aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
741 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd7958f7983'
${ noResults }
Commit Graph

696 Commits (d7958f7983937f48f9f5a5ade0c6f2960ec2f993)

Author SHA1 Message Date
Victor Julien f92ac1fbdb Merge branch 'tcpopt' into next 16 years ago
Victor Julien a6fe5a7331 Add TCP_GET_TS1 and TCP_GET_TS2 marco's to efficiently retrieve the TCP timestamps in host order. 16 years ago
Jamie a297225157 victor must be getting sick of PPPoE and ICMP 16 years ago
Victor Julien b6deadd2b4 Fixed a few missing places for tv->flags access. Changed mutex init for packets slightly. 16 years ago
Victor Julien 968dc45d27 Merge branch 'threading' into t 16 years ago
Victor Julien 1858be7a2f Lock threadvars flags using spinlocks. 16 years ago
Victor Julien edfddcb282 Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe. 16 years ago
William Metcalf 6095b8f2a1 fix for older libc's missing def for IPPROTO_DCCP 16 years ago
Victor Julien f03d540d2f Suppress debug output in yaml loader. 16 years ago
Jason Ish c91a4baad5 - Autoconf goo for libyaml. 
- Mock YAML configuration file.

- YAML loader for basic YAML files - not all YAML elements support yet..
  todo.

- Add --dump-config command line parameter to dump the state of the
  configuration db after loading the config file.
 16 years ago
Victor Julien 733c3bcb8c Fix "ip" rules not ending up in the tcp and udp sig group heads correctly. 16 years ago
Victor Julien d883a993f7 Make sure stream_size works on IPv6 as well, only checks TCP packets, validates input better. 16 years ago
Gurvinder Singh 0675b7d7cf fixed unittests against protoctx 16 years ago
Gurvinder Singh d82d83eba2 fixed regex to handle space 16 years ago
Gurvinder Singh df74597a1f use next_seq for stream size and comments 16 years ago
Gurvinder Singh 7e5f5e68e8 regex intial version 16 years ago
Gurvinder Singh aa87f70470 stream size match function and unittests 16 years ago
Gurvinder Singh ac53ca5b27 Stream Size rule option 16 years ago
Anoop Saldanha 3a45b2711c Fixed the Perf API startup issue 16 years ago
William Metcalf 07bb501aca compile fix for source-nfq.c 16 years ago
Victor Julien 15b75d727a Fix reassembly unittests. 16 years ago
Victor Julien a39108843e Small tm module API rename to reflect that Init/Deinit/ExitPrintStats are per thread calls. 16 years ago
Victor Julien b102ea2123 Big update: 
- Implement "closing" state in flow.
- Add protocol specific timeouts.
- Lots of stream tracking updates, fixing a lot of out of window issues.
- Stream reassembly fixes.
- Implement a new IDS runmode with 4 stream and detect threads.
- Added a BUG_ON macro that aborts the engine if the expression is true.
- Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently).
- Simplify application level protocol in the Tcp Session.
- Add some debugging memory counters.
 16 years ago
Victor Julien b4f0e82463 Small flow updates. 16 years ago
Gurvinder Singh 2e3d7fcb9d Fixed seg fault 16 years ago
Gurvinder Singh 9dcf6e2de2 handle the FLOW_STATE_CLOSED 16 years ago
Gurvinder Singh ced5157dc9 Flow get state protocol specific 16 years ago
Gurvinder Singh ec4fee215c registering unit tests 16 years ago
Gurvinder Singh ab76253ec6 registering stream timeouts and flow prunning unit tests 16 years ago
Gurvinder Singh a4ad7939d2 proto specific free function 16 years ago
Gurvinder Singh 55cdf8947e some modification in protocol specifc timeouts and free funtion 16 years ago
Gurvinder Singh efcde9f52e Some fixes for timeouts 16 years ago
Gurvinder Singh e3b76dcaad efficient protocol specific timeouts 16 years ago
Gurvinder Singh b46d9dc2b4 part2 and part3.1 of timout task 16 years ago
Gurvinder Singh 59e2232211 setting timeout on first packet in the flow 16 years ago
Gurvinder Singh a31a261737 Another and right way i guess for timeouts 16 years ago
Gurvinder Singh 0e64fa78b4 Protocol Specific Timeouts 16 years ago
Gurvinder Singh a65d558d2f Changed the debug message 16 years ago
Victor Julien 7c5f95db01 Small threading update. 16 years ago
Anoop Saldanha f35d9f0437 threading improvements. Replaced the use of slot(2/3) with varslot. Improve error handling in slot functions. Additional helper functions for thread creation 16 years ago
Victor Julien 03d084858c Add macro's for access to ICMPv(4|6) type & code. 16 years ago
Jason Ish 00821489d7 Unit test will now fail if allow_override bug is reintroduced. 16 years ago
Jason Ish 3f51fc2ce7 - Add a configuration dumper. 
- Fix a bug where you could override a configuration value that did not
  set allow_override to true.
 16 years ago
Victor Julien aad8aaf3cb Actually add the new queue handler. 16 years ago
Victor Julien 3636ca9703 Adding a "flow" queue handler. This queue handler passes packets of the same flow to the same queue. Changed the default IDS mode to use this. 
Some output cleanups, shutdown should be cleaner now.
 16 years ago
Victor Julien e7206623bb GRE struct naming fix, comment adds. 16 years ago
Anoop Saldanha 22c0ec2bc5 Added support for the csum-<protocol> rules keyword to the detection engine. Keywords added are ipv4-csum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum 16 years ago
Victor Julien 39724df664 2nd try of fixing some bugs reported by static code analysis tool. 16 years ago
Victor Julien 6eaff4be12 Fixes for issues found by static code analyzer. 16 years ago
Victor Julien 85b1fd7dfc Add TLS 1.1 and 1.2 detection. 16 years ago
Anoop Saldanha 401a0313d4 checksum calculation functions for icmpv6, udp over ipv6 and tcp over ipv6 16 years ago
Victor Julien 1f782bb912 Fix pointer issue in sig loading. 16 years ago
Victor Julien 086ba5f49b Add 'BySize' field parser. Add stub tls parser. 16 years ago
Victor Julien b26b5aa462 More cleanups. 16 years ago
Jamie 9adfe54620 more unit tests for pppoe - part I 16 years ago
Victor Julien 44b6042cf9 Fix wrong data type used in a reassembly error checking. 16 years ago
Anoop Saldanha 41dd0f8e62 checksum calculation functions for ipv4, tcp, udpv4, icmpv4 16 years ago
Victor Julien 18f556ade1 Fix a number of broken overlap calculations. Add comments exmplaining them all. 16 years ago
Victor Julien 85abc3ef62 Complete removal of global de_ctx. UtRuntests now returns the number of failed tests or 0 on none. Program exits with code 1 on failed tests, code 0 otherwise. Removal of broken http uri test. 16 years ago
Victor Julien 1132ab635a Rename all pmt->det_ctx. 16 years ago
Victor Julien b9972a9d2c Cleanups 16 years ago
Victor Julien 855dc62e30 Git merge artifact. 16 years ago
Brian Rectanus 63d970eb0b Fix compiler warning and add better ipv4 options debugging output. 16 years ago
Victor Julien 84da1e9dc4 Add seg_list integrity testing to reassemly. Remove all debug output but some. Better deal with packets before the point that we already reassembled. 16 years ago
Gurvinder Singh 65ebb5611d Task 4 handling of missed packets by IDS only and both IDs and end host 16 years ago
Gurvinder Singh feecb7406a Fixed some issues in gap handling 16 years ago
Gurvinder Singh 0a32b6491f Handling of IDS missed packets and its unitests 16 years ago
Gurvinder Singh b267d4072a test the bug in freeing memory 16 years ago
Gurvinder Singh bcebbebdfd Handling IDS missed packets 16 years ago
Victor Julien 7715e8f0fc Work around some Tcp session free issues in the app layer parsers. 16 years ago
Victor Julien 391e69e699 Fix tunnel packet handling. 16 years ago
Victor Julien e7f8a02484 Improve GRE counting. Actually use the GRE decoder. Register the GRE counter. 16 years ago
Breno Silva 9528e02e46 GRE support 16 years ago
Victor Julien f5fe190b45 Fix a ipv4 compiler warning. Improve TCP opt decoding error handling logic. 16 years ago
Brian Rectanus 74cb73fc1d Decode IPv4 options. 16 years ago
Victor Julien d7de22d0f0 Removing GPLv2 license info as our bylaws aren't final yet and we will redist code non-GPL as well. Rename struct conf_node to ConfNode to comply with engine coding style. 16 years ago
Victor Julien efdd952eb5 Remove noisy debugging output. 16 years ago
Victor Julien 6a1acba1ab Fix missing conf include. 16 years ago
Jason Ish e3b538c7d7 Simple configuration API. 
Allow the log directory to be changed.
 16 years ago
Victor Julien c73f4334d0 Fix compiler warning. 16 years ago
Victor Julien 4369816cdd Improvements to content keyword memory handling. 
First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more.

Couple of pattern matcher cleanups.
 16 years ago
Victor Julien 0242fad770 Fix error in freeing the ctx of a SigMatch. 16 years ago
Victor Julien 97854cf4bb Fixup some rule parser memleaks 16 years ago
Victor Julien 25aa05fdb2 use C99 int's. 16 years ago
Gurvinder Singh 6393b6778c unittests for gap handling 16 years ago
Victor Julien 57f71f7e4b Pass the DecodeThreadVars to all Decoder functions properly. Improve the error handling. 16 years ago
Victor Julien 63bc68ee90 Unify all counter registration code on uint16_t counter id's. 16 years ago
Anoop Saldanha 244f5d547a new registration functions for the stats api, with local thread storage for counter ids 16 years ago
Victor Julien d67eec918f Adapted flow comments to doxygen style. 16 years ago
Victor Julien 0a9fca7e57 Fix compilation without unittests enabled. 16 years ago
Victor Julien 451adaff34 Small name support code update for flowbits, flowvars and pktvars. 16 years ago
Victor Julien 522efdcf03 Small reshuffle of the free funcs in the Stream code. 16 years ago
Gurvinder Singh 6824eddb0f New function for task3 16 years ago
Victor Julien 5b946443d8 Use finer grained locking for app layer parsing. 16 years ago
Victor Julien 2d406555a8 Fix compiler warning about 'mode'. 16 years ago
Jamie 698e9c0699 fix incorrect offset in decode-ethernet for PPPoE, more debug statements 16 years ago
Victor Julien 4ec31e0445 Fix short IPv4 packets not getting detected in the decoder. Set decode event on short ipv6 packets. 16 years ago
Victor Julien 265038a75a Fix a memory read error in the BDNM search algorithms. Also (hopefully) fix a 64bit error. 16 years ago
Victor Julien f6a8454232 Layout fixes. 16 years ago
Jamie fdbd09db6c add perfcounter to pppoe 16 years ago
Jamie afa8a6766e test cases for PPPoE, ICMPv4 16 years ago
Victor Julien e31563f61c Fix nfq compilation. 16 years ago
Victor Julien 720ac9efe8 Improve unittest error message if unittests are not compiled in. 16 years ago
Victor Julien 5501212e62 Fix sizeof printf related compiler warnings. 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Brian Rectanus 9a9b506c34 64 bit cleanup 16 years ago
Victor Julien 2a6aa00cd8 Use double for the avg counter. 16 years ago
Victor Julien 2e4cc2ad3d Convert tabs to spaces in PPPoE code. 16 years ago
Jamie 8817364ef6 initial PPPoE decoder commit 16 years ago
Victor Julien 3cf7e2e94e Add two counters: avg_pkt_size and max_pkt_size. 16 years ago
Victor Julien 1c3c13c7eb Fix missing limits.h include. 16 years ago
Anoop Saldanha 8af9f902e8 additional support for type qualifier for the stats api 16 years ago
Victor Julien 630a58b719 Fix unittests -u commandline option. 16 years ago
William Metcalf dd86b51dbc added optional option to specify signature file to load 16 years ago
Victor Julien 73217d60b9 Fix compiler warning in binsearch fix. 16 years ago
Victor Julien 9f78d47c2a Further work on the stream L7 parser, it's api and the http stub implementation. 16 years ago
Victor Julien 08ae4482a2 Fix 1 byte searching in BinSearch function. 16 years ago
Victor Julien 9b7ee312e3 Small update. 16 years ago
Victor Julien 5a9a23f9bb Update to the parsers. 16 years ago
Victor Julien 8e10844f95 Initial code of Application Layer parsing framework. Rename of L7* to AppLayer*. 16 years ago
Victor Julien 95f4706549 Merge branch 'victor_local' 16 years ago
Victor Julien 4f358c5a07 Fix list handling in reassembly 16 years ago
William Metcalf 413efe8668 fix regression in detect-parse.c 16 years ago
Jason Ish fed12be6c0 Add some usage. 16 years ago
Jason Ish f28ffebf0e Basic command line support for pcap (file, network), nfq and unit test modes. 
Just some basic command line support I had in my tree for setting the
run-mode, including unit tests.  Seems fine for simple setups, but I
think we'll want to make things setup in the config file.  Anyways, I
like to switch from file to real device without a recompile :)

Also want to check with you if the patch is formatted correctly.. I
use git format-patch then used it as a template into mutt, which seems
easier than the git send-email command.

Thanks
-- Jason
 16 years ago
Victor Julien e147b87d5f Fix small error in thread creation. 16 years ago
Victor Julien 8c0a5269c0 Fix pcap returning out of it's loop every time. 16 years ago
Anoop Saldanha 53c21410b6 improve the threading api for the ids 16 years ago
Anoop Saldanha d0e70309c0 Implements counters for the decode module 16 years ago
Victor Julien fb68d1c658 Merge branch 'de' 16 years ago
Victor Julien 63d32f723f Fix decode event compiler warning. 16 years ago
Victor Julien b7ad199c97 Fix broken test. Fix content keyword parsing not escaping properly. 16 years ago
William Metcalf ebd569ca4a Added unit tests to detect-content.c to show problems with escaped chars ; " \ : in snort rule lang 16 years ago
Victor Julien b6d55f84ac Revert default runmode change. Fix running decode event unittests twice. 16 years ago
Breno Silva c90b4e6fcd Decode event rule 16 years ago
Victor Julien 54ae12b1f9 Fixes for the stream reassembly. It turned out that using both a prev_seg pointer and a list_seg->prev pointer at the same time was not the best of ideas. So removed the prev_seg ptr. Cleaned up some copy functions too. Added some more debug statements. Made sure the L7 stuff doesn't kick in when running the unittests for reassembly. 16 years ago
Victor Julien e40495e31d Fix git merge artifact. 16 years ago
Victor Julien 387472185d Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly. 16 years ago
Victor Julien 1f995361dd Switch to pthread_cond_timedwait in streammsg queue. 16 years ago
Victor Julien b7c42d55f5 Fix setting l7 thread name. 16 years ago
Victor Julien 4dc8ebac0c Fix locking error causing deadlocks. 16 years ago
Gurvinder Singh 994473cea0 Target Based Stream Reassembly with comments 16 years ago
Victor Julien 25f696106c valgrind memcheck: fix a b3g mem leak at shutdown. 16 years ago
Victor Julien c5b2b8c082 valgrind memcheck: fix small pool memory leaks in the unittests. 16 years ago
Victor Julien dbe2a86ffe valgrind drd: fix flow mutex reinitialization in the flow subsystem when called by unittests. 16 years ago
Victor Julien f5eeea5b0b Make sure flow isn't freed while stream msgs are still in use. 16 years ago
Victor Julien ad093e3021 Add doxygen syntaxed comments to the threadvars structure. 16 years ago
Victor Julien f9227969b0 Add some dbg output to the counters. 16 years ago
Victor Julien 28ad13c7f4 Small output fix for counters. 16 years ago
Anoop Saldanha 7dcd0252ca perf task bugs fixed v3 16 years ago
Victor Julien ae2535c960 Small counter output fixes. 16 years ago
Anoop Saldanha ed820e22cf perf task bugs fixed v2 16 years ago
Anoop Saldanha fc8bb6c934 perf_task_bugs_fixex_v1 16 years ago
Anoop Saldanha a5fb240a4a Changes added for the Performance Counter API 16 years ago
Victor Julien 175eaeca93 Slightly moved around the NFQ define a bit. 16 years ago
Victor Julien e6400bf456 --enable-unittests now controls compilation of unittest code. Added crude commandline support for running unittests: ./eidps runtests 16 years ago
Victor Julien 462a346bf6 Fix printf formatting error in a pool unittest. 16 years ago
William Metcalf a3510f2025 Made NFQ optional via --enable-nfqueue, --enable-logsigs will now load local.rules in the path other fixes 16 years ago
Victor Julien 646262a755 Small cleanups. 16 years ago
William Metcalf 3046cf391d Small printf fixes to detect-flow 16 years ago
William Metcalf 9b4c0d057f Updated flow parsing code for validation, added unit tests, fixed statless check 16 years ago
Victor Julien 1dc2916c3a Add debug output to SetupPkt. 16 years ago
Victor Julien 7c36b315fd Kill the engine if one of the threads fails to initialize. 16 years ago
Victor Julien 051f21e797 Output more info about sequence gaps. 16 years ago
Victor Julien 9854c19a88 Adapt Flow subsys init function to be able to initialize quietly for us in unit tests. Add flow to PPP unit tests. Fixes a floating point exception error. 16 years ago
Victor Julien 416bdd543a Add unit test to pool for the bug from yesterday. 16 years ago
Victor Julien c42fa78287 Fix wrong segment ordering, fix stream messages not being queue'd right. 16 years ago
Victor Julien 77b19f6d82 Fix pool bug. 16 years ago
Victor Julien c53dfea379 Improve the threading code to enable a single pcap file processing thread. 16 years ago
William Metcalf d79b85d251 Small regex fix for portlists in detect-parse.c 16 years ago
William Metcalf d4e9ca8417 source-pcap.c comments modified for doxygen formatting 16 years ago
Victor Julien 689bbfdc45 Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. 
Remove the Trie multi pattern matcher code. It wasn't used anymore.
 16 years ago
Victor Julien ffa013b2d8 Implement flow:established and flow:stateless 16 years ago
William Metcalf 1ae490e6c8 Small debug fix in decode-udp.c 16 years ago
Victor Julien 516ca7ead5 Fix IPv4 and IPv6 decoders not being able to deal with ethernet packets with trailing bytes. 16 years ago
Victor Julien 72b430d0bb Small pcap cleanups. 16 years ago
William Metcalf 1d1f080733 Remove Libpcap GlobalVars from source-pcap.c 16 years ago
William Metcalf 2ab8291ea8 Multi-Threading capable libpcap 16 years ago
Victor Julien 8c3d0c054b Pcap fixes. 16 years ago
William Metcalf b5c19be29c libpcap fixes for error handling and defines 16 years ago
Victor Julien 4715c2f596 Small pcap layout fixes, also made it a little bit more quiet. 16 years ago
Will Metcalf af992242a8 libpcap stuff v2 16 years ago
Victor Julien c957dc7775 Updates & cleanups to stream & l7 stuff 16 years ago
Victor Julien 76581ef967 Small layout fixes to the ppp code. 16 years ago
Breno Silva dec11038c6 PPP Support 16 years ago
Victor Julien 1c2240cfeb Stream reassembly update and WIP code for L7 modules. 16 years ago
Victor Julien 2c8df73d24 Add decoder events to ethernet and sll decoding. 16 years ago
Victor Julien eb0a5d8762 Add Address copy macro. 16 years ago
Victor Julien de1639e263 Enforce max pool size. 16 years ago
Victor Julien 51a9e36e10 Remove vips references. Rename to eidps. 16 years ago
Victor Julien 8bc0a2e465 Add tests for pool. 16 years ago
Victor Julien 668e9514d7 Pool update. Stream reassembly start. 16 years ago
Victor Julien 8397413942 Comment updates. 16 years ago
Victor Julien 9c7f5afa79 Large update: pcap support, threading fixes, initial stream tracking, time handling, pool support, runmodes, decoders added, autojunk update. 16 years ago
Victor Julien a0b390c541 Fix pktvar and http uri memory leaks. 16 years ago
Victor Julien 930aa4e038 Fix ip-only again: flowbit sigs were not handled correctly and tcp/udp sigs with ports set also were not. 16 years ago
Victor Julien a93d51fcde IP only rule loading optimization and counting fix. 16 years ago
Victor Julien 84aa365a3b Fix iponly matching. 16 years ago
Victor Julien 766ebed4d4 Fix Flowvar idx retrieval. 16 years ago
Victor Julien 2ecc7f2b4b Use different rule grouping settings for toclient and toserver. Fix flowbits accounting. 16 years ago
Victor Julien ff4b5a5db7 Add support for flowbits. 16 years ago
Victor Julien 657be002d1 Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping. 16 years ago
Victor Julien e877d69a2d Add compare func to hash table, fix remove in hashlist table. 16 years ago
Victor Julien 5df5b35e90 Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups. 16 years ago
Victor Julien b2eb954099 Add b3g 3gram BNDM pattern matcher. Fix multi queue nfq initialization. Improve speed of b2g and wumanber. 16 years ago
Victor Julien ec39f5446c Fix rule tree update. Fix bloomfilter error in b2g. 16 years ago
Victor Julien 1c0ad1d415 Add implementation of the Simple BNDM 2gram pattern matcher algorithm. 16 years ago
Victor Julien efb10fc0d6 big update 16 years ago
Victor Julien 21364b34dc Fix uricontent scan for copied siggroupheads. 16 years ago
Victor Julien 69e056e33f Add the scanning to uricontent as well. 16 years ago
William Metcalf 85675ba066 added fix for compiler warning in reject code 16 years ago
Victor Julien fedcc397de Detection engine improvement: don't run pattern matcher on packets with payload sizes less that the biggest content we need to match. Add some extra stats. 16 years ago
Victor Julien 0250642cc0 Fix negated variables, add tests. 16 years ago
Victor Julien dce2c12915 Add Scan before Search to the detection engine. 16 years ago
Victor Julien 4c4862d838 Improve logging, add alert-output module, at module exit stats, add HTTP POST uri capture. 16 years ago
Victor Julien 724d942688 Fix port check. 16 years ago
Victor Julien 43571f21a4 default to all.rules 16 years ago
Victor Julien e0ed51d049 Small fixes and dbg additions. 16 years ago
Victor Julien b064d0f435 Fix sig unittests 16 years ago
Victor Julien 9b07710389 Add hashing and bloomfilter api's: now include buildsys update 16 years ago
Victor Julien 49117f5e64 Add hashing and bloomfilter api's 16 years ago
Victor Julien 27f236778a make output more quiet 16 years ago
Victor Julien 298d4be7bb Threading update for tunneling and high load 16 years ago
Victor Julien 4b6a8715fd Fix packets getting stuck in NFQ under high load. 16 years ago
Victor Julien c4f2fe4bd7 Implement per packet variables and switch the http stuff to it. 16 years ago
Victor Julien edf8650a7e Tunnel update. 16 years ago
Victor Julien 835d609fc5 Small format fix. 16 years ago
Victor Julien 8cda70668c Tunnel fixes. 16 years ago
Victor Julien 28d9415e37 New approach to tunnel decoding. 16 years ago
Victor Julien 982542cde6 New approach for the empty packet queue issue. Now we just wait until it's no longer empty. 16 years ago
Victor Julien 2f6a186078 Alloc a new packet if the queue is empty. Fix this. 16 years ago
Victor Julien a454fe4fb7 Small fixes 16 years ago
Victor Julien 274d92478e Alloc a new packet if the queue is empty. 16 years ago
Victor Julien da3125e888 Fix a Floating point exception error. 16 years ago
William Metcalf 817d0e0855 added macros for ICMP defines 16 years ago
William Metcalf 7006085195 udp decoding added icmp unreachables added to reject 16 years ago
Victor Julien 3f7195454b Big detection engine update. 16 years ago
Victor Julien ea5bb1c8d5 Small update and new tests for wu-manber. 16 years ago
Victor Julien ebf41c3b1e Remove obsolete decode-http files. 16 years ago
Victor Julien 1cb274a39a Update build sys 16 years ago
Victor Julien aecda426bf Update the wu-manber pattern matcher: it supports dynamic hash sizes and improves init times. 16 years ago
Victor Julien 54ffe2053e Large detection engine update. 16 years ago
Victor Julien 8b3d06fd92 Rename some detection engine related files. 16 years ago
Victor Julien f3a94413db Properly support 'alert ip' rules. Add support for handling ip only rules differently. 16 years ago
Victor Julien dee5ab1aa3 Fix uricontent mpm ctx comparison. 16 years ago
Victor Julien fed6926809 Small cleanups 16 years ago
Victor Julien dc48c58473 Switch to using a detection engine ctx. 16 years ago
Victor Julien 171c8c777d Group signatures by protocol. 16 years ago
Victor Julien 3446566e44 Style cleanups for resets. 16 years ago
Victor Julien 45f83f7636 branching test 16 years ago
William Metcalf 0ffa1c2465 updates for configure.in, added reject code, some decode stuff for tcp 16 years ago
Victor Julien 9e5049cddc Improve memory handling and parsing of the msg rule keyword. 16 years ago
Victor Julien eb1c4e4987 Large update to the detection engine. Greatly improve initialization speed and memory usage. 16 years ago
Victor Julien b1a13c89bd Improve memory handling of the pcre rule keyword. 16 years ago
Victor Julien a603577132 Small update to the pcre used for signature parsing. 16 years ago
Victor Julien 0489370f5b Big speedup of the initialization code for signatures. Contains WIP code as well. 16 years ago
Victor Julien ac60f32197 Make nocase keyword initilization failure fatal and slightly improve the error message it prints. 16 years ago
Victor Julien 84087e7077 Fix a memory error in the addresslist parsing code. Add a functions aimed at speeding up the signature initialization code. 16 years ago
Victor Julien b50fc8aecd Speed up appending of sigs to a sig group head by using a tail ptr. 16 years ago
Victor Julien 0726efead9 Support address lists. 16 years ago
Victor Julien f2fbf395b8 Fix mixed up CI and CS searching in WuManber. Add better tests. 16 years ago
Victor Julien 69162f9cd0 Fix issue with log-httplog where it logged uri's of previous packets because of a broken uri check. 16 years ago
Victor Julien 05fd319f6c Add log-httplog module that logs http request uri's, hosts and useragents to a per line text format. 16 years ago
Victor Julien eaaeb30cd6 Add noalert keyword for use with sigs that are used for capturing only. 16 years ago
Victor Julien 63bb777100 Use a default prio of 3. 16 years ago
Victor Julien f0ed41fb0a Support priority keyword, add priority to alert-fastlog. 16 years ago
Victor Julien 867d493d7f Source NFQ update... less hackish, but still needs work as soon as we know how to do configuration. 16 years ago
Victor Julien dc224cb2d2 Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 16 years ago
Victor Julien 9afa171d71 cosmetic update of alert-fastlog Will 16 years ago
Victor Julien a7ee4c5b1b Update todo of alert-fastlog 16 years ago
Victor Julien 3df4b7da2b Set p->proto and add TCP, UDP, etc macros. 16 years ago
Victor Julien b7bc35e8b2 support for 'negation' in addresses and the 'any' special case. 16 years ago
Victor Julien 876f0c95c7 Signature rule keywords are case insensitive. Support that. 16 years ago
Victor Julien d036264f80 Cleanup signature parsing and other detect.c parts. 16 years ago
Victor Julien f1db87276c Start on addr and proto parsing in rules. 16 years ago
Victor Julien 6c1f2071be Add unittest registration to the threading modules api. 16 years ago
Victor Julien cd19ee8bf2 Fix crash when to_client traffic was scanned for uricontent when there was no uri available... 16 years ago
Victor Julien f77c654d13 Further develop the address api. Added dynamic group head support. 16 years ago
Victor Julien 3ec5f66729 Fix some address code related compiler warnings. 16 years ago
Victor Julien d2b089f359 Fix including the header for htonl breaking the code. 16 years ago
Victor Julien bbbb644dea Add error checking to CIDRGet and make it quiet. 16 years ago
Victor Julien a798f84bf5 Add simple test report to unittesting. 16 years ago
Victor Julien 151512a45c Split up address code in ipv4 and ipv6 specific files. Cleanups. 16 years ago
Victor Julien 41647a5430 small fixes for Wills patch 16 years ago
William Metcalf 559edc01e3 NFQUE drop support added with ident of 4 :-( 16 years ago
Victor Julien 37e31e0240 Implement the address code for IPv6 as well. 16 years ago
Victor Julien b8ad4adf81 complete rename of address2 to address 16 years ago
Victor Julien 9c321af65e Rename address2 to address 16 years ago
Victor Julien e746a40d2e No longer track Makefile.in files in Git. 16 years ago
Victor Julien 28b0d82169 Remove partial and broken address handling implementation now address2 is working. 16 years ago
Victor Julien fad31a43c2 WIP addressing handling. Big progress. Address groups for ipv4 more or less getting shape. 16 years ago
William Metcalf 3488cf1a93 fixed sig written with ?<http_uri 16 years ago
William Metcalf 87411594e2 groups fixed for pcre < 7 16 years ago
Victor Julien 7aada782a4 WIP address matching stuff 16 years ago
Victor Julien ec37171d36 Add copyright msg (test commit). 16 years ago
Victor Julien bab4b62376 Initial add of the files. 16 years ago