aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,505 Commits
11 Branches
163 Tags
192 MiB
dependabot/github_actions/github/codeql-action-4.31.2
dependabot/github_actions/actions/download-artifact-6.0.0
dependabot/github_actions/actions/upload-artifact-5
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8186565240'
${ noResults }
Commit Graph

2371 Commits (818656524003c4501401709aecffb19c28ca588c)

Author SHA1 Message Date
Anoop Saldanha 56432cee16 Single thread kill also checks if inq is cleared before shutting down 14 years ago
Anoop Saldanha 8fa923c5ac - All threads also check to see if their inq is cleared before they shutdown. 14 years ago
Anoop Saldanha a844eecb0e - Updated all runmodes to use synchronization points, right before each thread(slot function) tries to de-init the thread. - Main thread now first disables receive thread(s) before it kills receive and rest of the threads. 14 years ago
Anoop Saldanha e567c2d002 Introduce master-slave synchronization support for ThreadVars 14 years ago
Anoop Saldanha 94c5ecb069 introduce inline function version of TmThreadsSlotProcessPkt macro. Retain the macro as well 14 years ago
Anoop Saldanha fd6faac196 update TmThreadsSlotProcessPkt with better error handling + post pq processing 14 years ago
Anoop Saldanha 3fb65f5ec2 fix local var usage for slot in tm-threads.c 14 years ago
Anoop Saldanha acbcee69ff support post pq packet processing in var slot 14 years ago
Victor Julien cc4e89fbe1 Profiling: convert all packet profile counters/variables to u64. Improve output for larger numbers. 14 years ago
Eileen Donlon e8c51e09e8 fixed bug 291 corrected reference to reference-config-file 14 years ago
Eileen Donlon 89599d3b9b fixed bug 288; corrected config boolean parsing problems 14 years ago
Eric Leblond de1d002ea6 Return OK when leaving cleanly. 14 years ago
Eric Leblond 2631e5f14f pcap: get rid of old API. 14 years ago
Eric Leblond 6f975d3248 pcap: add "autofp" runmode 
This patch adds "autofp" runmode. This runmode supports multiple
devices and uses the new CPU affinity system.
 14 years ago
Eric Leblond effa295489 pcap: add "single" runmode 
This patch adds support for the "single" mode to the pcap live
mode.
 14 years ago
Victor Julien e13181496c ip-only: added support for matching on ports. 14 years ago
Victor Julien 3d396e8b1e Update PCRE JIT code to support official JIT implementation in pcre-8.20-RC1. 14 years ago
Victor Julien 751a77a9be Make sure stream/engine-event signatures are recognized as such. 14 years ago
Victor Julien c590bba4a4 Undo tunnel reference counting using atomic operations. Revert to mutex based code. 14 years ago
Victor Julien 63f834d9a7 Add profiling to various HTTP buffer MPM calls. 14 years ago
Victor Julien 2675879ff1 Engine and stream events only rules can are deonly compat as well. 14 years ago
Eric Leblond bd7ac3eaa6 PrintInet: fix compilation on FreeBSD 14 years ago
Anoop Saldanha 3801e00426 fix compliation warnings from runmode-af-packet.c 14 years ago
Victor Julien baddfcaa1a Extend packet profiling to other thread 'slot' functions. 14 years ago
Victor Julien 3693a7a9ee Profiling: add accounting for several detection phases. 14 years ago
Victor Julien e8e392fb1f Profiling: add per packet accounting of how much ticks are spend in protocol detection. 14 years ago
Eric Leblond 7425bf5ca6 Rename some decode event structure and macro. 
This patch renames DECODER_SET_EVENT, DECODER_ISSET_EVENT and some
other structures to ENGINE equivalent to take into account the fact
the event list is now related to all engines and not only to decoder.
 14 years ago
Eric Leblond de65b11c42 decode signature optimisation requires different treatment 
Decode signature are using the fact that no proto is set on packet
to increase the matching speed. This is not the case of stream and
other engine events. Thus a difference needs to be made.
 14 years ago
Eric Leblond 3f153fb0da Add 'stream-event' keyword. 
This patch adds an alias to the 'engine-event' keyword. It is now
possible to access to the stream events via the 'stream-event'
keyword. A simple transformation is done:
    stream-event:reassembly_segment_before_base_seq
is a shortcut for:
    engine-event:stream.reassembly_segment_before_base_seq
 14 years ago
Eric Leblond eb0d4e4d8b Add stream events support to 'engine-event' keyword 
This patch adds the list of stream events (with associated
keywords) to the list of events that can be treated by 'engine-event'.
 14 years ago
Eric Leblond e3a6d8955e Introduce engine-event keyword 
This patch renames the 'decode-event' keyword to 'engine-event' and
keep it for backword compatibility of rulesets. All *DecodeEvent*
references in the code are replaced by EngineEvent version.
 14 years ago
Eric Leblond 2ac8755382 Rename detect-decode-event to detect-engine-event 
This patch does a simple renaming of detect-decode-event file to
the more global detect-engine-event name.
 14 years ago
Victor Julien 21f387d2c7 profiling: fix stream ticks miscalculation on stream end pseudo packets. 14 years ago
Eric Leblond ff6365dd33 af-packet: switch to pcktacqloop API. 
This patch gets rid of the old API and brings some optimisation
by reordering structure and optimisinf an error test.
 14 years ago
Eric Leblond 834c91eece af-packet: add AFP to per packet performance system. 14 years ago
Eric Leblond fb4be6199f af-packet: change option name 
This patch changes the option name. af-packet long option is
now used instead of -a to mimic pfring behaviour.

This patch improves the standard parsing of the command line.
Running
 suricata -c suricata.yaml --af-packet
will start a suricata running in AF_PACKET mode listening on all
interfaces defined in the suricata.yaml configuration file. The
traditionnal syntax:
 suricata -c suricata.yaml --af-packet=ppp0
will start a suricata listening on ppp0 only.
 14 years ago
Eric Leblond e253da092c device: Add function to build interface list from config 
This patch adds a new function which build the list of interfaces to
use by parsing the configuration file. This is using the new format
and thus only af-packet can benefit of this feature.
 14 years ago
Eric Leblond df7dbe36b6 af-packet: Add option to disable promiscuous mode 
This patch adds an option to suricata.yaml to be able to disable
the switch of the interface into promiscuous mode.
 14 years ago
Eric Leblond fbca1a4e6b af-packet: multi interface support 
This patch adds multi interface support to AF_PACKET. A structure
is used at thread creation to give all needed information to the
input module. Parsing of the options is done in runmode preparation
through a dedicated function which return the configuration in a
structure usable by thread creation.
 14 years ago
Eric Leblond dc667af1a1 conf: Introduce new function to input configuration. 
The input modules are needing a per interface configuration. This
implies some new operations to be able to parse easily te configuration.

The syntax of the configuration file is for example:
af-packet:
  - interface: eth0
    threads: 2
  - interface: eth1
    threads: 3
We need a way to express get a configuration variable for interface[eth0].
This is by using ConfNodeLookupKeyValue() to get the matching node. And
after that value can be fetch by using ConfGetChildValue*() functions.
 14 years ago
Eric Leblond e80b30c082 af-packet: finalize code 
This patch handles the end of AF_PACKET socket support work. It
provides conditional compilation, autofp and single runmode.

It also adds a 'defrag' option which is used to activate defrag
support in kernel to avoid rx_hash computation in flow mode to fail
due to fragmentation.

This patch contains some fixes by Anoop Saldanha, and incorporate
change following review by Anoop Saldanha and Victor Julien.

AF_PACKET support is only build if the --enable-af-packet flag is
given to the configure command line. Detection of code availability
is also done: a check of the existence of AF_PACKET in standard
header is done. It seems this variable is Linux specific and it
should be enough to avoid compilation of AF_PACKET support on other
OSes.
Compilation does not depend on up-to-date headers on the system. If
none are present, wemake our own declaration of FANOUT variables. This
will permit compilation of the feature for system where only the kernel
has been updated to a version superior to 3.1.
 14 years ago
Eric Leblond 871b21892a factorize pcap live device function 
They are not specific to pcap and could thus be used in other module.
 14 years ago
Eric Leblond c45d898572 af-packet: basic support for AF_PACKET socket 
This patch provides basic support for AF_PACKET socket. It is
completed by a subsequent patches prodiding extended features
and bugfixes.
 14 years ago
Anoop Saldanha 58b595cc21 fastlog print updates for ipv6. combine the io write 14 years ago
Anoop Saldanha e8f9557664 fastlog print updates. combine the io write 14 years ago
Victor Julien fca541f40e Add per app layer parser profiling 
Per packet per app layer parser profiling. Example summary output:

Per App layer parser stats:

App Layer              IP ver   Proto   cnt        min      max          avg
--------------------   ------   -----   ------     ------   ----------   -------
ALPROTO_HTTP            IPv4       6    163394        126     38560320     42814
ALPROTO_FTP             IPv4       6       644        117        26100      2566
ALPROTO_TLS             IPv4       6       670        117         7137       799
ALPROTO_SMB             IPv4       6    114794        126       225270       957
ALPROTO_DCERPC          IPv4       6      5207        126        25596      1266

Also added to the csv out.

In the csv out there is a new column "stream (no app)" that removes the
app layer parsers from the stream tracking. So raw stream engine performance
becomes visible.
 14 years ago
Victor Julien 0cc9f39200 Move TlsConfig structure out of app-layer-protos.h and rename it to SslConfig. 14 years ago
Victor Julien 820b0ded82 Add per packet profiling. 
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
 14 years ago
Victor Julien 1bd1a62526 Rename profile macro's and variables to reflect that they are for rule profiling. 14 years ago
Eric Leblond 88559901d4 pcap-file: Allocated packet must be free if there's error 14 years ago
Eric Leblond f6628f140d detect: fix regular expression used for check. 14 years ago
Eric Leblond a354034cfc nfq: Fix deinit phase 
If receive thread is failling, we need to restart it but the code was
not restarting the queue (this was done in verdict thread).
 14 years ago
Eric Leblond eddcedba0a nfq: make thread abort if NFQ verdict fail 14 years ago
Eric Leblond 2ffcef0a8e nfq: Add iterator on nfq_set_verdict 
This patch adds retry to nfq_set_verdict in case of error.
 14 years ago
Eric Leblond a8b21066df tm-thread: fix documentation string 14 years ago
Eric Leblond a8ae1c42c3 Fix macro about default packet size 
Being pessimistic about packet default size has side effect in
some module. Falling back to the sane correct value.
 14 years ago
Eric Leblond 685e0e1a63 Rename rule_type_t to ThresholdRuleType. 14 years ago
Eric Leblond 8787e6f6d0 suppress: use DetectAddress instead of DetectAddressHead 14 years ago
Eric Leblond 8ff8ec4f82 Export some DetectAddress related function. 14 years ago
Eric Leblond 7938344e1b threshold: refactoring of parsing code 
This patch factorize the regular expression to be ease the parsing
process. It also adds a missing free and factorize exit code.
 14 years ago
Eric Leblond 03c185a3ad threshold: add suppress keyword 
This patch adds the suppress keyword to the threshold.config file.
The alerts are suppressed but the other elements like flowbits are
maintained.
 14 years ago
Eric Leblond 85e8d8e200 Add sanity check to DetectAdressParse. 
The function is only used at parsing time, this is not costly to add
a simple sanity check.
 14 years ago
Eric Leblond 7168e0aafc threshold: fix trivial typo in parsing. 14 years ago
Eric Leblond a56f8dd6b2 doc: introduce doxygen group "threshold" 
This patch introduces a doxygen group to put together the documentation
relative to threshold. Group appear in a separate page and they can have
their own documentation. This is useful when a feature is splitted into
different files.
 14 years ago
Victor Julien dc218388e5 Fix flowint keyword pcre_get_substring issue. 14 years ago
Victor Julien 1740c3a7c7 Fix urilen keyword pcre_get_substring issue. 14 years ago
Victor Julien f52b54f63e Fix ssl keyword pcre_get_substring issue. 14 years ago
Eric Leblond 6b9d1012ff Transform inet_ntop call into PrintInet one. 14 years ago
Eric Leblond 2fa07780c2 Introduce PrintInet function 
This function has the same signature than inet_ntop() and it
will be used as substitution in the code. For IPv4 this is a simple
wrapper. For IPv6, it display addresses with fixed length.
 14 years ago
Victor Julien 7e1d911215 Small optimizations to pkt acq loop code. 14 years ago
Victor Julien b753ecce50 Implement a pkt acq loop infra with support for pcap-file. 14 years ago
Anoop Saldanha 975ebf2e4f Minor changes to move function calls that kills threads + frees resources to the clean up phase right to the end of main thread 14 years ago
Anoop Saldanha ff7284e7b7 Fix code that allows the engine to restart threads that have exited on failure 14 years ago
Anoop Saldanha 524af82b1a code cleanup in tm-threads.c 14 years ago
Anoop Saldanha 4f7df1029d Unify the use of slots to a single struct for threading API. Remove separate slot append functions for 1slot and varslot 14 years ago
William 6730c3ace1 Actually limit recursion and backtracking and stack usage by PCRE. Logic was broken, no example was provided in suricata.yaml even though it could be set from there. 14 years ago
William 61fe05b220 Fix for silly pcap counters mistake made by me. ps_recv includes dropped packets. 14 years ago
William b3f7e6a2fc Only set PF_RING cluster if we have more than one receive thread. Gives us accurate drop stats. 14 years ago
Anoop Saldanha d3bc3f0fe5 coverity fix for counters api 14 years ago
Anoop Saldanha be3996ac02 coverity fix - 1.1beta branch - add some comments to indicate false positives by coverity for future reference - mainly comments for switch statement fall through 14 years ago
Victor Julien df3ca322a4 Fixes for out of bounds pcre_get_substring calls no longer silently accepted by modern pcre. 14 years ago
William 1099093e0f Support for PF_RING versions where packet passed as a reference and version 4.7.1 where pfring_enable_ring now seems to be required. 15 years ago
Eric Leblond a0b4068041 autotools: fix duplicate check command in Makefile. 
It seems that check target can not be used in Makefile.am. Using
check-am fix a make failure.
 15 years ago
Eric Leblond 586aae0ff3 Indentation fix on source-pcap. 15 years ago
Anoop Saldanha c8701cf8d1 fix var name parsing in byte_extract 15 years ago
Anoop Saldanha 7e5c52c80b add flowbits:set; only sigs to be treated as ip only 15 years ago
William bca8fbc79e Add Num, Rev, and Gid columns to rule perf output 15 years ago
Victor Julien 0625d54267 Improve HTPParserTest07 test to be more helpful if it fails. 15 years ago
Victor Julien 862b708a70 Fix stream unittest. 15 years ago
Anoop Saldanha 88115902b0 Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines 15 years ago
Anoop Saldanha 576ec7da66 smtp parser support 15 years ago
Victor Julien add02a4ef3 Fix handling of FIN/ACK packet on TCP state TCP_FIN_WAIT2. 15 years ago
Victor Julien 16b41a5eff Use p->proto in detect to determine TCP/UDP/SCTP. 15 years ago
Victor Julien ebe99a2597 Fix unified2 packet length not being set properly for reassembled stream packets. 15 years ago
Victor Julien 047b19d271 Fix a reassembly bug that in some cases could lead to a crash. 15 years ago
Victor Julien 22a97af226 Only compile byte_extract unittests if --enable-unittests is enabled. 15 years ago
Eric Leblond 5727fac988 cpu affinity: detect a missed invalid case 
This patch improves the error handling in the definition of cpu
set. It detect when the max value is too big and display the name
of the invalid cpu set in error message.
 15 years ago
Eric Leblond d34e85c203 Fix #290: avoid looping when affinity is invalid 
This patch adds a loop counter to detect when the cpu_set does
not intersect the set of available CPUs.
 15 years ago
Victor Julien e5cc68a91f Attempt to work around missing __WORDSIZE define on FreeBSD. 15 years ago
Victor Julien 4025567a5a Fix a number of unittests not properly initializing a packet causing issues on some archs. 15 years ago
Victor Julien 43b2e63c1e Fix minor compiler comments in CUDA code. 15 years ago
Martin Beyer 2f1262b446 fixed cuda build: portability issues and nvcc version check 15 years ago
Martin Beyer 736f09c4bc fixed ptxdump for python3 15 years ago
Martin Beyer 49d66430bc build cuda modules with make 15 years ago
Victor Julien f7f037c1d1 Make sure stateful detection engine inspecting HTTP streams works well for to_client rules as well. 15 years ago
Anoop Saldanha b4427e81ec minor fixes in endianness handling in dcerpc and dce detection engine 15 years ago
Kirby Kuehl acfc9a8ab0 Improve DCERPC big endian support when parsing BIND CTX Items (UUID). Make default byte packing order for the slow path little endian. Byte swapping on slow path will occur if big endian. This is a readability change, not a functional change. 15 years ago
Anoop Saldanha 5ccd9a8347 byte_extract support for isdataat added 15 years ago
Anoop Saldanha 35f3eafa5e byte extract added to the engine. Detection support added for packet payload, uri and dce detection engines 15 years ago
Eric Leblond 64b069369e Unified2: Use local variable for header copy 
Due to the chaining of function call, the per-thread buffer was overwritten.
This was causing invalid data to be output.

This patch restores a local variable usage for the writing of the header
which are rather small and thus should not be a performance and security
issue.
 15 years ago
Eric Leblond 9d24e3aacc Fix len computation. 15 years ago
deltay 170efc8d38 Register http parser callbacks in the right place. 15 years ago
Victor Julien 1174df9712 Fix passing a uint8_t as an int. Breaks on some args. 15 years ago
Victor Julien ad175c8aec Fix complition on OS/archs that don't support atomic variables. 15 years ago
Victor Julien 0ea883edf3 Fix broken stateful detection unittest. 15 years ago
Victor Julien 3f409db486 Use pmmintrin.h as older gcc's don't have immintrin.h it seems. 15 years ago
Victor Julien 73efb4c70f Add a app layer state and stateful detection engine counter that makes sure the stateful inspection is only done when the state changes. 15 years ago
Victor Julien 50aceb11eb Clean up stateful detection code. 15 years ago
Victor Julien 0768ca9806 Fix SIMD mask checking on 64 bit systems. 15 years ago
Victor Julien 350215966b Fix signature mask bitorder. 15 years ago
Victor Julien aa822c0ac1 Always reset alert cnt and always increment det_ctx->pkts. 15 years ago
Victor Julien 1e0b050a54 Add more mask flags. 15 years ago
Victor Julien 4b52823ab6 Use 64 bit mask on 64-bit systems. 15 years ago
Victor Julien e5b6c0f518 Check 32 masks per run instead of 16 in the SIMD code. 15 years ago
Victor Julien 2dbfdd40af Clean up new SIMD mask checking code, improve non-SIMD checks. 15 years ago
Victor Julien b421019cef Match packet mask against 16 signature masks at once using SIMD instructions for SSE3 and up. 15 years ago
Victor Julien 8f43670b16 Add wrappers for aligned memory allocation. 15 years ago
Victor Julien 7e128176d2 Add Vector datatype for SSE operations. 15 years ago
Victor Julien bc5738d57d Add compiler and hardware barrier macro's. 15 years ago
Victor Julien 90ebb6f01f Fix broken fix. 15 years ago
Gerardo Iglesias Galvan a3e0325075 Don't loose memory if PoolInit fails 15 years ago
Gerardo Iglesias Galvan 363285d485 No need to check array pointer 15 years ago
Gerardo Iglesias Galvan a2b7b77434 Make sure we always check the result of TmThreadCreatePacketHandler 15 years ago
Gerardo Iglesias Galvan f545df3ea7 Fix potential issue in TmThreadsSlot1NoIn 15 years ago
Gerardo Iglesias Galvan a9509eea2e Fix very minor mem leak when setting bpf filter 15 years ago
Gerardo Iglesias Galvan 4c4c2a5583 Remove dead code from the BoyerMoore implementation 15 years ago
Gerardo Iglesias Galvan b1e7c0b123 Properly free data in tag match function 15 years ago
Gerardo Iglesias Galvan 570e0ec9e4 Fix potential memory leak in ASN1 parsing code in low memory conditions 15 years ago
Gerardo Iglesias Galvan 313067f47f Check return code of DetectEngineCtxInit at startup 15 years ago
Gerardo Iglesias Galvan c968ca0f85 Fix potential small issue with ftell and fseek 15 years ago
Gerardo Iglesias Galvan dd5e438d6f Make all access to memory tracking counters in stream engine lock protected 15 years ago
Gerardo Iglesias Galvan 36290297dc Remove dead code from reference handling 15 years ago
Gerardo Iglesias Galvan 44692c83aa Properly check retval for config and conversion function calls 15 years ago
Gerardo Iglesias Galvan 5ac8ab9a61 Check inet_pton retval and properly cleanup on error in unittest helper 15 years ago
Gerardo Iglesias Galvan 58f713254e Make sure return value of fgetc isn't truncated 15 years ago
Gerardo Iglesias Galvan bd6d1bfac4 Fix potential crash in classtype parsing code 15 years ago
Gerardo Iglesias Galvan 73dd5562c3 Fix potential crash in signature parsing code 15 years ago
Gerardo Iglesias Galvan 91c001f93b Fix potential crash in initialization cleanup code 15 years ago
Gerardo Iglesias Galvan 5d85b0f7b7 Fix potential crash in ip-only address parsing code 15 years ago
Gerardo Iglesias Galvan a56592e556 Make sure we do all after the null check in HTPStateFree 15 years ago
Gerardo Iglesias Galvan c4832814b4 Prevent a memory leak on low memory conditions in http client body handling 15 years ago
Gerardo Iglesias Galvan 2836e0de4e Fix potential alert-unified-log recourse leak during initialization 15 years ago
Gerardo Iglesias Galvan 0f458495c7 Fix potential prelude recourse leak during initialization 15 years ago
Gerardo Iglesias Galvan db94f01831 Fix declaration hiding len parameter in IPv6 decoder 15 years ago
Gerardo Iglesias Galvan 305140d081 Silence coverity warning 15 years ago
Eric Leblond bc68c108a7 NFQ: use per thread allocated data for recv buffer. 15 years ago
Pierre Chifflier a2b37e7487 Prelude: fix test always returning true 
Fix wrong logic in test for error handling code.

Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net>
 15 years ago
deltay 2856cf0de5 #277 ignore bpf filter if fread failed. 15 years ago
Eric Leblond 4b0c8f6567 Use local thread variable buffer in alert unified2. 15 years ago
Eric Leblond c8a811e69d Make use of per function/thread data in alert unified. 
This patch replaces a local variable buffer by the usage of the data
contained in the local thread variable.
 15 years ago
Victor Julien 63f6de58cb Fix HTP unittests that test pre 0.2.6 libhtp issue. HTP config wasn't restored properly. 15 years ago
Victor Julien 326047eec1 Add unittests for debugging a libhtp issue. 15 years ago
Jason Ish 7257fed0f3 Fix bug 288, accept true in output configuration. 
Refactor a bit to run checks for truth through a common function
that takes yes, true, on and 1 as true values.
 15 years ago
Anoop Saldanha b819643635 coverity - logging system buffer overrun fix 15 years ago
Victor Julien 6dba98f277 Remove dead code from flowbits parsing. 15 years ago
Victor Julien e866aa3e15 Fix TAG removal in certain conditions. 15 years ago
Victor Julien f4aad76bb4 Make sure we don't process TAG records from the flow multiple times and outside the flow lock. 15 years ago
Victor Julien 6384b39f18 Remove unused and broken htp code. 15 years ago
Victor Julien e1d4e16645 Simplify packet decoding macro's. 15 years ago
deltay e3270f20b2 #277 Add -F option to load bpf filter from file 15 years ago
Victor Julien b73939bcef Clean up & better check includes to allow Windows to build. 15 years ago
Victor Julien be5ad4402d Fix stream reassembly engine compilation on Windows. 15 years ago
Victor Julien 40bf422453 Fix log-pcap compilation on Windows. 15 years ago
Victor Julien 5d9c093d65 Don't compile alert-syslog module on Windows, it doesn't work anyway. 15 years ago
Victor Julien da086894e5 Remove unnecessary include that breaks windows builds. 15 years ago
Victor Julien 95387b2297 Include <windows.h> to get access to THREAD_PRIORITY_* defines. 15 years ago
Victor Julien dd97d136a9 Rearrange syslog.h including so we won't fail to build on win32. 15 years ago
Victor Julien e16a566a96 Account for distance when checking within. Bug #285. 15 years ago
Victor Julien 7f88158fb3 Remove a debug statement from single pcap file runmode. 15 years ago
Victor Julien 52eb8d2be0 Convert mutex protected tunnel counters to lockless atomic counters. 15 years ago
Victor Julien 54cd3552e1 Remove tunnel_proto field from Packet structure. 15 years ago
Victor Julien 3d22713b09 Convert Packet tunnel variables to bit flag checks. 15 years ago
Victor Julien 75439863ed Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15. 15 years ago
Victor Julien d3f19a3851 Fix memcmp checks that prevent reading past buffer boundary. 15 years ago
Victor Julien 4a2d4eef5a Properly reset IPv6 extension headers structure. 15 years ago
Victor Julien 962462e470 Fix SSE memcmp functions reading beyond the buffer. Add tests to bench them. 15 years ago
Victor Julien ece8e5444b Minor profiling fix: don't close stdout. 15 years ago
William d74fe520e5 Experimental support for PCRE-sljit enable via --enable-pcre-sljit 15 years ago
William 85643fe780 Convert to logging perf stats to file by default. Add a few columns to output avg ticks per match, avg ticks non match, allow sorting on based on them. 15 years ago
Victor Julien 36917c7d66 Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test. 15 years ago
Victor Julien a3e2b35536 Add configure check for new htp 0.2.5 uri normalize hook. 15 years ago
Victor Julien 15ce850387 Add support for new libhtp htp_config_register_request_uri_normalize callback. 15 years ago
Anoop Saldanha 6e0d98d9c4 fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx 15 years ago
Anoop Saldanha 7f8fb0f00d fix bounds checking in smb probing parser 15 years ago
Victor Julien 149ee6b648 Disable to_client http detection. Libhtp expects to_server data first. 15 years ago
Victor Julien 8999de2f93 Add proper RST handling to all TCP states. 15 years ago
Victor Julien 9a58a02559 Wrap HTP code that is only used in debug mode in debug ifdefs. 15 years ago
Victor Julien a5d9c86dd3 Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 15 years ago
Anoop Saldanha 61635f302c indentation changes in app-layer-smb.c 15 years ago
Anoop Saldanha a40fdc794e Added probing parser for nbss/smb on port 139 15 years ago
Anoop Saldanha b7b7bbec37 code indentation changes in app-layer-smb.c 15 years ago
Anoop Saldanha 7c31a2327e Add support for port based probing parsers for alproto detection 15 years ago
Anoop Saldanha fe6e41e3ef Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags 15 years ago
Anoop Saldanha 0c94d910e4 Removed FLOW_AL_STREAM_TOSERVER and FLOW_AL_STREAM_TOCLIENT. Use STREAM_TOSERVER and STREAM_TOCLIENT instead 15 years ago
Anoop Saldanha ac5584a863 Removed FLOW_AL_PROTO_DETECT_DONE. Replaced it with FLOW_ALPROTO_DETECT_DONE, stored it in Flow->flags 15 years ago
Anoop Saldanha 49e2b580cb Removed FLOW_AL_PROTO_UNKNOWN. We don't need this flag 15 years ago
Anoop Saldanha 38fe2b9070 Removed FLOW_AL_STREAM_START, EOF and GAP flags. We don't need these. Just use STREAM_* flags 15 years ago
Anoop Saldanha 000ce98cd1 push all proto detection code into their respective app parser register functions for every alproto 15 years ago
Anoop Saldanha aab4a43145 Add C and E flags to flags keyword. We still support 1 and 2 for backward compatibility 15 years ago
Anoop Saldanha 78bf2579aa move pseudo packet creation outside defragreassemble loop 15 years ago
Victor Julien f303f3f523 Fix a logic error in the SACK list cleanup causing a memleak and invalid memory access at the same time. 15 years ago
Victor Julien 1578ef1e3e Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST. 15 years ago
Victor Julien 83c3f15812 Minor fixes in defrag engine, shrink DefragTracker_ structure. 15 years ago
Jason Ish 0385f72669 Use separate frag decoder events for IPv4 and IPv6. 15 years ago
Jason Ish de1c40c44f Set decoder event on fragment overlaps. 15 years ago
Jason Ish 7f5e120d60 Cleanup assignment of the default defrag policy. 15 years ago
Jason Ish 6da9c64a28 Set decoder event when re-assembled fragments would exceed max IP packet size. 15 years ago
Victor Julien 96c2f2c877 Fix 2 stream reassembly unittests 15 years ago
Victor Julien 14ad853b94 Process a stream end pseudo packet when going from TIME_WAIT to CLOSED. 15 years ago
Victor Julien 3b40b02a1b Stream reassembly fixes. 15 years ago
Victor Julien c88630639e Fix setting libhtp personality. 15 years ago
Victor Julien 6aa551c558 Small optimizations to IPV4 and TCP header parsing. 15 years ago
Victor Julien d0374ced38 Implement SACK in the stream engine. 15 years ago
Victor Julien 6fc075d4ae Add TCP packet SACK option decoding. 15 years ago
Victor Julien dbe291bc50 Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing. 15 years ago
Victor Julien 136f55efc7 Fix a memory leak in flow recycle code causing the detection engine state not to be fully freed (recycled) but reference to memory removed anyway. 15 years ago
Victor Julien 38a7d1777f Bump version to 1.1beta2 15 years ago
Victor Julien a0799f0ff9 Wait longer at shutdown before concluding it's taking too long. Hopefully enables our slow QA boxes to complete in time. 15 years ago
Anoop Saldanha d245f15f14 disable mpm pattern's retest skipping in detection engine for uri, hcbd, hmd, hrhd, hhd, hmd, hcd 15 years ago
Victor Julien 681f8329a6 Make error on <- direction operation use more explicit. 15 years ago
Victor Julien cd75201dc7 Fix pfring commandline handling. 15 years ago
Victor Julien 778b92ef40 Make sure to only alloc a new pseudo packet once during ip defrag. 15 years ago
Victor Julien 5f2a0653b4 If engine shutdown (processing in-engine packets) times out, exit Suricata with EXIT_FAILURE. 15 years ago
Victor Julien 9ca0658a6e Clear pcap_cnt variable on packet recycle. 15 years ago
Victor Julien 03ea563e93 Don't set ip{4,6} header on reassembled ip packet until we know for sure what buffer the packet is stored in. 15 years ago
Victor Julien f5674eff74 Fix a copy issue in PacketCopyDataOffset. 15 years ago
Victor Julien 8978266a91 If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit. 15 years ago
Victor Julien 5d2f633c48 Properly initialize pfring runmode before using it. Fix malformed conf api calls. 15 years ago
Anoop Saldanha 966119b6aa support for http_raw_uri keyword + mpm engine 15 years ago
Victor Julien 169104a803 Slightly clean up --list-runmodes output. 15 years ago
Anoop Saldanha e4d890e186 modify runmode api to accept conf runmode paramter as a char string, instead of an interger id 15 years ago
Anoop Saldanha fb4ffc9aef fixed runmode name changes that was missed in the previous changes to the runmode api 15 years ago
Anoop Saldanha 229f7281ea list runmodes. Allow specification of runmode id from cof file. Also allow for command line override 15 years ago
Anoop Saldanha 05686e70a5 fix coding indentation + neaten runmode code 15 years ago
Anoop Saldanha d7c707e656 modify runmodes to take all arguments from the conf API 15 years ago
Anoop Saldanha a165d45da9 naming changes for runmodes 15 years ago
Anoop Saldanha 6fceeda8c5 move erf dag runmode into its own file runmode-erf-dag.[ch] 15 years ago
Anoop Saldanha f51cf34210 move erf file runmode into its own file runmode-erf-file.[ch] 15 years ago
Anoop Saldanha 86eabbc2f5 move ipfw runmode into its own file runmode-ipfw.[ch] 15 years ago
Anoop Saldanha 036015d6b9 move nfq runmode into its own file runmode-nfq.[ch] 15 years ago