Commit Graph

1926 Commits (b233105cc251cfafe59262d1bc0adca75bca8387)
 

Author SHA1 Message Date
Victor Julien b233105cc2 Fix a issue in stream reassembly causing the segment list getting into a inconsistent state. 15 years ago
Eric Leblond 4e9231266a Compilation fix for OpenBSD and win32.
This patch fixes compilation on OpenBSD platform. It is running
fine on a pcap file. The patch should also fix compilation on
WIN32 platform but this is not tested.
15 years ago
Victor Julien a8db8b334b Remove debug stream testing code from non-debug builds. 15 years ago
Victor Julien 477bc1d050 Set DROP flag on a packet in addition to the REJECT flags. This makes sure we not only send a reject, but also drop the offending packet. Closes #248. 15 years ago
Pablo Rincon fb5fb3ab3f IPOnly module fix for building stage. Radix Tree fix inserting diferent netmask user datas 15 years ago
Pablo Rincon 35c168ab03 Fix CPU_* macros for Mac OS X 15 years ago
Eric Leblond 91213d5ec8 Add option to run_check script
If given an argument run_check.sh will test this file against
the cocci patches.
15 years ago
Eric Leblond 0cf05856d0 Fix Packet usage.
This patch suppresses remaining direct access to pkt and pktlen in the
Packet structure.
15 years ago
Eric Leblond 12369b4393 Coccinelle: test invalid Packet usage
This coccinelle patches is checking that there is no direct
use of p->pkt or p->pktlen in the code. This variable must be
acceded via GET_PKT_* macros.
15 years ago
Victor Julien cec7ece697 Don't print drop log on pseudo packet. 15 years ago
Victor Julien 1ace091bd4 Minor drop log cleanups. 15 years ago
Gurvinder Singh 7d0781b349 added support to log dropped packet as netfilter logs while in inline mode 15 years ago
Victor Julien 1681705e62 Don't print errors/warnings based on malformed traffic. 15 years ago
Anoop Saldanha 9845718138 fix detect-ssl-version.c unittests to accomodate new changes 15 years ago
Anoop Saldanha 95f9f2c28d minor indentation changes 15 years ago
Gurvinder Singh 8f8b1212af support for ssl_version keyword 15 years ago
Eric Leblond a8417377e7 Don't use direct pkt access
pkt field in Packet needs to be accessed via macro. This
patch supress some direct access.
15 years ago
Victor Julien addab7b5ee Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection. 15 years ago
Victor Julien a2465ffc1c Fix FreeBSD's compilation of the new affinity code. 15 years ago
Victor Julien b963890de1 Reenable SSE3 memcmp and switch AC memcmp to use the SCMemcmp wrapper. 15 years ago
Victor Julien 6f58ef13c4 Improve error cleanup in output function. Thanks to iswalker. 15 years ago
Eric Leblond 183af9ada5 Replace malloc by SCMalloc in util-mpm-ac 15 years ago
Eric Leblond c732351077 Replace free and malloc by SC functions. 15 years ago
Victor Julien 35b938a8db Don't pass config to unittests run in make check. 15 years ago
Eric Leblond 0044bb221b Add suricata unittests to 'make check'
This patch adds a run of suricata's unittests to 'make check'
15 years ago
Eric Leblond 7c841e1d7c Add coccinelle check to 'make check'
This patch adds coccinelle checking to the autotools
'make check'.
15 years ago
Eric Leblond d151314b4d Import coccinelle test
This is a import of two coccinelle patches that detect problem
on Packet handling. They are run on all commited C files in src
by the script run_check.sh.
15 years ago
Eric Leblond 66a15e2d6d Fix some Packet initialisation.
This patch fixes Packet initialisation. In some place the pkt field
was not set after a memset used to zero the structure and this could
lead to some problems.
15 years ago
Anoop Saldanha 8e95884333 Use normal memcmp in ac. Improves perf 15 years ago
Martin Beyer 66d496c255 Added case sensitive unit test to util-mpm-ac 15 years ago
Anoop Saldanha 79b9eba0f0 fix case sensitive bug in ac 15 years ago
Victor Julien 1c7b7a01a6 Add option to set the syslog level for the alerts. Minor cleanups. 15 years ago
Gurvinder Singh e5edc6e8e3 add the support to log the fast.log alerts type to syslog 15 years ago
Victor Julien d424ac7c61 Fix nfq lockup due to improper handling of PKT_PSEUDO_STREAM_END packets. 15 years ago
Victor Julien c9f9e3f9a4 Add configure check for signed or unsigned nfq_get_payload, adapt code. 15 years ago
Eric Leblond aedb61b7d2 affinity: lock get next cpu function
The function getting next CPU to use need to be locked as init of
the threads are done concurrently.
15 years ago
Eric Leblond 0b5e5b8772 affinity: change config format and misc fixes
This patch fixes some problem with affinity work and modify the
configuration file format.

For example, the detect cup set can be formatted as follow:
     - detect_cpu_set:
        cpu: [ "all" ]
        mode: "exclusive" # run detect threads in these cpus
        prio:
          low: [ 0 ] # threads on CPU 0 have low prio
          medium: [ "1-2" ] # threads on CPU 1 and 2 have medium prio
          high: [ 3 ] # threads on CPU 3 have high prio
          default: "medium" #default priority is "medium"
15 years ago
Eric Leblond 2600d203cc Fix typo in configure.in
Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond c74116949c source-nfq: improve nfq option system
This patch modifies the NFQ option system to avoid implicit
choice. 'nfq.mode' is now a string which can take a value
in the 'accept', 'repeat' and 'route' set.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 94596ff282 source-nfq: add queue redirect support
This patch adds the support of queue redirect. If 'next_queue'
variable is set, the verdict sent to kernel is modified to contain
the indication of a queue number (equal to 'next_queue') which will
receive the packet after the verdict. This feature can be used to
chain easily tools using NFQUEUE.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond aded7b4fae source-nfq: add detection of already treated packet.
This patch adds detection of already treated packet. If a packet is
coming with an already set mark, it will be accepted and the processing
of the packet is aborted.
The patch display a message when the problem occurs but the number of
message is limited to a fix counter in a way to avoid flooding the log.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond e399e74fc1 source-nfq: Factorize buffer usage
A big sized buffer was allocated at each packet parsing. This patch
uses a per-thread variable to have a persistent memory usage.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 1e600c1054 source-nfq: add simulated non-terminal NFQUEUE verdict
This patch adds a new mode for NFQ inline mode. The idea is to
simulate a non final NFQUEUE rules.
This permit to do send all needed packets to suricata via a simple
FORWARD rule:
    iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE
And below, we have a standard filtering ruleset.

To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and
put a mark ($MARK) with respect to a mask ($MASK) on the handled packet.

NF_REPEAT verdict has for effect to have the packet reinjected at start
of the hook after the verdict. As it has been marked by suricata during
the verdict it will not rematch the initial rules and make his way to
the following classical ruleset.

Mode, mark and mask can be configured via suricata.yaml file with the
following syntax:
   nfq:
     repeat_mode: (false|true)
     mark: $MARK
     mask: $MASK
Default is false to preserve backward compatibility.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 72ec56ab23 source-nfq: autodetection of queue max length function
Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 3825ca2ed8 config.h.in is an autogenerated file
It thus should not be put into the repository.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 8330747234 Add multi queue support to NFQ run mode
This patch adds support for multiple Netfilter queue
in the NFQ run mode. Suricata can now be started on
multiple queue by using a comma separated list of
queue identifier on the command line. The following syntax:
	suricata -q 0 -q 1 -c /opt/suricata/etc/suricata.yaml
will start a suricata listening to Netfilter queue 0 and 1.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 1375e90030 Prepare multi queue support in NFQ
This patch prepare support for multiqueue in the
source file. The NFQ vars contained in Packet structure
has a new member. It is a reference to the NFQ thread var
it comes from. The behaviour is modified as a single verdict
thread treat packet for all Netfilter queues.

Locking is done in the verdict function to ensure that
simultaneous modifications of counters can not occur.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond d0faa6c96e Fix some spacing.
This trivial patch fixes some indentation problems.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 88fb3a641e Delete some commented code in runmodes
This patch simply suppress some commented code in runmodes.c.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond f9e453e14c affinity: Use configured 'threads' value if set
This patch modifies runmodes to make them use the new 'threads'
variable.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago