Commit Graph

4567 Commits (b955ca7b867d0f7d45a365526c1fc568ea50cc5f)
 

Author SHA1 Message Date
Eric Leblond 77f2b9968e autotools: use builddir instead of srcdir
srcdir is supposed to be read-only when running distcheck so it is better to
create the log directory in builddir.
12 years ago
Ignacio Sanchez 1b2f251866 Various custom http logging improvements
Cookie is parsed now using uint8_t pointers (inliniac PR comments)
Changed buffer size to a power of 2 (8192) and cookie value extraction function to static (inliniac PR comments)
Added %b for request size (vinfang patch)
Writing "-" if an unknown % directive is used (vinfang patch)
Fixed bug in cookie parser
Fixed format string issue logging literal values
Improve error handling (Victor Julien comments)

(patchset rebased and reworded by Victor Julien)
12 years ago
Ignacio Sanchez 8051dc8a6a Added modifications suggested by Charles Smutz (https://redmine.openinfosecfoundation.org/issues/602) 12 years ago
Ignacio Sanchez 796bfab231 Added support for %{cookiename}C
Added support for the definition of maximun length. ie: %[50]{user-agent}i
Some small bugfixes
12 years ago
Eric Leblond 3dbf6c6fee solaris: fix compilation failure
This patch fixes a compilation failure on Solaris. Compiler does
not support when a function returning void is used in return of
an other function returning void.
12 years ago
Ken Steele 1bbbcf5120 Make the missing libhtp error message more clear.
Use exact git clone command and then rerun autogen.sh and configure.
12 years ago
Ken Steele a2b502a30c Formatting change for function call.
Put open brace { for function on a new line to match coding standard.

Changed:

int foo(int x) {
}

to:

int foo(int x)
{
}
12 years ago
Ken Steele d4dd18eb85 Clean up SCLocalTime() usage
Remove cast of return type from SCLocalTime() as it is not needed.
Replace last use of localtime_r() with SCLocalTime().
12 years ago
Ken Steele 77fae5313d On Open BSD systems don't cache time.
Open BSD doesn't support __thread, which is used for time caching, so
don't do time chaching for BSD systems.
12 years ago
Ken Steele 2feb37c155 Cache time conversions for localtime() and CreateTimeString()
When converting a time in seconds (64-bit seconds since 1970) to
Month/Day/Year hours minutes, Suricata calls localtime_r(), which
always aquires a lock and then does complex comutation based on the
current time zone. The time zone can be specified in the TZ
environment variable, which is only parsed the first time it is used,
or from a file. The default file is /etc/localtime. The file is
checked each time to see if it might have changed and is reparsed if
it has changed.

The GLIBC library has a lock inside localtime_r(), which limits
parallelism, which is a problem when the rate of generating alerts is
high, since Suricata generates a new ascii time string for each alert
into fast.log.

This change caches the value returned by localtime_t() and then sets
the seconds within the minute based on the cached start-of-minute
time. All of the values return, expect for the seconds, is constant
within the same minute. Switching to a new seconds could change all
the other values, year, month, day, hour. The cache stores the current
and previous minute values.

The same trick is used in CreateTimeString() for generated time
string. The string, up to the minutes, is cached and then copied into
the result string, followed by printing the new seconds into the
result string.

The seconds within a minute are calculated as the difference in
seconds from the start of the current minute.
12 years ago
Ken Steele 68d26dcec7 Merge multiple copies of CreateTimeString() to one copy.
There were 8 identical copies of CreateTimeString() in 8 files.
Most used SCLocalTime, to replace localtime_r(), but some did not.
Created one copy in util-time.c.
12 years ago
Ken Steele 5532af4621 Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER
This allows replacing pthread mutexes with other types of mutex.
12 years ago
Ken Steele 784843b146 Use Tilera SIMD for Signature matching ala SSE3
Makes use of 8-wide byte compare instructions in signature matching.

For allocating aligned memory, _mm_malloc() is SSE only, so added
check for __tile__ to use memalign() instead.

Shows a 13% speed up.
12 years ago
Ken Steele 22225a7e99 Tile SIMD implementation of SCMemcmp and SCMemcmpLowercase
Based on the SSE3 implementation, it checks 8 bytes at a time.
12 years ago
Anoop Saldanha e68d44b051 fix for #932.
ipv6 tunnel decoder wrongly treats the tunneled ipv6 packets as an ipv4
packet.
12 years ago
Anoop Saldanha e2f4144d99 fix for #920.
Cull the space before the address specified in address var variables.
12 years ago
Duarte Silva ab215c72f6 Now using the common functions 12 years ago
Duarte Silva 0a5c798729 Now using the common functions
- Removed some non printable ANSI characters
- Removed unecessary include
12 years ago
Duarte Silva 8ce95af09c Added the new files containing the repeated functions
- Renamed the functions to something more generic
- Added the source and include files to the Makefile
12 years ago
Anoop Saldanha a44d42b124 Fixes segv inside rule swap under low mem conditions.
We now gracefully exit rule swap on any allocation or other failures.
12 years ago
Anoop Saldanha 8516ba24c9 Rearrange ac state.
Notice a minor speed bump of around 2% on runs.  More updates to follow.
12 years ago
Ken Steele 4b8bb11454 Enable using Tile cycle counter.
The Tile processors all have a cycle counter with a simple interface. Use
that for UtilCpuGetTicks.
12 years ago
Victor Julien 38aaae1fd7 IsRuleReloadSet() shouldn't return an uninitialized value 12 years ago
Eric Leblond 189327981a unittests: fix stream-tcp.c
Lock and recycle fixes for stream-tcp.c
12 years ago
Eric Leblond cd3e32ce19 unittests: some functions needs a flow lock.
In debug validation mode, it is required to call application layer
parsing and other functions with a lock on flow. This patch updates
the code to do so.
12 years ago
Eric Leblond c5bd04f102 unittest: recycle packet before exit
To avoid an issue with flow validation, we need to recycle the packet
before cleaning the flow.
12 years ago
Anoop Saldanha d292f1a529 fix for #915. Fix segv when we send NULL to snprintf. 12 years ago
Eric Leblond c6e8c5bf1f pf_ring: avoid to ask for extended header.
This patch update pf_ring capture to avoid to ask for extended
header. They are only needed when rxonly checksum checks is used
and this is only possible when interface is not a DNA interface.
12 years ago
Victor Julien ff668c2030 Fix Tile compile 12 years ago
Eric Leblond 20ca270dc3 fix pf_ring build 12 years ago
Eric Leblond 2a46f0dae4 suricata: rename SuriInstance to SCInstance. 12 years ago
Eric Leblond 9b422f3a8c suricata: suppress Suri prefix
Suppress Suri prefix in internal function name.
12 years ago
Eric Leblond 18ced653c3 Use a typedef for SuriInstance. 12 years ago
Eric Leblond 2d77e53f2c Add offline flag to SuriInstance and some refactoring 12 years ago
Eric Leblond 34abd818dd Prefix util-conf function with Config 12 years ago
Eric Leblond 7242cb30e7 Move CreateLowercaseTable to GLobalInits 12 years ago
Eric Leblond 02e9851315 Generic code don't need ifdef 12 years ago
Eric Leblond 8c00a963aa Use function for delayed detect setup. 12 years ago
Eric Leblond 4296e5f29e Add functions for elapsed time computation. 12 years ago
Eric Leblond 9d1d08c7a4 Factorize Signature loading 12 years ago
Eric Leblond 20c5683b60 Use function for daemonification and signal handler 12 years ago
Eric Leblond 90aaf55201 set rule_reload as part of SuriInstance 12 years ago
Eric Leblond bb19ce1847 SetBPfString is part of command line parsing 12 years ago
Eric Leblond 1a6983ee19 suricata: use function to print version 12 years ago
Eric Leblond 4f789dbe84 Add function for internal running mode 12 years ago
Eric Leblond d3cb043001 suricata: windows specific in one function 12 years ago
Eric Leblond 4401c048ba Running mode is set earlier so out earlier 12 years ago
Eric Leblond 40a25112a0 kill remaining run_mode usage 12 years ago
Eric Leblond 75fa1e20d7 engine analysis is a running mode 12 years ago
Eric Leblond c0d5ee77f9 get (almost) rid of run_mode variable. 12 years ago