suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	d209699a41	smtp: expand tx use Instead of just using TX for mime decoding, it is now also used for tracking decoder events.	10 years ago
Victor Julien	d67289b60e	output-filedata: close files even w/o data If there is no data chunk but the file is closed/truncated anyway, logging is still required.	10 years ago
Victor Julien	08b06bac3f	smtp: register file truncate callback Tag files as truncated from this callback so storing/logging displays the correct info.	10 years ago
Victor Julien	2b9ef87527	smtp: convert logger to tx logger Move from packet logger to tx logger.	10 years ago
Victor Julien	d0357c6169	smtp: add file inspection engine Fix file inspection engine. TODO: test	10 years ago
Victor Julien	56b74c8b5b	smtp: make TX aware Store mime decoding context per transaction. For this the parser creates a TX when the mime body decoding starts.	10 years ago
Victor Julien	cb4440324e	mime: redo PrintChars using PrintRawDataFp	10 years ago
Victor Julien	f979e92f68	decode mime: refactor & cleanup Partly to work around cppchecks: [src/util-decode-mime.c:1085]: (error) Memory leak: url	10 years ago
Victor Julien	54df86658c	mime: rename mime-decode.[ch] to util-decode-mime.[ch]	10 years ago
Victor Julien	6035470ffb	mime: style updates	10 years ago
Victor Julien	595acf2dfc	mime decode: reshuffle data structures to reduce structure sizes	10 years ago
Victor Julien	9a573c5704	output smtp: fix call	10 years ago
Victor Julien	de44a5af94	decode mime: clean up includes	10 years ago
Victor Julien	cd55b657c2	mime decode: improve MimeDecParseLineTest01 and MimeDecParseLineTest02 tests	10 years ago
Victor Julien	dd4b506cc2	decode mime: fix scan-build issues	10 years ago
Victor Julien	f91d52a0d2	mime decode: fix memory leak	10 years ago
Victor Julien	bffceb7115	mime decode: remove unused url counter	10 years ago
Victor Julien	d72f8c7de5	output smtp: clean up memory at shutdown	10 years ago
Victor Julien	c712ab2299	Fix compiler warning	10 years ago
Victor Julien	106bbc78e1	mime: refactor buffer use Turn all buffers into uint8_t (from char) and no longer use the string functions like strncpy/strncasecmp on them. Store url and field names as lowercase, and also search/compare them as lowercase. This allows us to use SCMemcmp.	10 years ago
Tom DeCanio	f55c94cb54	smtp-mime: preinitialize base64 decoder space Preinit with zeros.	10 years ago
Tom DeCanio	c279f07d2a	mime-decode: clean up after MimeDecParseFullMsgTest01.	10 years ago
Tom DeCanio	4503ffeee9	mime-decode: fix minor memory leak if Mime parser initialization were to fail.	10 years ago
Tom DeCanio	1ab5f72fdd	mime-decode: remove "comparison between signed and unsigned integer expressions" warnings	10 years ago
Tom DeCanio	e5c36952d6	app-layer-smtp: move old smtp-mime section in suricata.yaml into app-layer-protocols.smtp.mine section and update code to accomodate.	10 years ago
Tom DeCanio	3e10ee4608	PR review comment. Use protocol to discern log type.	10 years ago
Tom DeCanio	f1c160ed22	smtp: turn on smtp mime decoding and enable smtp eve logging.	10 years ago
Tom DeCanio	746da75615	eve-log: catch and log URLs in basic text emails without mime encapsulation. expand pointer walk protection.	10 years ago
Tom DeCanio	471967aafd	mime-decode: don't scan attachment's data for URLs. move event pointer lookup inside extract_urls and protect pointer walk.	10 years ago
Tom DeCanio	6467a5d563	app-layer-smtp: fix Test14. Was running one byte past end of buffer. Declare Unit Test 14's data as static.	10 years ago
Eric Leblond	260872ccd9	smtp layer: fix unittests Synchronize test 14 with the new application layer API and improve debug messages.	10 years ago
Tom DeCanio	31f8f5cf20	eve-log: SMTP JSON logger	10 years ago
Tom DeCanio	7850d896a8	smtp-mime: add server reply codes returned from outlook server	10 years ago
David Abarbanel	c2dc686742	SMTP MIME Email Message decoder	10 years ago
Ken Steele	a781fc5c2e	Make suricata_ctl_flags be volatile The global variable suricata_ctl_flags needs to volatile, otherwise the compiler might not cause the variable to be read every time because it doesn't know other threads might write the variable. This was causing Suricata to not exit under some conditions.	10 years ago
Victor Julien	503cc3de69	stream/async: improve handling of syn/ack pickup If we picked up the ssn with a syn/ack, we don't need to make more assumptions about sack and wscale after that.	10 years ago
Victor Julien	1656148490	stream/async: fix session setup issues For these 2 cases: 1. Missing SYN: -> syn <= missing <- syn/ack -> ack -> data 2. Missing SYN and 3whs ACK: -> syn <= missing <- syn/ack -> ack <= missing -> data Fix session pickup. The next_win settings weren't correctly set, so that packets were rejected. Bug 1190.	10 years ago
Victor Julien	b2e80a0f66	stream: improve tracking with pkt loss in async If 3whs SYN/ACK and ACK are missing we can still pick up the session if in async-oneside mode. -> syn <- syn/ack <= missing -> ack <= missing -> data Bug 1190.	10 years ago
Victor Julien	033409a042	iprep: cleanup ctx on shutdown ~~Dr.M~~ Error #1: LEAK 480 direct bytes 0x0aae7fc0-0x0aae81a0 + 0 indirect bytes ~~Dr.M~~ # 0 replace_malloc [/work/drmemory_package/common/alloc_replace.c:2373] ~~Dr.M~~ # 1 SRepInit [.../Suricata/src/reputation.c:594] ~~Dr.M~~ # 2 DetectEngineCtxInit [.../src/detect-engine.c:844] ~~Dr.M~~ # 3 main [.../Suricata/src/suricata.c:2230]	11 years ago
Ken Steele	b2b1239ddf	Make AppLayerProfiling functions inline The entire body of these functions are protected by ifdef PROFILING. If the functions are inlined, then this check removes the need for the function entirely. Previously, the empty function was still called, even when not built for profiling. The functions showed as being 0.25% of total CPU time without being built for profiling.	11 years ago
Giuseppe Longo	07fffa6a7d	Fixes comments for pfring section in suricata.yaml Bug #1301	11 years ago
Giuseppe Longo	2d43dae934	PF_RING: force cluster type if vlan is disabled If vlan is disabled the cluster_flow mode will still take VLAN tags into account due to using pf_ring's 6-tuple mode. So this forces to use pf_ring's 5-tuple mode. Bug #1292	11 years ago
Giuseppe Longo	395d5b7f61	iprep: add unit tests for cidr Implements unit tests to test the new API	11 years ago
Giuseppe Longo	5499cb71b0	detect-iprep: extends cidr Adds new API to check if an IP address is belong to a netblock and gets the value.	11 years ago
Giuseppe Longo	a1d8439b25	iprep: extends cidr support Implements new API to expand the IP reputation to netblocks with CIDR notation A new object 'srepCIDRTree' is kept in the DetectionEngineCtx, which contains two tree (one for ipv4 and one for ipv6) where the reputation values are stored.	11 years ago
Eric Leblond	667b9a5220	lua: add export of dns.rrname Add the capability for a lua script to ask for rrname in DNS query.	11 years ago
Eric Leblond	74ffa2b264	lua: move function to common utils LuaStateNeedProto function can be used for any protocol so let's move it out of the http file.	11 years ago
Victor Julien	4d66775a56	stream: improve bad window update detection Ignore more valid ACKs in FIN shutdown phase. Improve heuristic for window shrinking in case of packet loss.	11 years ago
Victor Julien	a54f52278b	stream: fix 'bad window update' false positive ACK packets completing a valid FIN shutdown could be flagged as 'bad window update' if they would shrink the window. This patch detects this case before doing the bad window update check.	11 years ago
Tom DeCanio	ce472d88be	sanity check tcp SACK edges prior to recording. Attempt to avoid Cisco ASA tcp randomization issue with it not properly writing sequence numbers in SACK.	11 years ago

... 2 3 4 5 6 ...

5520 Commits (ddce14360d15c2978bd875c4cbb4421dc605bbde) All Branches Search

5520 Commits (ddce14360d15c2978bd875c4cbb4421dc605bbde)

All Branches