suricata

Commit Graph

Author	SHA1	Message	Date
Gerardo Iglesias Galvan	c4832814b4	Prevent a memory leak on low memory conditions in http client body handling	15 years ago
Gerardo Iglesias Galvan	2836e0de4e	Fix potential alert-unified-log recourse leak during initialization	15 years ago
Gerardo Iglesias Galvan	0f458495c7	Fix potential prelude recourse leak during initialization	15 years ago
Gerardo Iglesias Galvan	db94f01831	Fix declaration hiding len parameter in IPv6 decoder	15 years ago
Gerardo Iglesias Galvan	305140d081	Silence coverity warning	15 years ago
Eric Leblond	bc68c108a7	NFQ: use per thread allocated data for recv buffer.	15 years ago
Pierre Chifflier	a2b37e7487	Prelude: fix test always returning true Fix wrong logic in test for error handling code. Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net>	15 years ago
deltay	2856cf0de5	#277 ignore bpf filter if fread failed.	15 years ago
Eric Leblond	4b0c8f6567	Use local thread variable buffer in alert unified2.	15 years ago
Eric Leblond	c8a811e69d	Make use of per function/thread data in alert unified. This patch replaces a local variable buffer by the usage of the data contained in the local thread variable.	15 years ago
Victor Julien	63f6de58cb	Fix HTP unittests that test pre 0.2.6 libhtp issue. HTP config wasn't restored properly.	15 years ago
Victor Julien	326047eec1	Add unittests for debugging a libhtp issue.	15 years ago
Jason Ish	7257fed0f3	Fix bug 288, accept true in output configuration. Refactor a bit to run checks for truth through a common function that takes yes, true, on and 1 as true values.	15 years ago
Anoop Saldanha	b819643635	coverity - logging system buffer overrun fix	15 years ago
Victor Julien	6dba98f277	Remove dead code from flowbits parsing.	15 years ago
Victor Julien	e866aa3e15	Fix TAG removal in certain conditions.	15 years ago
Victor Julien	f4aad76bb4	Make sure we don't process TAG records from the flow multiple times and outside the flow lock.	15 years ago
Victor Julien	6384b39f18	Remove unused and broken htp code.	15 years ago
Victor Julien	e1d4e16645	Simplify packet decoding macro's.	15 years ago
deltay	e3270f20b2	#277 Add -F option to load bpf filter from file	15 years ago
Victor Julien	b73939bcef	Clean up & better check includes to allow Windows to build.	15 years ago
Victor Julien	be5ad4402d	Fix stream reassembly engine compilation on Windows.	15 years ago
Victor Julien	40bf422453	Fix log-pcap compilation on Windows.	15 years ago
Victor Julien	5d9c093d65	Don't compile alert-syslog module on Windows, it doesn't work anyway.	15 years ago
Victor Julien	da086894e5	Remove unnecessary include that breaks windows builds.	15 years ago
Victor Julien	95387b2297	Include <windows.h> to get access to THREAD_PRIORITY_* defines.	15 years ago
Victor Julien	dd97d136a9	Rearrange syslog.h including so we won't fail to build on win32.	15 years ago
Victor Julien	e16a566a96	Account for distance when checking within. Bug #285 .	15 years ago
Victor Julien	7f88158fb3	Remove a debug statement from single pcap file runmode.	15 years ago
Victor Julien	52eb8d2be0	Convert mutex protected tunnel counters to lockless atomic counters.	15 years ago
Victor Julien	54cd3552e1	Remove tunnel_proto field from Packet structure.	15 years ago
Victor Julien	3d22713b09	Convert Packet tunnel variables to bit flag checks.	15 years ago
Victor Julien	75439863ed	Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15.	15 years ago
Victor Julien	d3f19a3851	Fix memcmp checks that prevent reading past buffer boundary.	15 years ago
Victor Julien	4a2d4eef5a	Properly reset IPv6 extension headers structure.	15 years ago
Victor Julien	962462e470	Fix SSE memcmp functions reading beyond the buffer. Add tests to bench them.	15 years ago
Victor Julien	ece8e5444b	Minor profiling fix: don't close stdout.	15 years ago
William	d74fe520e5	Experimental support for PCRE-sljit enable via --enable-pcre-sljit	15 years ago
William	85643fe780	Convert to logging perf stats to file by default. Add a few columns to output avg ticks per match, avg ticks non match, allow sorting on based on them.	15 years ago
Victor Julien	36917c7d66	Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test.	15 years ago
Victor Julien	a3e2b35536	Add configure check for new htp 0.2.5 uri normalize hook.	15 years ago
Victor Julien	15ce850387	Add support for new libhtp htp_config_register_request_uri_normalize callback.	15 years ago
Anoop Saldanha	6e0d98d9c4	fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx	15 years ago
Anoop Saldanha	7f8fb0f00d	fix bounds checking in smb probing parser	15 years ago
Victor Julien	149ee6b648	Disable to_client http detection. Libhtp expects to_server data first.	15 years ago
Victor Julien	8999de2f93	Add proper RST handling to all TCP states.	15 years ago
Victor Julien	9a58a02559	Wrap HTP code that is only used in debug mode in debug ifdefs.	15 years ago
Victor Julien	a5d9c86dd3	Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's.	15 years ago
Anoop Saldanha	61635f302c	indentation changes in app-layer-smb.c	15 years ago
Anoop Saldanha	a40fdc794e	Added probing parser for nbss/smb on port 139	15 years ago
Anoop Saldanha	b7b7bbec37	code indentation changes in app-layer-smb.c	15 years ago
Anoop Saldanha	7c31a2327e	Add support for port based probing parsers for alproto detection	15 years ago
Anoop Saldanha	fe6e41e3ef	Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags	15 years ago
Anoop Saldanha	0c94d910e4	Removed FLOW_AL_STREAM_TOSERVER and FLOW_AL_STREAM_TOCLIENT. Use STREAM_TOSERVER and STREAM_TOCLIENT instead	15 years ago
Anoop Saldanha	ac5584a863	Removed FLOW_AL_PROTO_DETECT_DONE. Replaced it with FLOW_ALPROTO_DETECT_DONE, stored it in Flow->flags	15 years ago
Anoop Saldanha	49e2b580cb	Removed FLOW_AL_PROTO_UNKNOWN. We don't need this flag	15 years ago
Anoop Saldanha	38fe2b9070	Removed FLOW_AL_STREAM_START, EOF and GAP flags. We don't need these. Just use STREAM_* flags	15 years ago
Anoop Saldanha	000ce98cd1	push all proto detection code into their respective app parser register functions for every alproto	15 years ago
Anoop Saldanha	aab4a43145	Add C and E flags to flags keyword. We still support 1 and 2 for backward compatibility	15 years ago
Anoop Saldanha	78bf2579aa	move pseudo packet creation outside defragreassemble loop	15 years ago
Victor Julien	f303f3f523	Fix a logic error in the SACK list cleanup causing a memleak and invalid memory access at the same time.	15 years ago
Victor Julien	1578ef1e3e	Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST.	15 years ago
Victor Julien	83c3f15812	Minor fixes in defrag engine, shrink DefragTracker_ structure.	15 years ago
Jason Ish	0385f72669	Use separate frag decoder events for IPv4 and IPv6.	15 years ago
Jason Ish	de1c40c44f	Set decoder event on fragment overlaps.	15 years ago
Jason Ish	7f5e120d60	Cleanup assignment of the default defrag policy.	15 years ago
Jason Ish	6da9c64a28	Set decoder event when re-assembled fragments would exceed max IP packet size.	15 years ago
Victor Julien	96c2f2c877	Fix 2 stream reassembly unittests	15 years ago
Victor Julien	14ad853b94	Process a stream end pseudo packet when going from TIME_WAIT to CLOSED.	15 years ago
Victor Julien	3b40b02a1b	Stream reassembly fixes.	15 years ago
Victor Julien	c88630639e	Fix setting libhtp personality.	15 years ago
Victor Julien	6aa551c558	Small optimizations to IPV4 and TCP header parsing.	15 years ago
Victor Julien	d0374ced38	Implement SACK in the stream engine.	15 years ago
Victor Julien	6fc075d4ae	Add TCP packet SACK option decoding.	15 years ago
Victor Julien	dbe291bc50	Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing.	15 years ago
Victor Julien	136f55efc7	Fix a memory leak in flow recycle code causing the detection engine state not to be fully freed (recycled) but reference to memory removed anyway.	15 years ago
Victor Julien	38a7d1777f	Bump version to 1.1beta2	15 years ago
Victor Julien	a0799f0ff9	Wait longer at shutdown before concluding it's taking too long. Hopefully enables our slow QA boxes to complete in time.	15 years ago
Anoop Saldanha	d245f15f14	disable mpm pattern's retest skipping in detection engine for uri, hcbd, hmd, hrhd, hhd, hmd, hcd	15 years ago
Victor Julien	681f8329a6	Make error on <- direction operation use more explicit.	15 years ago
Victor Julien	cd75201dc7	Fix pfring commandline handling.	15 years ago
Victor Julien	778b92ef40	Make sure to only alloc a new pseudo packet once during ip defrag.	15 years ago
Victor Julien	5f2a0653b4	If engine shutdown (processing in-engine packets) times out, exit Suricata with EXIT_FAILURE.	15 years ago
Victor Julien	9ca0658a6e	Clear pcap_cnt variable on packet recycle.	15 years ago
Victor Julien	03ea563e93	Don't set ip{4,6} header on reassembled ip packet until we know for sure what buffer the packet is stored in.	15 years ago
Victor Julien	f5674eff74	Fix a copy issue in PacketCopyDataOffset.	15 years ago
Victor Julien	8978266a91	If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit.	15 years ago
Victor Julien	5d2f633c48	Properly initialize pfring runmode before using it. Fix malformed conf api calls.	15 years ago
Anoop Saldanha	966119b6aa	support for http_raw_uri keyword + mpm engine	15 years ago
Victor Julien	169104a803	Slightly clean up --list-runmodes output.	15 years ago
Anoop Saldanha	e4d890e186	modify runmode api to accept conf runmode paramter as a char string, instead of an interger id	15 years ago
Anoop Saldanha	fb4ffc9aef	fixed runmode name changes that was missed in the previous changes to the runmode api	15 years ago
Anoop Saldanha	229f7281ea	list runmodes. Allow specification of runmode id from cof file. Also allow for command line override	15 years ago
Anoop Saldanha	05686e70a5	fix coding indentation + neaten runmode code	15 years ago
Anoop Saldanha	d7c707e656	modify runmodes to take all arguments from the conf API	15 years ago
Anoop Saldanha	a165d45da9	naming changes for runmodes	15 years ago
Anoop Saldanha	6fceeda8c5	move erf dag runmode into its own file runmode-erf-dag.[ch]	15 years ago
Anoop Saldanha	f51cf34210	move erf file runmode into its own file runmode-erf-file.[ch]	15 years ago
Anoop Saldanha	86eabbc2f5	move ipfw runmode into its own file runmode-ipfw.[ch]	15 years ago
Anoop Saldanha	036015d6b9	move nfq runmode into its own file runmode-nfq.[ch]	15 years ago
Anoop Saldanha	9affa39b29	move pfring runmode into its own file runmode-pfring.[ch]	15 years ago
Anoop Saldanha	e7ac1d7c4c	move pcap file runmode into its own file runmode-pcap-file.[ch]	15 years ago
Anoop Saldanha	f6af567ce0	move pcap live runmode into its own file runmode-pcap.[ch]	15 years ago
Victor Julien	892a8a4985	Make stream inline use the chunk size settings.	15 years ago
Victor Julien	2dc057d1b1	Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record.	15 years ago
Victor Julien	5dcaaebf21	Enable logging of stream chunk in IPV6/TCP. Make sure IPV6 events have a ethernet header to work around Barnyard2 not liking DLT_RAW+IPV6.	15 years ago
Victor Julien	93815a1585	Support logging of reassembled stream data in IPv4 unified2.	15 years ago
Victor Julien	6cb9bbd1e3	Make sure TAG alerts don't work with an uninitialized alert_msg pointer.	15 years ago
Victor Julien	4f5aad1476	Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates.	15 years ago
Victor Julien	5d2a341096	Disable unused code, fix compiler warning.	15 years ago
Victor Julien	936b34ddf6	Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet.	15 years ago
Victor Julien	864c8718e1	Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.	15 years ago
Victor Julien	8faacb727d	Account for seg list not always being empty when stream closes.	15 years ago
Victor Julien	ecfa2d0176	Only remove segments from segment list if they are completely before ra_base_seq.	15 years ago
Victor Julien	5bdf16380d	Make sure we actually remove no longer required segments.	15 years ago
Victor Julien	7f45a4fd58	Fix missing segment flag, fix 2 unittests broken after previous stream changes.	15 years ago
Victor Julien	4a7f6079d5	Change segment removal in stream engine to not discard segments right away. Now they are only removed if they are fully before ra_base_seq.	15 years ago
Victor Julien	6d766f91ef	Fix compiler warnings in defrag unittests.	15 years ago
Anoop Saldanha	5c880b04c9	fix ipv4 defrag + fix recursion level in defrag pseudo packet	15 years ago
Victor Julien	8654469133	Fixing libpcap 0.x.x specific code, take 2.	15 years ago
Victor Julien	140eb4fde8	Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures.	15 years ago
Victor Julien	c72e5f0ebb	Fix compilation of pcap reopen code for older libpcap code.	15 years ago
Victor Julien	076d77cd80	Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat.	15 years ago
Victor Julien	0814e41e50	Ignore tunnel/defrag packets in log-pcap module.	15 years ago
Victor Julien	7ef00aaf19	Fix defrag4 setting the packet length on the wrong packet.	15 years ago
Victor Julien	acda69865a	Fix potential segv in pcap logging deinit code.	15 years ago
Victor Julien	bc7e21aee6	Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic.	15 years ago
Victor Julien	77505f8873	Allow pcap-log to log outside of default-log-dir by passing a absolute path as filename.	15 years ago
Victor Julien	92ea1f68d4	Exit on thread restart limit reached.	15 years ago
Eric Leblond	8f4229b429	Use snprintf instead of sprintf.	15 years ago
Eric Leblond	9be1f1a31c	Use GET_PKT macros.	15 years ago
Eric Leblond	fb36c0af12	pcap: do not leave if interface goes down This patch changes suricata behaviour to support interface like ppp. Prior to this patch, a suricata listening to an interface was leaving when the interface goes down. This patch modifies the behaviour to automatically reconnect. Suricata retries to open the interface every 0,5s until it succeeds.	15 years ago
Eric Leblond	56bf931959	pfring: use macro for direct access Existing code was correct but it was using a direct access to pkt field. This patch uses the newly defined macro to have a clean access on the pkt data.	15 years ago
Eric Leblond	4495efcb62	Add macro for direct access In some case, this is needed to have a direct access to the pkt field. This patch adds macro for this usage.	15 years ago
Victor Julien	5da8bd7c1e	Fix unified2 overwriting tag alerts.	15 years ago
Victor Julien	cee615315f	Fix [drop] not being printed for IPv6 fast.log alerts.	15 years ago
Victor Julien	e19f6ebaf4	Various fixes for issues reported by clang.	15 years ago
Victor Julien	38e7d944c5	Fix icmpv4 unittest on big endian, extract embedded sport and dport even if a full tcph doesn't fit.	15 years ago
Victor Julien	92536c4952	Fix address test on big-endian.	15 years ago
Victor Julien	e0afe96920	Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6.	15 years ago
Victor Julien	f5a2017f3c	Fix counter unittest on big endian.	15 years ago
Victor Julien	6817824c92	Fix bloomfilter issue on big endian.	15 years ago
Victor Julien	e197f50727	Fix IP-Only unittests failing on Big Endian.	15 years ago
Victor Julien	b8cf50678f	Fix many address unittests using explicit byte order and thus failing on big-endian systems.	15 years ago
Victor Julien	c865ee2217	Fix compilation for nfq_set_mark code when NFQ is not enabled.	15 years ago
Eric Leblond	ee6552f25e	nfq_set_mark: handle feature in NFQ. This patch implements the nfq_set_mark related modification of verdict handling.	15 years ago
Eric Leblond	9beebf621a	Add support for 'nfq_set_mark' keyword This patch introduces 'nfq_set_mark' which is new rules option. If a packet matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask specified in the option during the verdict. It is thus possible to trigger different behaviour on the packet inside Linux/Netfilter.	15 years ago
Victor Julien	f90a5cfffd	Misc pcap logging cleanups.	15 years ago
William Metcalf	023a0f94a2	first stab at pcap logging no rotating buff etc	15 years ago
Anoop Saldanha	1f7e4bada1	add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup	15 years ago
Victor Julien	71d0eabdec	Add a few extra safety checks in new SSL code.	15 years ago
Anoop Saldanha	c105a739e9	support for ssl_state keyword added	15 years ago
Anoop Saldanha	013d3aea1c	update ssl parser test. Some minor indentation changes	15 years ago
Anoop Saldanha	7a2046328c	some naming changes in ssl parser and ssl related keywords	15 years ago
Anoop Saldanha	4c570777c4	delete files app-layer-tls.[ch]	15 years ago
Anoop Saldanha	b639718787	replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch]	15 years ago
Anoop Saldanha	cacf0a9017	disabled sslv23 proto detection which we enabled previously. Although this is right, need to test a couple of things	15 years ago
Anoop Saldanha	4e8de99dcd	tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch]	15 years ago
Anoop Saldanha	8b17275451	dcerpc parser todo update	15 years ago
Anoop Saldanha	8c6d4531ee	sslv23 support with ssl2 record format with version set to 3.0	15 years ago
Victor Julien	07a85427dd	Add --build-info command line option to output some basic build settings.	15 years ago
Victor Julien	174db08567	Force reassembly of unack'd data on receiving a valid RST packet.	15 years ago
Victor Julien	b9429ecec1	Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set.	15 years ago
Victor Julien	cb67d61ab5	Fix broken setup of end of stream pseudo packet.	15 years ago
Victor Julien	99fca03810	Move unittest code into UNITTESTS ifdefs in the HTP parser. Fixes a compiler warning.	15 years ago
Victor Julien	0dc6333d22	Fix compiler warnings about unused IPv6 Address code.	15 years ago
Victor Julien	b9fd978253	Fix compiler warnings in two unittests.	15 years ago
Victor Julien	a3be22cd5a	Fix compiler warning in isdataat keyword setup code.	15 years ago
Victor Julien	bbe071252b	Make sure PID is logged as well in alert-syslog output.	15 years ago
Victor Julien	da423a59d5	Allow users of the alert-syslog to set the identity.	15 years ago
Victor Julien	07776c113b	Fix valgrind error on pfring_recv, rename threads from RecvPfring to RxPfring so the name still looks right for 100+ threads. Add --pfring commandline option that just enables pfring, then takes interface from config.	15 years ago
Victor Julien	3aeb86d836	Fix header_len in GRE decoder getting out of control in some cases.	15 years ago
Victor Julien	1c9e48ae98	Fix compilation error on non-pfring systems.	15 years ago
Victor Julien	91f28afef4	Add option to PF_RING to have multiple reader threads. Improve general performance of the PF_RING module.	15 years ago
Victor Julien	edeec290f6	Fix missing rename for request-body-limit to request_body_limit.	15 years ago
Eric Leblond	3b3a8ffb94	detect-gid: suppress unused type The DetectGidData type is not used in the code. This patch removes the type definition from code.	15 years ago
Eric Leblond	ad44f1cfc1	fix possible typo in strtoul error handling.	15 years ago
Eric Leblond	04f2afa81b	nfq: fix exit function Exit function was trying to close the nfq handler even if it was null. This was causing a crash.	15 years ago
Eric Leblond	277a384af7	Use already defined macro instead of integer Code was using a integer instead of the already defined macro.	15 years ago
Pablo Rincon	ce3b76a102	Fix compilation on Mac OS X (it was missing IPPROTO_SCTP definition)	15 years ago
Victor Julien	153f9298e7	Fix priority handling during the signature parsing stage. Fixes #275 .	15 years ago
Gurvinder Singh	27f67c97de	log error on duplicate sig and also for dup sig with newer revision	15 years ago
Victor Julien	8a390971e7	Print [drop] as well for syslog output.	15 years ago
Victor Julien	0377ae0817	Reduce SCTP_HEADER_LEN to reflect actual pkt header size.	15 years ago
Eric Leblond	005dc599a6	detect.c: Fix usage of integer standing for protocol This patch fixes direct usage of integer to code protocol value.	15 years ago
Eric Leblond	2c80f18dc9	detect: Add sctp detection and parsing. This patch adds the support of SCTP in signature subsystem.	15 years ago
Eric Leblond	674b0bfae7	flow: Add basic SCTP support This patch adds a basic flow support to SCTP. SCTP specificities like the verification tag are not taken into account.	15 years ago
Eric Leblond	01e955bc27	Add SCTP to packet validation Validation util was missing a test on sctph which can not be null for SCTP packets.	15 years ago
Eric Leblond	a823160384	detect: Add support for sctp option in rule 'sctp' can now be used as a keyword in signature. It is at the same level as the 'tcp' or 'udp' keywords.	15 years ago
Eric Leblond	482991ad6d	decode: add support for SCTP protocol This patch adds a new counter for SCTP and defines some macros needed for SCTP support.	15 years ago
Eric Leblond	8be92fdd99	SCTP support: add parsing of sctp This patch adds support of SCTP in all part of the code in charge of decoding packets.	15 years ago
Eric Leblond	e1d966eaf6	Makefile: add sctp files to build This patch simply adds decode-sctp files to the compilation.	15 years ago
Eric Leblond	b69fd02284	decode sctp: basic SCTP decoding. This files are basically a dummy conversion of UDP one. It provides basic decoding (source port and destination port). There is no chunk hanldling which means that suricata regexp will match on all packet content except initial header and not only on userspace data.	15 years ago
Eric Leblond	17af1ca123	decode-event: Add SCTP event Almost empty now, because the only definition is packet too small.	15 years ago
Victor Julien	987ce57a02	Wrap a number of BUG_ON's in the detection engine in DEBUG ifdefs as the conditions they check for are not serious enough to abort the engine.	15 years ago
Victor Julien	a3303fcf9d	Rename request-body-limit to request_body_limit to remain consistant with other options. Keep old notation around for compatibility.	15 years ago
Victor Julien	0d6d0ae371	Increase logline max length.	15 years ago
Victor Julien	6047a9b562	Improve byte to numeric value error reporting and testing.	15 years ago
Victor Julien	b233105cc2	Fix a issue in stream reassembly causing the segment list getting into a inconsistent state.	15 years ago
Eric Leblond	4e9231266a	Compilation fix for OpenBSD and win32. This patch fixes compilation on OpenBSD platform. It is running fine on a pcap file. The patch should also fix compilation on WIN32 platform but this is not tested.	15 years ago
Victor Julien	a8db8b334b	Remove debug stream testing code from non-debug builds.	15 years ago
Victor Julien	477bc1d050	Set DROP flag on a packet in addition to the REJECT flags. This makes sure we not only send a reject, but also drop the offending packet. Closes #248 .	15 years ago
Pablo Rincon	fb5fb3ab3f	IPOnly module fix for building stage. Radix Tree fix inserting diferent netmask user datas	15 years ago
Pablo Rincon	35c168ab03	Fix CPU_* macros for Mac OS X	15 years ago
Eric Leblond	0cf05856d0	Fix Packet usage. This patch suppresses remaining direct access to pkt and pktlen in the Packet structure.	15 years ago
Victor Julien	cec7ece697	Don't print drop log on pseudo packet.	15 years ago
Victor Julien	1ace091bd4	Minor drop log cleanups.	15 years ago
Gurvinder Singh	7d0781b349	added support to log dropped packet as netfilter logs while in inline mode	15 years ago
Victor Julien	1681705e62	Don't print errors/warnings based on malformed traffic.	15 years ago
Anoop Saldanha	9845718138	fix detect-ssl-version.c unittests to accomodate new changes	15 years ago
Anoop Saldanha	95f9f2c28d	minor indentation changes	15 years ago
Gurvinder Singh	8f8b1212af	support for ssl_version keyword	15 years ago
Eric Leblond	a8417377e7	Don't use direct pkt access pkt field in Packet needs to be accessed via macro. This patch supress some direct access.	15 years ago
Victor Julien	addab7b5ee	Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection.	15 years ago
Victor Julien	a2465ffc1c	Fix FreeBSD's compilation of the new affinity code.	15 years ago
Victor Julien	b963890de1	Reenable SSE3 memcmp and switch AC memcmp to use the SCMemcmp wrapper.	15 years ago
Victor Julien	6f58ef13c4	Improve error cleanup in output function. Thanks to iswalker.	15 years ago
Eric Leblond	183af9ada5	Replace malloc by SCMalloc in util-mpm-ac	15 years ago
Eric Leblond	c732351077	Replace free and malloc by SC functions.	15 years ago
Victor Julien	35b938a8db	Don't pass config to unittests run in make check.	15 years ago
Eric Leblond	0044bb221b	Add suricata unittests to 'make check' This patch adds a run of suricata's unittests to 'make check'	15 years ago
Eric Leblond	66a15e2d6d	Fix some Packet initialisation. This patch fixes Packet initialisation. In some place the pkt field was not set after a memset used to zero the structure and this could lead to some problems.	15 years ago
Anoop Saldanha	8e95884333	Use normal memcmp in ac. Improves perf	15 years ago
Martin Beyer	66d496c255	Added case sensitive unit test to util-mpm-ac	15 years ago
Anoop Saldanha	79b9eba0f0	fix case sensitive bug in ac	15 years ago
Victor Julien	1c7b7a01a6	Add option to set the syslog level for the alerts. Minor cleanups.	15 years ago
Gurvinder Singh	e5edc6e8e3	add the support to log the fast.log alerts type to syslog	15 years ago
Victor Julien	d424ac7c61	Fix nfq lockup due to improper handling of PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c9f9e3f9a4	Add configure check for signed or unsigned nfq_get_payload, adapt code.	15 years ago
Eric Leblond	aedb61b7d2	affinity: lock get next cpu function The function getting next CPU to use need to be locked as init of the threads are done concurrently.	15 years ago
Eric Leblond	0b5e5b8772	affinity: change config format and misc fixes This patch fixes some problem with affinity work and modify the configuration file format. For example, the detect cup set can be formatted as follow: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus prio: low: [ 0 ] # threads on CPU 0 have low prio medium: [ "1-2" ] # threads on CPU 1 and 2 have medium prio high: [ 3 ] # threads on CPU 3 have high prio default: "medium" #default priority is "medium"	15 years ago
Eric Leblond	c74116949c	source-nfq: improve nfq option system This patch modifies the NFQ option system to avoid implicit choice. 'nfq.mode' is now a string which can take a value in the 'accept', 'repeat' and 'route' set. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	94596ff282	source-nfq: add queue redirect support This patch adds the support of queue redirect. If 'next_queue' variable is set, the verdict sent to kernel is modified to contain the indication of a queue number (equal to 'next_queue') which will receive the packet after the verdict. This feature can be used to chain easily tools using NFQUEUE. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	aded7b4fae	source-nfq: add detection of already treated packet. This patch adds detection of already treated packet. If a packet is coming with an already set mark, it will be accepted and the processing of the packet is aborted. The patch display a message when the problem occurs but the number of message is limited to a fix counter in a way to avoid flooding the log. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	e399e74fc1	source-nfq: Factorize buffer usage A big sized buffer was allocated at each packet parsing. This patch uses a per-thread variable to have a persistent memory usage. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1e600c1054	source-nfq: add simulated non-terminal NFQUEUE verdict This patch adds a new mode for NFQ inline mode. The idea is to simulate a non final NFQUEUE rules. This permit to do send all needed packets to suricata via a simple FORWARD rule: iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE And below, we have a standard filtering ruleset. To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and put a mark ($MARK) with respect to a mask ($MASK) on the handled packet. NF_REPEAT verdict has for effect to have the packet reinjected at start of the hook after the verdict. As it has been marked by suricata during the verdict it will not rematch the initial rules and make his way to the following classical ruleset. Mode, mark and mask can be configured via suricata.yaml file with the following syntax: nfq: repeat_mode: (false\|true) mark: $MARK mask: $MASK Default is false to preserve backward compatibility. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	72ec56ab23	source-nfq: autodetection of queue max length function Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	8330747234	Add multi queue support to NFQ run mode This patch adds support for multiple Netfilter queue in the NFQ run mode. Suricata can now be started on multiple queue by using a comma separated list of queue identifier on the command line. The following syntax: suricata -q 0 -q 1 -c /opt/suricata/etc/suricata.yaml will start a suricata listening to Netfilter queue 0 and 1. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1375e90030	Prepare multi queue support in NFQ This patch prepare support for multiqueue in the source file. The NFQ vars contained in Packet structure has a new member. It is a reference to the NFQ thread var it comes from. The behaviour is modified as a single verdict thread treat packet for all Netfilter queues. Locking is done in the verdict function to ensure that simultaneous modifications of counters can not occur. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	d0faa6c96e	Fix some spacing. This trivial patch fixes some indentation problems. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	88fb3a641e	Delete some commented code in runmodes This patch simply suppress some commented code in runmodes.c. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	f9e453e14c	affinity: Use configured 'threads' value if set This patch modifies runmodes to make them use the new 'threads' variable. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	fb3641982f	affinity: 'threads' param to configure threads number This patch adds a new parameter the affinity. The 'threads' keyword is used to set the number of threads to start for a family. It can only be used on family where multiple thread are laucnh in the running mode. This is mainly the case of the detect threads. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	789d46cc3c	Add per-cpu prio handling This patch updates affinity setting to add a support for per cpu priority setting. In exclusive mode a thread is dedicated to a CPU. This patch adds the ability to set the thread prio for all threads of a family running on a given CPU. With this patch we can write - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] medium_prio: [ "1-2" ] high_prio: [ 3 ] With this configuration, detect threads assigned to cpu 0 will have a low priority. Detect threads on cpus 1 and 2 will have prio medium... The previous configuration is equivalent to: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] high_prio: [ 3 ] prio: "medium" because the prio value is used a default. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	a11e40dedf	Pcapfile mode: support for cpu affinity settings This patch adds support for cpu affinity setting in the pcapfile runmode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	9d5f08e0d9	Pcap mode: use CPU affinity setting This patch adds support for CPU affinity settings in pcap mode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	51df6beb26	Convert RunModeIpsNFQAuto to new affinity mode. The default NFQ run mode is now using the new affinity system. It thus can be configured via suricata.yaml. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	ea566d6601	Handle management thread with corresponding affinity This patch implement the setting of each management threads in the corresponding thread affinity. This is done by modifiying thread creation function. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	0809deafc4	Implement function needed for affinity in tm-threads This patch features the implementation of affinity related changes in tm-threads. In place code has been used but some refactoring has been done to avoid code duplication. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	77f2b6a7a9	Make runmode parse affinity settings. This patch modifies runmode to parse configuration file related to affinity settings. It also prepare the export of the set_cpu_affinity which was previously local. It is now used in the affinity and tm-threads files. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	2011366429	Include affinity in runmodes and threadvars. This small patch add inclusion of util-affinity.h in the files that will have to use affinity related features. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	37ee483b75	Add affinity util function and related files This patch adds two new files which implement advanced affinity settings. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	96e3852191	source-nfq: add define of SOL_NETLINK Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Martin Beyer	396b750414	Fixed optional args in SCCudaModuleGetGlobal	15 years ago
Martin Beyer	5dc5d73a66	fixed NULL checks in util-cuda	15 years ago
Martin Beyer	0d4ac48aa0	added texture reference api to util-cuda	15 years ago
Victor Julien	d10cf5b4e3	Increase stream msg size.	15 years ago
Victor Julien	ec5b622553	Inspect all stream msgs at any time when running in stream-inline mode. Skip detection for packets flagged for dropping before detect.	15 years ago
Victor Julien	48c7f18453	Fix bug in the segment insert code causing an inconsistent segment list in some overlap conditions.	15 years ago
Victor Julien	929ce0bb9b	Add a counter to NFQ for modified packets.	15 years ago
Victor Julien	05539d7357	Fix a reassembly overlap issue. Fix a inline reassembly gap handling issue.	15 years ago
Victor Julien	00e4dde6a6	Fix PKT_STREAM_EOF never being set, resulting in some raw stream chunks never being inspected. Improve debug output.	15 years ago
Victor Julien	e92ab40d39	Fix compilation for non-DEBUG case.	15 years ago
Victor Julien	1dca88fe69	Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine.	15 years ago
Victor Julien	2db06cc79e	Improve Inline reassembly wrt to GAP handling. Add more tests.	15 years ago
Victor Julien	29e02abc94	Expand and fix stream unittest helpers.	15 years ago
Victor Julien	121e9c72aa	Add more debug printing of reassembled data into the app layer api.	15 years ago
Victor Julien	4c82c0e750	Improve RawInline reassembly: remove unnecessary segments from the stream in an earlier stage. Test this properly.	15 years ago
Victor Julien	668bd46c1c	Add flow prune debug counters (disabled by default).	15 years ago
Victor Julien	4bf4382354	Make sure tunnel packets (and pseudo packets) properly decrement the flow use counter in all cases.	15 years ago
Victor Julien	37587c0b7d	Add missing stream inline files.	15 years ago
Victor Julien	3a774165fa	Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly.	15 years ago
Victor Julien	abdffadc1c	Add a new app layer reassembly function that is for inline use, and use it when the stream engine is in inline mode.	15 years ago
Victor Julien	8cacd5fe50	Fix the stream.inline config option. Set PKT_STREAM_EST flag also for packets that are part of a session in a state beyond TCP_ESTABLISHED.	15 years ago
Victor Julien	a8bb98836b	Don't handle and validate the TCP timestamp at the same time. Instead validate first, then later when all other validation has been done as well, handle.	15 years ago
Victor Julien	8d3f9c53a9	Minor cleanups.	15 years ago
Victor Julien	bff70eed6d	Update to depth code. Get segment from the correct pool when a payload is truncated.	15 years ago
Victor Julien	66c40f782c	Have reassembly errors also set a stream event.	15 years ago
Victor Julien	0f072648e6	Another iteration of the reassembly depth enforcement, now considering retransmissions.	15 years ago
Victor Julien	935958219d	Rename RST validation function to match convention	15 years ago
Victor Julien	94fe0d5fa2	Add ACK validation to Reset/RST validation code.	15 years ago
Victor Julien	16cd31a408	Remove unused pseudo packet reassembly code.	15 years ago
Victor Julien	bf88a6de09	Add depth comment.	15 years ago
Victor Julien	a26768ce7a	Change the way the reassembly depth is enforced. Ignore retransmissions, get rid of per session counter.	15 years ago
Victor Julien	7af9c58af7	Improve ACK value validation, timestamp checking code. Overall layout.	15 years ago
Victor Julien	0f5b6a8bd7	Fix minor comment typo.	15 years ago
Victor Julien	aa04d9eefb	Improve stream gap handling. Instead of giving up as soon as we see a gap we now wait much longer before we decide it's a gap.	15 years ago
Victor Julien	6ffb9da9be	Better support ack/psh data packets on several states. Updates to ack validation code.	15 years ago
Victor Julien	6fca55e068	Add some debug output to app-layer-htp.	15 years ago
Victor Julien	25f5589078	First round of adding 'stream events'. Basic stream tracking events added.	15 years ago
Victor Julien	2849d2b1d3	Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data.	15 years ago
Victor Julien	3857154f4b	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	8b5f553a35	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	55a863359c	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	cc116d71ef	Fix unittests after merge.	15 years ago
Gurvinder Singh	2beb7af7f8	support for validating the ACK before updating the last_ack field and also update next_seq if we missed the last packet	15 years ago
Victor Julien	acc38c9ebf	Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c955254b4e	Adapt stream code to packet memory allocation changes.	15 years ago
Victor Julien	44e678b86b	Comment out disabled unittests.	15 years ago
Victor Julien	a622ad5047	Fix new unittests introduced by rebase with next branch.	15 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Victor Julien	fadd6d6361	Add pseudo packet counter.	15 years ago
Victor Julien	f606621e8c	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	b0901ab30d	Fix compilation with --enable-debug	15 years ago
Victor Julien	6482c34909	Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets.	15 years ago
Victor Julien	2072ad80af	Never create a pseudo packet based on a pseudo packet.	15 years ago
Victor Julien	61a9936d55	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	00f21f34e8	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	8fa5a2c025	Split applayer and raw stream reassembly Split stream reassembly in 2 parts: a part that sends ack'd data to the app layer parsers as soon as it's available, and another part that queues up data into larger chunks for raw inspection.	15 years ago
Victor Julien	dda6d3e07b	Add error counters.	15 years ago
Victor Julien	3b239b3e48	Cleanup and document AppLayerHandleTCPData	15 years ago
Victor Julien	fe6bf728d3	Create a AppLayerHandleTCPData function to directly feed data from the reassembly engine to the app layer parsing.	15 years ago
Victor Julien	b5a5ef14b9	Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple.	15 years ago
Victor Julien	24f071cabb	Make sure http_cookie inspects all HTTP transactions. Clean up error messages. Get rid of unused code and dead comments.	15 years ago
Anoop Saldanha	c9897a44a4	fast pattern support for http_cookie. Also support relative modifiers	15 years ago
Anoop Saldanha	bbbedaf963	fast pattern support for http_method. Also support relative modifiers	15 years ago
Anoop Saldanha	2321a4dd58	support isdataat negation. Also fix addiing isdataat to appropriate lists	15 years ago
Victor Julien	4ae7144876	Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly.	15 years ago
Eric Leblond	9c2bdc6d0c	Main loop: increase timer. Timer in the main loop was of 100 usec. This patch increases it to 10 ms which should be a reasonnable delay to declare some threads dead. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	89558ab9a4	RFC: modify error treatment in PacketCopyData Hello Victor This patch modifies error treatment following our discussion on IRC. It tries to follow the error treatment guideline I've been able to read in the different files. I will merge this patch in the original commit if the error treatment seems ok for you. BR, Eric	15 years ago
Eric Leblond	49adc264bc	Don't print message after SCMalloc failure. This patch generated via coccinelle is getting rid of logging message after a SCMalloc failure. They were useless as SCMalloc already displays a message.	15 years ago
Eric Leblond	67b95c8c4d	Auto discovery of default packet size If default-packet-size is not set, it is possible in some case to guess a correct value. If PCAP or PF_RING are used we are linked to a "physical" interface. Thus, it is possible to get information about the link MTU and hardware header size. This give us the ability to auto discover a decent default-packet-size. If suricata is running under a different running-mode, it will default to 1514.	15 years ago
Eric Leblond	3eada85ff8	Add interface setting discovery via ioctl This patch adds support for MTU discovery of link following idea of go.ph1g. It also adds some function to give a approximation of link header length.	15 years ago
Eric Leblond	1db4aadd16	Supress usage of Packet declaration in tests. For convenience, a massive usage of 'Packet p;' declaration has been done in the tests function. Although this was completely legal, this is not possible anymore because of the new Packet allocation structure. This massive patch modifies all suricata files to use a SCMalloc allocated pointer to Packet instead. This patch has been done using coccinelle (http://coccinelle.lip6.fr) which is a semantic patching tool. This ensures that things like call to SCFree() should have not been forget because the semantic patch explicitly forces the call to SCFree(p) before each return. With this patch all unittests are running fine with a small and a big default packet size.	15 years ago
Eric Leblond	156b202597	Fix decode part of source-nfq	15 years ago
Eric Leblond	dd038c1906	Modify files to avoid direct pckt payload access This patch implements the needed modification of payload access in a Packet structure to support the abstraction introduced by the extended data system.	15 years ago
Eric Leblond	e802e1ed16	Modify Packet structure and prepare accessor. This patch modifies decode.c and decode.h to avoid the usage by default of a bigger than 65535 bytes array in Packet structure. The idea is that the packet are mainly under 1514 bytes size and a bigger size must be supported but should not be the default. If the packet length is bigger than DFLT_PACKET_SIZE then the data are stored in a dynamically allocated part of the memory. To ease the modification of the rest of the code, functions to access and set the payload/length in a Packet have been introduced. The default packet size can be set at runtime via the default-packet-size configuration variable.	15 years ago
Eric Leblond	8471626916	Fix error message and adds information to config This patch fixes a typo in an error message and add some information to the checksum verification option.	15 years ago
Anoop Saldanha	6fc5dae2f9	fix leak for accepted uuid list in dcerpc state	15 years ago
Victor Julien	3409513a44	Fix FlowTest* unittests to fail sometimes.	15 years ago
Eric Leblond	a69bb94335	Checksum match: fix logic problem This patch fixes a logic error in the checksum matches. In case the protocol is not the one tested, the test must return 0 and not 1 (test matched). Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	878d3d87db	Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported.	15 years ago
Victor Julien	18b4e3380f	Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code.	15 years ago
Victor Julien	6131dec8a1	Fix a compiler warning due to a broken prototype declaration.	15 years ago
Victor Julien	e3bde3e95d	Add a simple revision based on the git rev to the version number, like a build number.	15 years ago
Eric Leblond	56c95bf622	Convert thread PRIO to a enum This patch converts thread prio value to an enum. This can add some useful check by gcc in switch. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	62cf7eea4c	util-cpu: fix trivial typo in documentation This patch fixes a trivial typo in a documentation message. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	ffcd512167	Clean up packet pool handler on shutdown.	15 years ago
Victor Julien	b24ccf8c80	Clean up stream pmqs in the detect thread ctx.	15 years ago
Victor Julien	3710296057	Cleanup defrag engine on shutdown.	15 years ago
Anoop Saldanha	9c9f3ec963	fix mem leak in http_ engines	15 years ago
Victor Julien	0057a7c15e	Suppress a AC debug message.	15 years ago
Victor Julien	d48ff8f6aa	Extend 'append' option to stats.log as well. Small cleanups.	15 years ago
Gurvinder Singh	f4392e1dcc	added support for appending the log files	15 years ago
Pierre Chifflier	de41612ea1	Add options to choose if we log header and content in Prelude alert module. Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>	15 years ago
Pierre Chifflier	9a53a09c58	Log verdict in Prelude alert module Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>	15 years ago
Eric Leblond	f73c60b4ff	nfq: set some options on netlink socket This patch modify nfq system to set some options on the netlink socket. This should improve performances by handling more correctly capacity overrun.	15 years ago
Victor Julien	96ec2a76c6	Update version to 1.1beta1	15 years ago
Victor Julien	014f62247a	Another batch of clang fixes. Nothing really serious. Includes a couple of fixes for broken fixes from yesterday.	15 years ago
Victor Julien	cac95010f3	Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly.	15 years ago
Victor Julien	3f47eade6b	Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang.	15 years ago
Victor Julien	7dc4b164a8	Fix a clang warning in unittest DetectUriSigTest12.	15 years ago
Victor Julien	2c6f9abaff	Work around a suspected fp in clang.	15 years ago
Victor Julien	ac97bb7799	Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init.	15 years ago
Victor Julien	b600c9ac09	Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6.	15 years ago
Victor Julien	1112e103a8	Disable DBG_PERF by default except for when DEBUG is enabled.	15 years ago
Victor Julien	6af30e5b2e	Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error.	15 years ago
Victor Julien	743ed7626c	Fix potential null deref (introduced a few commits ago) found by clang.	15 years ago
Victor Julien	3d60e9bfeb	Clean up output.	15 years ago
Victor Julien	3fcfaef9f7	Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well.	15 years ago
Gurvinder Singh	791d177c7f	fixed the timestamp issue in http.log	15 years ago
Victor Julien	355f237bfd	Fix compiler warnings, cleanup counters config code.	15 years ago
Gurvinder Singh	ba18110abd	support for stats.log configurable and fixed timezone issue in faslog and debuglog	15 years ago
Anoop Saldanha	58c228a56b	fix sig ordering bugs. Flowvars and pktvars user type retrieval should be from pmatch list, as well as from match list. Also fix lousy unit tests	15 years ago
Victor Julien	c64b9362cf	Remove unused stream flag.	15 years ago
Victor Julien	4cacb1e970	Disable adding to unregistered mbit/s counter.	15 years ago
Anoop Saldanha	dc2c8be583	always read config.h header file first	15 years ago
Victor Julien	40de0b0270	Have each output use the global log format if none is specified for that specific output.	15 years ago
Anoop Saldanha	d241e51b32	adapt fast pattern engine analysis to reflect the new changes made to your mpm design	15 years ago
Anoop Saldanha	54854d74c1	add some header files that we missed while rebasing	15 years ago
Anoop Saldanha	05adf2de41	fix live runmode decode TM for cuda	15 years ago
Anoop Saldanha	42c1287028	renintroduce g_u8_lowercase_table for b2g cuda	15 years ago
Anoop Saldanha	1fb121d0ba	wrap cuda based util-mpm.c tests in __SC_CUDA_SUPPORT__ ifdef	15 years ago
Martin Beyer	b1c577f829	cuda streams support in b2g-cuda MPM	15 years ago
Martin Beyer	0ce86efe40	cuda handlers support multiple CUmodules per context	15 years ago
Martin Beyer	621815ded0	cuda-packet-batcher timeout supports float values	15 years ago
Anoop Saldanha	7dd2392dea	updated cuda todos. Please look at cuda-packet-batcher.c to have a look at the new todos	15 years ago
Anoop Saldanha	c734cd1bdd	make cuda mpm parameters configurable	15 years ago
Anoop Saldanha	2c08aebec1	enable write combined memory for cuda mpm. Some other minor cleanup	15 years ago
Martin Beyer	8adff3c63c	use of pagelocked memory for CUDA	15 years ago
Victor Julien	0e8e8e3728	Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing.	15 years ago
Victor Julien	b7a5f16b69	Fix FlowBitsTestSig06 test no longer working properly.	15 years ago
Victor Julien	39dea56a84	Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check.	15 years ago
Victor Julien	6943a7eb8c	Move updating the time from the pcap callback to the decoding stage in file mode.	15 years ago
Anoop Saldanha	ceb7fd748e	support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine	15 years ago
Victor Julien	16e4e3fe50	Fix request-body-limit option for libhtp config.	15 years ago
Victor Julien	39a5348d2b	Remove dead pcre code.	15 years ago
Victor Julien	6ebe7b7cd3	Change the way the request body limit is enforced.	15 years ago
Victor Julien	0cd2bce7da	Manually add unittest by Pablo Rincon from bug #210 .	15 years ago
Anoop Saldanha	8bd6a38318	support relative pcre for http header. All pcre processing for http header moved to hhd engine	15 years ago
Anoop Saldanha	2b781f00d7	support relative pcre for client body. All pcre processing for client body moved to hcbd engine	15 years ago
Victor Julien	0a58f0728a	Remove redundant checks in http header and http client body code.	15 years ago
Anoop Saldanha	8c21511c99	don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage	15 years ago
Victor Julien	2422c7471a	Reduce number of locks required for http_header and http_client_body inspection.	15 years ago
Victor Julien	55ca988222	Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere.	15 years ago
Victor Julien	435d0fb327	Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering.	15 years ago
Victor Julien	169aa5581a	Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose.	15 years ago
Victor Julien	d7b92d9bfe	Consolidate several signature flags into one.	15 years ago
Victor Julien	2102a54c26	Cleanup and rearrange detection code slightly.	15 years ago
Anoop Saldanha	25588b6910	comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri\|hcbd\|hhd\|hrhd mpms. indentation fix as well	15 years ago

... 6 7 8 9 10 ...

2371 Commits (818656524003c4501401709aecffb19c28ca588c)