aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,505 Commits
8 Branches
163 Tags
199 MiB
main-7.0.x
main
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8186565240'
${ noResults }
Commit Graph

2371 Commits (818656524003c4501401709aecffb19c28ca588c)

Author SHA1 Message Date
Eric Leblond f6628f140d detect: fix regular expression used for check. 14 years ago
Eric Leblond a354034cfc nfq: Fix deinit phase 
If receive thread is failling, we need to restart it but the code was
not restarting the queue (this was done in verdict thread).
 14 years ago
Eric Leblond eddcedba0a nfq: make thread abort if NFQ verdict fail 14 years ago
Eric Leblond 2ffcef0a8e nfq: Add iterator on nfq_set_verdict 
This patch adds retry to nfq_set_verdict in case of error.
 14 years ago
Eric Leblond a8b21066df tm-thread: fix documentation string 14 years ago
Eric Leblond a8ae1c42c3 Fix macro about default packet size 
Being pessimistic about packet default size has side effect in
some module. Falling back to the sane correct value.
 14 years ago
Eric Leblond 685e0e1a63 Rename rule_type_t to ThresholdRuleType. 14 years ago
Eric Leblond 8787e6f6d0 suppress: use DetectAddress instead of DetectAddressHead 14 years ago
Eric Leblond 8ff8ec4f82 Export some DetectAddress related function. 14 years ago
Eric Leblond 7938344e1b threshold: refactoring of parsing code 
This patch factorize the regular expression to be ease the parsing
process. It also adds a missing free and factorize exit code.
 14 years ago
Eric Leblond 03c185a3ad threshold: add suppress keyword 
This patch adds the suppress keyword to the threshold.config file.
The alerts are suppressed but the other elements like flowbits are
maintained.
 14 years ago
Eric Leblond 85e8d8e200 Add sanity check to DetectAdressParse. 
The function is only used at parsing time, this is not costly to add
a simple sanity check.
 14 years ago
Eric Leblond 7168e0aafc threshold: fix trivial typo in parsing. 14 years ago
Eric Leblond a56f8dd6b2 doc: introduce doxygen group "threshold" 
This patch introduces a doxygen group to put together the documentation
relative to threshold. Group appear in a separate page and they can have
their own documentation. This is useful when a feature is splitted into
different files.
 14 years ago
Victor Julien dc218388e5 Fix flowint keyword pcre_get_substring issue. 14 years ago
Victor Julien 1740c3a7c7 Fix urilen keyword pcre_get_substring issue. 14 years ago
Victor Julien f52b54f63e Fix ssl keyword pcre_get_substring issue. 14 years ago
Eric Leblond 6b9d1012ff Transform inet_ntop call into PrintInet one. 14 years ago
Eric Leblond 2fa07780c2 Introduce PrintInet function 
This function has the same signature than inet_ntop() and it
will be used as substitution in the code. For IPv4 this is a simple
wrapper. For IPv6, it display addresses with fixed length.
 14 years ago
Victor Julien 7e1d911215 Small optimizations to pkt acq loop code. 14 years ago
Victor Julien b753ecce50 Implement a pkt acq loop infra with support for pcap-file. 14 years ago
Anoop Saldanha 975ebf2e4f Minor changes to move function calls that kills threads + frees resources to the clean up phase right to the end of main thread 14 years ago
Anoop Saldanha ff7284e7b7 Fix code that allows the engine to restart threads that have exited on failure 14 years ago
Anoop Saldanha 524af82b1a code cleanup in tm-threads.c 14 years ago
Anoop Saldanha 4f7df1029d Unify the use of slots to a single struct for threading API. Remove separate slot append functions for 1slot and varslot 14 years ago
William 6730c3ace1 Actually limit recursion and backtracking and stack usage by PCRE. Logic was broken, no example was provided in suricata.yaml even though it could be set from there. 14 years ago
William 61fe05b220 Fix for silly pcap counters mistake made by me. ps_recv includes dropped packets. 14 years ago
William b3f7e6a2fc Only set PF_RING cluster if we have more than one receive thread. Gives us accurate drop stats. 14 years ago
Anoop Saldanha d3bc3f0fe5 coverity fix for counters api 14 years ago
Anoop Saldanha be3996ac02 coverity fix - 1.1beta branch - add some comments to indicate false positives by coverity for future reference - mainly comments for switch statement fall through 14 years ago
Victor Julien df3ca322a4 Fixes for out of bounds pcre_get_substring calls no longer silently accepted by modern pcre. 14 years ago
William 1099093e0f Support for PF_RING versions where packet passed as a reference and version 4.7.1 where pfring_enable_ring now seems to be required. 15 years ago
Eric Leblond a0b4068041 autotools: fix duplicate check command in Makefile. 
It seems that check target can not be used in Makefile.am. Using
check-am fix a make failure.
 15 years ago
Eric Leblond 586aae0ff3 Indentation fix on source-pcap. 15 years ago
Anoop Saldanha c8701cf8d1 fix var name parsing in byte_extract 15 years ago
Anoop Saldanha 7e5c52c80b add flowbits:set; only sigs to be treated as ip only 15 years ago
William bca8fbc79e Add Num, Rev, and Gid columns to rule perf output 15 years ago
Victor Julien 0625d54267 Improve HTPParserTest07 test to be more helpful if it fails. 15 years ago
Victor Julien 862b708a70 Fix stream unittest. 15 years ago
Anoop Saldanha 88115902b0 Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines 15 years ago
Anoop Saldanha 576ec7da66 smtp parser support 15 years ago
Victor Julien add02a4ef3 Fix handling of FIN/ACK packet on TCP state TCP_FIN_WAIT2. 15 years ago
Victor Julien 16b41a5eff Use p->proto in detect to determine TCP/UDP/SCTP. 15 years ago
Victor Julien ebe99a2597 Fix unified2 packet length not being set properly for reassembled stream packets. 15 years ago
Victor Julien 047b19d271 Fix a reassembly bug that in some cases could lead to a crash. 15 years ago
Victor Julien 22a97af226 Only compile byte_extract unittests if --enable-unittests is enabled. 15 years ago
Eric Leblond 5727fac988 cpu affinity: detect a missed invalid case 
This patch improves the error handling in the definition of cpu
set. It detect when the max value is too big and display the name
of the invalid cpu set in error message.
 15 years ago
Eric Leblond d34e85c203 Fix #290: avoid looping when affinity is invalid 
This patch adds a loop counter to detect when the cpu_set does
not intersect the set of available CPUs.
 15 years ago
Victor Julien e5cc68a91f Attempt to work around missing __WORDSIZE define on FreeBSD. 15 years ago
Victor Julien 4025567a5a Fix a number of unittests not properly initializing a packet causing issues on some archs. 15 years ago
Victor Julien 43b2e63c1e Fix minor compiler comments in CUDA code. 15 years ago
Martin Beyer 2f1262b446 fixed cuda build: portability issues and nvcc version check 15 years ago
Martin Beyer 736f09c4bc fixed ptxdump for python3 15 years ago
Martin Beyer 49d66430bc build cuda modules with make 15 years ago
Victor Julien f7f037c1d1 Make sure stateful detection engine inspecting HTTP streams works well for to_client rules as well. 15 years ago
Anoop Saldanha b4427e81ec minor fixes in endianness handling in dcerpc and dce detection engine 15 years ago
Kirby Kuehl acfc9a8ab0 Improve DCERPC big endian support when parsing BIND CTX Items (UUID). Make default byte packing order for the slow path little endian. Byte swapping on slow path will occur if big endian. This is a readability change, not a functional change. 15 years ago
Anoop Saldanha 5ccd9a8347 byte_extract support for isdataat added 15 years ago
Anoop Saldanha 35f3eafa5e byte extract added to the engine. Detection support added for packet payload, uri and dce detection engines 15 years ago
Eric Leblond 64b069369e Unified2: Use local variable for header copy 
Due to the chaining of function call, the per-thread buffer was overwritten.
This was causing invalid data to be output.

This patch restores a local variable usage for the writing of the header
which are rather small and thus should not be a performance and security
issue.
 15 years ago
Eric Leblond 9d24e3aacc Fix len computation. 15 years ago
deltay 170efc8d38 Register http parser callbacks in the right place. 15 years ago
Victor Julien 1174df9712 Fix passing a uint8_t as an int. Breaks on some args. 15 years ago
Victor Julien ad175c8aec Fix complition on OS/archs that don't support atomic variables. 15 years ago
Victor Julien 0ea883edf3 Fix broken stateful detection unittest. 15 years ago
Victor Julien 3f409db486 Use pmmintrin.h as older gcc's don't have immintrin.h it seems. 15 years ago
Victor Julien 73efb4c70f Add a app layer state and stateful detection engine counter that makes sure the stateful inspection is only done when the state changes. 15 years ago
Victor Julien 50aceb11eb Clean up stateful detection code. 15 years ago
Victor Julien 0768ca9806 Fix SIMD mask checking on 64 bit systems. 15 years ago
Victor Julien 350215966b Fix signature mask bitorder. 15 years ago
Victor Julien aa822c0ac1 Always reset alert cnt and always increment det_ctx->pkts. 15 years ago
Victor Julien 1e0b050a54 Add more mask flags. 15 years ago
Victor Julien 4b52823ab6 Use 64 bit mask on 64-bit systems. 15 years ago
Victor Julien e5b6c0f518 Check 32 masks per run instead of 16 in the SIMD code. 15 years ago
Victor Julien 2dbfdd40af Clean up new SIMD mask checking code, improve non-SIMD checks. 15 years ago
Victor Julien b421019cef Match packet mask against 16 signature masks at once using SIMD instructions for SSE3 and up. 15 years ago
Victor Julien 8f43670b16 Add wrappers for aligned memory allocation. 15 years ago
Victor Julien 7e128176d2 Add Vector datatype for SSE operations. 15 years ago
Victor Julien bc5738d57d Add compiler and hardware barrier macro's. 15 years ago
Victor Julien 90ebb6f01f Fix broken fix. 15 years ago
Gerardo Iglesias Galvan a3e0325075 Don't loose memory if PoolInit fails 15 years ago
Gerardo Iglesias Galvan 363285d485 No need to check array pointer 15 years ago
Gerardo Iglesias Galvan a2b7b77434 Make sure we always check the result of TmThreadCreatePacketHandler 15 years ago
Gerardo Iglesias Galvan f545df3ea7 Fix potential issue in TmThreadsSlot1NoIn 15 years ago
Gerardo Iglesias Galvan a9509eea2e Fix very minor mem leak when setting bpf filter 15 years ago
Gerardo Iglesias Galvan 4c4c2a5583 Remove dead code from the BoyerMoore implementation 15 years ago
Gerardo Iglesias Galvan b1e7c0b123 Properly free data in tag match function 15 years ago
Gerardo Iglesias Galvan 570e0ec9e4 Fix potential memory leak in ASN1 parsing code in low memory conditions 15 years ago
Gerardo Iglesias Galvan 313067f47f Check return code of DetectEngineCtxInit at startup 15 years ago
Gerardo Iglesias Galvan c968ca0f85 Fix potential small issue with ftell and fseek 15 years ago
Gerardo Iglesias Galvan dd5e438d6f Make all access to memory tracking counters in stream engine lock protected 15 years ago
Gerardo Iglesias Galvan 36290297dc Remove dead code from reference handling 15 years ago
Gerardo Iglesias Galvan 44692c83aa Properly check retval for config and conversion function calls 15 years ago
Gerardo Iglesias Galvan 5ac8ab9a61 Check inet_pton retval and properly cleanup on error in unittest helper 15 years ago
Gerardo Iglesias Galvan 58f713254e Make sure return value of fgetc isn't truncated 15 years ago
Gerardo Iglesias Galvan bd6d1bfac4 Fix potential crash in classtype parsing code 15 years ago
Gerardo Iglesias Galvan 73dd5562c3 Fix potential crash in signature parsing code 15 years ago
Gerardo Iglesias Galvan 91c001f93b Fix potential crash in initialization cleanup code 15 years ago
Gerardo Iglesias Galvan 5d85b0f7b7 Fix potential crash in ip-only address parsing code 15 years ago
Gerardo Iglesias Galvan a56592e556 Make sure we do all after the null check in HTPStateFree 15 years ago
Gerardo Iglesias Galvan c4832814b4 Prevent a memory leak on low memory conditions in http client body handling 15 years ago
Gerardo Iglesias Galvan 2836e0de4e Fix potential alert-unified-log recourse leak during initialization 15 years ago
Gerardo Iglesias Galvan 0f458495c7 Fix potential prelude recourse leak during initialization 15 years ago
Gerardo Iglesias Galvan db94f01831 Fix declaration hiding len parameter in IPv6 decoder 15 years ago
Gerardo Iglesias Galvan 305140d081 Silence coverity warning 15 years ago
Eric Leblond bc68c108a7 NFQ: use per thread allocated data for recv buffer. 15 years ago
Pierre Chifflier a2b37e7487 Prelude: fix test always returning true 
Fix wrong logic in test for error handling code.

Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net>
 15 years ago
deltay 2856cf0de5 #277 ignore bpf filter if fread failed. 15 years ago
Eric Leblond 4b0c8f6567 Use local thread variable buffer in alert unified2. 15 years ago
Eric Leblond c8a811e69d Make use of per function/thread data in alert unified. 
This patch replaces a local variable buffer by the usage of the data
contained in the local thread variable.
 15 years ago
Victor Julien 63f6de58cb Fix HTP unittests that test pre 0.2.6 libhtp issue. HTP config wasn't restored properly. 15 years ago
Victor Julien 326047eec1 Add unittests for debugging a libhtp issue. 15 years ago
Jason Ish 7257fed0f3 Fix bug 288, accept true in output configuration. 
Refactor a bit to run checks for truth through a common function
that takes yes, true, on and 1 as true values.
 15 years ago
Anoop Saldanha b819643635 coverity - logging system buffer overrun fix 15 years ago
Victor Julien 6dba98f277 Remove dead code from flowbits parsing. 15 years ago
Victor Julien e866aa3e15 Fix TAG removal in certain conditions. 15 years ago
Victor Julien f4aad76bb4 Make sure we don't process TAG records from the flow multiple times and outside the flow lock. 15 years ago
Victor Julien 6384b39f18 Remove unused and broken htp code. 15 years ago
Victor Julien e1d4e16645 Simplify packet decoding macro's. 15 years ago
deltay e3270f20b2 #277 Add -F option to load bpf filter from file 15 years ago
Victor Julien b73939bcef Clean up & better check includes to allow Windows to build. 15 years ago
Victor Julien be5ad4402d Fix stream reassembly engine compilation on Windows. 15 years ago
Victor Julien 40bf422453 Fix log-pcap compilation on Windows. 15 years ago
Victor Julien 5d9c093d65 Don't compile alert-syslog module on Windows, it doesn't work anyway. 15 years ago
Victor Julien da086894e5 Remove unnecessary include that breaks windows builds. 15 years ago
Victor Julien 95387b2297 Include <windows.h> to get access to THREAD_PRIORITY_* defines. 15 years ago
Victor Julien dd97d136a9 Rearrange syslog.h including so we won't fail to build on win32. 15 years ago
Victor Julien e16a566a96 Account for distance when checking within. Bug #285. 15 years ago
Victor Julien 7f88158fb3 Remove a debug statement from single pcap file runmode. 15 years ago
Victor Julien 52eb8d2be0 Convert mutex protected tunnel counters to lockless atomic counters. 15 years ago
Victor Julien 54cd3552e1 Remove tunnel_proto field from Packet structure. 15 years ago
Victor Julien 3d22713b09 Convert Packet tunnel variables to bit flag checks. 15 years ago
Victor Julien 75439863ed Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15. 15 years ago
Victor Julien d3f19a3851 Fix memcmp checks that prevent reading past buffer boundary. 15 years ago
Victor Julien 4a2d4eef5a Properly reset IPv6 extension headers structure. 15 years ago
Victor Julien 962462e470 Fix SSE memcmp functions reading beyond the buffer. Add tests to bench them. 15 years ago
Victor Julien ece8e5444b Minor profiling fix: don't close stdout. 15 years ago
William d74fe520e5 Experimental support for PCRE-sljit enable via --enable-pcre-sljit 15 years ago
William 85643fe780 Convert to logging perf stats to file by default. Add a few columns to output avg ticks per match, avg ticks non match, allow sorting on based on them. 15 years ago
Victor Julien 36917c7d66 Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test. 15 years ago
Victor Julien a3e2b35536 Add configure check for new htp 0.2.5 uri normalize hook. 15 years ago
Victor Julien 15ce850387 Add support for new libhtp htp_config_register_request_uri_normalize callback. 15 years ago
Anoop Saldanha 6e0d98d9c4 fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx 15 years ago
Anoop Saldanha 7f8fb0f00d fix bounds checking in smb probing parser 15 years ago
Victor Julien 149ee6b648 Disable to_client http detection. Libhtp expects to_server data first. 15 years ago
Victor Julien 8999de2f93 Add proper RST handling to all TCP states. 15 years ago
Victor Julien 9a58a02559 Wrap HTP code that is only used in debug mode in debug ifdefs. 15 years ago
Victor Julien a5d9c86dd3 Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's. 15 years ago
Anoop Saldanha 61635f302c indentation changes in app-layer-smb.c 15 years ago
Anoop Saldanha a40fdc794e Added probing parser for nbss/smb on port 139 15 years ago
Anoop Saldanha b7b7bbec37 code indentation changes in app-layer-smb.c 15 years ago
Anoop Saldanha 7c31a2327e Add support for port based probing parsers for alproto detection 15 years ago
Anoop Saldanha fe6e41e3ef Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags 15 years ago
Anoop Saldanha 0c94d910e4 Removed FLOW_AL_STREAM_TOSERVER and FLOW_AL_STREAM_TOCLIENT. Use STREAM_TOSERVER and STREAM_TOCLIENT instead 15 years ago
Anoop Saldanha ac5584a863 Removed FLOW_AL_PROTO_DETECT_DONE. Replaced it with FLOW_ALPROTO_DETECT_DONE, stored it in Flow->flags 15 years ago
Anoop Saldanha 49e2b580cb Removed FLOW_AL_PROTO_UNKNOWN. We don't need this flag 15 years ago
Anoop Saldanha 38fe2b9070 Removed FLOW_AL_STREAM_START, EOF and GAP flags. We don't need these. Just use STREAM_* flags 15 years ago
Anoop Saldanha 000ce98cd1 push all proto detection code into their respective app parser register functions for every alproto 15 years ago
Anoop Saldanha aab4a43145 Add C and E flags to flags keyword. We still support 1 and 2 for backward compatibility 15 years ago
Anoop Saldanha 78bf2579aa move pseudo packet creation outside defragreassemble loop 15 years ago
Victor Julien f303f3f523 Fix a logic error in the SACK list cleanup causing a memleak and invalid memory access at the same time. 15 years ago
Victor Julien 1578ef1e3e Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST. 15 years ago
Victor Julien 83c3f15812 Minor fixes in defrag engine, shrink DefragTracker_ structure. 15 years ago
Jason Ish 0385f72669 Use separate frag decoder events for IPv4 and IPv6. 15 years ago
Jason Ish de1c40c44f Set decoder event on fragment overlaps. 15 years ago
Jason Ish 7f5e120d60 Cleanup assignment of the default defrag policy. 15 years ago
Jason Ish 6da9c64a28 Set decoder event when re-assembled fragments would exceed max IP packet size. 15 years ago
Victor Julien 96c2f2c877 Fix 2 stream reassembly unittests 15 years ago
Victor Julien 14ad853b94 Process a stream end pseudo packet when going from TIME_WAIT to CLOSED. 15 years ago
Victor Julien 3b40b02a1b Stream reassembly fixes. 15 years ago
Victor Julien c88630639e Fix setting libhtp personality. 15 years ago
Victor Julien 6aa551c558 Small optimizations to IPV4 and TCP header parsing. 15 years ago
Victor Julien d0374ced38 Implement SACK in the stream engine. 15 years ago
Victor Julien 6fc075d4ae Add TCP packet SACK option decoding. 15 years ago
Victor Julien dbe291bc50 Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing. 15 years ago
Victor Julien 136f55efc7 Fix a memory leak in flow recycle code causing the detection engine state not to be fully freed (recycled) but reference to memory removed anyway. 15 years ago
Victor Julien 38a7d1777f Bump version to 1.1beta2 15 years ago
Victor Julien a0799f0ff9 Wait longer at shutdown before concluding it's taking too long. Hopefully enables our slow QA boxes to complete in time. 15 years ago
Anoop Saldanha d245f15f14 disable mpm pattern's retest skipping in detection engine for uri, hcbd, hmd, hrhd, hhd, hmd, hcd 15 years ago
Victor Julien 681f8329a6 Make error on <- direction operation use more explicit. 15 years ago
Victor Julien cd75201dc7 Fix pfring commandline handling. 15 years ago
Victor Julien 778b92ef40 Make sure to only alloc a new pseudo packet once during ip defrag. 15 years ago
Victor Julien 5f2a0653b4 If engine shutdown (processing in-engine packets) times out, exit Suricata with EXIT_FAILURE. 15 years ago
Victor Julien 9ca0658a6e Clear pcap_cnt variable on packet recycle. 15 years ago
Victor Julien 03ea563e93 Don't set ip{4,6} header on reassembled ip packet until we know for sure what buffer the packet is stored in. 15 years ago
Victor Julien f5674eff74 Fix a copy issue in PacketCopyDataOffset. 15 years ago
Victor Julien 8978266a91 If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit. 15 years ago
Victor Julien 5d2f633c48 Properly initialize pfring runmode before using it. Fix malformed conf api calls. 15 years ago
Anoop Saldanha 966119b6aa support for http_raw_uri keyword + mpm engine 15 years ago
Victor Julien 169104a803 Slightly clean up --list-runmodes output. 15 years ago
Anoop Saldanha e4d890e186 modify runmode api to accept conf runmode paramter as a char string, instead of an interger id 15 years ago
Anoop Saldanha fb4ffc9aef fixed runmode name changes that was missed in the previous changes to the runmode api 15 years ago
Anoop Saldanha 229f7281ea list runmodes. Allow specification of runmode id from cof file. Also allow for command line override 15 years ago
Anoop Saldanha 05686e70a5 fix coding indentation + neaten runmode code 15 years ago
Anoop Saldanha d7c707e656 modify runmodes to take all arguments from the conf API 15 years ago
Anoop Saldanha a165d45da9 naming changes for runmodes 15 years ago
Anoop Saldanha 6fceeda8c5 move erf dag runmode into its own file runmode-erf-dag.[ch] 15 years ago
Anoop Saldanha f51cf34210 move erf file runmode into its own file runmode-erf-file.[ch] 15 years ago
Anoop Saldanha 86eabbc2f5 move ipfw runmode into its own file runmode-ipfw.[ch] 15 years ago
Anoop Saldanha 036015d6b9 move nfq runmode into its own file runmode-nfq.[ch] 15 years ago
Anoop Saldanha 9affa39b29 move pfring runmode into its own file runmode-pfring.[ch] 15 years ago
Anoop Saldanha e7ac1d7c4c move pcap file runmode into its own file runmode-pcap-file.[ch] 15 years ago
Anoop Saldanha f6af567ce0 move pcap live runmode into its own file runmode-pcap.[ch] 15 years ago
Victor Julien 892a8a4985 Make stream inline use the chunk size settings. 15 years ago
Victor Julien 2dc057d1b1 Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record. 15 years ago
Victor Julien 5dcaaebf21 Enable logging of stream chunk in IPV6/TCP. Make sure IPV6 events have a ethernet header to work around Barnyard2 not liking DLT_RAW+IPV6. 15 years ago
Victor Julien 93815a1585 Support logging of reassembled stream data in IPv4 unified2. 15 years ago
Victor Julien 6cb9bbd1e3 Make sure TAG alerts don't work with an uninitialized alert_msg pointer. 15 years ago
Victor Julien 4f5aad1476 Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates. 15 years ago
Victor Julien 5d2a341096 Disable unused code, fix compiler warning. 15 years ago
Victor Julien 936b34ddf6 Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet. 15 years ago
Victor Julien 864c8718e1 Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins. 15 years ago
Victor Julien 8faacb727d Account for seg list not always being empty when stream closes. 15 years ago
Victor Julien ecfa2d0176 Only remove segments from segment list if they are completely before ra_base_seq. 15 years ago
Victor Julien 5bdf16380d Make sure we actually remove no longer required segments. 15 years ago
Victor Julien 7f45a4fd58 Fix missing segment flag, fix 2 unittests broken after previous stream changes. 15 years ago
Victor Julien 4a7f6079d5 Change segment removal in stream engine to not discard segments right away. Now they are only removed if they are fully before ra_base_seq. 15 years ago
Victor Julien 6d766f91ef Fix compiler warnings in defrag unittests. 15 years ago
Anoop Saldanha 5c880b04c9 fix ipv4 defrag + fix recursion level in defrag pseudo packet 15 years ago
Victor Julien 8654469133 Fixing libpcap 0.x.x specific code, take 2. 15 years ago
Victor Julien 140eb4fde8 Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures. 15 years ago
Victor Julien c72e5f0ebb Fix compilation of pcap reopen code for older libpcap code. 15 years ago
Victor Julien 076d77cd80 Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat. 15 years ago
Victor Julien 0814e41e50 Ignore tunnel/defrag packets in log-pcap module. 15 years ago
Victor Julien 7ef00aaf19 Fix defrag4 setting the packet length on the wrong packet. 15 years ago
Victor Julien acda69865a Fix potential segv in pcap logging deinit code. 15 years ago
Victor Julien bc7e21aee6 Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic. 15 years ago
Victor Julien 77505f8873 Allow pcap-log to log outside of default-log-dir by passing a absolute path as filename. 15 years ago
Victor Julien 92ea1f68d4 Exit on thread restart limit reached. 15 years ago
Eric Leblond 8f4229b429 Use snprintf instead of sprintf. 15 years ago
Eric Leblond 9be1f1a31c Use GET_PKT macros. 15 years ago
Eric Leblond fb36c0af12 pcap: do not leave if interface goes down 
This patch changes suricata behaviour to support interface like
ppp. Prior to this patch, a suricata listening to an interface
was leaving when the interface goes down. This patch modifies
the behaviour to automatically reconnect. Suricata retries to
open the interface every 0,5s until it succeeds.
 15 years ago
Eric Leblond 56bf931959 pfring: use macro for direct access 
Existing code was correct but it was using a direct access to
pkt field. This patch uses the newly defined macro to have a
clean access on the pkt data.
 15 years ago
Eric Leblond 4495efcb62 Add macro for direct access 
In some case, this is needed to have a direct access to the pkt
field. This patch adds macro for this usage.
 15 years ago
Victor Julien 5da8bd7c1e Fix unified2 overwriting tag alerts. 15 years ago
Victor Julien cee615315f Fix [drop] not being printed for IPv6 fast.log alerts. 15 years ago
Victor Julien e19f6ebaf4 Various fixes for issues reported by clang. 15 years ago
Victor Julien 38e7d944c5 Fix icmpv4 unittest on big endian, extract embedded sport and dport even if a full tcph doesn't fit. 15 years ago
Victor Julien 92536c4952 Fix address test on big-endian. 15 years ago
Victor Julien e0afe96920 Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6. 15 years ago
Victor Julien f5a2017f3c Fix counter unittest on big endian. 15 years ago
Victor Julien 6817824c92 Fix bloomfilter issue on big endian. 15 years ago
Victor Julien e197f50727 Fix IP-Only unittests failing on Big Endian. 15 years ago
Victor Julien b8cf50678f Fix many address unittests using explicit byte order and thus failing on big-endian systems. 15 years ago
Victor Julien c865ee2217 Fix compilation for nfq_set_mark code when NFQ is not enabled. 15 years ago
Eric Leblond ee6552f25e nfq_set_mark: handle feature in NFQ. 
This patch implements the nfq_set_mark related modification of verdict
handling.
 15 years ago
Eric Leblond 9beebf621a Add support for 'nfq_set_mark' keyword 
This patch introduces 'nfq_set_mark' which is new rules option. If a packet
matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask
specified in the option during the verdict.
It is thus possible to trigger different behaviour on the packet inside
Linux/Netfilter.
 15 years ago
Victor Julien f90a5cfffd Misc pcap logging cleanups. 15 years ago
William Metcalf 023a0f94a2 first stab at pcap logging no rotating buff etc 15 years ago
Anoop Saldanha 1f7e4bada1 add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup 15 years ago
Victor Julien 71d0eabdec Add a few extra safety checks in new SSL code. 15 years ago
Anoop Saldanha c105a739e9 support for ssl_state keyword added 15 years ago
Anoop Saldanha 013d3aea1c update ssl parser test. Some minor indentation changes 15 years ago
Anoop Saldanha 7a2046328c some naming changes in ssl parser and ssl related keywords 15 years ago
Anoop Saldanha 4c570777c4 delete files app-layer-tls.[ch] 15 years ago
Anoop Saldanha b639718787 replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch] 15 years ago
Anoop Saldanha cacf0a9017 disabled sslv23 proto detection which we enabled previously. Although this is right, need to test a couple of things 15 years ago
Anoop Saldanha 4e8de99dcd tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch] 15 years ago
Anoop Saldanha 8b17275451 dcerpc parser todo update 15 years ago
Anoop Saldanha 8c6d4531ee sslv23 support with ssl2 record format with version set to 3.0 15 years ago
Victor Julien 07a85427dd Add --build-info command line option to output some basic build settings. 15 years ago
Victor Julien 174db08567 Force reassembly of unack'd data on receiving a valid RST packet. 15 years ago
Victor Julien b9429ecec1 Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set. 15 years ago
Victor Julien cb67d61ab5 Fix broken setup of end of stream pseudo packet. 15 years ago
Victor Julien 99fca03810 Move unittest code into UNITTESTS ifdefs in the HTP parser. Fixes a compiler warning. 15 years ago
Victor Julien 0dc6333d22 Fix compiler warnings about unused IPv6 Address code. 15 years ago
Victor Julien b9fd978253 Fix compiler warnings in two unittests. 15 years ago
Victor Julien a3be22cd5a Fix compiler warning in isdataat keyword setup code. 15 years ago
Victor Julien bbe071252b Make sure PID is logged as well in alert-syslog output. 15 years ago
Victor Julien da423a59d5 Allow users of the alert-syslog to set the identity. 15 years ago
Victor Julien 07776c113b Fix valgrind error on pfring_recv, rename threads from RecvPfring to RxPfring so the name still looks right for 100+ threads. Add --pfring commandline option that just enables pfring, then takes interface from config. 15 years ago
Victor Julien 3aeb86d836 Fix header_len in GRE decoder getting out of control in some cases. 15 years ago
Victor Julien 1c9e48ae98 Fix compilation error on non-pfring systems. 15 years ago
Victor Julien 91f28afef4 Add option to PF_RING to have multiple reader threads. Improve general performance of the PF_RING module. 15 years ago
Victor Julien edeec290f6 Fix missing rename for request-body-limit to request_body_limit. 15 years ago
Eric Leblond 3b3a8ffb94 detect-gid: suppress unused type 
The DetectGidData type is not used in the code. This patch removes
the type definition from code.
 15 years ago
Eric Leblond ad44f1cfc1 fix possible typo in strtoul error handling. 15 years ago
Eric Leblond 04f2afa81b nfq: fix exit function 
Exit function was trying to close the nfq handler even if it was
null. This was causing a crash.
 15 years ago
Eric Leblond 277a384af7 Use already defined macro instead of integer 
Code was using a integer instead of the already defined macro.
 15 years ago
Pablo Rincon ce3b76a102 Fix compilation on Mac OS X (it was missing IPPROTO_SCTP definition) 15 years ago
Victor Julien 153f9298e7 Fix priority handling during the signature parsing stage. Fixes #275. 15 years ago
Gurvinder Singh 27f67c97de log error on duplicate sig and also for dup sig with newer revision 15 years ago
Victor Julien 8a390971e7 Print [drop] as well for syslog output. 15 years ago
Victor Julien 0377ae0817 Reduce SCTP_HEADER_LEN to reflect actual pkt header size. 15 years ago
Eric Leblond 005dc599a6 detect.c: Fix usage of integer standing for protocol 
This patch fixes direct usage of integer to code protocol value.
 15 years ago
Eric Leblond 2c80f18dc9 detect: Add sctp detection and parsing. 
This patch adds the support of SCTP in signature subsystem.
 15 years ago
Eric Leblond 674b0bfae7 flow: Add basic SCTP support 
This patch adds a basic flow support to SCTP. SCTP specificities
like the verification tag are not taken into account.
 15 years ago
Eric Leblond 01e955bc27 Add SCTP to packet validation 
Validation util was missing a test on sctph which can not be null
for SCTP packets.
 15 years ago
Eric Leblond a823160384 detect: Add support for sctp option in rule 
'sctp' can now be used as a keyword in signature. It is at the same
level as the 'tcp' or 'udp' keywords.
 15 years ago
Eric Leblond 482991ad6d decode: add support for SCTP protocol 
This patch adds a new counter for SCTP and defines some
macros needed for SCTP support.
 15 years ago
Eric Leblond 8be92fdd99 SCTP support: add parsing of sctp 
This patch adds support of SCTP in all part of the code in charge
of decoding packets.
 15 years ago
Eric Leblond e1d966eaf6 Makefile: add sctp files to build 
This patch simply adds decode-sctp files to the compilation.
 15 years ago
Eric Leblond b69fd02284 decode sctp: basic SCTP decoding. 
This files are basically a dummy conversion of UDP one. It
provides basic decoding (source port and destination port).
There is no chunk hanldling which means that suricata regexp
will match on all packet content except initial header and not
only on userspace data.
 15 years ago
Eric Leblond 17af1ca123 decode-event: Add SCTP event 
Almost empty now, because the only definition is packet
too small.
 15 years ago
Victor Julien 987ce57a02 Wrap a number of BUG_ON's in the detection engine in DEBUG ifdefs as the conditions they check for are not serious enough to abort the engine. 15 years ago
Victor Julien a3303fcf9d Rename request-body-limit to request_body_limit to remain consistant with other options. Keep old notation around for compatibility. 15 years ago
Victor Julien 0d6d0ae371 Increase logline max length. 15 years ago
Victor Julien 6047a9b562 Improve byte to numeric value error reporting and testing. 15 years ago
Victor Julien b233105cc2 Fix a issue in stream reassembly causing the segment list getting into a inconsistent state. 15 years ago
Eric Leblond 4e9231266a Compilation fix for OpenBSD and win32. 
This patch fixes compilation on OpenBSD platform. It is running
fine on a pcap file. The patch should also fix compilation on
WIN32 platform but this is not tested.
 15 years ago