Commit Graph

1801 Commits (bbbedaf96321609070107ad8ee837f2005555b46)
 

Author SHA1 Message Date
Anoop Saldanha bbbedaf963 fast pattern support for http_method. Also support relative modifiers 15 years ago
Anoop Saldanha 2321a4dd58 support isdataat negation. Also fix addiing isdataat to appropriate lists 15 years ago
Victor Julien 4ae7144876 Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly. 15 years ago
Eric Leblond 9c2bdc6d0c Main loop: increase timer.
Timer in the main loop was of 100 usec. This patch increases it
to 10 ms which should be a reasonnable delay to declare some threads
dead.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 89558ab9a4 RFC: modify error treatment in PacketCopyData
Hello Victor
This patch modifies error treatment following our discussion on IRC.
It tries to follow the error treatment guideline I've been able to
read in the different files.
I will merge this patch in the original commit if the error treatment
seems ok for you.

BR,
Eric
15 years ago
Eric Leblond 49adc264bc Don't print message after SCMalloc failure.
This patch generated via coccinelle is getting rid of logging
message after a SCMalloc failure. They were useless as SCMalloc
already displays a message.
15 years ago
Eric Leblond 67b95c8c4d Auto discovery of default packet size
If default-packet-size is not set, it is possible in some case to
guess a correct value.

If PCAP or PF_RING are used we are linked to a "physical" interface.
Thus, it is possible to get information about the link MTU and
hardware header size. This give us the ability to auto discover a
decent default-packet-size.
If suricata is running under a different running-mode, it will
default to 1514.
15 years ago
Eric Leblond 3eada85ff8 Add interface setting discovery via ioctl
This patch adds support for MTU discovery of link following idea
of go.ph1g. It also adds some function to give a approximation of
link header length.
15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests.
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
15 years ago
Eric Leblond 156b202597 Fix decode part of source-nfq 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
15 years ago
Eric Leblond e802e1ed16 Modify Packet structure and prepare accessor.
This patch modifies decode.c and decode.h to avoid the usage
by default of a bigger than 65535 bytes array in Packet structure.
The idea is that the packet are mainly under 1514 bytes size and
a bigger size must be supported but should not be the default.

If the packet length is bigger than DFLT_PACKET_SIZE then the
data are stored in a dynamically allocated part of the memory.

To ease the modification of the rest of the code, functions to
access and set the payload/length in a Packet have been introduced.

The default packet size can be set at runtime via the default-packet-size
configuration variable.
15 years ago
Eric Leblond 8471626916 Fix error message and adds information to config
This patch fixes a typo in an error message and add some
information to the checksum verification option.
15 years ago
Anoop Saldanha 6fc5dae2f9 fix leak for accepted uuid list in dcerpc state 15 years ago
Victor Julien 3409513a44 Fix FlowTest* unittests to fail sometimes. 15 years ago
Eric Leblond a69bb94335 Checksum match: fix logic problem
This patch fixes a logic error in the checksum matches. In
case the protocol is not the one tested, the test must return
0 and not 1 (test matched).

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Victor Julien 627c02e300 Use a different way of getting a short git rev that is compatible to older git versions. 15 years ago
Victor Julien 878d3d87db Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported. 15 years ago
Victor Julien 18b4e3380f Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code. 15 years ago
Victor Julien 6131dec8a1 Fix a compiler warning due to a broken prototype declaration. 15 years ago
Victor Julien e3bde3e95d Add a simple revision based on the git rev to the version number, like a build number. 15 years ago
Eric Leblond 56c95bf622 Convert thread PRIO to a enum
This patch converts thread prio value to an enum. This
can add some useful check by gcc in switch.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 9216b4d13c Import .gitignore file.
This fix the status returned by 'git status' by removing files that
have not to be added to repository.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Eric Leblond 62cf7eea4c util-cpu: fix trivial typo in documentation
This patch fixes a trivial typo in a documentation message.

Signed-off-by: Eric Leblond <eric@regit.org>
15 years ago
Victor Julien ffcd512167 Clean up packet pool handler on shutdown. 15 years ago
Victor Julien b24ccf8c80 Clean up stream pmqs in the detect thread ctx. 15 years ago
Victor Julien 3710296057 Cleanup defrag engine on shutdown. 15 years ago
Anoop Saldanha 9c9f3ec963 fix mem leak in http_ engines 15 years ago
Victor Julien 0057a7c15e Suppress a AC debug message. 15 years ago
Victor Julien d48ff8f6aa Extend 'append' option to stats.log as well. Small cleanups. 15 years ago
Gurvinder Singh f4392e1dcc added support for appending the log files 15 years ago
Pierre Chifflier de41612ea1 Add options to choose if we log header and content in Prelude alert module.
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
15 years ago
Pierre Chifflier 9a53a09c58 Log verdict in Prelude alert module
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
15 years ago
Eric Leblond f73c60b4ff nfq: set some options on netlink socket
This patch modify nfq system to set some options on the netlink socket.
This should improve performances by handling more correctly capacity
overrun.
15 years ago
Victor Julien 0e8b041151 Add missing 'reference' to reference.config to Makefile.am. 15 years ago
Victor Julien e66b3e3ee7 Switch mpm-algo in example suricata.yaml to ac 15 years ago
Victor Julien 96ec2a76c6 Update version to 1.1beta1 15 years ago
Victor Julien 014f62247a Another batch of clang fixes. Nothing really serious. Includes a couple of fixes for broken fixes from yesterday. 15 years ago
Victor Julien cac95010f3 Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly. 15 years ago
Victor Julien 3f47eade6b Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang. 15 years ago
Victor Julien 7dc4b164a8 Fix a clang warning in unittest DetectUriSigTest12. 15 years ago
Victor Julien 2c6f9abaff Work around a suspected fp in clang. 15 years ago
Victor Julien ac97bb7799 Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init. 15 years ago
Victor Julien b600c9ac09 Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6. 15 years ago
Victor Julien 1112e103a8 Disable DBG_PERF by default except for when DEBUG is enabled. 15 years ago
Victor Julien 6af30e5b2e Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error. 15 years ago
Victor Julien 743ed7626c Fix potential null deref (introduced a few commits ago) found by clang. 15 years ago
Victor Julien 3d60e9bfeb Clean up output. 15 years ago
Victor Julien 3fcfaef9f7 Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well. 15 years ago
Gurvinder Singh 791d177c7f fixed the timestamp issue in http.log 15 years ago