Anoop Saldanha
|
bff2866aed
|
more coverity fixes
|
13 years ago |
Anoop Saldanha
|
6c5b596ada
|
coverity fixes
|
13 years ago |
Victor Julien
|
e624c56c83
|
Add TLS decoder event rule file.
|
13 years ago |
Victor Julien
|
25360e14b2
|
Don't enable UNITTESTS in AF_PACKET detection.
|
13 years ago |
Eileen Donlon
|
b22529d6f4
|
disallow pcre /P/I/U with flow:to_client/from_svr
|
13 years ago |
Eileen Donlon
|
c7807a21b6
|
disallow http_server_body with flow:to_server
disallow http_server_body with flow:to_server or from_client
|
13 years ago |
Eileen Donlon
|
2c24eb9e76
|
allow only one flow option in a rule
|
13 years ago |
Eileen Donlon
|
f7879f81e8
|
disallow file_data with flow:to_server/from_client
|
13 years ago |
Victor Julien
|
36c83f2651
|
Minor textual update.
|
13 years ago |
Anoop Saldanha
|
0da93e84ca
|
bug 454 - Provide better error message when the user supplies a NULL address range
|
13 years ago |
Anoop Saldanha
|
09ec7ec728
|
bug 456 fix for byte_extract to have array of the right size to update values with
|
13 years ago |
Anoop Saldanha
|
d2738c851f
|
fix failing fast pattern unittests
|
13 years ago |
Eric Leblond
|
6784ec536d
|
Fix OpenBSD compilation.
|
13 years ago |
Victor Julien
|
e6dea5c406
|
Use less queues and threads in nfq autofp mode.
Moved outputs from their own thread to stream/detect threads.
|
13 years ago |
Anoop Saldanha
|
8742e51fb0
|
fix detection filter unittests to reflect recent fixes
|
13 years ago |
Anoop Saldanha
|
64a04fc721
|
code cleanup
|
13 years ago |
Anoop Saldanha
|
b48a686d65
|
considering the tenths of a seconds in a packet, when calculating thresholds
|
13 years ago |
Anoop Saldanha
|
b899146229
|
fix detection filter. Had one extra alert than normal previously, now fixed
|
13 years ago |
Anoop Saldanha
|
493c3db413
|
fix FNs for flow- only_stream and no_stream options
|
13 years ago |
Anoop Saldanha
|
ad36d55771
|
code cleanup - indentation fix
|
13 years ago |
Anoop Saldanha
|
046819e1b8
|
bug 452 - fix detection bug for sigs that don't have a content but need payload inspection
|
13 years ago |
Anoop Saldanha
|
608f4fe787
|
bug 452 - enable http extra callbacks for configs other than the default configs
|
13 years ago |
Anoop Saldanha
|
225b917e93
|
remove unused stream ssn flag - STREAMTCP_FLAG_TOSERVER_REASSEMBLY_STARTED
|
13 years ago |
Jason Ish
|
573f31b271
|
Fix linking with libdag
|
13 years ago |
Martin Holste
|
cfd64c49ec
|
Included Action::Syslog by default in config
|
13 years ago |
Martin Holste
|
e179cbc236
|
Added Syslog action for logging to local syslog
|
13 years ago |
Anoop Saldanha
|
61d5fe33c9
|
Free membuffer before clearing enclosing parent instance
|
13 years ago |
Victor Julien
|
98c30be2db
|
ipv6: improve handling of packets with duplicate (or more) ipv6 extension headers.
|
13 years ago |
Victor Julien
|
d378b76c04
|
http: body inspection improvement
Improve http_client_body and file_data performance when request and
response body limits are set to high values.
|
13 years ago |
Victor Julien
|
4354434522
|
Add htp error debug printing.
|
13 years ago |
Victor Julien
|
9f0447cb38
|
Flag napatech receive tm as well.
|
13 years ago |
Anoop Saldanha
|
cd4705e699
|
flag recieve acq tms that previously missed the receive_tm flag
|
13 years ago |
Victor Julien
|
f219841795
|
Misc buffer API update.
|
13 years ago |
Eileen Donlon
|
4327aaf68a
|
reject pcre modifiers U with B
|
13 years ago |
Eileen Donlon
|
195eb42d4e
|
allow only one content to use fast_pattern
|
13 years ago |
Victor Julien
|
1d59324a68
|
Add missing space to http.log.
|
13 years ago |
Victor Julien
|
b5a3995904
|
Fix minor memleak in an start up error condition.
|
13 years ago |
Anoop Saldanha
|
69ed12fd28
|
Introduce new buffer API that lets you create and manage a buffer. Update http log to use this as well
|
13 years ago |
Anoop Saldanha
|
98a8234e0a
|
csum function fixes. Improves alert accuracy. FPs on invalid-csums decoder rules fixed
|
13 years ago |
Anoop Saldanha
|
46e1145cff
|
minor code cleanup
|
13 years ago |
Anoop Saldanha
|
37f66e5f46
|
update handling negative offsets in byte_extract. Also improve validation in byte_extract to not extract values out of the buffer range
|
13 years ago |
Victor Julien
|
18837dce92
|
http: improve multipart parsing, skip empty records.
|
13 years ago |
Victor Julien
|
fbe0206c36
|
Update Changelog for 1.3beta1
|
13 years ago |
Victor Julien
|
910eb70660
|
Fix minor compiler warning.
|
13 years ago |
Victor Julien
|
79691f675a
|
defrag: don't increment recursion level for reassembled packets. Fixes defragged packets not seeing the same flow.
|
13 years ago |
Jason Ish
|
90548837e3
|
Update the ERF file runmodes to support autofp and single.
|
13 years ago |
Jason Ish
|
1f801d316c
|
Apply changes recommended by Stephen Donnely of Endace: - Skip pad records. - Don't log error on EGAIN, just try again. - Skip over extension headers. - Check we have the full packet (skip partial packets) - Remove obsolete rlen check. Also remove max_pending_packets to process more packets per iteration.
|
13 years ago |
Victor Julien
|
07945f04ce
|
ipv6: make sure we pass the defragged packet from the ipv6 layer to the decoder.
|
13 years ago |
Victor Julien
|
c682c5f1dd
|
Fix error in proto handling for ipv6 in fast.log.
|
13 years ago |
Victor Julien
|
4df25ef499
|
Apply http.log formatting fix by Chris Wakelin.
|
13 years ago |