aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,160 Commits
8 Branches
165 Tags
231 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd4dd18eb85'
${ noResults }
Commit Graph

3839 Commits (d4dd18eb85841ba944957597ddf33ca268cd112d)

Author SHA1 Message Date
Eric Leblond 132bebb2b2 Simplify code by removing comment 13 years ago
Eric Leblond 07ef1f9837 suricata: add wrapper for interface listing 13 years ago
Eric Leblond 54006de40c Use new function GetLogDirectory() 13 years ago
Eric Leblond 2be7c8aea8 Add util-conf for config util 13 years ago
Eric Leblond 27752818c2 suricata: add some wrapper for config file handling 13 years ago
Eric Leblond b2fa4edd36 move unittest out of suricata.c 13 years ago
Eric Leblond 9a0bf0956b suricata: list cuda cards in separate function 13 years ago
Eric Leblond bed48e3a54 suricata: separate keyword and app layer listing code 
The list-keyword and app-layer listing code was spread over all the
init code. This patch introduces a separate file to store non standard
running mode like these ones.
 13 years ago
Eric Leblond 135ef0186b runmodes: fix comment 13 years ago
Victor Julien 5a7bf53a6b Storage: rename Init to Alloc to reflect actual functioning. Comment updates. 13 years ago
Victor Julien f06694d0c1 Storage API: add safety check for cases when there is no storage used. 13 years ago
Eric Leblond caf730d988 engine-tag: rename var and add sanity check 13 years ago
Eric Leblond fb55931c30 flow tag: conversion to flow storage API 
This patch is updating the flow tag system to use the flow
storage API. The tag_list member of Flow structure is suppressed
and its cleaning operation are suppressed too as this is handled
transparently by the flow storage API.
 13 years ago
Eric Leblond 4db2fc2cbb Add per-flow generic storage 
This patch adds a per-flow storage that can be created via the functions
available in flow-storage.c.
 13 years ago
Eric Leblond 6d08807b2d Host: use global free storage function 
This patch is here to avoid that all modules using a local storage
have to update host code to add their free function. It modifies
previous behavior by calling HostFreeStorage in any case.
 13 years ago
Victor Julien 27023872de Use Host Storage API for per host thresholding 13 years ago
Victor Julien c08b395c2c Init storage api at start up 13 years ago
Victor Julien 5919901675 Storage API: add registration check closed test in debug mode. 13 years ago
Victor Julien 3447324c36 Move Host Tag storage to Host Storage API. 13 years ago
Victor Julien 0d2a6e515e Add Host specific wrapper to StorageRegister() 13 years ago
Victor Julien b5ccf0b9c7 storage: allow preallocated storage 13 years ago
Victor Julien e2b006f523 host: use storage api 13 years ago
Victor Julien 022c0e466e Initial storage api work 13 years ago
Victor Julien 1c06d52208 Misc fixes after make check feedback 13 years ago
Ken Steele 316190c6b9 Add TILE-Gx mPIPE packet processing support. 
The TILE-Gx processor includes a packet processing engine, called
mPIPE, that can deliver packets directly into user space memory. It
handles buffer allocation and load balancing (either static 5-tuple
hashing, or dynamic flow affinity hashing are used here). The new
packet source code is in source-mpipe.c and source-mpipe.h

A new Tile runmode is added that configures the Suricata pipelines in
worker mode, where each thread does the entire packet processing
pipeline.  It scales across all the Gx chips sizes of 9, 16, 36 or 72
cores. The new runmode is in runmode-tile.c and runmode-tile.h

The configure script detects the TILE-Gx architecture and defines
HAVE_MPIPE, which is then used to conditionally enable the code to
support mPIPE packet processing. Suricata runs on TILE-Gx even without
mPIPE support enabled.

The Suricata Packet structures are allocated by the mPIPE hardware by
allocating the Suricata Packet structure immediatley before the mPIPE
packet buffer and then pushing the mPIPE packet buffer pointer onto
the mPIPE buffer stack.  This way, mPIPE writes the packet data into
the buffer, returns the mPIPE packet buffer pointer, which is then
converted into a Suricata Packet pointer for processing inside
Suricata. When the Packet is freed, the buffer is returned to mPIPE's
buffer stack, by setting ReleasePacket to an mPIPE release specific
function.

The code checks for the largest Huge page available in Linux when
Suricata is started. TILE-Gx supports Huge pages sizes of 16MB, 64MB,
256MB, 1GB and 4GB. Suricata then divides one of those page into
packet buffers for mPIPE.

The code is not yet optimized for high performance. Performance
improvements will follow shortly.

The code was originally written by Tom Decanio and then further
modified by Tilera.

This code has been tested with Tilera's Multicore Developement
Environment (MDE) version 4.1.5. The TILEncore-Gx36 (PCIe card) and
TILEmpower-Gx (1U Rack mount).
 13 years ago
Victor Julien 04f3f14541 ipv6: fix parsing of malformed ext hdr. Bug #908. 13 years ago
Victor Julien 4b4111e9e2 icmpv6: fix icmp_id and icmp_seq keywords 
Bug #907
 13 years ago
Victor Julien d82ce3f50c Fix compiler warning due to missing include 
decode.c: In function 'DecodeThreadVarsAlloc':
decode.c:437: error: implicit declaration of function 'ConfGetBool'
 13 years ago
Victor Julien 16c3487444 Add yaml option to disable vlan ids hashing 
In some cases using the vlan id(s) in flow hashing is problematic. Cases
of broken routers have been reported. So this option allows for disabling
the use of vlan id(s) while calculating the flow hash, and in the future
other hashes.

Vlan tracking for flow is enabled by default.
 13 years ago
Victor Julien 58ed1f2411 flow: take vlan_id's into account in the flow hash 
In VLAN we can have 2 layers of encapsulation. In this patch both
layers are used in the flow hash to distinguish between encapsulated
traffic.
 13 years ago
Victor Julien 055b422c28 Remove obsolete code: flow alert sid storage 13 years ago
Victor Julien 9faa4b740d Add --unittests-coverage option to list how many code modules have tests 13 years ago
Victor Julien fc7879322e Rename GetIfaceMaxPayloadSize to GetIfaceMaxPacketSize to reflect the actual function. 13 years ago
Victor Julien bd21b5ed9c Pcap: fix snaplen autodetection, GetIfaceMTU doesn't include link layer length 13 years ago
Anoop Saldanha ee0b21652b fix bug where we were not printing http hostname(printing <unknown> 
previously) in httplog, filestore meta and file log.
 13 years ago
Victor Julien 7edcc13514 NFQ: fix packets not getting freed 13 years ago
Anoop Saldanha cdaa13012a fix for #882. 
Refactor the code that initializes the cuda mpm environment.
 13 years ago
Victor Julien 9f3e2f7a92 NFQ: adapt to ReleasePacket API 13 years ago
Ken Steele b076a26cdc Replace ReleaseData function on Packet Structure with ReleasePacket. 
This commit allows handling Packets allocated by different methods.
The ReleaseData function pointer in the Packet structure is replaced
with ReleasePacket function pointer, which is then always called to
release the memory associated with a Packet.

Currently, the only usage of ReleaseData is in AF Packet. Previously
ReleaseData was only called when it was not NULL. To implement the
same functionality as before in AF Packet, a new function is defined
in AF Packet to first call the AFP specific ReleaseData function and
then releases the Packet structure.

Three new general functions are defined for releasing packets in the
default case:
    1) PacketFree() - To release a packet alloced with SCMalloc()
    2) PacketPoolReturnPacket() - For packets allocated from the Packet Pool.
                                  Calls RECYCLE_PACKET(p)
    3) PacketFreeOrRelease() - Calls PacketFree() or PacketPoolReturnPacket()
                                 based on the PKT_ALLOC flag.

Having these functions removes the need to check the PKT_ALLOC flag
when releasing a packet in most cases, since the ReleasePacket
function encodes how the Packet was allocated. The PKT_ALLOC flag is
still set and is needed when AF Packet releases a packet, since it
replaces the ReleasePacket function pointer with its own function and
then calls PacketFreeOfRelease(), which uses the PKT_ALLOC flag.
 13 years ago
Anoop Saldanha f85a2dc84b fix for #875. 
Update configure.ac to check for either 0.5.5 and 0.5.x version of libhtp.
 13 years ago
Anoop Saldanha 9698a5d78c Code to enable cuda support for pfring live mode. 13 years ago
Victor Julien 91fb47475b DNS: break out of DNSResponseGetNameByOffset if we're in there too long. Can happen on bad data. 13 years ago
Victor Julien aa26dae5a1 Stream: don't inject stream end pseudo pkt on FinWait2 state. Bug #883. 13 years ago
Victor Julien 2f3f577fb6 DNS: convert info logs to debugs 13 years ago
Victor Julien 97f51c1011 Fix ac-bs and ac-gfbs mpm-algo settings leading to fatal error if CUDA is enabled. Workaround for #882. 13 years ago
Eric Leblond e2334fbfe8 unix socket: fix typo in error message 13 years ago
Eric Leblond c2cbb43776 autotool: INCLUDES usage is deprecated 13 years ago
Eric Leblond 281d2f27f8 Fix compilation warning 
A goto could lead to the use de_ctx without declaring it.
 13 years ago
Victor Julien f4dcba6de3 In case of fragments, don't consider ports. Bug #847. 13 years ago
Anoop Saldanha e7f09f24c8 Code to enable cuda support for live mode pcap and af-packet. Keep an eye 
out on the mailing list and http://planet.suricata-ids.org for performance
and other profiling data.
 13 years ago
Victor Julien 51d6c63860 Luajit: fix compilation and tests after libhtp upgrade 13 years ago
Anoop Saldanha 48cf0585fb Suricata upgrade to libhtp 0.5.x. 
Remove the support for now unsupported personalities from libhtp -
TOMCAT_6_0, APACHE and APACHE_2_2.  We instead use the APACHE_2
personality.
 13 years ago
Victor Julien 080c15b3fc Enable libhtp 0.3.0 compilation and crash free UT run. Still see 5 failed tests. 13 years ago
Victor Julien 538da26812 Fix sgh mpm flags assignment 13 years ago
Eric Leblond 150cd39c6e detect-engine: do a direct update of flag 
There is no reason not to update the flag directly. So do it
to avoid to crash the test.
 13 years ago
Eric Leblond 2f2916d9ec ccccinelle: add formatted comment for flag test 13 years ago
Victor Julien aafc65c757 Autotools: move libhtp conditionals to configure 
In preparation of the libhtp upgrade, move all libhtp related conditionals
to configure. This allows for one set of build scripts that works regardless
of the presence of a local libhtp dir.
 13 years ago
Victor Julien 73e27c1fb7 Generate proper errors if sid,gid,rev values are out of range. Bug #779. 13 years ago
Victor Julien 164d60e8cd Yaml: give a more detailed error if the user supplies a directory instead of a yaml file. Bug #803. 13 years ago
Victor Julien a4e838c1d3 TLS: create certs directory during startup if it doesn't exist yet. Bug #710. 13 years ago
Eric Leblond 0e92469222 nfq: be sure to always verdict packets 
To be sure to always verdict packets (bug #769), this patch adds
a ReleaseData function to NFQ packets. The release function simply
drop the packet if it has not been verdicted before.
 13 years ago
Victor Julien 4a0050b9ea Print pkt src to alert-debug log 13 years ago
Victor Julien 1c371da46d DNS: better handle TX' with lost replies 13 years ago
Victor Julien 0fd9b0c4fa HTP: free TX from transaction free API call 13 years ago
Victor Julien 1367074c75 App layer: clean up TX before lowest active one 
Update DNS to handle cleaning up this way.
 13 years ago
Victor Julien 0b229ec8b9 DNS: suppress log-dns registration message 13 years ago
Victor Julien f59f90331d Applayer: remove obsolete StateUpdateTransactionId 
Also, update StateTransactionFree to take an u64 tx id, so it's
consistant with the rest of the engine.

To reflect these changes, AppLayerRegisterTransactionIdFuncs has
been renamed to AppLayerRegisterTxFreeFunc.

HTP, DNS, SMB, DCERPC parsers updated.
 13 years ago
Victor Julien ebab9aee83 DNS: move internal tx id tracking to u64 13 years ago
Victor Julien e8ad876b48 App layer: add 'StateHasEvents' API call 
Per TX decoder events resulted in significant overhead to the
detection engine, as it walked all TX' all the time to check
if decoder events were available.

This commit introduces a new API call StateHasEvents, which speeds
up this process, at the expense of keeping a counter in the state.

Implement this for DNS as well.
 13 years ago
Anoop Saldanha cd7b4fac40 remove unused pattern id assignment functions. Goodbye 13 years ago
Victor Julien f353fb630c DNS: convert dns_query to sticky buffer 13 years ago
Victor Julien 7292998a58 Content: set up sticky buffers like file_data and dce_stub_data w/o flags, but with a list variable 13 years ago
Victor Julien d476e4e50d Coverity 1040312, 1040313, 1040314 1040315: improve pool thread error handling. 13 years ago
Victor Julien 1373a20e8a Thread: remove thread id 13 years ago
Victor Julien d7aaa9464c Stream: use per thread ssn_pool_id instead of thread id. 13 years ago
Victor Julien 92b7ffad69 Improve memory cleanup in some unittests 13 years ago
Victor Julien fd7899cc8b Stream: fix unittests after ssn pool changes. 13 years ago
Victor Julien aa449d51ca Stream: use per thread ssn pool 
Use per thread pools to store and retrieve SSN's from. Uses PoolThread
API.

Remove max-sessions setting. Pools are set to unlimited, but TCP memcap
limits the amount of sessions.

The prealloc_session settings now applies to each thread, so lowered the
default from 32k to 2k.
 13 years ago
Victor Julien b6af6cb241 pool: add error msgs and improve memory layout 13 years ago
Victor Julien 5b9ef94f34 pool: add api for per thread pools 
This API is a wrapper around the regular pools where the thread pools
are arrays of locks+pools.
 13 years ago
Victor Julien 016d03bdaf pool: add error msgs and improve memory layout 13 years ago
Victor Julien 46af6b7e0f Add a per threadvars thread local thread id, that starts at 0 and increments for each thread. 13 years ago
Victor Julien b3b554c269 Coverity 1038959: DNS mpm might use initialized variable 13 years ago
Anoop Saldanha fba95e9125 Remove mpm ctxs in the wrong direction. 
A lot of http mpm ctxs have now been removed as a result of this.
 13 years ago
Anoop Saldanha 3c2ddf04c1 Update mpm init ctx to not accept the final cuda_rc_module argument. 
It was a part of our older architecture and is no longer used.
 13 years ago
Victor Julien 33818c0272 DNS: fix CUDA build 13 years ago
Victor Julien be7e6cdd7a DNS: fix warning when debug is not enabled 13 years ago
Victor Julien 571b8ac186 DNS: add support for per TX decoder events. 13 years ago
Victor Julien 9dc04d9fab app layer: add support for per TX decoder events 13 years ago
Victor Julien 72e35efbc6 Reset app layer events when we start inspecting a new TX 13 years ago
Victor Julien 28a6c1d9f8 DNS: add test for app layer event match 13 years ago
Victor Julien 6645620c03 Merge SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_DNS into SIG_FLAG_MPM_APPLAYER, do the same for the _NEG variant. 13 years ago
Victor Julien 43ba5a677e DNS: enable mpm/fast_pattern support for dns_query 13 years ago
Victor Julien 4817e1305f DNS: add /F modifier to pcre to inspect DNS query name 13 years ago
Victor Julien e567e12230 DNS: add unittests for UDP and TCP for dns_query keyword 13 years ago
Victor Julien f10dd603ff DNS: adding dns_request content modifier 13 years ago
Victor Julien 6674f4892c DNS: add per tx internal id 
Add per TX id. Rename transaction_cnt to transaction_max (id) and increment it on tx creation.
 13 years ago
Victor Julien 59780ca770 Hacks to enable alert dns even though we have dnstcp and dnsudp parsers. Needs proper solution later. 13 years ago
Victor Julien 8e01cba85d DNS TCP and UDP parser and DNS response logger 13 years ago
Eric Leblond 4521de2dfd Use PACKET_* macro instead of UPDATE 
Setting the ACTION_DROP flag can be done via PACKET_DROP instead
of using PACKET_UPDATE_ACTION.
 13 years ago