Commit Graph

3248 Commits (a34f91358dab52ae8093459d3aa9f14cd5fd41f2)
 

Author SHA1 Message Date
Eric Leblond cb1a75fc9e TLS parser: modify OCTETSTRING
This patch does on over allocation of 1 for the OCTETSTRING
to be able to add a 0 at the end. This will then
allow us to use the string in printf.
14 years ago
Pierre Chifflier 5a65a17f00 TLS parser: add handing of UTF8STRING
Some certificate contains UTF8STRING which is a subset of
OCTETSTRING. This patch adds support for this type of string.
14 years ago
Pierre Chifflier 6c2c6cffac TLS keywords: fix match regex (remove extra space) 14 years ago
Pierre Chifflier 8457ce3b11 TLS app layer: rewrite decoder to handle multiple messages in records
Since we now parse the content of the TLS messages, we need to handle
the case multiple messages are shipped in a single TLS record, and
taking care of the multiple levels of fragmentation (message, record,
and TCP).
Additionally, fix a bug where the parser state was not reset after an
empty record.
14 years ago
Pierre Chifflier 4bb5e2a79d TLS app layer: fix number of bytes processed on SERVER_CERTIFICATE message.
Change the function to return the number of bytes processed, and fix a bug
where the input buffer was wrong.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Eric Leblond 38c213cb84 tls app layer: add missing free
issuerdn was not freed at exit.
14 years ago
Eric Leblond fce2437dc2 tls app layer: handle negation on subject and issuerdn.
This patch adds negation support for tls.subject and tls.issuerdn
matches.
14 years ago
Eric Leblond ad0e05a112 TLS app layer: Add tls.issuerdn keyword. 14 years ago
Eric Leblond afba81bb27 decode ASN.1: Factorize value reading
This patch factorizes the reading of integer value and fix some
indentation. By convention, a value of 0xffffffff is returned
if the size of the integer is too big. In this case, the hexadecimal
value (which is also read) must be used.
14 years ago
Pierre Chifflier 53e5421a24 TLS handshake: get TLS ciphersuite and compression
Decode the SERVER_HELLO message to extract the ciphersuite and compression
chosen by the server.

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Pierre Chifflier 4be65fd016 TLS handshake: decode the SERVER_CERTIFICATE message
Add a decoder for the SERVER_CERTIFICATE during a TLS handshake, extracts the
certificates and keep the subject name.
Add the tls.subject keyword for substring match in rules (TLS layer).

Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Pierre Chifflier f77fcdb3e8 Add ASN.1 parser for X509 certificates (in DER format)
Signed-off-by: Pierre Chifflier <pierre.chifflier@ssi.gouv.fr>
14 years ago
Victor Julien 0b3f6c464a Make list-app-layer-protos option name match the help explanation. Make sure it works w/o passing a config. 14 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 14 years ago
Anoop Saldanha 7511fa67cd Add BUG_ON to avoid overruning AppLayerDetectDirection map array 14 years ago
Eileen Donlon 9376967e65 reject rules with duplicate content modifiers
reject rules that have multiple depths, offsets, distances, fast_patterns, nocases, or rawbytes for the same content.
14 years ago
Eileen Donlon 0bb4ff34b8 added null checks for init_hash to all ac mpms 14 years ago
Eileen Donlon 617edf469c reject http_client_body with inconsistent flow dir
reject http_client_body with flow: to_client or from_server
14 years ago
Victor Julien feff6f7705 Clean up error message. 14 years ago
Eileen Donlon 85c364da09 disallow-use-of-configuration-file-with-unittests 14 years ago
Victor Julien d908e707d7 profiling: add per lock location profiling
Add profiling per lock location in the code. Accounts how often a
lock is requested, how often it was contended, the max number of
ticks spent waiting for it, avg number of ticks waiting for it and
the total ticks for that location.

Added a new configure flag --enable-profiling-locks to enable this
feature.
14 years ago
Victor Julien 41e9dba20b Profile pcap file callback. 14 years ago
Victor Julien ff8755af5c Make sure stream debug code is only used in debug mode. 14 years ago
Victor Julien 9696902b68 Small http.log improvement: bail out early if there is nothing to log. Make output locking more fine grained. 14 years ago
Victor Julien e581ec7dff Fix 2 compilation issues. 14 years ago
Victor Julien c0a2cbd478 Move over src and dst thresholding to use host table. Fix a bug in threshold 'both' handling. 14 years ago
Victor Julien a05df345de Introduce host table, make tag use it
Add a host table similar to the flow table. A hash using fine grained
locking. Flow manager for now takes care of book keeping / garbage
collecting.

Tag subsystem now uses this for host based tagging instead of the
global tag hash table. Because the latter used a global lock and the
new code uses very fine grained locking this patch should improve
scalability.
14 years ago
Victor Julien db24258acf Undo changes from 88b8f15663. Atomic stack implementation had a-b-a problem. 14 years ago
Victor Julien 88b8f15663 Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code. 14 years ago
Victor Julien 4a186bcf1d Fix invalid declaration of enable_nss and enable_nspr in configure.in. 14 years ago
Victor Julien 979edf0b97 Add way to profile mutex/spin locks per thread module. 14 years ago
Victor Julien fddaca6e8b Implement stream memcap enforcements using atomics instead of spinlocked counters. 14 years ago
Victor Julien d72b82fae0 Misc fixes. 14 years ago
Victor Julien 8448333bdd Remove trailing zero's from some counters output. 14 years ago
Victor Julien 0150e66ede flow engine: improve scalability
Major redesign of the flow engine. Remove the flow queues that turned
out to be major choke points when using many threads. Flow manager now
walks the hash table directly. Simplify the way we get a new flow in
case of emergency.
14 years ago
Victor Julien da5087a0c0 Fix broken unittest. 14 years ago
Eileen Donlon aae7ea5e67 add null checks to fix bugs in StreamTcpTest23 14 years ago
Eileen Donlon 1a46d7a53a fix more invalid content unittests
fix invalid unittests with mixed relative and non-relative content modifiers and other issues; DetectContentParse19 still contains some failing dce_stub tests which are commented out.
14 years ago
Eileen Donlon 9b2bd9280a fix invalid unittests with mixed content modifiers
Fixed some unittests that were incorrectly mixing relative and non-relative content modifiers.
14 years ago
Eileen Donlon 0bcbd23343 reject mixed relative and non-relative keywords
reject signatures using relative and non-relative positional keywords for the same content (depth or offset with distance or within)
14 years ago
Eileen Donlon 0b09416a48 reject invalid combinations of pcre modifiers
don't allow /B with normalized buffers, and don't mix modifiers for normalized and raw buffers
14 years ago
Victor Julien 89cee0ad49 Add libnss/libnspr support output to configure. Clean up configure.in. 14 years ago
Victor Julien 8350fdd9be Do not assume the include dir for nss to be nss. On F16 it's nss3. 14 years ago
Victor Julien 90422c9f5e Do not assume the include dir for nspr to be nspr. On F16 it's nspr4. 14 years ago
Victor Julien 705417434b Fix json output typo. 14 years ago
Victor Julien fe9258f0fb Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness. 14 years ago
Victor Julien 6019ae3dcb Fix minor memleak in case af-packet init fails. 14 years ago
Victor Julien 385f1dcd25 Fix UTHBuildFlow setup using wrong address. 14 years ago
Victor Julien e3935a2af2 Improve http filename parsing. 14 years ago
Victor Julien e237841a8e Fix compilation with profiling enabled. Minor unittest fixes. 14 years ago