aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,845 Commits
7 Branches
155 Tags
192 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c4b34e6ef7'
${ noResults }
Commit Graph

2845 Commits (c4b34e6ef73f9915b4da1d52673279ea7537f6f0)
 

Author SHA1 Message Date
Anoop Saldanha 4d38a571cc smtp reply code mpm phase support added 13 years ago
Anoop Saldanha 4a6908d3e9 fix smtp parser handling fragmented lines + add new unittests to check the same 13 years ago
Anoop Saldanha 2b356dadff Support for tos keyword added 13 years ago
deltay 211193b0af Get pidfile from config file if not available in command options 13 years ago
Victor Julien 262a7300d7 flow: shrink Flow datatype 
Introduce a separate FlowAddress structure for holding the ipv4 or ipv6 address
that doesn't have the family in it like the Address structure. Instead, the
family is stored in the flow as a flag: FLOW_IPV4 and FLOW_IPV6.

Add macro's to check the family, copy the address, etc.

Update many unittests to reflect these changes. Introduce unittest helper
functions for creating and initializing a flow and freeing it again.

On 64 bit this shrinks the flow with 8 bytes.
 13 years ago
Victor Julien 06904c9024 App Layer cleanup 
Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate.
Various cleanups and dead code removal from the app layer API.
Should safe 100+ bytes memory per flow on 64 bit.
Updated lots of unittests to reflect these changes.
 13 years ago
Victor Julien a0b532dc45 stream reassembly: simplify base_seq tracking for protocol detection. Shrinks TcpStream structure. 13 years ago
Victor Julien 7e3c15e54a stream: improve TCP ssn reuse cleanup. 13 years ago
Victor Julien 9769510ba3 flow: support requeue of flows from closed to new list for TCP ssn reuse. 13 years ago
Anoop Saldanha 4130c5e2b8 if flow has disabled app layer inspection, disable buffering the segments unnecessarily in inline reassembly 13 years ago
Anoop Saldanha 43cbed8c92 enable toclient alproto detection for inline reassembly 13 years ago
Anoop Saldanha f684b60127 if flow has disabled app layer inspection, disable buffering the segments unnecessarily 13 years ago
Anoop Saldanha 08bd8ec4e2 on failed alproto detection on both sides, only disable app layer inspection. No reassembly disabling for any direction 13 years ago
Victor Julien c9960473bb Fix stream reassembly engine rejecting valid packet for reassembly. 13 years ago
Victor Julien d9ad1b00b3 Clean up SID allocation for decoder and stream rules. 13 years ago
Anoop Saldanha 55ed6c2a55 disable session reassembly for either/both the directions, only when we have established failed proto detection in both the directions 13 years ago
Anoop Saldanha 4650bf7170 minor code cleanup. remove commented out code 13 years ago
Anoop Saldanha de9ad02b59 Remove leftover imap and msn toclient alproto PM contents 13 years ago
Anoop Saldanha caf26c2618 More updates to FFR code. Handle cases where we actually need to force stream reassembly and just have smsgs to be processsed by detection engine separately 13 years ago
Anoop Saldanha bc216a3396 fix/updates to app layer proto detection 13 years ago
Anoop Saldanha 78e6a7f713 enable toclient alproto detection. Detection all current alproto toclient PMP patterns 13 years ago
Anoop Saldanha 9c8d404db1 FFR update-fix. Fix check where we decide whether we need to send pseudo pkt or not 13 years ago
Anoop Saldanha b08b390bcd fix for bug 375 - update radix test that wrongly uses memset and sizeof 13 years ago
Victor Julien 3d845b6c77 Consider Windows new line chars as well when parsing rule files. Bug #374. 13 years ago
Eileen Donlon a92d15ed37 Fixed duplicate signature check 13 years ago
Anoop Saldanha 99baf18c8d updates to ac-gfbs search. Remove unnecessary casting of pointers 13 years ago
Anoop Saldanha 11e7dda59a updates to ac-gfbs search. Introduce handling cases where state_count is < 32k 13 years ago
Anoop Saldanha 708c4ad055 updates to ac-gfbs search. Combine output presence with mod goto table 13 years ago
Anoop Saldanha a4ea7e6197 updates to ac-gfbs search. Combine failure table along with mod goto table for better cache perf 13 years ago
Anoop Saldanha b69ac9514f updates to ac-gfbs search. Disable handling < 65k states separately. Now any state count would be given same treatment 13 years ago
Anoop Saldanha efb4c27b1f updates to ac-gfbs search. Add new unittests + fix cases where we have 2 patterns that are same but one is CS and other CI + Use SCMemcmp for state < 65k instead of custom memcmp 13 years ago
Anoop Saldanha 0920296aaa updates to ac-gfbs search. Remove unnecessary casting of pointers 13 years ago
Anoop Saldanha d149a5e806 updates to ac-gfbs search. Use SCMemcmp instead of the custom pattern searching used 13 years ago
Anoop Saldanha 47f2d6e07b updates to ac-gfbs search. Optimize pointer de-referencing for pid_pat_list 13 years ago
Anoop Saldanha 991f6d2d83 updates to ac-gfbs search. Optimize pointer de-referencing for frequently used pointers 13 years ago
Anoop Saldanha ffb925e3b3 indentation fixes for ac-gfbs 13 years ago
Anoop Saldanha e9eb0e502c updates to ac-gfbs search. Handle cases where we have a single entry for a state goto transition, just like how we handle for no entry for a particular state 13 years ago
Eric Leblond 9b75de3339 pfring: fix compilation when pfring is desactivated. 13 years ago
Eric Leblond 43ffd779f8 autotools: add libpcap dependencyto pfring for checks. 
PF_RING seems to depend on pcap if bfp filter is activated. For this
reason, not having the dependency during configure test causes a
failure in feature detection.
 13 years ago
Eric Leblond 0ac1cabf2a autotools: fix problem of pfring configuration. 13 years ago
deltay d5e254d504 Add pfring bpf filter, require pfring >= 5.1 13 years ago
Eric Leblond 9f73503daa capability: rework capability assignement 
THis patch rework the capability code to use a switch
instead of a if. It also "reduces" PF_RING and NFQ capabilities.
 13 years ago
Anoop Saldanha d034b10180 remove debug prints added to ac code 13 years ago
Anoop Saldanha 781e7c776f fix indentation in ac code 13 years ago
Anoop Saldanha 5c56053a33 Reintroduced optimized support for < 32k states for ac 13 years ago
Victor Julien fb76561b09 Set version to 1.2dev to reflect we're in the 1.2 branch. 13 years ago
Victor Julien 8cc82c7241 Add -S commandline option that loads a rule file exclusively. Issue #338. 13 years ago
Victor Julien 6256d6b598 Add content to ChangeLog and add links to more up to date versions of various docs. 14 years ago
Victor Julien c484b7a59e Bump version to 1.1 (final) 14 years ago
Eric Leblond 62e63e3fe9 af-packet: fix reconnection on netdown error. 
AFPRead can fail following a NETDOWN error. This patch treat errors
of AFPRead by forcing a reconnection (instead of exiting thread
with error).
 14 years ago