suricata

Commit Graph

Author	SHA1	Message	Date
Anoop Saldanha	608f4fe787	bug 452 - enable http extra callbacks for configs other than the default configs	14 years ago
Anoop Saldanha	225b917e93	remove unused stream ssn flag - STREAMTCP_FLAG_TOSERVER_REASSEMBLY_STARTED	14 years ago
Anoop Saldanha	61d5fe33c9	Free membuffer before clearing enclosing parent instance	14 years ago
Victor Julien	98c30be2db	ipv6: improve handling of packets with duplicate (or more) ipv6 extension headers.	14 years ago
Victor Julien	d378b76c04	http: body inspection improvement Improve http_client_body and file_data performance when request and response body limits are set to high values.	14 years ago
Victor Julien	4354434522	Add htp error debug printing.	14 years ago
Victor Julien	9f0447cb38	Flag napatech receive tm as well.	14 years ago
Anoop Saldanha	cd4705e699	flag recieve acq tms that previously missed the receive_tm flag	14 years ago
Victor Julien	f219841795	Misc buffer API update.	14 years ago
Eileen Donlon	4327aaf68a	reject pcre modifiers U with B	14 years ago
Eileen Donlon	195eb42d4e	allow only one content to use fast_pattern	14 years ago
Victor Julien	1d59324a68	Add missing space to http.log.	14 years ago
Victor Julien	b5a3995904	Fix minor memleak in an start up error condition.	14 years ago
Anoop Saldanha	69ed12fd28	Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well	14 years ago
Anoop Saldanha	98a8234e0a	csum function fixes. Improves alert accuracy. FPs on invalid-csums decoder rules fixed	14 years ago
Anoop Saldanha	46e1145cff	minor code cleanup	14 years ago
Anoop Saldanha	37f66e5f46	update handling negative offsets in byte_extract. Also improve validation in byte_extract to not extract values out of the buffer range	14 years ago
Victor Julien	18837dce92	http: improve multipart parsing, skip empty records.	14 years ago
Victor Julien	910eb70660	Fix minor compiler warning.	14 years ago
Victor Julien	79691f675a	defrag: don't increment recursion level for reassembled packets. Fixes defragged packets not seeing the same flow.	14 years ago
Jason Ish	90548837e3	Update the ERF file runmodes to support autofp and single.	14 years ago
Jason Ish	1f801d316c	Apply changes recommended by Stephen Donnely of Endace: - Skip pad records. - Don't log error on EGAIN, just try again. - Skip over extension headers. - Check we have the full packet (skip partial packets) - Remove obsolete rlen check. Also remove max_pending_packets to process more packets per iteration.	14 years ago
Victor Julien	07945f04ce	ipv6: make sure we pass the defragged packet from the ipv6 layer to the decoder.	14 years ago
Victor Julien	c682c5f1dd	Fix error in proto handling for ipv6 in fast.log.	14 years ago
Victor Julien	4df25ef499	Apply http.log formatting fix by Chris Wakelin.	14 years ago
Victor Julien	e874a5a3de	Fix error in per packet detection engine profiling.	14 years ago
Victor Julien	3f94b12007	Minor stream optimization.	14 years ago
Victor Julien	b9e5202f3c	Make fast.log use finer grained locking, move protocol lookup outside of the lock.	14 years ago
Victor Julien	b8e741de9e	Minor optimizations to unified2 and fast.log.	14 years ago
Victor Julien	3d6b51a8c4	Small compile fix.	14 years ago
Anoop Saldanha	b6c0d9e926	update util-print.c to use new print macro	14 years ago
Anoop Saldanha	090d098114	provide generic macro to buffer data using snprintf	14 years ago
Anoop Saldanha	95ea105a15	update util-print.c to use snprintf	14 years ago
Anoop Saldanha	23b64c5c08	restructure http logging to use fine grained locking	14 years ago
Victor Julien	40fcae3aa0	Minor unittest fixes to make Coverity happy.	14 years ago
Victor Julien	5c397e3a53	flow: add missing unlocks for rare error condition at flow shut down.	14 years ago
Victor Julien	31b673718c	host: convert use_cnt to a atomic var (like in flow).	14 years ago
Victor Julien	a39529db5d	ipv6: fix routing header parsing leading to rejection of valid packets.	14 years ago
Victor Julien	374947c354	ipv6: properly deal with packets containing a FH header that has offset 0 and no more frags flag set.	14 years ago
Victor Julien	92e7a7d254	ipv6: fix detection engine using the originals IPv6 header's nxt hdr value instead of the upper layer one.	14 years ago
Victor Julien	073ce64786	Fix parsing of tcp-pkt and tcp-stream sigs, add unittest.	14 years ago
Anoop Saldanha	c22755fec5	fix cppcheck analyzer warnings - bug 439	14 years ago
Anoop Saldanha	081b0e05a2	restructure disabling receive threads. Introduce new flag to indicate that threads have finised running	14 years ago
Eric Leblond	91f42b6f41	pcap: fix "work by luck" code.	14 years ago
Eric Leblond	d8d9b0983f	af_packet: misc improvements. Improve block count and only copy snaplen length to avoid overflow.	14 years ago
Victor Julien	0a80e362aa	Fix some minor clang scan-build warnings.	14 years ago
Victor Julien	4ebb6b7fae	nfq: switch locking code to macro's to lock profiling can track the exact lock locations.	14 years ago
Victor Julien	06d7fb5428	Fix CUDA build from a release tarball.	14 years ago
Anoop Saldanha	fea6a426a5	cleanup killing threads. As a consequence fixes invalid read/writes in tmqh flow	14 years ago
Anoop Saldanha	f0e4578640	cleanup junk code in flow qh	14 years ago
Victor Julien	bf4ab2f7e1	Fix misc issues picked up by coccinelle.	14 years ago
Anoop Saldanha	a8095bd8d6	fix compiler warnings	14 years ago
Victor Julien	af4e480163	Fix __WORDSIZE redeclaration warning on Windows builds.	14 years ago
Jason Ish	105173939b	Implement single, autofp and workers run modes for DAG interfaces. Includes multiple interface support. Remove auto mode due to bad performance.	14 years ago
Victor Julien	8e064001c3	Fix compilation of atomic api spinlocked fallback code.	14 years ago
Anoop Saldanha	b2455b6afa	cuda pb tm should be in a thread of its own + pkt_acq should be as free as possible	14 years ago
Anoop Saldanha	2995867328	b2g cuda up, compiling and running	14 years ago
Anoop Saldanha	f1863370a5	clean log pcap	14 years ago
Anoop Saldanha	6392202872	restructure log pcap to use a different setup, which is resilient to thread failure/restarts	14 years ago
Anoop Saldanha	fd21b83f3e	don't return TM failure on failing to remove log file	14 years ago
Anoop Saldanha	4bc907414b	init every new pf instance in log pcap	14 years ago
Victor Julien	cfd4d07dd0	host: convert host hash to use lookup3.c	14 years ago
Victor Julien	c10370907a	flow: make flow use lookup3.c hashing algorithm. Improves hash table distribution.	14 years ago
Victor Julien	20c08ca47b	hash: add lookup3.c by Bob Jenkins Found here: http://burtleburtle.net/bob/hash/doobs.html http://burtleburtle.net/bob/c/lookup3.c From the file header: lookup3.c, by Bob Jenkins, May 2006, Public Domain. These are functions for producing 32-bit hashes for hash table lookup. hashword(), hashlittle(), hashlittle2(), hashbig(), mix(), and final() are externally useful functions. Routines to test the hash are included if SELF_TEST is defined. You can use this free for any purpose. It's in the public domain. It has no warranty.	14 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Xavier Lange	fea5e68a7b	Include conf_test in special cases for unset RUNMODE	14 years ago
Xavier Lange	1d774dae61	Make conf_test local. Simplify if/else to if.	14 years ago
Xavier Lange	1ae10b9a42	Do not spawn threads for conf test	14 years ago
Xavier Lange	eaacc5d0fe	Added conf_test flag and behavior	14 years ago
Victor Julien	22349f863b	file magic: don't disable inspecting magic for both directions if files in only one direction don't need magic.	14 years ago
Victor Julien	f4b542d703	Enforce memcap limit before allocating hash table in host and flow engines.	14 years ago
Victor Julien	bd66a4bba9	Fix typo in spm prototype declaration.	14 years ago
Anoop Saldanha	4d192a6881	update all spm algos to use 16 bit pattern lengths. Should compress a lot of tables	14 years ago
Victor Julien	8d1fe9f2fa	Make 'autofp' the default runmode. Increase default max-pending-packets to 1024. Move some advanced and uncommonly changed settings down in the stock suricata.yaml. Closes #433 .	14 years ago
Eileen Donlon	da633d490b	fix misleading comment	14 years ago
Eileen Donlon	793478a832	reject rules with invalid hex digits in content	14 years ago
Eileen Donlon	f2e85ab9ee	reject rules with an invalid ttl range	14 years ago
Victor Julien	4157d9408d	Various small flow and host table fixes.	14 years ago
Victor Julien	18e81b7ba9	Bail out early if we're in http tunnel mode.	14 years ago
Victor Julien	0788656ef7	Silence ac-gfbs debug message.	14 years ago
Victor Julien	da3c5bf84d	Minor error message cleanups	14 years ago
Victor Julien	fa22a26366	profiling: fix lock profiling int print issue.	14 years ago
Victor Julien	3b79dac2b7	flow: fix atomic var not being initialized and destroyed.	14 years ago
Victor Julien	60dbd34f93	Fix bug in app layer event handling causing http event rules to fail loading.	14 years ago
Victor Julien	40ed10ab38	Minor flowq updates.	14 years ago
Anoop Saldanha	7115fa3e72	Introduce the address hash based flow q handler	14 years ago
Anoop Saldanha	5ffb050ada	Adapt flow tmqh counters to be atomic vars. Remove support for active flows q handler. Introduce SC_ATOMIC_SET	14 years ago
Anoop Saldanha	3faed5fe79	Support freeing flow q handler out ctx. Adapt unittests to use the same	14 years ago
Anoop Saldanha	d01589c9d8	neaten flow q handler code	14 years ago
Anoop Saldanha	0fa14292c0	Enable unittests for flow q handler	14 years ago
Anoop Saldanha	4e417b72b5	support flow q handler schedulers active_flows and active_packets. Support new yaml option autofp_scheduler. Support for printing q handler stats as well	14 years ago
Anoop Saldanha	e252048900	support for custom flow qhandlers - round robin support added	14 years ago
Pierre Chifflier	d866f38982	TLS: add variable to store the error code in the decoder Use a variable to store the decoding error code if required, and remove the calls to SCLogInfo and SCLogDebug.	14 years ago
Pierre Chifflier	218b5d3ba0	TLS app layer: misc fixes, reorder some fields to same memory	14 years ago
Pierre Chifflier	3df341dbeb	Add TLS decode events	14 years ago
Pierre Chifflier	71fa4a5285	TLS: replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Eric Leblond	a9bb17e097	tls-handshake: add sanity checks.	14 years ago
Eric Leblond	01c7e5bde6	tls-handshake: Add some missing free in error handling. When DecodeAsn1BuildValue function fails, it may be necessary to do some clean-up in the calling functions.	14 years ago
Eric Leblond	480db00fd7	tls-handshake: DecodeAsn1BuildValue should return -1 for error This patch modifies DecodeAsn1BuildValue to have it return -1 when there is a too big number of bytes announced in the ASN.1 message.	14 years ago
Eric Leblond	8f885ce810	TLS parser: add sanity checks on loop It was possible in some loop to read data placed after the buffer resulting in invalid/unpredictable value. This patch fixes two of this issues.	14 years ago
Eric Leblond	d1c56e810b	TLS parser: add sanity check	14 years ago
Eric Leblond	cb1a75fc9e	TLS parser: modify OCTETSTRING This patch does on over allocation of 1 for the OCTETSTRING to be able to add a 0 at the end. This will then allow us to use the string in printf.	14 years ago
Pierre Chifflier	5a65a17f00	TLS parser: add handing of UTF8STRING Some certificate contains UTF8STRING which is a subset of OCTETSTRING. This patch adds support for this type of string.	14 years ago
Pierre Chifflier	6c2c6cffac	TLS keywords: fix match regex (remove extra space)	14 years ago
Pierre Chifflier	8457ce3b11	TLS app layer: rewrite decoder to handle multiple messages in records Since we now parse the content of the TLS messages, we need to handle the case multiple messages are shipped in a single TLS record, and taking care of the multiple levels of fragmentation (message, record, and TCP). Additionally, fix a bug where the parser state was not reset after an empty record.	14 years ago
Pierre Chifflier	4bb5e2a79d	TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message. Change the function to return the number of bytes processed, and fix a bug where the input buffer was wrong. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Eric Leblond	38c213cb84	tls app layer: add missing free issuerdn was not freed at exit.	14 years ago
Eric Leblond	fce2437dc2	tls app layer: handle negation on subject and issuerdn. This patch adds negation support for tls.subject and tls.issuerdn matches.	14 years ago
Eric Leblond	ad0e05a112	TLS app layer: Add tls.issuerdn keyword.	14 years ago
Eric Leblond	afba81bb27	decode ASN.1: Factorize value reading This patch factorizes the reading of integer value and fix some indentation. By convention, a value of 0xffffffff is returned if the size of the integer is too big. In this case, the hexadecimal value (which is also read) must be used.	14 years ago
Pierre Chifflier	53e5421a24	TLS handshake: get TLS ciphersuite and compression Decode the SERVER_HELLO message to extract the ciphersuite and compression chosen by the server. Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	4be65fd016	TLS handshake: decode the SERVER_CERTIFICATE message Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the certificates and keep the subject name. Add the tls.subject keyword for substring match in rules (TLS layer). Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Pierre Chifflier	f77fcdb3e8	Add ASN.1 parser for X509 certificates (in DER format) Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>	14 years ago
Victor Julien	0b3f6c464a	Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config.	14 years ago
Anoop Saldanha	109662450d	Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs	14 years ago
Anoop Saldanha	7511fa67cd	Add BUG_ON to avoid overruning AppLayerDetectDirection map array	14 years ago
Eileen Donlon	9376967e65	reject rules with duplicate content modifiers reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.	14 years ago
Eileen Donlon	0bb4ff34b8	added null checks for init_hash to all ac mpms	14 years ago
Eileen Donlon	617edf469c	reject http_client_body with inconsistent flow dir reject http_client_body with flow: to_client or from_server	14 years ago
Victor Julien	feff6f7705	Clean up error message.	14 years ago
Eileen Donlon	85c364da09	disallow-use-of-configuration-file-with-unittests	14 years ago
Victor Julien	d908e707d7	profiling: add per lock location profiling Add profiling per lock location in the code. Accounts how often a lock is requested, how often it was contended, the max number of ticks spent waiting for it, avg number of ticks waiting for it and the total ticks for that location. Added a new configure flag --enable-profiling-locks to enable this feature.	14 years ago
Victor Julien	41e9dba20b	Profile pcap file callback.	14 years ago
Victor Julien	ff8755af5c	Make sure stream debug code is only used in debug mode.	14 years ago
Victor Julien	9696902b68	Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained.	14 years ago
Victor Julien	e581ec7dff	Fix 2 compilation issues.	14 years ago
Victor Julien	c0a2cbd478	Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling.	14 years ago
Victor Julien	a05df345de	Introduce host table, make tag use it Add a host table similar to the flow table. A hash using fine grained locking. Flow manager for now takes care of book keeping / garbage collecting. Tag subsystem now uses this for host based tagging instead of the global tag hash table. Because the latter used a global lock and the new code uses very fine grained locking this patch should improve scalability.	14 years ago
Victor Julien	db24258acf	Undo changes from `88b8f15663`. Atomic stack implementation had a-b-a problem.	14 years ago
Victor Julien	88b8f15663	Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code.	14 years ago
Victor Julien	979edf0b97	Add way to profile mutex/spin locks per thread module.	14 years ago
Victor Julien	fddaca6e8b	Implement stream memcap enforcements using atomics instead of spinlocked counters.	14 years ago
Victor Julien	d72b82fae0	Misc fixes.	14 years ago
Victor Julien	8448333bdd	Remove trailing zero's from some counters output.	14 years ago
Victor Julien	0150e66ede	flow engine: improve scalability Major redesign of the flow engine. Remove the flow queues that turned out to be major choke points when using many threads. Flow manager now walks the hash table directly. Simplify the way we get a new flow in case of emergency.	14 years ago
Victor Julien	da5087a0c0	Fix broken unittest.	14 years ago
Eileen Donlon	aae7ea5e67	add null checks to fix bugs in StreamTcpTest23	14 years ago
Eileen Donlon	1a46d7a53a	fix more invalid content unittests fix invalid unittests with mixed relative and non-relative content modifiers and other issues; DetectContentParse19 still contains some failing dce_stub tests which are commented out.	14 years ago
Eileen Donlon	9b2bd9280a	fix invalid unittests with mixed content modifiers Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.	14 years ago
Eileen Donlon	0bcbd23343	reject mixed relative and non-relative keywords reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)	14 years ago
Eileen Donlon	0b09416a48	reject invalid combinations of pcre modifiers don't allow /B with normalized buffers, and don't mix modifiers for normalized and raw buffers	14 years ago
Victor Julien	8350fdd9be	Do not assume the include dir for nss to be nss. On F16 it's nss3.	14 years ago
Victor Julien	705417434b	Fix json output typo.	14 years ago
Victor Julien	fe9258f0fb	Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness.	14 years ago
Victor Julien	6019ae3dcb	Fix minor memleak in case af-packet init fails.	14 years ago
Victor Julien	385f1dcd25	Fix UTHBuildFlow setup using wrong address.	14 years ago
Victor Julien	e3935a2af2	Improve http filename parsing.	14 years ago
Victor Julien	e237841a8e	Fix compilation with profiling enabled. Minor unittest fixes.	14 years ago
Victor Julien	de5c1d1491	Fix minor fgetc issue.	14 years ago
Victor Julien	0d6f33a15b	Move PACKET_RECYCLE outside of flow lock in FlowForceReassemblyForQ as it confuses static code checkers.	14 years ago
Victor Julien	e21d8cdf01	file extract: improve multipart parsing and set events on some error conditions.	14 years ago
Victor Julien	bfb3f1b7cf	flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic.	14 years ago
Victor Julien	372ab9c433	Another batch of minor fixed for issues found by Coverity.	14 years ago
Victor Julien	11bdf4838f	Various improvements to error handling found by Coverity.	14 years ago
Anoop Saldanha	d6af843860	code cleanup	14 years ago
Victor Julien	cdba2f50d1	Various fixes and improvements based on feedback by Coverity analyzer.	14 years ago
Victor Julien	4b2d94a841	Add line number to warning about mangled yaml parameters. Limit number of warnings to 10.	14 years ago
Nikolay Denev	fb05edeeee	Convert underscores to dashes in thread affinity type names.	14 years ago
Nikolay Denev	7fce226bb8	Fix some warning message still using underscored config vars.	14 years ago
Nikolay Denev	139768dd58	Do not use underscored config vars internally.	14 years ago
Nikolay Denev	6819ec8b54	Remove the underscored "sguil_base_dir" compatibility option.	14 years ago
Nikolay Denev	32e898f2e3	Convert config entries using underscores to dashes and emit deprecation warnings.	14 years ago
Victor Julien	2197f1a625	file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records.	14 years ago
Victor Julien	8b1333a277	Add more flow lock assertions to the debug validation code.	14 years ago
Victor Julien	5ba41c7890	Fix locking error in filestore handling. Add debug validate check for asserting a flow is locked.	14 years ago
Victor Julien	28d88746e4	Fix compiler warning and silence complaining unittests.	14 years ago
Victor Julien	860971eca0	Misc afpacket changes.	14 years ago
Victor Julien	8e48a2edfd	Fix NULL dereference in PacketPatternSearchWithStreamCtx code.	14 years ago
Eric Leblond	34b3f19465	af-packet: Implement zero copy This patch adds support for zero copy to AF_PACKET running mode. This requires to use the 'worker' mode which is the only one where the threading architecture is simple enough to permit this without heavy modification.	14 years ago
Eric Leblond	3593cb051e	decode: add PacketSetData funtion This patch adds a function which can be used to set the payload of a packet when a zero copy mode is used.	14 years ago
Eric Leblond	49b7b00fcf	af-packet: mmap support This patch adds mmap support for af-packet. Suricata now makes use of the ring buffer feature of AF_PACKET if 'use-mmap' variable is set to yes on an interface.	14 years ago
Victor Julien	3702a33ae9	file-inspection: support POST requests that do not use multipart.	14 years ago
Victor Julien	64827e3864	file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests.	14 years ago
Victor Julien	6585cb89d3	Fix UtilMiscParseSizeStringTest01 unittest on 32 bit.	14 years ago
Anoop Saldanha	35435f3284	All http_http_stat_code modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_CODE. Also remove dummy match/free functions for stat code and stat msg	14 years ago
Anoop Saldanha	507e1b66e0	All http_http_stat_msg modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_STAT_MSG	14 years ago
Anoop Saldanha	059ee217ff	All http_http_raw_uri modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_URI	14 years ago
Anoop Saldanha	b1a0d35106	All http_http_cookie modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_COOKIE	14 years ago
Anoop Saldanha	49bdad9345	All http_http_method modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_METHOD	14 years ago
Anoop Saldanha	97d8fc9cba	All http_http_raw_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_RAW_HEADER	14 years ago
Anoop Saldanha	97308674ee	All http_http_header modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_HEADER	14 years ago
Anoop Saldanha	1acb7cdc7d	All http_server_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_SERVER_BODY	14 years ago
Anoop Saldanha	a5b46e727c	All http_client_body modified patterns now are DETECT_CONTENT and not DETECT_AL_HTTP_CLIENT_BODY	14 years ago
Anoop Saldanha	4810ee9c5f	All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns	14 years ago
Anoop Saldanha	93d7a6e671	code cleanup. Remove unused functions	14 years ago
Anoop Saldanha	eb07c345b8	code cleanup - replace SigMatchAppendThreshold with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	dd7e710f35	code cleanup - replace SigMatchAppendPostMatch with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	a4638fb0ad	code cleanup - replace SigMatchAppendPacket with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ff38d42bf1	code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	ac68c3f893	code cleanup - replace SigMatchAppendDcePayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	6cab663bf0	code cleanup - replace SigMatchAppendPayload with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c4cb37b8da	code cleanup - replace SigMatchAppendUricontent with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	c9af50ea0c	code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	bbb9f35f26	code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	ab35b98f76	code cleanup - remove DetectContentGetLastPattern. Replace it with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	d85ab5ab1f	code cleanup - remove DetectContentFindNextApplicableSM	14 years ago
Anoop Saldanha	802350f65a	code cleanup - remove DetectContentHasPrevSMPattern	14 years ago
Anoop Saldanha	9652c3672d	code cleanup - remove SigMatchGetLastPattern	14 years ago
Anoop Saldanha	e851804c92	code cleanup - remove DetectUricontentGetLastPattern	14 years ago
Anoop Saldanha	dcb2afb02f	Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type	14 years ago
Anoop Saldanha	83d9439877	DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent	14 years ago
Victor Julien	154af56b45	Add a print function specially for json output that escapes all characters json requires to be escaped.	14 years ago
Victor Julien	740ee3e7ab	Add referer header to .meta and json file logs.	14 years ago
Victor Julien	337f7861a4	Make sure that if not built against libnss, we still compile. Only no md5 for you then\!	14 years ago
Victor Julien	6752ccae2a	Add line based log file to log-file module that logs each stored file's meta data in json records.	14 years ago
Victor Julien	12e8ce6545	In PrintRawUriFp, consider " unprintable.	14 years ago
Victor Julien	69b3df96fb	Initial on the fly MD5 calculation for extracted files using libnss.	14 years ago
Anoop Saldanha	2f7717a1a7	delete detect-recursive.[ch]	14 years ago
Anoop Saldanha	e682796d03	feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it	14 years ago
Anoop Saldanha	603d4a719a	remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine	14 years ago
Anoop Saldanha	d1d5507679	remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy	14 years ago
Anoop Saldanha	35f1f7e8d9	unify payload detection engines + fix other bugs in pcre init	14 years ago
Anoop Saldanha	9287cce674	raw urilen inspection moves to raw uri list. Won't make any difference wrt inspection	14 years ago
Anoop Saldanha	0677190960	rebase commit for hscd and hsmd patches	14 years ago
Anoop Saldanha	22b1f5b22b	fix seg fault due to wrong sm list access in hscd	14 years ago
Anoop Saldanha	2e2398147c	fast pattern unittests added for http server body	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	2007c2711c	Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword	14 years ago
Victor Julien	9dc153c8f4	Fix path handling for including rule files on win32.	14 years ago
Victor Julien	489b8b8bcc	Allow other yaml files to be included in the main yaml.	14 years ago
Victor Julien	adb5d05fb5	Fix a FP with negated filemagic inspection.	14 years ago
Victor Julien	0b9038b971	Add atomics to ticks unittests.	14 years ago
Victor Julien	f77c475c85	Minor layout fixes.	14 years ago
Victor Julien	e1a309a6b2	Napatech code formatting fixes.	14 years ago
Victor Julien	95a5bebb6a	Fix compilation without napatech tech support enabled.	14 years ago
Victor Julien	1d9f6ff8f2	Initial Napatech support by Randy Caldejon / nPulse.	14 years ago
Anoop Saldanha	60553f3753	fix compilation error for the new http response header mpm feature	14 years ago
Anoop Saldanha	716afac5a2	fix debug messages that have references to the old mpm contexts	14 years ago
Anoop Saldanha	9a665e035b	code cleanup over last 2 commits	14 years ago
Anoop Saldanha	55c4e419fd	if a signature is non-tcp, it's always a packet sig	14 years ago
Anoop Saldanha	419cdc8558	support splitting mpm ctxs based on direction v2	14 years ago
Anoop Saldanha	0a91d824bf	Fix bug in ac-bs search function	14 years ago
Anoop Saldanha	db859cc56e	treate ac-bs auto as single context	14 years ago
Anoop Saldanha	199288309d	Support for new MPM ac-bs added	14 years ago
Victor Julien	e244934566	Disable unittest that fails without libnet support.	14 years ago
Anoop Saldanha	c2d47718c1	bug #411 - fix failing unittest	14 years ago
Anoop Saldanha	6556b4c62b	bug #411 - don't modify within/distance at setup time	14 years ago
Anoop Saldanha	37329f85d4	bug #412 - rebase commit. Remove the previous references to SigInitReal() with SigInit()	14 years ago
Anoop Saldanha	3b5d95547d	bug #412 - Remove the commented out SigInitReal()	14 years ago
Anoop Saldanha	6cbd3a1046	bug #412 - Unify SigInit() and SigInitReal(). Remove any use of SigInitReal()	14 years ago
Anoop Saldanha	acccf3a5a5	Add function declaration for SigInitReal	14 years ago
Anoop Saldanha	88ad3691d1	bug #405 - fix bug where raw uri inspection sigs were not treated as stateful sigs	14 years ago
Anoop Saldanha	0b43f2a5fd	Use SigInitReal() instead of SigInit() in raw uri tests. This should show that we have unittests failing, thus highlighting bug 411. The next commit is the fix for this bug	14 years ago
Victor Julien	6aa0ad1c5f	Remove unused definitions in pcre code.	14 years ago
Victor Julien	bb6f93e675	Fix unittest missing a flow direction in the rule.	14 years ago
Eileen Donlon	39b8cc2f8b	fixed relative handling for pcre cookie and method	14 years ago
Eileen Donlon	d55fef2d75	Cleaned up some error messages for detect distance and offset.	14 years ago
Victor Julien	b16a71020d	Make 'make check' happy in a ipproto unittest.	14 years ago
Anoop Saldanha	5b3c8566dd	bug #403 - add unittests	14 years ago
Anoop Saldanha	a19a249230	Set the packet protocol only if it can parsed without error	14 years ago
Anoop Saldanha	2fa55a86fa	Fix csum validation functions to not carry out csum calculation if respective headers are not present	14 years ago
Anoop Saldanha	b8997b415c	bug #403 - fix setting ip proto for ipv6 packets	14 years ago
Anoop Saldanha	87c2dae010	bug #403 - fix setting ip proto for packets	14 years ago
Victor Julien	18d458870f	1.3 branch has opened	14 years ago
Victor Julien	706b046966	Convert missing coredump config to debug.	14 years ago
Victor Julien	2d9449d060	Make code default for pcre match limit match the suricata.yaml default.	14 years ago
Victor Julien	c8c4a76dc6	Move threshold to it's own sig match list.	14 years ago
Victor Julien	0983f1d0a6	Only force a pseudo packet inspection cycle for TCP streams in a state >= established.	14 years ago
Victor Julien	eba3cecc5d	Fix unified2 records generated based on reassembled stream data.	14 years ago
Victor Julien	93d121bf21	Update app layer events for HTTP now that libhtp has fixes for some response errors.	14 years ago
Victor Julien	87e6be610a	Issue warning if libhtp version used is not up to date.	14 years ago
Victor Julien	02e1229565	Enforce flow direction for http_raw_header sigs. Fix unittests that missed the flow direction.	14 years ago
Victor Julien	80fb33c651	Fix libhtp htp_tx_get_response_headers_raw 'detection' for bundled libhtp.	14 years ago
Victor Julien	5fa195ffb3	Allow log-pcap to use both absolute and relative sguil-base-dir settings when in 'sguil' mode.	14 years ago
Victor Julien	4cd2938c68	Fix PathIsAbsolute function not dealing with CYGWIN. Handle absolute paths in logfile api.	14 years ago
Victor Julien	7066a79c10	Register HTTP logger at registration, not thread init.	14 years ago
Victor Julien	146ff9d66e	Suppress ac-gfbs debug message being printed at info level.	14 years ago
Victor Julien	cd987ae7a5	Threading: do not keep a slots post_pq locked while processing the packets.	14 years ago
Victor Julien	e81f94cd83	Fix flowbits sigmatch structure added to the match and post-match list, causing corruption of the prev ptr. This lead to an endless loop condition in the thresholding code. Thanks to Chris Wakelin for reporting the issue.	14 years ago
Victor Julien	39ef24ccc4	Fix pcap -i mode.	14 years ago
Victor Julien	ae27333458	Make live worker runmode threads adhere to the 'detect' cpu affinity settings.	14 years ago
Victor Julien	e526525f83	Fix pcap -i <ip>.	14 years ago
Victor Julien	35467db151	Indicate that the Suricata version used is a release or a git checkout.	14 years ago
Victor Julien	28e15be526	Clean up default output. Use simpler output format for releases.	14 years ago
Victor Julien	ff9fb7e1b5	Assume offloading in use if 1/10th of the packets has a bad checksum.	14 years ago
Victor Julien	9bea84918c	Fix checksum offloading auto detection typo: it should be 1/5th instead of 1/10th.	14 years ago
Victor Julien	c4b34e6ef7	Fix various minor clang/scan-build warnings.	14 years ago
Victor Julien	791fc2f6ea	Adapt signature ordering to new flowbits post-match handling.	14 years ago
Victor Julien	8339ca6d4e	Implement post match support for ip-only.	14 years ago
Victor Julien	e69c584317	Let timing out flow use pseudo packets also if state is not fully closed.	14 years ago
Victor Julien	6eeab37ab3	Add post-match list, move flowbits set, etc functions to it. Move flowint set, etc functions to it as well.	14 years ago
Victor Julien	0818a151ec	Add reject support to live single, autofp and workers runmodes.	14 years ago
Eric Leblond	0b2c7dfa5d	runmode: Add Reject to IPS worker mode.	14 years ago
Victor Julien	515d070554	Print elapsed time with millisecond precision.	14 years ago
Victor Julien	aac2d91bcc	Set DROP flag for reject action so in addition to sending the rst, in IPS mode also drop the offending packet.	14 years ago
Victor Julien	f084874998	Fix HTTP state and raw stream not being inspected at the same time. Adds an exception to transaction id handling for HTTP.	14 years ago
Victor Julien	16cfae2f51	Trigger raw stream reassembly on receiving a full HTTP request or response.	14 years ago
Victor Julien	f773942ce0	Disable printing dreaded app layer error messages to the screen: app layer events are here to safe us.	14 years ago
Victor Julien	f713b653ab	Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well.	14 years ago
Victor Julien	e55390e4e7	Add check to invalidate signatures that inspect raw http headers in the to_client direction (response headers) if libhtp hasn't been patched yet. Also add hack to disable the test for unittests, many tests fail and we'll fix those ASAP.	14 years ago
Victor Julien	1ac6054c23	Clean up configure check for htp_tx_get_response_headers_raw. Misc changes.	14 years ago
Anoop Saldanha	4acd5a04e6	Enable http raw response header inspection only if libhtp supports raw response header buffering which should be available post 0.2.6	14 years ago
Anoop Saldanha	9c4954ff42	support http response raw header inspection + carry out hrhd mpm on both request/response headers + add unittests for the same	14 years ago
Anoop Saldanha	1b434f5fff	hhd unittests for response headers	14 years ago
Anoop Saldanha	e5c3e2cdb1	carry out hhd mpm on both request/response headers	14 years ago
Anoop Saldanha	30247dce8c	bug 389 - support http response header inspection + fix bug with stateful inspection for sigs that would have both request/response inpection	14 years ago
Victor Julien	64f717c880	Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv.	14 years ago
Victor Julien	026a4efc57	Make sure that continued stateful detection only inspects sigs in the proper direction.	14 years ago
Victor Julien	21ee59e6f3	Add signature direction (flow:toserver/flow:toclient) as a signature flag.	14 years ago
Victor Julien	d5402d33d4	Simplify detection loop. Inspect packet keywords before the state.	14 years ago
Victor Julien	7fa22e8453	Rename app_layer_events to app-layer-events. Misc fixes/changes.	14 years ago
Victor Julien	ecd457db7b	Allow flowint names to have dots in them.	14 years ago
Anoop Saldanha	5311cd4866	Support for smtp decoder events	14 years ago
Anoop Saldanha	eea5ab4a7a	Support for app layer decoder events added + app_layer_event keyword added	14 years ago
Victor Julien	4c1e417d49	Allow non-existing flowints to be incremented. A 'set' to 0 is implied in this case.	14 years ago
Victor Julien	d24b3a0e50	Clean up csum detection output, misc fixes.	14 years ago
Eric Leblond	9a2a4802f4	pf-ring: add support for checksum verif mode This patch adds support for checksum verification mode. Supported mode are yes, no, auto and rx-only.	14 years ago
Eric Leblond	0399a06f4f	pcap: fix typo	14 years ago
Eric Leblond	db5ca0f3a4	pcap: add auto mode support	14 years ago
Eric Leblond	a565148fb1	af-packet: fallback if 'kernel' mode is not supported This patch adds a fallback to full checksum validation if 'kernel' mode is not supported by the running kernel.	14 years ago
Eric Leblond	51eb96053c	af-packet: auto mode support	14 years ago
Eric Leblond	c3eaa6cc60	Add per-interface counter for invalid checksum. This patch adds a per-device counter for invalid checksum as well as a simple packet counter.	14 years ago
Eric Leblond	745b61171a	Introduce LiveGetDevice function	14 years ago
Eric Leblond	e893e860d4	Rename LiveGetDevice to LiveGetDeviceName The function LiveGetDevice is returning a point to the name of the interface. This patch renames it to LiveGetDeviceName which is more appropriate.	14 years ago
Eric Leblond	1d1271fd38	pcap: add support for checksum verif mode This patch adds support for checksum verification mode. Auto mode is not yet supported.	14 years ago
Eric Leblond	6062e00c2b	af-packet: add support for checksum verif mode This patch adds support for checksum verification mode. Auto mode is not yet supported.	14 years ago
Eric Leblond	551cb3e4c2	decode: introduce checksum mode enum.	14 years ago
Eric Leblond	623bb38d1c	af-packet: Fix typo in error message.	14 years ago
Eric Leblond	8d635ddfc2	detect-csum: incomplete checksum is a valid checksum This patch modify checksum match to not alert on packet with incomplete checksum. They will be checksummed later and thus can be considered as valid one.	14 years ago
Eric Leblond	67f791e891	af-packet: add variable to disable offloading detection This flag adds variable to disable offloading detection. The effect of the flag is to avoid to transmit auxiliary data at each packet. This could result in a potential performance gain.	14 years ago
Eric Leblond	f6ddaf3341	af-packet: parse message to find lack of checksum Emitted packet can have checksum offloading. This patch reads af-packet message parameter to see if the kernel has sent a non checksummed packet.	14 years ago
Eric Leblond	5dc46ae7c7	pf-ring: Mark emitted traffic as non checksummed The traffic sent by an interface is potentially offloaded. This patch adds detection of TX packets and set the corresponding flag.	14 years ago
Eric Leblond	81bc6f5518	Treat incomplete checksum. Checksum of local traffic is often offloaded to the network device. This causes some problems on parsing of this traffic. This patch introduces a PKT_INCOMPLETE_CHECKSUM flag which can be used to indicate that the checksum is not computed/correct for good reason.	14 years ago
Victor Julien	9324ed7b90	Fix icmpv6 ip-only rule not firing. #363 .	14 years ago
Anoop Saldanha	517040c4af	indentation fix	14 years ago
Anoop Saldanha	37b223645a	fix detection engine for alert stability. Fix cases where we have multiple rules having same pattern. We should see good perf increase(~5%) with this change, now that we avoid unnecessary inspection"	14 years ago
Anoop Saldanha	42bc22cfa5	indendation fix	14 years ago
Anoop Saldanha	ecc7a769a7	reclaim mpm contexts if no patterns are added to it, even in non-full mode	14 years ago
Anoop Saldanha	1389cf6913	update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda	14 years ago
Anoop Saldanha	92643f6110	introduce separate mpm ctxs for tcp/udp/other_protos	14 years ago
Anoop Saldanha	a5dec3cb2e	refactor all http mpm engine code	14 years ago
Anoop Saldanha	34cf557abf	fix indentation	14 years ago
Anoop Saldanha	5b91cec4ae	remove unnecessary if/else checks	14 years ago
Victor Julien	ada4066238	Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251 .	14 years ago
Victor Julien	298289f43f	Let flow:only_stream and flow:no_stream set the require packet and require stream flags. Toss out sigs with conflicting settings. Rename flow:stream_only to flow:only_stream. Fixes #261 .	14 years ago
Victor Julien	c04f45ccb9	Add tcp-pkt and tcp-stream 'protocols' to force a signature to inspect only packet or stream data.	14 years ago
Victor Julien	2c62b50ed5	Fix 2 compiler warnings.	14 years ago
Mike Pomraning	cfced01641	Use strlcpy	14 years ago
Mike Pomraning	914b10a8e6	Touch up Makefile for SCConfLogOpenGeneric.	14 years ago
Mike Pomraning	dfec9c0f6a	Switch 'fast', 'http-log', 'drop' and 'alert-debug' to SCConfLogOpenGeneric.	14 years ago
Mike Pomraning	dec34afa40	SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs. util-logopenfile.[ch] implements the abstraction; util-error.[ch] modified to include a socket-specific error code; output.h adds a default filetype for logs ("regular").	14 years ago
Victor Julien	a1cb769205	Switch log-file module to use new absolute path detection code.	14 years ago
Victor Julien	4cbaeb408c	Add functions to determine whether a path is absolute or relative.	14 years ago
Victor Julien	a397599fbb	file extraction: add waldo option to file log module. This will store the last used file_id so extracted files won't get overwritten is Suricata is restarted.	14 years ago
Victor Julien	effe01ae7b	Add Init and DeInit calls to the thread module API.	14 years ago
Eric Leblond	7fb78a0ff6	Fix compilation warning.	14 years ago
Victor Julien	08f3ef7685	Reshuffle version printing so -V prints it only once.	14 years ago
Eric Leblond	1bebb9831d	logging: don't display debug message before setting params.	14 years ago
Eric Leblond	05f562fdc3	logging: use SCLogDebug instead of printf This patch uses SCLogDebug instead of printf to enable filtering of the log message by the log filtering option.	14 years ago
Eric Leblond	9545a56426	ipfw: suppress poll before sendto Calling poll before using sendto seems a bit overkill.	14 years ago

... 5 6 7 8 9 ...

3264 Commits (794bfc590c7342489dc337ee6c5e6ccab72be1c0)