aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,159 Commits
8 Branches
165 Tags
228 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'f1185d051c'
${ noResults }
Commit Graph

5159 Commits (f1185d051c210ca0daacdddbe865a51af24f4ea3)
 

Author SHA1 Message Date
Victor Julien f1185d051c flow id: quick and dirty first stab at a flow id 
Add a 'flow_id' that is the same for all records produced for packets
belonging to the same flow.

This patch simply takes the flow's memory address.
 12 years ago
Victor Julien 9f55ca0057 flow: add flow_end_flags field, add logging 
The flow end flags field is filled by the flow manager or the flow
hash (in case of forced timeout of a flow) to record the timeout
conditions in the flow:
- emergency mode
- state
- reason (timed out or forced)

Add logging to the flow logger.
 12 years ago
Victor Julien fc6ad56944 flow: move FlowGetFlowState 
Move FlowGetFlowState to flow-private.h so that all parts of the flow
engine can use it.
 12 years ago
Victor Julien e6ed6731b1 flow log: log TCP state 
Log the TCP state at timeout.
 12 years ago
Victor Julien 8c231702d9 flow-recycler: speed up flow-recycler shutdown 
Thread was killed by the generic TmThreadKillThreads instead of
the FlowKillFlowRecyclerThread. The latter wakes the thread up, so
that shutdown is quite a bit faster.
 12 years ago
Victor Julien 6f9a2fcd58 flow: log individual tcp flags 
Log the tcp flags.
 12 years ago
Victor Julien f4dfaacff3 netflow: log individual tcp flags 
Log the tcp flags.
 12 years ago
Victor Julien eaf01449e3 json: add tcp flags to json utility function 
Turns a flags bitfield into a set of json bools.
 12 years ago
Victor Julien db15339f47 netflow-json: initial version 
Initial version of netflow module, a flow logger that logs each
direction in a completely separate record (line).
 12 years ago
Victor Julien 07b7f66f3c flow-log: log TCP flags per direction 
In addition to flags for the entire session, also log out TCP flags
for both directions separately.
 12 years ago
Victor Julien 3bb0ccba98 stream: track TCP flags per stream direction 
For netflow logging track TCP flags per stream direction. As the struct
had no more space left without expanding it, the flags and wscale
fields are now compressed.
 12 years ago
Victor Julien d19a15701c flow: init logger thread data for decoders 
Initialize the output flow api thread data for the decoder threads.
 12 years ago
Victor Julien 98c88d5170 decode: pass ThreadVars to DecodeThreadVarsFree 
Flow output thread data deinit function which will be called from
DecodeThreadVarsFree will need it.
 12 years ago
Victor Julien de034f1867 flow: prepare flow forced reuse logging 
Most flows are marked for clean up by the flow manager, which then
passes them to the recycler. The recycler logs and cleans up. However,
under resource stress conditions, the packet threads can recycle
existing flow directly. So here the recycler has no role to play, as
the flow is immediately used.

For this reason, the packet threads need to be able to invoke the
flow logger directly.

The flow logging thread ctx will stored in the DecodeThreadVars
stucture. Therefore, this patch makes the DecodeThreadVars an argument
to FlowHandlePacket.
 12 years ago
Victor Julien bd490736c2 flow: take flow pkt & byte count out of debug 
Until now the flow packet and byte counters were only available in
DEBUG mode. For logging purposes they are now available always.
 12 years ago
Victor Julien e6ee5feaba flow: don't BUG_ON if no loggers are enabled 
API is always called, even if no loggers are enabled. Don't abort()
in this case.
 12 years ago
Victor Julien 52b0ec027e flow: clean up recycle queue at shutdown 
Mostly for tests that don't start the recycler thread, make sure
all flows are cleaned up.
 12 years ago
Victor Julien 4aff4c650f flow unittest: update flow manager unit test 
Test now tests a different queue.
 12 years ago
Victor Julien 7acea2c66d flow: track lastts in struct timeval 
Track full timestamp for lastts in flows to be able to log it.
 12 years ago
Victor Julien c66a29b67d flow: track bytes per direction 
Track bytes in both flow directions for logging purposes.
 12 years ago
Victor Julien f828793f8f flow log: log start/end times 
Log time of first packet (flow creation) and of the last packet.
 12 years ago
Victor Julien 672f6523a7 flow-log: log TCP flags seen 
Log TCP flags seen during the life time of a flow/session.
 12 years ago
Victor Julien fddeca8aae tcp: track TCP packet flags per session 
For logging out in flow logging.
 12 years ago
Victor Julien ec7d446f16 flow-log: log pkts, bytes 
Only in DEBUG currently.
 12 years ago
Victor Julien 3c7af02067 flow-json-log: stub 
Stub for JSON flow logger.
 12 years ago
Victor Julien c7ebfd1b68 flow: flow log threading setup 
Set up threading for the flow logger.
 12 years ago
Victor Julien e30c083cff flow log: call logger from recycler 
Call the flow logger API from the recycler thread, so that timed
out flows are logged.
 12 years ago
Victor Julien 115ad1e81f flow: output api stub 
Basic output API for flow logging.
 12 years ago
Victor Julien a52a4ae9d4 flow recycler: unix socket support 
Support starting and shutting down the flow recycler thread in the
unix socket runmode.
 12 years ago
Victor Julien f476732139 flow recycler: shutdown 
Only shut down when all flows in the recycle queue have been processed.
 12 years ago
Victor Julien f26f82e9a6 flow: move flow cleanup to new 'recycler' 
Move Flow clean up from the flow manager to the new flow recycler.
 12 years ago
Victor Julien 94cb52897b flow: introduce FlowRecycler stub 
FlowRecycler thread stub. Start/stop code.
 12 years ago
Victor Julien e892d99827 flow: new flow queue: flow_recycle_q 
This queue will be used by the FlowManager to pass timed out flows
to another thread that will do the actual cleanup.
 12 years ago
Victor Julien fdd407751e Fix eve 'filetype' parsing 
Now that we use 'filetype' instead of 'type', we should also
use 'regular' instead of 'file'.

Added fallback to make sure we stay compatible to old configs.
 12 years ago
Alexander Gozman bfb6175bf6 Fixed memory leak 12 years ago
Alexander Gozman a0bb4477db Fix possible crash when logfile descriptor is invalid 12 years ago
Alexander Gozman 8048eebd39 Fix handling filetype for eve log 12 years ago
Alexander Gozman 54193e89d5 Fixed variables names in suricata.yaml.in Changed logging logic - now it's possible to enable different payload dumping modes separately Fixed bug in dumping packet without stream segments Fixed indents 12 years ago
Alexander Gozman 6d569013c6 Changed attribute name for printable payload 12 years ago
Alexander Gozman c770ade9c2 Changed variable name when dumping single packet 12 years ago
Alexander Gozman 2a4c7ee5dc Add ability to encode payload in Base64 12 years ago
Alexander Gozman ffac6b71e2 Fixed stream handling Fixed some coding style issues 12 years ago
Matt Carothers ab58ee2676 Add packet and payload logging to JSON alert output 12 years ago
Victor Julien c53b428079 Fix engine getting stuck because of optimizations 
At -O1+ in both Gcc and Clang, PacketPoolWait would optimize the
wait loop in the wrong way. Adding a compiler barrier to prevent
this optimization issue.
 12 years ago
Victor Julien c4a8e2cd14 Remove unused variables 12 years ago
Victor Julien 1d9278bef4 Fix packet pool pending stack adds 
Add packets after the first as the list/stack head as well.
 12 years ago
Victor Julien b5d3b7e92a Fix pcap packet acquisition methods 
Fix pcap packet acquisition methods passing 0 to pcap_dispatch.
Previously they passed the packet pool size, but the packet_q_len
variable was now hardcoded at 0.

This patch sets packet_q_len to 64. If packet pool is empty, we fall
back to direct alloc. As the pcap_dispatch function is only called
when packet pool is not empty, we alloc at most 63 packets.
 12 years ago
Ken Steele 0dd16461cf Update max-pending-packet comments to show it is now per-thread. 
Updated suricata.yaml and comments in the code.
 12 years ago
Ken Steele 28ccea51d3 Add error checking for pthread_setspecific() and pthread_key_create(). 12 years ago
Ken Steele b1a7e76ca7 Use posix_memalign instead of mm_malloc on non-Windows systems. 12 years ago