suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	66856831fa	unified2: big rewrite to clean up code that deals with tcp segment logging.	14 years ago
Eric Leblond	a0e57f58e5	OpenBSD: introduce SCLocalTime function. This function is a wrapper to localtime_r. It is needed to avoid a compilation warning on OpenBSD. I'm forced to type the function to a non pointer first parameter. If not we will have to use two differents functions in OpenBSD where tv->tv_sec is a long (different from time_t).	14 years ago
Victor Julien	00948c86d5	Add debug messages to HTTP error/warning handling.	14 years ago
Victor Julien	ed3599b3d8	stream: improve error checking.	14 years ago
Victor Julien	5933cee2ff	replace: add missing malloc return value check.	14 years ago
Eric Leblond	dbf5d79e43	pfring: follow API change As pointed out in issue #459, pf_ring API has changed. Since 5.4.0 release pf_ring_open has one less argument.	14 years ago
Victor Julien	48da3bb48b	Make sure all fake packets have datalink type DLT_RAW. Make sure stream end packets set pkt size.	14 years ago
Victor Julien	02e19502c7	unified2: minor cleanups.	14 years ago
Eric Leblond	70b795e20a	OpenBSD: don't close std* to avoid problem.	14 years ago
Victor Julien	3181b492f4	pcap: lock pcap_compile and pcap_setfilter calls as they are not thread safe. Fixes issues with bpf filters and multiple interfaces.	14 years ago
Victor Julien	e3f66c52ec	pcap: fix double free issue with bpf filter and multiple interfaces.	14 years ago
Victor Julien	a3cbe2e1c2	alert-debuglog: add size info for stream chunks and fix a typo.	14 years ago
Anoop Saldanha	5f939412af	debuglog now uses the new mem buffer API. Improve file ctx locking to just the file write	14 years ago
Victor Julien	cae46ab5eb	pcre: print filename and line number for JIT warning.	14 years ago
Anoop Saldanha	4689783342	bug #454 - rebase fix. Also use better error code to indicate invalid address var yaml entry	14 years ago
Anoop Saldanha	b3660dc5db	bug #454 - add unittests for the address/port conf var validation function	14 years ago
Anoop Saldanha	678763c3f4	bug #454 - global check to see if address and port vars are properly configured	14 years ago
Victor Julien	ea0d172693	No longer pass StreamMsg to output for alert logging, instead use the same callback code as is used for state alerts.	14 years ago
Victor Julien	88a21456e3	stream: keep segments in memory until we are sure the stream/state is inspected.	14 years ago
Anoop Saldanha	64625675ce	set stream_eof flag per stream, only when the stream initiates a close. Fix htp parser to close connection per direction based on this	14 years ago
Victor Julien	b976ff228a	ipv6: fix an AH header parsing issue. Add decoder event for non-null reserved fields.	14 years ago
Victor Julien	52044bb81b	Improve error message for malformed urilen value.	14 years ago
Anoop Saldanha	d39b7b72bd	Add a nice error message when we exceeded address buffer limit for a rule	14 years ago
Anoop Saldanha	7495f59773	bug #451 fix for parsing address. Increase buffer size	14 years ago
Anoop Saldanha	f204b52e10	bug #461 - http header shouldn't match on cookie header	14 years ago
Eric Leblond	59057e542e	Openbsd: Fix some warning related to inline usage. gcc on OpenBSD does not support C99 inline functions. This patch modify the build system to handle this. It also change the order of declaration of some functions to avoid to use them before declaring them as inline.	14 years ago
Anoop Saldanha	3df3be0efc	bug 418 - update http log to escape backslashes	14 years ago
Anoop Saldanha	5d22194299	fix failing rate filter unittest	14 years ago
Anoop Saldanha	7dec21be4c	fix rate filters that reset the sig ctx data and handled action timeouts wrongly	14 years ago
Anoop Saldanha	85db868a83	indentation fix	14 years ago
Anoop Saldanha	c34713321a	fix rate filter alert suppression. Log error if rate filter has count of 0. Other minor fixes as well	14 years ago
Anoop Saldanha	bff2866aed	more coverity fixes	14 years ago
Anoop Saldanha	6c5b596ada	coverity fixes	14 years ago
Eileen Donlon	b22529d6f4	disallow pcre /P/I/U with flow:to_client/from_svr	14 years ago
Eileen Donlon	c7807a21b6	disallow http_server_body with flow:to_server disallow http_server_body with flow:to_server or from_client	14 years ago
Eileen Donlon	2c24eb9e76	allow only one flow option in a rule	14 years ago
Eileen Donlon	f7879f81e8	disallow file_data with flow:to_server/from_client	14 years ago
Victor Julien	36c83f2651	Minor textual update.	14 years ago
Anoop Saldanha	0da93e84ca	bug 454 - Provide better error message when the user supplies a NULL address range	14 years ago
Anoop Saldanha	09ec7ec728	bug 456 fix for byte_extract to have array of the right size to update values with	14 years ago
Anoop Saldanha	d2738c851f	fix failing fast pattern unittests	14 years ago
Eric Leblond	6784ec536d	Fix OpenBSD compilation.	14 years ago
Victor Julien	e6dea5c406	Use less queues and threads in nfq autofp mode. Moved outputs from their own thread to stream/detect threads.	14 years ago
Anoop Saldanha	8742e51fb0	fix detection filter unittests to reflect recent fixes	14 years ago
Anoop Saldanha	64a04fc721	code cleanup	14 years ago
Anoop Saldanha	b48a686d65	considering the tenths of a seconds in a packet, when calculating thresholds	14 years ago
Anoop Saldanha	b899146229	fix detection filter. Had one extra alert than normal previously, now fixed	14 years ago
Anoop Saldanha	493c3db413	fix FNs for flow- only_stream and no_stream options	14 years ago
Anoop Saldanha	ad36d55771	code cleanup - indentation fix	14 years ago
Anoop Saldanha	046819e1b8	bug 452 - fix detection bug for sigs that don't have a content but need payload inspection	14 years ago
Anoop Saldanha	608f4fe787	bug 452 - enable http extra callbacks for configs other than the default configs	14 years ago
Anoop Saldanha	225b917e93	remove unused stream ssn flag - STREAMTCP_FLAG_TOSERVER_REASSEMBLY_STARTED	14 years ago
Anoop Saldanha	61d5fe33c9	Free membuffer before clearing enclosing parent instance	14 years ago
Victor Julien	98c30be2db	ipv6: improve handling of packets with duplicate (or more) ipv6 extension headers.	14 years ago
Victor Julien	d378b76c04	http: body inspection improvement Improve http_client_body and file_data performance when request and response body limits are set to high values.	14 years ago
Victor Julien	4354434522	Add htp error debug printing.	14 years ago
Victor Julien	9f0447cb38	Flag napatech receive tm as well.	14 years ago
Anoop Saldanha	cd4705e699	flag recieve acq tms that previously missed the receive_tm flag	14 years ago
Victor Julien	f219841795	Misc buffer API update.	14 years ago
Eileen Donlon	4327aaf68a	reject pcre modifiers U with B	14 years ago
Eileen Donlon	195eb42d4e	allow only one content to use fast_pattern	14 years ago
Victor Julien	1d59324a68	Add missing space to http.log.	14 years ago
Victor Julien	b5a3995904	Fix minor memleak in an start up error condition.	14 years ago
Anoop Saldanha	69ed12fd28	Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well	14 years ago
Anoop Saldanha	98a8234e0a	csum function fixes. Improves alert accuracy. FPs on invalid-csums decoder rules fixed	14 years ago
Anoop Saldanha	46e1145cff	minor code cleanup	14 years ago
Anoop Saldanha	37f66e5f46	update handling negative offsets in byte_extract. Also improve validation in byte_extract to not extract values out of the buffer range	14 years ago
Victor Julien	18837dce92	http: improve multipart parsing, skip empty records.	14 years ago
Victor Julien	910eb70660	Fix minor compiler warning.	14 years ago
Victor Julien	79691f675a	defrag: don't increment recursion level for reassembled packets. Fixes defragged packets not seeing the same flow.	14 years ago
Jason Ish	90548837e3	Update the ERF file runmodes to support autofp and single.	14 years ago
Jason Ish	1f801d316c	Apply changes recommended by Stephen Donnely of Endace: - Skip pad records. - Don't log error on EGAIN, just try again. - Skip over extension headers. - Check we have the full packet (skip partial packets) - Remove obsolete rlen check. Also remove max_pending_packets to process more packets per iteration.	14 years ago
Victor Julien	07945f04ce	ipv6: make sure we pass the defragged packet from the ipv6 layer to the decoder.	14 years ago
Victor Julien	c682c5f1dd	Fix error in proto handling for ipv6 in fast.log.	14 years ago
Victor Julien	4df25ef499	Apply http.log formatting fix by Chris Wakelin.	14 years ago
Victor Julien	e874a5a3de	Fix error in per packet detection engine profiling.	14 years ago
Victor Julien	3f94b12007	Minor stream optimization.	14 years ago
Victor Julien	b9e5202f3c	Make fast.log use finer grained locking, move protocol lookup outside of the lock.	14 years ago
Victor Julien	b8e741de9e	Minor optimizations to unified2 and fast.log.	14 years ago
Victor Julien	3d6b51a8c4	Small compile fix.	14 years ago
Anoop Saldanha	b6c0d9e926	update util-print.c to use new print macro	14 years ago
Anoop Saldanha	090d098114	provide generic macro to buffer data using snprintf	14 years ago
Anoop Saldanha	95ea105a15	update util-print.c to use snprintf	14 years ago
Anoop Saldanha	23b64c5c08	restructure http logging to use fine grained locking	14 years ago
Victor Julien	40fcae3aa0	Minor unittest fixes to make Coverity happy.	14 years ago
Victor Julien	5c397e3a53	flow: add missing unlocks for rare error condition at flow shut down.	14 years ago
Victor Julien	31b673718c	host: convert use_cnt to a atomic var (like in flow).	14 years ago
Victor Julien	a39529db5d	ipv6: fix routing header parsing leading to rejection of valid packets.	14 years ago
Victor Julien	374947c354	ipv6: properly deal with packets containing a FH header that has offset 0 and no more frags flag set.	14 years ago
Victor Julien	92e7a7d254	ipv6: fix detection engine using the originals IPv6 header's nxt hdr value instead of the upper layer one.	14 years ago
Victor Julien	073ce64786	Fix parsing of tcp-pkt and tcp-stream sigs, add unittest.	14 years ago
Anoop Saldanha	c22755fec5	fix cppcheck analyzer warnings - bug 439	14 years ago
Anoop Saldanha	081b0e05a2	restructure disabling receive threads. Introduce new flag to indicate that threads have finised running	14 years ago
Eric Leblond	91f42b6f41	pcap: fix "work by luck" code.	14 years ago
Eric Leblond	d8d9b0983f	af_packet: misc improvements. Improve block count and only copy snaplen length to avoid overflow.	14 years ago
Victor Julien	0a80e362aa	Fix some minor clang scan-build warnings.	14 years ago
Victor Julien	4ebb6b7fae	nfq: switch locking code to macro's to lock profiling can track the exact lock locations.	14 years ago
Victor Julien	06d7fb5428	Fix CUDA build from a release tarball.	14 years ago
Anoop Saldanha	fea6a426a5	cleanup killing threads. As a consequence fixes invalid read/writes in tmqh flow	14 years ago
Anoop Saldanha	f0e4578640	cleanup junk code in flow qh	14 years ago
Victor Julien	bf4ab2f7e1	Fix misc issues picked up by coccinelle.	14 years ago
Anoop Saldanha	a8095bd8d6	fix compiler warnings	14 years ago
Victor Julien	af4e480163	Fix __WORDSIZE redeclaration warning on Windows builds.	14 years ago
Jason Ish	105173939b	Implement single, autofp and workers run modes for DAG interfaces. Includes multiple interface support. Remove auto mode due to bad performance.	14 years ago
Victor Julien	8e064001c3	Fix compilation of atomic api spinlocked fallback code.	14 years ago
Anoop Saldanha	b2455b6afa	cuda pb tm should be in a thread of its own + pkt_acq should be as free as possible	14 years ago
Anoop Saldanha	2995867328	b2g cuda up, compiling and running	14 years ago
Anoop Saldanha	f1863370a5	clean log pcap	14 years ago
Anoop Saldanha	6392202872	restructure log pcap to use a different setup, which is resilient to thread failure/restarts	14 years ago
Anoop Saldanha	fd21b83f3e	don't return TM failure on failing to remove log file	14 years ago
Anoop Saldanha	4bc907414b	init every new pf instance in log pcap	14 years ago
Victor Julien	cfd4d07dd0	host: convert host hash to use lookup3.c	14 years ago
Victor Julien	c10370907a	flow: make flow use lookup3.c hashing algorithm. Improves hash table distribution.	14 years ago
Victor Julien	20c08ca47b	hash: add lookup3.c by Bob Jenkins Found here: http://burtleburtle.net/bob/hash/doobs.html http://burtleburtle.net/bob/c/lookup3.c From the file header: lookup3.c, by Bob Jenkins, May 2006, Public Domain. These are functions for producing 32-bit hashes for hash table lookup. hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() are externally useful functions. Routines to test the hash are included if SELF_TEST is defined. You can use this free for any purpose. It's in the public domain. It has no warranty.	14 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Xavier Lange	fea5e68a7b	Include conf_test in special cases for unset RUNMODE	14 years ago
Xavier Lange	1d774dae61	Make conf_test local. Simplify if/else to if.	14 years ago
Xavier Lange	1ae10b9a42	Do not spawn threads for conf test	14 years ago
Xavier Lange	eaacc5d0fe	Added conf_test flag and behavior	14 years ago
Victor Julien	22349f863b	file magic: don't disable inspecting magic for both directions if files in only one direction don't need magic.	14 years ago
Victor Julien	f4b542d703	Enforce memcap limit before allocating hash table in host and flow engines.	14 years ago
Victor Julien	bd66a4bba9	Fix typo in spm prototype declaration.	14 years ago
Anoop Saldanha	4d192a6881	update all spm algos to use 16 bit pattern lengths. Should compress a lot of tables	14 years ago
Victor Julien	8d1fe9f2fa	Make 'autofp' the default runmode. Increase default max-pending-packets to 1024. Move some advanced and uncommonly changed settings down in the stock suricata.yaml. Closes #433 .	14 years ago
Eileen Donlon	da633d490b	fix misleading comment	14 years ago
Eileen Donlon	793478a832	reject rules with invalid hex digits in content	14 years ago
Eileen Donlon	f2e85ab9ee	reject rules with an invalid ttl range	14 years ago
Victor Julien	4157d9408d	Various small flow and host table fixes.	14 years ago
Victor Julien	18e81b7ba9	Bail out early if we're in http tunnel mode.	14 years ago
Victor Julien	0788656ef7	Silence ac-gfbs debug message.	14 years ago
Victor Julien	da3c5bf84d	Minor error message cleanups	14 years ago
Victor Julien	fa22a26366	profiling: fix lock profiling int print issue.	14 years ago
Victor Julien	3b79dac2b7	flow: fix atomic var not being initialized and destroyed.	14 years ago
Victor Julien	60dbd34f93	Fix bug in app layer event handling causing http event rules to fail loading.	14 years ago
Victor Julien	40ed10ab38	Minor flowq updates.	14 years ago
Anoop Saldanha	7115fa3e72	Introduce the address hash based flow q handler	14 years ago
Anoop Saldanha	5ffb050ada	Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET	14 years ago
Anoop Saldanha	3faed5fe79	Support freeing flow q handler out ctx. Adapt unittests to use the same	14 years ago
Anoop Saldanha	d01589c9d8	neaten flow q handler code	14 years ago
Anoop Saldanha	0fa14292c0	Enable unittests for flow q handler	14 years ago
Anoop Saldanha	4e417b72b5	support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well	14 years ago
Anoop Saldanha	e252048900	support for custom flow qhandlers - round robin support added	14 years ago
Pierre Chifflier	d866f38982	TLS: add variable to store the error code in the decoder Use a variable to store the decoding error code if required, and remove the calls to SCLogInfo and SCLogDebug.	14 years ago
Pierre Chifflier	218b5d3ba0	TLS app layer: misc fixes, reorder some fields to same memory	14 years ago
Pierre Chifflier	3df341dbeb	Add TLS decode events	14 years ago
Pierre Chifflier	71fa4a5285	TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Eric Leblond	a9bb17e097	tls-handshake: add sanity checks.	14 years ago
Eric Leblond	01c7e5bde6	tls-handshake: Add some missing free in error handling. When DecodeAsn1BuildValue function fails, it may be necessary to do some clean-up in the calling functions.	14 years ago
Eric Leblond	480db00fd7	tls-handshake: DecodeAsn1BuildValue should return -1 for error This patch modifies DecodeAsn1BuildValue to have it return -1 when there is a too big number of bytes announced in the ASN.1 message.	14 years ago
Eric Leblond	8f885ce810	TLS parser: add sanity checks on loop It was possible in some loop to read data placed after the buffer resulting in invalid/unpredictable value. This patch fixes two of this issues.	14 years ago
Eric Leblond	d1c56e810b	TLS parser: add sanity check	14 years ago
Eric Leblond	cb1a75fc9e	TLS parser: modify OCTETSTRING This patch does on over allocation of 1 for the OCTETSTRING to be able to add a 0 at the end. This will then allow us to use the string in printf.	14 years ago
Pierre Chifflier	5a65a17f00	TLS parser: add handing of UTF8STRING Some certificate contains UTF8STRING which is a subset of OCTETSTRING. This patch adds support for this type of string.	14 years ago
Pierre Chifflier	6c2c6cffac	TLS keywords: fix match regex (remove extra space)	14 years ago
Pierre Chifflier	8457ce3b11	TLS app layer: rewrite decoder to handle multiple messages in records Since we now parse the content of the TLS messages, we need to handle the case multiple messages are shipped in a single TLS record, and taking care of the multiple levels of fragmentation (message, record, and TCP). Additionally, fix a bug where the parser state was not reset after an empty record.	14 years ago
Pierre Chifflier	4bb5e2a79d	TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message. Change the function to return the number of bytes processed, and fix a bug where the input buffer was wrong. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Eric Leblond	38c213cb84	tls app layer: add missing free issuerdn was not freed at exit.	14 years ago
Eric Leblond	fce2437dc2	tls app layer: handle negation on subject and issuerdn. This patch adds negation support for tls.subject and tls.issuerdn matches.	14 years ago
Eric Leblond	ad0e05a112	TLS app layer: Add tls.issuerdn keyword.	14 years ago
Eric Leblond	afba81bb27	decode ASN.1: Factorize value reading This patch factorizes the reading of integer value and fix some indentation. By convention, a value of 0xffffffff is returned if the size of the integer is too big. In this case, the hexadecimal value (which is also read) must be used.	14 years ago
Pierre Chifflier	53e5421a24	TLS handshake: get TLS ciphersuite and compression Decode the SERVER_HELLO message to extract the ciphersuite and compression chosen by the server. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	4be65fd016	TLS handshake: decode the SERVER_CERTIFICATE message Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the certificates and keep the subject name. Add the tls.subject keyword for substring match in rules (TLS layer). Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	f77fcdb3e8	Add ASN.1 parser for X509 certificates (in DER format) Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Victor Julien	0b3f6c464a	Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config.	14 years ago
Anoop Saldanha	109662450d	Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs	14 years ago
Anoop Saldanha	7511fa67cd	Add BUG_ON to avoid overruning AppLayerDetectDirection map array	14 years ago
Eileen Donlon	9376967e65	reject rules with duplicate content modifiers reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.	14 years ago
Eileen Donlon	0bb4ff34b8	added null checks for init_hash to all ac mpms	14 years ago
Eileen Donlon	617edf469c	reject http_client_body with inconsistent flow dir reject http_client_body with flow: to_client or from_server	14 years ago
Victor Julien	feff6f7705	Clean up error message.	14 years ago
Eileen Donlon	85c364da09	disallow-use-of-configuration-file-with-unittests	14 years ago
Victor Julien	d908e707d7	profiling: add per lock location profiling Add profiling per lock location in the code. Accounts how often a lock is requested, how often it was contended, the max number of ticks spent waiting for it, avg number of ticks waiting for it and the total ticks for that location. Added a new configure flag --enable-profiling-locks to enable this feature.	14 years ago
Victor Julien	41e9dba20b	Profile pcap file callback.	14 years ago
Victor Julien	ff8755af5c	Make sure stream debug code is only used in debug mode.	14 years ago
Victor Julien	9696902b68	Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained.	14 years ago
Victor Julien	e581ec7dff	Fix 2 compilation issues.	14 years ago
Victor Julien	c0a2cbd478	Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling.	14 years ago
Victor Julien	a05df345de	Introduce host table, make tag use it Add a host table similar to the flow table. A hash using fine grained locking. Flow manager for now takes care of book keeping / garbage collecting. Tag subsystem now uses this for host based tagging instead of the global tag hash table. Because the latter used a global lock and the new code uses very fine grained locking this patch should improve scalability.	14 years ago
Victor Julien	db24258acf	Undo changes from `88b8f15663`. Atomic stack implementation had a-b-a problem.	14 years ago
Victor Julien	88b8f15663	Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code.	14 years ago
Victor Julien	979edf0b97	Add way to profile mutex/spin locks per thread module.	14 years ago
Victor Julien	fddaca6e8b	Implement stream memcap enforcements using atomics instead of spinlocked counters.	14 years ago
Victor Julien	d72b82fae0	Misc fixes.	14 years ago
Victor Julien	8448333bdd	Remove trailing zero's from some counters output.	14 years ago
Victor Julien	0150e66ede	flow engine: improve scalability Major redesign of the flow engine. Remove the flow queues that turned out to be major choke points when using many threads. Flow manager now walks the hash table directly. Simplify the way we get a new flow in case of emergency.	14 years ago
Victor Julien	da5087a0c0	Fix broken unittest.	14 years ago
Eileen Donlon	aae7ea5e67	add null checks to fix bugs in StreamTcpTest23	14 years ago
Eileen Donlon	1a46d7a53a	fix more invalid content unittests fix invalid unittests with mixed relative and non-relative content modifiers and other issues; DetectContentParse19 still contains some failing dce_stub tests which are commented out.	14 years ago
Eileen Donlon	9b2bd9280a	fix invalid unittests with mixed content modifiers Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.	14 years ago
Eileen Donlon	0bcbd23343	reject mixed relative and non-relative keywords reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)	14 years ago
Eileen Donlon	0b09416a48	reject invalid combinations of pcre modifiers don't allow /B with normalized buffers, and don't mix modifiers for normalized and raw buffers	14 years ago
Victor Julien	8350fdd9be	Do not assume the include dir for nss to be nss. On F16 it's nss3.	14 years ago
Victor Julien	705417434b	Fix json output typo.	14 years ago
Victor Julien	fe9258f0fb	Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness.	14 years ago
Victor Julien	6019ae3dcb	Fix minor memleak in case af-packet init fails.	14 years ago
Victor Julien	385f1dcd25	Fix UTHBuildFlow setup using wrong address.	14 years ago
Victor Julien	e3935a2af2	Improve http filename parsing.	14 years ago
Victor Julien	e237841a8e	Fix compilation with profiling enabled. Minor unittest fixes.	14 years ago
Victor Julien	de5c1d1491	Fix minor fgetc issue.	14 years ago
Victor Julien	0d6f33a15b	Move PACKET_RECYCLE outside of flow lock in FlowForceReassemblyForQ as it confuses static code checkers.	14 years ago
Victor Julien	e21d8cdf01	file extract: improve multipart parsing and set events on some error conditions.	14 years ago
Victor Julien	bfb3f1b7cf	flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic.	14 years ago
Victor Julien	372ab9c433	Another batch of minor fixed for issues found by Coverity.	14 years ago
Victor Julien	11bdf4838f	Various improvements to error handling found by Coverity.	14 years ago
Anoop Saldanha	d6af843860	code cleanup	14 years ago
Victor Julien	cdba2f50d1	Various fixes and improvements based on feedback by Coverity analyzer.	14 years ago
Victor Julien	4b2d94a841	Add line number to warning about mangled yaml parameters. Limit number of warnings to 10.	14 years ago
Nikolay Denev	fb05edeeee	Convert underscores to dashes in thread affinity type names.	14 years ago
Nikolay Denev	7fce226bb8	Fix some warning message still using underscored config vars.	14 years ago
Nikolay Denev	139768dd58	Do not use underscored config vars internally.	14 years ago
Nikolay Denev	6819ec8b54	Remove the underscored "sguil_base_dir" compatibility option.	14 years ago
Nikolay Denev	32e898f2e3	Convert config entries using underscores to dashes and emit deprecation warnings.	14 years ago
Victor Julien	2197f1a625	file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records.	14 years ago
Victor Julien	8b1333a277	Add more flow lock assertions to the debug validation code.	14 years ago
Victor Julien	5ba41c7890	Fix locking error in filestore handling. Add debug validate check for asserting a flow is locked.	14 years ago
Victor Julien	28d88746e4	Fix compiler warning and silence complaining unittests.	14 years ago
Victor Julien	860971eca0	Misc afpacket changes.	14 years ago
Victor Julien	8e48a2edfd	Fix NULL dereference in PacketPatternSearchWithStreamCtx code.	14 years ago
Eric Leblond	34b3f19465	af-packet: Implement zero copy This patch adds support for zero copy to AF_PACKET running mode. This requires to use the 'worker' mode which is the only one where the threading architecture is simple enough to permit this without heavy modification.	14 years ago
Eric Leblond	3593cb051e	decode: add PacketSetData funtion This patch adds a function which can be used to set the payload of a packet when a zero copy mode is used.	14 years ago
Eric Leblond	49b7b00fcf	af-packet: mmap support This patch adds mmap support for af-packet. Suricata now makes use of the ring buffer feature of AF_PACKET if 'use-mmap' variable is set to yes on an interface.	14 years ago
Victor Julien	3702a33ae9	file-inspection: support POST requests that do not use multipart.	14 years ago
Victor Julien	64827e3864	file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests.	14 years ago
Victor Julien	6585cb89d3	Fix UtilMiscParseSizeStringTest01 unittest on 32 bit.	14 years ago
Anoop Saldanha	35435f3284	All http_http_stat_code modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_CODE. Also remove dummy match/free functions for stat code and stat msg	14 years ago
Anoop Saldanha	507e1b66e0	All http_http_stat_msg modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_MSG	14 years ago
Anoop Saldanha	059ee217ff	All http_http_raw_uri modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_URI	14 years ago
Anoop Saldanha	b1a0d35106	All http_http_cookie modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_COOKIE	14 years ago
Anoop Saldanha	49bdad9345	All http_http_method modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_METHOD	14 years ago
Anoop Saldanha	97d8fc9cba	All http_http_raw_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_HEADER	14 years ago
Anoop Saldanha	97308674ee	All http_http_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_HEADER	14 years ago
Anoop Saldanha	1acb7cdc7d	All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY	14 years ago
Anoop Saldanha	a5b46e727c	All http_client_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_CLIENT_BODY	14 years ago
Anoop Saldanha	4810ee9c5f	All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns	14 years ago
Anoop Saldanha	93d7a6e671	code cleanup. Remove unused functions	14 years ago
Anoop Saldanha	eb07c345b8	code cleanup - replace SigMatchAppendThreshold with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	dd7e710f35	code cleanup - replace SigMatchAppendPostMatch with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	a4638fb0ad	code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ff38d42bf1	code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ac68c3f893	code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	6cab663bf0	code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c4cb37b8da	code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c9af50ea0c	code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	bbb9f35f26	code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	ab35b98f76	code cleanup - remove DetectContentGetLastPattern. Replace it with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	d85ab5ab1f	code cleanup - remove DetectContentFindNextApplicableSM	14 years ago
Anoop Saldanha	802350f65a	code cleanup - remove DetectContentHasPrevSMPattern	14 years ago
Anoop Saldanha	9652c3672d	code cleanup - remove SigMatchGetLastPattern	14 years ago
Anoop Saldanha	e851804c92	code cleanup - remove DetectUricontentGetLastPattern	14 years ago
Anoop Saldanha	dcb2afb02f	Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type	14 years ago
Anoop Saldanha	83d9439877	DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent	14 years ago
Victor Julien	154af56b45	Add a print function specially for json output that escapes all characters json requires to be escaped.	14 years ago
Victor Julien	740ee3e7ab	Add referer header to .meta and json file logs.	14 years ago
Victor Julien	337f7861a4	Make sure that if not built against libnss, we still compile. Only no md5 for you then\!	14 years ago
Victor Julien	6752ccae2a	Add line based log file to log-file module that logs each stored file's meta data in json records.	14 years ago
Victor Julien	12e8ce6545	In PrintRawUriFp, consider " unprintable.	14 years ago
Victor Julien	69b3df96fb	Initial on the fly MD5 calculation for extracted files using libnss.	14 years ago
Anoop Saldanha	2f7717a1a7	delete detect-recursive.[ch]	14 years ago
Anoop Saldanha	e682796d03	feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it	14 years ago
Anoop Saldanha	603d4a719a	remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine	14 years ago
Anoop Saldanha	d1d5507679	remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy	14 years ago
Anoop Saldanha	35f1f7e8d9	unify payload detection engines + fix other bugs in pcre init	14 years ago
Anoop Saldanha	9287cce674	raw urilen inspection moves to raw uri list. Won't make any difference wrt inspection	14 years ago
Anoop Saldanha	0677190960	rebase commit for hscd and hsmd patches	14 years ago
Anoop Saldanha	22b1f5b22b	fix seg fault due to wrong sm list access in hscd	14 years ago
Anoop Saldanha	2e2398147c	fast pattern unittests added for http server body	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	2007c2711c	Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword	14 years ago
Victor Julien	9dc153c8f4	Fix path handling for including rule files on win32.	14 years ago
Victor Julien	489b8b8bcc	Allow other yaml files to be included in the main yaml.	14 years ago
Victor Julien	adb5d05fb5	Fix a FP with negated filemagic inspection.	14 years ago
Victor Julien	0b9038b971	Add atomics to ticks unittests.	14 years ago
Victor Julien	f77c475c85	Minor layout fixes.	14 years ago
Victor Julien	e1a309a6b2	Napatech code formatting fixes.	14 years ago
Victor Julien	95a5bebb6a	Fix compilation without napatech tech support enabled.	14 years ago
Victor Julien	1d9f6ff8f2	Initial Napatech support by Randy Caldejon / nPulse.	14 years ago
Anoop Saldanha	60553f3753	fix compilation error for the new http response header mpm feature	14 years ago
Anoop Saldanha	716afac5a2	fix debug messages that have references to the old mpm contexts	14 years ago
Anoop Saldanha	9a665e035b	code cleanup over last 2 commits	14 years ago
Anoop Saldanha	55c4e419fd	if a signature is non-tcp, it's always a packet sig	14 years ago
Anoop Saldanha	419cdc8558	support splitting mpm ctxs based on direction v2	14 years ago
Anoop Saldanha	0a91d824bf	Fix bug in ac-bs search function	14 years ago
Anoop Saldanha	db859cc56e	treate ac-bs auto as single context	14 years ago
Anoop Saldanha	199288309d	Support for new MPM ac-bs added	14 years ago
Victor Julien	e244934566	Disable unittest that fails without libnet support.	14 years ago
Anoop Saldanha	c2d47718c1	bug #411 - fix failing unittest	14 years ago
Anoop Saldanha	6556b4c62b	bug #411 - don't modify within/distance at setup time	14 years ago
Anoop Saldanha	37329f85d4	bug #412 - rebase commit. Remove the previous references to SigInitReal() with SigInit()	14 years ago
Anoop Saldanha	3b5d95547d	bug #412 - Remove the commented out SigInitReal()	14 years ago
Anoop Saldanha	6cbd3a1046	bug #412 - Unify SigInit() and SigInitReal(). Remove any use of SigInitReal()	14 years ago
Anoop Saldanha	acccf3a5a5	Add function declaration for SigInitReal	14 years ago
Anoop Saldanha	88ad3691d1	bug #405 - fix bug where raw uri inspection sigs were not treated as stateful sigs	14 years ago
Anoop Saldanha	0b43f2a5fd	Use SigInitReal() instead of SigInit() in raw uri tests. This should show that we have unittests failing, thus highlighting bug 411. The next commit is the fix for this bug	14 years ago
Victor Julien	6aa0ad1c5f	Remove unused definitions in pcre code.	14 years ago
Victor Julien	bb6f93e675	Fix unittest missing a flow direction in the rule.	14 years ago
Eileen Donlon	39b8cc2f8b	fixed relative handling for pcre cookie and method	14 years ago
Eileen Donlon	d55fef2d75	Cleaned up some error messages for detect distance and offset.	14 years ago
Victor Julien	b16a71020d	Make 'make check' happy in a ipproto unittest.	14 years ago
Anoop Saldanha	5b3c8566dd	bug #403 - add unittests	14 years ago
Anoop Saldanha	a19a249230	Set the packet protocol only if it can parsed without error	14 years ago

... 4 5 6 7 8 ...

3264 Commits (794bfc590c7342489dc337ee6c5e6ccab72be1c0)