Commit Graph

320 Commits (6f00ba06599f665c0693ca95e41a90bd3fb3e02a)

Author SHA1 Message Date
Eric Leblond 2c57275921 nfq: implement "fail-open" support.
On linux >= 3.6, you can use the fail-open option on a NFQ queue
to have the kernel accept the packet if userspace is not able to keep
pace.

Please note that the kernel will not trigger an error if the feature is activated
in userspace libraries but not available in kernel.

This patch implements the option for suricata by adding a nfq.fail-open
configuration variable which is desactivated by default.
13 years ago
Eric Leblond 9e54819121 yaml: suppress old variable in pfring section. 13 years ago
Victor Julien e839cea9e5 Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504. 13 years ago
Victor Julien a5587fec2e flow: remove unused prune-flows option 13 years ago
Victor Julien 9f3e079bcf Make live reloads optional and disabled by default. 13 years ago
Eric Leblond f2a6fb8a5a af-packet: add support for BPF filter.
This patch adds support for BPF in AF_PACKET running
mode. The command line syntax is the same as the one
used of PF_RING.
The method is the same too: The pcap_compile__nopcap()
function is used to build the BPF filter. It is then
injected into the kernel with a setsockopt() call. If
the adding of the BPF fail, suricata exit.
14 years ago
Victor Julien 4d4671c470 default config: add engine-analysis.rules directive. 14 years ago
Victor Julien ba4613aef1 Add host section to stock yaml. 14 years ago
Victor Julien 8d1fe9f2fa Make 'autofp' the default runmode. Increase default max-pending-packets to 1024. Move some advanced and uncommonly changed settings down in the stock suricata.yaml. Closes #433. 14 years ago
Victor Julien 40ed10ab38 Minor flowq updates. 14 years ago
Anoop Saldanha 7115fa3e72 Introduce the address hash based flow q handler 14 years ago
Anoop Saldanha 5ffb050ada Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET 14 years ago
Anoop Saldanha 4e417b72b5 support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well 14 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
14 years ago
Nikolay Denev 0fc878b391 Consistently use dashes instead of underscores in the sample config file. 14 years ago
Nikolay Denev a67d78eda6 Consistently use dashes instead of underscores in the sample config file. 14 years ago
Victor Julien 2197f1a625 file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records. 14 years ago
Eric Leblond 49b7b00fcf af-packet: mmap support
This patch adds mmap support for af-packet. Suricata now makes
use of the ring buffer feature of AF_PACKET if 'use-mmap' variable
is set to yes on an interface.
14 years ago
Eric Leblond 4c3f0b258e del rules file deleted 14 years ago
Eric Leblond 25804f5aa8 Add install-conf command to build system.
This patch adds support for customisation of suricata.yaml and
automatic download of emerging threat GPL rules. By running
'make install-full' after 'make install', files necessary to run
suricata are copied in the configuration directory and the latest
ruleset is downloaded and installed. Suricata can then be run
without files edition.
This patch has a special treatment for the windows build which
requires some different paths.
suricata.yaml is also updated to load all rules files provided by
emergingthreat ruleset.
14 years ago