aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,985 Commits
7 Branches
155 Tags
200 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b8cf50678f'
${ noResults }
Commit Graph

1878 Commits (b8cf50678fc3bdc932bff13886bbfd1b8ebb0643)

Author SHA1 Message Date
Gurvinder Singh f4392e1dcc added support for appending the log files 14 years ago
Pierre Chifflier de41612ea1 Add options to choose if we log header and content in Prelude alert module. 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 14 years ago
Pierre Chifflier 9a53a09c58 Log verdict in Prelude alert module 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 14 years ago
Eric Leblond f73c60b4ff nfq: set some options on netlink socket 
This patch modify nfq system to set some options on the netlink socket.
This should improve performances by handling more correctly capacity
overrun.
 14 years ago
Victor Julien 96ec2a76c6 Update version to 1.1beta1 14 years ago
Victor Julien 014f62247a Another batch of clang fixes. Nothing really serious. Includes a couple of fixes for broken fixes from yesterday. 14 years ago
Victor Julien cac95010f3 Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly. 14 years ago
Victor Julien 3f47eade6b Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang. 14 years ago
Victor Julien 7dc4b164a8 Fix a clang warning in unittest DetectUriSigTest12. 14 years ago
Victor Julien 2c6f9abaff Work around a suspected fp in clang. 14 years ago
Victor Julien ac97bb7799 Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init. 14 years ago
Victor Julien b600c9ac09 Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6. 14 years ago
Victor Julien 1112e103a8 Disable DBG_PERF by default except for when DEBUG is enabled. 14 years ago
Victor Julien 6af30e5b2e Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error. 14 years ago
Victor Julien 743ed7626c Fix potential null deref (introduced a few commits ago) found by clang. 14 years ago
Victor Julien 3d60e9bfeb Clean up output. 14 years ago
Victor Julien 3fcfaef9f7 Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well. 14 years ago
Gurvinder Singh 791d177c7f fixed the timestamp issue in http.log 14 years ago
Victor Julien 355f237bfd Fix compiler warnings, cleanup counters config code. 14 years ago
Gurvinder Singh ba18110abd support for stats.log configurable and fixed timezone issue in faslog and debuglog 14 years ago
Anoop Saldanha 58c228a56b fix sig ordering bugs. Flowvars and pktvars user type retrieval should be from pmatch list, as well as from match list. Also fix lousy unit tests 14 years ago
Victor Julien c64b9362cf Remove unused stream flag. 14 years ago
Victor Julien 4cacb1e970 Disable adding to unregistered mbit/s counter. 14 years ago
Anoop Saldanha dc2c8be583 always read config.h header file first 14 years ago
Victor Julien 40de0b0270 Have each output use the global log format if none is specified for that specific output. 14 years ago
Anoop Saldanha d241e51b32 adapt fast pattern engine analysis to reflect the new changes made to your mpm design 14 years ago
Anoop Saldanha 54854d74c1 add some header files that we missed while rebasing 14 years ago
Anoop Saldanha 05adf2de41 fix live runmode decode TM for cuda 14 years ago
Anoop Saldanha 42c1287028 renintroduce g_u8_lowercase_table for b2g cuda 14 years ago
Anoop Saldanha 1fb121d0ba wrap cuda based util-mpm.c tests in __SC_CUDA_SUPPORT__ ifdef 14 years ago
Martin Beyer b1c577f829 cuda streams support in b2g-cuda MPM 14 years ago
Martin Beyer 0ce86efe40 cuda handlers support multiple CUmodules per context 14 years ago
Martin Beyer 621815ded0 cuda-packet-batcher timeout supports float values 14 years ago
Anoop Saldanha 7dd2392dea updated cuda todos. Please look at cuda-packet-batcher.c to have a look at the new todos 14 years ago
Anoop Saldanha c734cd1bdd make cuda mpm parameters configurable 14 years ago
Anoop Saldanha 2c08aebec1 enable write combined memory for cuda mpm. Some other minor cleanup 14 years ago
Martin Beyer 8adff3c63c use of pagelocked memory for CUDA 14 years ago
Victor Julien 0e8e8e3728 Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing. 14 years ago
Victor Julien b7a5f16b69 Fix FlowBitsTestSig06 test no longer working properly. 14 years ago
Victor Julien 39dea56a84 Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check. 14 years ago
Victor Julien 6943a7eb8c Move updating the time from the pcap callback to the decoding stage in file mode. 14 years ago
Anoop Saldanha ceb7fd748e support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine 14 years ago
Victor Julien 16e4e3fe50 Fix request-body-limit option for libhtp config. 14 years ago
Victor Julien 39a5348d2b Remove dead pcre code. 14 years ago
Victor Julien 6ebe7b7cd3 Change the way the request body limit is enforced. 14 years ago
Victor Julien 0cd2bce7da Manually add unittest by Pablo Rincon from bug #210. 14 years ago
Anoop Saldanha 8bd6a38318 support relative pcre for http header. All pcre processing for http header moved to hhd engine 14 years ago
Anoop Saldanha 2b781f00d7 support relative pcre for client body. All pcre processing for client body moved to hcbd engine 14 years ago
Victor Julien 0a58f0728a Remove redundant checks in http header and http client body code. 14 years ago
Anoop Saldanha 8c21511c99 don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage 14 years ago
Victor Julien 2422c7471a Reduce number of locks required for http_header and http_client_body inspection. 14 years ago
Victor Julien 55ca988222 Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere. 14 years ago
Victor Julien 435d0fb327 Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering. 14 years ago
Victor Julien 169aa5581a Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose. 14 years ago
Victor Julien d7b92d9bfe Consolidate several signature flags into one. 14 years ago
Victor Julien 2102a54c26 Cleanup and rearrange detection code slightly. 14 years ago
Anoop Saldanha 25588b6910 comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well 14 years ago
Anoop Saldanha e50503e820 cleanup/remove dead code 14 years ago
Anoop Saldanha 93fa7ea828 modify detection engine to run hrhd mpm before building the match array 14 years ago
Anoop Saldanha ea3fd38291 fix lock issue with mpms inspecting http state for body, header 14 years ago
Anoop Saldanha b140ed1c9c modify detection engine to run hhd mpm before building the match array 14 years ago
Anoop Saldanha 4e273f2c8b modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set 14 years ago
Anoop Saldanha 72b0fcf419 modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set 14 years ago
Anoop Saldanha 6648d1faf0 allow sigs for http uri of the form content:one; content:two; distance:0; http_[raw_]header; 14 years ago
Anoop Saldanha 8f1d17846f allow sigs for http uri of the form content:one; content:two; distance:0; http_uri; 14 years ago
Anoop Saldanha 07f20674ac allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body; 14 years ago
Victor Julien 6a5d2cb40d Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code. 14 years ago
Anoop Saldanha eecf2d7e13 Add the makefile.am addition that I forgot to add in the previous commit for http_raw_header 14 years ago
Anoop Saldanha 7ec0382774 support fast pattern for http raw header. Also support relative modifiers for http raw header 14 years ago
Victor Julien 0c806f70bb Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled. 14 years ago
Victor Julien 1a32d9b5ec Fix printing unprintable characters in the engine-analysis fast_pattern mode. 14 years ago
Anoop Saldanha 075719ea8c fix fast pattern unittests 14 years ago
Victor Julien 18d3c87947 Add check to fast pattern keyword to make sure that the offset and length don't exceed the actual pattern length. 14 years ago
Anoop Saldanha c61c68fd36 mpm and fast pattern support for http_header. Also support relative modifiers for http_header 14 years ago
Anoop Saldanha 778ec0939c make client body buffer limit configurable. Also some minor changes 14 years ago
Anoop Saldanha fc46f216ca detect-http-header.c cleanup before we start working on it 14 years ago
Anoop Saldanha 302011dbca fix compilation issues with debug enabled. 14 years ago
Anoop Saldanha 0aa5cffb12 fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added 14 years ago
Anoop Saldanha c227aeeacb remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine 14 years ago
Anoop Saldanha bbd0c5056b store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq 14 years ago
Anoop Saldanha 68b78664fa Add unittests for checking content flags. Fix indentation in PopulateMpmAddPatternToMpm(). Also fix DETECT_CONTENT_IS_SINGLE 14 years ago
Anoop Saldanha b15ada8102 set content_packet_mpm and content_stream_mpm flag for content to prevent double check inside inspection code 14 years ago
Anoop Saldanha 67aecc73c2 set content_uri_mpm flag for uri content to prevent double check inside inspection code 14 years ago
Anoop Saldanha 1cd8bd3d3c make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c 14 years ago
Anoop Saldanha 6df051321f fix fp when content is negated and also added to mpm 14 years ago
Anoop Saldanha 5c6a65dc58 support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch] 14 years ago
Victor Julien 234656e5f6 Fix compilation in --enable-debug mode. 15 years ago
Anoop Saldanha eade60f0fd make some name changes. break PopulateMpm(). Set the avoid mpm double check flags 15 years ago
Anoop Saldanha 96bf15bd74 unifying content structure - http_stat_msg now uses DetectContentData 15 years ago
Anoop Saldanha 4c53a9d606 unifying content structure - http_header now uses DetectContentData 15 years ago
Anoop Saldanha 1957eee389 unifying content structure - http_method now uses DetectContentData 15 years ago
Anoop Saldanha 041f5b1a4f unifying content structure - http_cookie now uses DetectContentData 15 years ago
Anoop Saldanha f05b0f4e1e unifying content structure - http_client_body now uses DetectContentData 15 years ago
Anoop Saldanha 4883efd0f6 unifying content structure - uricontent now uses DetectContentData 15 years ago
Anoop Saldanha 3b0a9ca97e add support for http_uri; content fast_patterns 15 years ago
Anoop Saldanha 3c73854d2d completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx 15 years ago
Anoop Saldanha fde2c64ea7 fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format 15 years ago
Anoop Saldanha a6899218fc remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm() 15 years ago
Anoop Saldanha 6eaba8941c Use new flags to indicate uricontent has a mpm set 15 years ago
Anoop Saldanha 46b4806d8e use a single populatempm() function to add the right content for mpm 15 years ago
Anoop Saldanha 4a038511ff Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes 15 years ago
Anoop Saldanha ede7be34b5 replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH] 15 years ago
Anoop Saldanha 3d2f81d978 replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH] 15 years ago
Anoop Saldanha a7353be20d replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH] 15 years ago
Anoop Saldanha e0476242c6 replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH] 15 years ago
Anoop Saldanha e54358a9e1 replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH] 15 years ago
Anoop Saldanha 82fd581b64 replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH] 15 years ago
Anoop Saldanha 3656879aa0 fix some dce opnum/stub tests that would have shown success always irrespective of test results 15 years ago
Anoop Saldanha 4b77f132df add support for sigs with uricontent fast_pattern 15 years ago
Anoop Saldanha ea8eaf31aa Fix fast_pattern tests that always showed success, irrespective of test results 15 years ago
Victor Julien 966c7349d3 Make sure we have a response message before inspecting it in http_stat_msg. 15 years ago
Victor Julien 07ec1ee10e Slightly cleanup detect-engine.sgh-mpm-context option parsing. 15 years ago
Anoop Saldanha c89507836b if sgh-mpm-context is not available in conf, alias the auto case inside the engine 15 years ago
Victor Julien bac621760e Fix a potential invalid memory read in the protocol name code used by alert-fastlog. 15 years ago
Gurvinder Singh f92ba23331 add the support for >= and <= operator for byte_test 15 years ago
Victor Julien 412498f4e4 Converts port vars in http logger from uint32_t to Port and update output. 15 years ago
Gurvinder Singh b7ff6537d2 fixed the incorrect port issue in http.log 15 years ago
Victor Julien 275bd3b7d7 Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests. 15 years ago
Victor Julien dec4218d62 Layout updates to NFQ runmode. 15 years ago
Victor Julien 7e49aa7f76 Simplify NFQ runmode reducing the number of threads and thus queues. 15 years ago
Victor Julien 7e6f01765f Change default of detect-engine.sgh-mpm-context to auto. 15 years ago
Victor Julien 001f91056e Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242. 15 years ago
Victor Julien 4598274d07 Fix depth error messages referring to distance instead of depth, fix their layout. 15 years ago
Victor Julien afdb39e5f6 Print an error if the protocol field of a signature contains a unknown/invalid value. 15 years ago
Victor Julien 8d0bc27fc4 Fix a case where alerting in inline mode would lead dropping on alert sigs. 15 years ago
Victor Julien 5a10eac5bd Cleanup http_stat_code unittests, shrink data structure. 15 years ago
Victor Julien 1636152e32 Fix negated http_method not working properly, causing false positives. 15 years ago
Gurvinder Singh b7da115e6d support for http_stat_code keyword has been added to detection module 15 years ago
Gurvinder Singh 1deae70cf7 added http_stat_msg keyword support for detection module 15 years ago
Jason Ish a4d19e4130 Add new profiling sort option, maxticks. 15 years ago
Anoop Saldanha 59923316bc change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval 15 years ago
Anoop Saldanha 5d9a453e0d find an optimal value for detect-engine:inspection-recursion_limit + unittest 15 years ago
Anoop Saldanha bc99328ec8 define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code 15 years ago
William Metcalf efeab331ea compilation fix missing UT ifdef wrapper in reference code 15 years ago
Victor Julien 746ef0d2f8 Remove stray newline char from profiling output. 15 years ago
Victor Julien 3062b19068 Clean up output of signature ordering module. 15 years ago
Victor Julien 001dcaae84 Minor reference.config support changes: improve error handling, reduce hash table size. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha f5a02833dd code cleanup in detect-reference.c 15 years ago
Victor Julien 344ea14695 Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility. 15 years ago
Victor Julien 41fd7e51c6 Really add secunia reference support. 15 years ago
Victor Julien 33170fd181 Add secunia reference pending our reference.config support. 15 years ago
Anoop Saldanha 067e53403c add missing sig_app_layer flags for dce sigs 15 years ago
Victor Julien 26fd2a0afd Add telus and bid references for etpro. 15 years ago
Victor Julien 2b187a2721 Remove a BUG_ON statement from the payload inspection code. 15 years ago
Victor Julien f2e6ec7374 Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc). 15 years ago
Anoop Saldanha 2cdb5be391 Print out file name for fast_pattern engine_analysis. Also add some info logs 15 years ago
Anoop Saldanha 0c5b82d891 provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern 15 years ago
Victor Julien 3bd7441ea5 Default to 'single' ctx for ac-gfbs as well. 15 years ago
Anoop Saldanha e072841e93 hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones 15 years ago
Anoop Saldanha de5db1a730 support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table 15 years ago
Anoop Saldanha 8628c572df update todos for ac. Cleanup some memory as well. 15 years ago
Anoop Saldanha a2d04a94b5 selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise 15 years ago
Anoop Saldanha 5cc7f90f45 fix hash bug in ac-gfbs. Should reduce the no of patterns added for single context ac-gfbs from a million to a couple of thousands. Also support no case handling. \todo support insertion of final state presence into goto_table and failure table state transitions 15 years ago
Anoop Saldanha ded1f63323 fix ac nocase handling 15 years ago
Anoop Saldanha 174048544d fix hash generation in b2g and ac addpattern. Brings down the no of patterns added from close to a million to a couple of thousands 15 years ago
Anoop Saldanha 29b5cb9abd respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh 15 years ago
Anoop Saldanha 0ef684705c support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup 15 years ago
Anoop Saldanha b367c37ae6 suricata.yaml conf update to support single mpm context distribution over multiple sghs + code to parse this conf 15 years ago
Anoop Saldanha 4b2cf7e125 fix ac, ac-gfbs to support new changes to util-mpm.h + remove some junk code 15 years ago
Anoop Saldanha b9a770740a add comments and todos for ac and ac-gfbs 15 years ago
Anoop Saldanha 658ff5753d aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table 15 years ago
Victor Julien bfb6aac495 Sleep after checking for a thread flag in TmThreadWaitOnThreadInit now that the check is so much cheaper. 15 years ago
Victor Julien 9634389b9e Fix TmThreadsUnsetFlag not unsetting flag if __sync_fetch_and_nand was used. 15 years ago
Pablo Rincon fcff1ce7f4 Converting threadvar flags to atomic vars to avoid using the old spinlock 15 years ago
Anoop Saldanha b8f5a6a4fc throw out contents/uricnotents with invalid hex assembly 15 years ago
Anoop Saldanha 850f44022f invalidate sigs with content/uricontent strings ", "boo, boo" + fix parsing content strings of the format content: !\"boom\";" 15 years ago
Victor Julien 5a7efe5f97 Add comment and layout update to new fast_pattern code. 15 years ago
Anoop Saldanha a85fa6b792 support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis 15 years ago
Anoop Saldanha 0d741b9a55 fix for bug 227. For negated contents that have been added to mpm we might have pmq.pattern_id_array_cnt as 0. We can't ignore inspecting sigs if this is 0, in case the content added is negated 15 years ago
Jason Ish 9ad1924dba Track the max ticks for each rule. 
This is the highest tick count this rule used to evaluate in a single sample.
 15 years ago
Pablo Rincon b3a8f0a90f Fix asn1 decoder frame oob mem. Adding max stack frames to suricata.yaml 15 years ago
Victor Julien 25d1b6fec1 Adapt malloc macro's to only display errors during init, not during runtime. At runtime it could make us crawl if the system runs out of memory. 15 years ago
Victor Julien 22f770f3bf Better handle low memory conditions. 15 years ago
Victor Julien 21c8d27300 Disable expensive unittests that don't really test anything. 15 years ago
Anoop Saldanha 7abf3a2123 fix csum handling for tcp/dup 15 years ago
Victor Julien f1ea68e316 Store the first frag flag in the uuid as the pfc_flags field is overwritten. Part of fixing #206. 15 years ago
Pablo Rincon 14a12f5fb7 Adding atomic bitwise operations api and rwlocks support 15 years ago
Victor Julien b8a709cbe7 Fix setting hash size in the config for b3g. Part of fix for bug #222. 15 years ago
Anoop Saldanha e47a9b59e9 accept tcp packets with syn+urg+push 15 years ago
Gurvinder Singh f2f0b54d25 removed xref from the alert-fastlog 15 years ago
Victor Julien aa2c3118e3 Remove unused code from b2gm. 15 years ago
Gurvinder Singh 3eab715153 support for printing protocol names for known protocol 15 years ago
Victor Julien b81280524c change dcerpc warnings into debugs. 15 years ago
Victor Julien 4208bdf0f9 Fix unittest. 15 years ago
Victor Julien cbd4c298ed Initial version of a new bitmask based signature pre-filtering method. 15 years ago
Victor Julien 7e47d87e1a Small layout update 15 years ago
Victor Julien 66340be072 Fix pcre compilation with debug enabled. 15 years ago
Victor Julien 091f53ce4e Fix retval of SCMemcmp for non-SIMD implementation. 15 years ago
Victor Julien a75556dfe5 Add memcmp functions for SSE4.1 and SSE4.2. 15 years ago
Victor Julien 1859ed54c7 Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp. 15 years ago
Victor Julien 94898a91cc Reorganize SigMatchSignatures. 15 years ago
Victor Julien fc248ca7a1 Many small performance updates. 15 years ago
Victor Julien b4454b6846 Switch to b2gc as default pattern matcher as it uses less memory and is a little faster. 15 years ago
Victor Julien 57b098e98c Add padding to commonly used data structures. 15 years ago
Victor Julien 87f88867f4 Further improve B2gc. Add B2gm. Improve memory layout. 15 years ago
Victor Julien 4329261faa Fix setting hash size in the config for b2g pattern matcher. 15 years ago
Victor Julien 697167319e Change BloomFilter structure layout to reflect order of access. 15 years ago
Victor Julien 3971bcc83a Switch to faster tolower function for u8_tolower. 15 years ago
Victor Julien 9dfbab42f8 WIP B2gc 15 years ago
Victor Julien fc1687d875 Make sure the DetectHttpMethodData structure is properly initialized before using it. 15 years ago
William Metcalf 7b13ba9f9e Fixed broken nocase for http_method and http_header 15 years ago
Anoop Saldanha ea902cc7d7 fix bytejump segv from bug 237 15 years ago
Anoop Saldanha 38898d9b30 fix bytetest segv from bug 237 15 years ago
Anoop Saldanha 6e5a48c92c temporary fix, in case we still have any corner cases remaining in dce parser 15 years ago
Anoop Saldanha 24a88a689a fix opnum parsing for fragmented request dce pdus 15 years ago
Anoop Saldanha 1097de0d9d changed the endianness comparison to & for dcerpc pdus 15 years ago
Anoop Saldanha a3280c1a20 throw out malformed pdus, that result the parser having parsed the required data, but we still havne't thit the frag length limit for the parser 15 years ago
Anoop Saldanha 1aea3e56be for now ignore pdus with auth verifier. We will get back to this in the coming iteration 15 years ago
Anoop Saldanha fc37e9d6ee add internal ids to uuids. Use these internal ids to match uuids from bind and bind_ack. Create a new uuid list to hold all accepted uuids. Modifications to dce-iface to accomodate these changes as well + unittests 15 years ago
Anoop Saldanha 816d2ef0c0 if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this 15 years ago
Anoop Saldanha 5c5d8f8a5d indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch 15 years ago
Anoop Saldanha 38e26e5186 modify the dce parser to accept context ids that start with a non-zero value 15 years ago
Anoop Saldanha d57428471c fix endianness handling for bindacksecondaryaddrlen 15 years ago
Anoop Saldanha ba9355d688 Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well. 15 years ago
Anoop Saldanha 00f21252fa support fragmented pdus in dce + unittest 15 years ago
Anoop Saldanha ebc1f62050 some additional indentation changes in DCERPCParser 15 years ago
Anoop Saldanha c2bc8ca252 fix mem leak in tailq that holds dce uuids 15 years ago
Anoop Saldanha 1c443677b2 fix indentation in DCERPCParser 15 years ago
Anoop Saldanha fe700737a3 fix null dereference in detect parse test - clang fix 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Victor Julien 1c1c8cef89 Print engine uptime on the same line as date and time. 15 years ago
Gurvinder Singh 1d0492e2e7 added support to print the engine uptime in stats.log 15 years ago
Victor Julien e7cb7c6b97 Make outputs part of the flowpinned threads in the AutoFp runmode. 15 years ago
Victor Julien 99ad338e91 Bump version to 1.0.2 15 years ago
Victor Julien 0eb0d48f35 Disable broken unittests and fix one. 15 years ago
Victor Julien f1e6e80a1e Properly set tmp_ra_base_seq in streams. By Gurvinder. 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Victor Julien bc55fb27dc Compiler warning fix for memory macro's. Small layout changes. 15 years ago
Pablo Rincon 06a65cb460 moving http_client_body logic to use it per transactions. Adding unittests 15 years ago
Pablo Rincon ee34c70ad8 Reference atomic vars with SC_ATOMIC_EXTERN properly (considering if we support atomic operations or not) 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Anoop Saldanha eb9adf8129 fix NULL indirection while parsing dce sigs - clang fix 15 years ago
Anoop Saldanha f094523eb1 clang fix - some minor fixes for unittests 15 years ago
Pablo Rincon bbab0f9987 Set default gid to 1 on Sig init 15 years ago
Pablo Rincon 8f3322ef73 Fix segv condition on DetectHttpMethodMatch (if the applayer unset the connp) 15 years ago
Pablo Rincon f225bd1428 Adding modifiers /C /H and /M to pcre (http cookie, header and method) 15 years ago
Victor Julien 1d73e1fb7e Small update to the ssh module: fix a valgrind warning and a couple of compiler warnings. Do a few small style updates. 15 years ago
Pablo Rincon 9d7baa7a9f Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion 15 years ago
Gurvinder Singh 0dab0e3935 fix the reassembly depth test (bug 216) 15 years ago
Victor Julien 610b7702ba Bump version to 1.0.1 15 years ago
Victor Julien 04d3832d8f Remove ports check and fix small typo. 15 years ago
Victor Julien a492518e7a Properly detect detect-event-only sigs. 15 years ago
Pablo Rincon 21d79b05ad Fix for bug221 (avoid considering sig as "decoder event only" if ports are specified). Now the sig gets grouped to get a sgh at SigMatchSignatures 15 years ago
Victor Julien f081577fe4 Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1. 15 years ago
Victor Julien 6299fbfb0f Fix stream msg content inspection not inspecting the correct id. 15 years ago
Anoop Saldanha 526a782002 temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus 15 years ago
Anoop Saldanha 361cf14f50 fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id 15 years ago
Anoop Saldanha 8c774a1e2a fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting 15 years ago