d1573a366d 
								
							
								 
							
						 
						
							
							
								
								Fix GetUsed functions for Host, Flow and Defrag.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								2fbb28ece6 
								
							
								 
							
						 
						
							
							
								
								build: error on implicit function declaration  
							
							... 
							
							
							
							This patch modifies gcc options to error in case of implicit
declaration. Bug #612  has shown this kind of bugs can be very
costly. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								4542cd0eec 
								
							
								 
							
						 
						
							
							
								
								ipfw: suppress non loop receive function  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								e3a38810b6 
								
							
								 
							
						 
						
							
							
								
								nfq: suppress non loop receive function  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								966c731e73 
								
							
								 
							
						 
						
							
							
								
								flow: fix crash when flow engine under extreme stress, and unable to force free any existing flow  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								76f0838a9f 
								
							
								 
							
						 
						
							
							
								
								libhtp: harden code against malloc failures. Bug  #587 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								da7f1d22cc 
								
							
								 
							
						 
						
							
							
								
								http: don't assume http tx to have header alloc'd. Can happen in OOM conditions. Bug  #587 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								18ecd4b287 
								
							
								 
							
						 
						
							
							
								
								Don't use SCStrdup in SCLogMessage as we call it on OOM condition, leading to endless recursion. SCStrdup failure calling SCLogMessage...  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								70bc9e2494 
								
							
								 
							
						 
						
							
							
								
								filestore: fix logic flag in continued stateful detection  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								8957113550 
								
							
								 
							
						 
						
							
							
								
								pf-ring: fix build  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								d386606b80 
								
							
								 
							
						 
						
							
							
								
								Remove pcre jit warning. Bug  #579 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								d3195b0f70 
								
							
								 
							
						 
						
							
							
								
								pf_ring: don't set cluster for DNA interface.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								7a7cd6999e 
								
							
								 
							
						 
						
							
							
								
								feature  #558 .  
							
							... 
							
							
							
							Print FP info in rule analysis + other cleanup. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								ac5bab8838 
								
							
								 
							
						 
						
							
							
								
								OpenBSD: no support for profiling  
							
							... 
							
							
							
							Local thread storage are not available so profiling is not supported. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								7c85bee4aa 
								
							
								 
							
						 
						
							
							
								
								OpenBSD: magic.mc path has changed in OpenBSD 5.1  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								a3f963f630 
								
							
								 
							
						 
						
							
							
								
								filestore: fix a case where a matching non-filestore sig could trigger the store of a partially matching filestore sig.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								3156407746 
								
							
								 
							
						 
						
							
							
								
								http: fix client and server body sometimes being inspected in wrong order  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b12967534a 
								
							
								 
							
						 
						
							
							
								
								stream.inline: add 'auto' mode  
							
							... 
							
							
							
							stream.inline YAML configuration variable now support the 'auto' value.
In this case, inline mode is activated for IPS running mode (NFQ and
IPFW) and is deactivated for IDS mode. This patch should fix bug #592 . 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b26ec60398 
								
							
								 
							
						 
						
							
							
								
								af-packet: fix possible infinite loop.  
							
							... 
							
							
							
							If no packet arrives to a capture thread, it is possible that the
AFPReadLoop() function goes into an infinite loop. This could cause
suricata to hang at exit on non busy system.
This patch adds a counter to detect when Suricata start looping in
the ring to stop when it reaches this point. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								e8a4a4c47c 
								
							
								 
							
						 
						
							
							
								
								af-packet: dump counter every seconds.  
							
							... 
							
							
							
							This patch updates to kernel counters handling to be almost sure to
update at least once per second. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								3acdd4da1d 
								
							
								 
							
						 
						
							
							
								
								pf-ring: add counter for kernel drop and packets  
							
							... 
							
							
							
							This patch adds a counter for kernel drop and packets by using the
same strategy as the one used in af-packet. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								80d62b59ec 
								
							
								 
							
						 
						
							
							
								
								Fix drop (and other actions) not being applied to thresholded packets. Bug  #613 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								bca1b7c52a 
								
							
								 
							
						 
						
							
							
								
								change default mpm to ac. Also default sgh-mpm-context is full.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								fd6df00684 
								
							
								 
							
						 
						
							
							
								
								Bug 585: use per detect thread libmagic ctx  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								ea6fcb355b 
								
							
								 
							
						 
						
							
							
								
								magic: add test showing payload resulting in libmagic invalid read as reported by valgrind.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								fdab6f2ab1 
								
							
								 
							
						 
						
							
							
								
								fix flow deadlock issue in detection engine state introduced by tx api.  
							
							... 
							
							
							
							Issue discovered by coverity. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								00b95c69c0 
								
							
								 
							
						 
						
							
							
								
								suricata: list-keywords does not depend on unittest  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								83ffd1f743 
								
							
								 
							
						 
						
							
							
								
								luajit: suppress compiler warning  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								2ab62920aa 
								
							
								 
							
						 
						
							
							
								
								fix segv in hcbd and hsbd buffering.  
							
							... 
							
							
							
							Increase bufffers_list_len, only we open up a space for a new tx. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b359bc03a9 
								
							
								 
							
						 
						
							
							
								
								unittest to reveal a bug/segv in our hsbd buffering code.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								4fab8ea6d6 
								
							
								 
							
						 
						
							
							
								
								http: fix http header reassembly bug causing some headers to be left out of the inspected buffer  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								5cd46433d3 
								
							
								 
							
						 
						
							
							
								
								http: now that htp_state has a cfg reference, use it for body limits  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								2763a61213 
								
							
								 
							
						 
						
							
							
								
								http: allow configuration of request and response body inspection limits. Issue  #560 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b99f9fe890 
								
							
								 
							
						 
						
							
							
								
								New app inspection engine introduced.  Moved existing inspecting engines to use it.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								7b4eac3e8d 
								
							
								 
							
						 
						
							
							
								
								Change all inspect callbacks to accept TV and a tx_id param.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								10a6e6a3eb 
								
							
								 
							
						 
						
							
							
								
								Engine cleanup.  Remove all old engine inspection and mpm functions.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b0e20a486c 
								
							
								 
							
						 
						
							
							
								
								update client/server/http_header to use a different form of  
							
							... 
							
							
							
							buffering/buffer_retrieval.
Now it happens per tx, based on tx id.  Also notice a perf improvement with
this. 
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								e1321f9ae6 
								
							
								 
							
						 
						
							
							
								
								stream: change how retransmissions are handled and detected.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								b621ed8423 
								
							
								 
							
						 
						
							
							
								
								stream: fix retransmission on closewait being considered out of window  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								a25629b250 
								
							
								 
							
						 
						
							
							
								
								stream: detect retransmissions on timewait state  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								6326390120 
								
							
								 
							
						 
						
							
							
								
								stream: accept ack with next_seq + 1 on last_ack state  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								3f6ecff260 
								
							
								 
							
						 
						
							
							
								
								stream: disable retransmission packet before last ack sig as it is fairly common in regular traffic  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								bc37cb6b8e 
								
							
								 
							
						 
						
							
							
								
								stream: detect retransmissions on closewait and finwait2 states  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								305ed3f23b 
								
							
								 
							
						 
						
							
							
								
								stream: don't flag zero window probe packets as out of window. Bug  #604 .  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								13e60c0040 
								
							
								 
							
						 
						
							
							
								
								stream: detect keep-alive packets so we don't consider those invalid  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								9094eb4783 
								
							
								 
							
						 
						
							
							
								
								stream: ignore ack value if ack flag is not set. Add stream.pkt_broken_ack event for when ack value is not 0 and ack flag not set.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								a5d9442c2d 
								
							
								 
							
						 
						
							
							
								
								stream: handle retransmission of lost data packet on TIME_WAIT state  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								037d67cc66 
								
							
								 
							
						 
						
							
							
								
								stream: go from FIN_WAIT_1 to CLOSING on simultaneous close.  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								6544475670 
								
							
								 
							
						 
						
							
							
								
								stream: don't reject RST as response to SYN because of ACK  
							
							
							
						 
						
							13 years ago  
				
					
						
							
							
								 
						
							
							
								6f76ac176d 
								
							
								 
							
						 
						
							
							
								
								stream: add option to match on overlapping data  
							
							... 
							
							
							
							Set event on overlapping data segments that have different data.
Add stream-events option stream-event:reassembly_overlap_different_data and
add an example rule.
Issue 603. 
							
						 
						
							13 years ago