aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,156 Commits
8 Branches
154 Tags
166 MiB
dependabot/github_actions/github/codeql-action-3.26.13
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e6ed6731b1'
${ noResults }
Commit Graph

5156 Commits (e6ed6731b1447be1e187128abb5908e8668b4595)
 

Author SHA1 Message Date
Victor Julien e6ed6731b1 flow log: log TCP state 
Log the TCP state at timeout.
 10 years ago
Victor Julien 8c231702d9 flow-recycler: speed up flow-recycler shutdown 
Thread was killed by the generic TmThreadKillThreads instead of
the FlowKillFlowRecyclerThread. The latter wakes the thread up, so
that shutdown is quite a bit faster.
 10 years ago
Victor Julien 6f9a2fcd58 flow: log individual tcp flags 
Log the tcp flags.
 10 years ago
Victor Julien f4dfaacff3 netflow: log individual tcp flags 
Log the tcp flags.
 10 years ago
Victor Julien eaf01449e3 json: add tcp flags to json utility function 
Turns a flags bitfield into a set of json bools.
 10 years ago
Victor Julien db15339f47 netflow-json: initial version 
Initial version of netflow module, a flow logger that logs each
direction in a completely separate record (line).
 10 years ago
Victor Julien 07b7f66f3c flow-log: log TCP flags per direction 
In addition to flags for the entire session, also log out TCP flags
for both directions separately.
 10 years ago
Victor Julien 3bb0ccba98 stream: track TCP flags per stream direction 
For netflow logging track TCP flags per stream direction. As the struct
had no more space left without expanding it, the flags and wscale
fields are now compressed.
 10 years ago
Victor Julien d19a15701c flow: init logger thread data for decoders 
Initialize the output flow api thread data for the decoder threads.
 10 years ago
Victor Julien 98c88d5170 decode: pass ThreadVars to DecodeThreadVarsFree 
Flow output thread data deinit function which will be called from
DecodeThreadVarsFree will need it.
 10 years ago
Victor Julien de034f1867 flow: prepare flow forced reuse logging 
Most flows are marked for clean up by the flow manager, which then
passes them to the recycler. The recycler logs and cleans up. However,
under resource stress conditions, the packet threads can recycle
existing flow directly. So here the recycler has no role to play, as
the flow is immediately used.

For this reason, the packet threads need to be able to invoke the
flow logger directly.

The flow logging thread ctx will stored in the DecodeThreadVars
stucture. Therefore, this patch makes the DecodeThreadVars an argument
to FlowHandlePacket.
 10 years ago
Victor Julien bd490736c2 flow: take flow pkt & byte count out of debug 
Until now the flow packet and byte counters were only available in
DEBUG mode. For logging purposes they are now available always.
 10 years ago
Victor Julien e6ee5feaba flow: don't BUG_ON if no loggers are enabled 
API is always called, even if no loggers are enabled. Don't abort()
in this case.
 10 years ago
Victor Julien 52b0ec027e flow: clean up recycle queue at shutdown 
Mostly for tests that don't start the recycler thread, make sure
all flows are cleaned up.
 10 years ago
Victor Julien 4aff4c650f flow unittest: update flow manager unit test 
Test now tests a different queue.
 10 years ago
Victor Julien 7acea2c66d flow: track lastts in struct timeval 
Track full timestamp for lastts in flows to be able to log it.
 10 years ago
Victor Julien c66a29b67d flow: track bytes per direction 
Track bytes in both flow directions for logging purposes.
 10 years ago
Victor Julien f828793f8f flow log: log start/end times 
Log time of first packet (flow creation) and of the last packet.
 10 years ago
Victor Julien 672f6523a7 flow-log: log TCP flags seen 
Log TCP flags seen during the life time of a flow/session.
 10 years ago
Victor Julien fddeca8aae tcp: track TCP packet flags per session 
For logging out in flow logging.
 10 years ago
Victor Julien ec7d446f16 flow-log: log pkts, bytes 
Only in DEBUG currently.
 10 years ago
Victor Julien 3c7af02067 flow-json-log: stub 
Stub for JSON flow logger.
 10 years ago
Victor Julien c7ebfd1b68 flow: flow log threading setup 
Set up threading for the flow logger.
 10 years ago
Victor Julien e30c083cff flow log: call logger from recycler 
Call the flow logger API from the recycler thread, so that timed
out flows are logged.
 10 years ago
Victor Julien 115ad1e81f flow: output api stub 
Basic output API for flow logging.
 10 years ago
Victor Julien a52a4ae9d4 flow recycler: unix socket support 
Support starting and shutting down the flow recycler thread in the
unix socket runmode.
 10 years ago
Victor Julien f476732139 flow recycler: shutdown 
Only shut down when all flows in the recycle queue have been processed.
 10 years ago
Victor Julien f26f82e9a6 flow: move flow cleanup to new 'recycler' 
Move Flow clean up from the flow manager to the new flow recycler.
 10 years ago
Victor Julien 94cb52897b flow: introduce FlowRecycler stub 
FlowRecycler thread stub. Start/stop code.
 10 years ago
Victor Julien e892d99827 flow: new flow queue: flow_recycle_q 
This queue will be used by the FlowManager to pass timed out flows
to another thread that will do the actual cleanup.
 10 years ago
Victor Julien fdd407751e Fix eve 'filetype' parsing 
Now that we use 'filetype' instead of 'type', we should also
use 'regular' instead of 'file'.

Added fallback to make sure we stay compatible to old configs.
 10 years ago
Alexander Gozman bfb6175bf6 Fixed memory leak 10 years ago
Alexander Gozman a0bb4477db Fix possible crash when logfile descriptor is invalid 10 years ago
Alexander Gozman 8048eebd39 Fix handling filetype for eve log 10 years ago
Alexander Gozman 54193e89d5 Fixed variables names in suricata.yaml.in Changed logging logic - now it's possible to enable different payload dumping modes separately Fixed bug in dumping packet without stream segments Fixed indents 10 years ago
Alexander Gozman 6d569013c6 Changed attribute name for printable payload 10 years ago
Alexander Gozman c770ade9c2 Changed variable name when dumping single packet 10 years ago
Alexander Gozman 2a4c7ee5dc Add ability to encode payload in Base64 10 years ago
Alexander Gozman ffac6b71e2 Fixed stream handling Fixed some coding style issues 10 years ago
Matt Carothers ab58ee2676 Add packet and payload logging to JSON alert output 10 years ago
Victor Julien c53b428079 Fix engine getting stuck because of optimizations 
At -O1+ in both Gcc and Clang, PacketPoolWait would optimize the
wait loop in the wrong way. Adding a compiler barrier to prevent
this optimization issue.
 10 years ago
Victor Julien c4a8e2cd14 Remove unused variables 10 years ago
Victor Julien 1d9278bef4 Fix packet pool pending stack adds 
Add packets after the first as the list/stack head as well.
 10 years ago
Victor Julien b5d3b7e92a Fix pcap packet acquisition methods 
Fix pcap packet acquisition methods passing 0 to pcap_dispatch.
Previously they passed the packet pool size, but the packet_q_len
variable was now hardcoded at 0.

This patch sets packet_q_len to 64. If packet pool is empty, we fall
back to direct alloc. As the pcap_dispatch function is only called
when packet pool is not empty, we alloc at most 63 packets.
 10 years ago
Ken Steele 0dd16461cf Update max-pending-packet comments to show it is now per-thread. 
Updated suricata.yaml and comments in the code.
 10 years ago
Ken Steele 28ccea51d3 Add error checking for pthread_setspecific() and pthread_key_create(). 10 years ago
Ken Steele b1a7e76ca7 Use posix_memalign instead of mm_malloc on non-Windows systems. 10 years ago
Ken Steele a38d5a0135 Implement thread specific data option when __thread is not available. 10 years ago
Ken Steele be448aef22 For PktPool add local pending freed packets list. 
Better handle the autofp case where one thread allocates the majority
of the packets and other threads free those packets.

Add a list of locally pending packets. The first packet freed goes on the
pending list, then subsequent freed packets for the same Packet Pool are
added to this list until it hits a fixed number of packets, then the
entire list of packets is pushed onto the pool's return stack. If a freed
packet is not for the pending pool, it is freed immediately to its pool's
return stack, as before.

For the autofp case, since there is only one Packet Pool doing all the
allocation, every other thread will keep a list of pending packets for
that pool.

For the worker run mode, most packets are allocated and freed locally. For
the case where packets are being returned to a remote pool, a pending list
will be kept for one of those other threads, all others are returned as before.

Which remote pool for which to keep a pending list is changed each time the
pending list is returned. Since the return pending pool is cleared when it is
freed, then next packet to be freed chooses the new pending pool.
 10 years ago
Ken Steele 3c6e01f653 Replace ringbuffer in Packet Pool with a stack for better cache locality 
Using a stack for free Packet storage causes recently freed Packets to be
reused quickly, while there is more likelihood of the data still being in
cache.

The new structure has a per-thread private stack for allocating Packets
which does not need any locking. Since Packets can be freed by any thread,
there is a second stack (return stack) for freeing packets by other threads.
The return stack is protected by a mutex. Packets are moved from the return
stack to the private stack when the private stack is empty.

Returning packets back to their "home" stack keeps the stacks from getting out
of balance.

The PacketPoolInit() function is now called by each thread that will be
allocating packets. Each thread allocates max_pending_packets, which is a
change from before, where that was the total number of packets across all
threads.
 10 years ago