. This fixes
make distcheck.
|
14 years ago |
Victor Julien
|
a0799f0ff9
|
Wait longer at shutdown before concluding it's taking too long. Hopefully enables our slow QA boxes to complete in time.
|
14 years ago |
Anoop Saldanha
|
d245f15f14
|
disable mpm pattern's retest skipping in detection engine for uri, hcbd, hmd, hrhd, hhd, hmd, hcd
|
14 years ago |
Victor Julien
|
681f8329a6
|
Make error on <- direction operation use more explicit.
|
14 years ago |
Victor Julien
|
cd75201dc7
|
Fix pfring commandline handling.
|
14 years ago |
Victor Julien
|
778b92ef40
|
Make sure to only alloc a new pseudo packet once during ip defrag.
|
14 years ago |
Victor Julien
|
5f2a0653b4
|
If engine shutdown (processing in-engine packets) times out, exit Suricata with EXIT_FAILURE.
|
14 years ago |
Victor Julien
|
9ca0658a6e
|
Clear pcap_cnt variable on packet recycle.
|
14 years ago |
Victor Julien
|
03ea563e93
|
Don't set ip{4,6} header on reassembled ip packet until we know for sure what buffer the packet is stored in.
|
14 years ago |
Victor Julien
|
f5674eff74
|
Fix a copy issue in PacketCopyDataOffset.
|
14 years ago |
Victor Julien
|
8978266a91
|
If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit.
|
14 years ago |
Victor Julien
|
5d2f633c48
|
Properly initialize pfring runmode before using it. Fix malformed conf api calls.
|
14 years ago |