suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	f7c2c219cd	filestore: fix crash if keyword setup fails SigMatch would be added to list, then the alproto check failed, leading to freeing of sm. But as it was still in the list, the list now contained a dangling pointer.	11 years ago
Victor Julien	9d2a0c39e5	mime: fix output issues When multiple email addresses were in the 'to' field, sometimes they would be logged as "\r\n \"Name\" <email>". The \r\n was added by GetFullValue in the mime decoder, for unknown reasons. Disabling this seems to have no drawbacks.	11 years ago
Victor Julien	ebd6737b65	mime: fix compiler warning	11 years ago
Victor Julien	20a175f315	mime: improve error checking	11 years ago
Victor Julien	5461294a52	smtp: fix SMTPParserTest14 on 32bit	11 years ago
Victor Julien	9d33131d37	smtp: improve ProcessDataChunk error checking	11 years ago
Victor Julien	d209699a41	smtp: expand tx use Instead of just using TX for mime decoding, it is now also used for tracking decoder events.	11 years ago
Victor Julien	d67289b60e	output-filedata: close files even w/o data If there is no data chunk but the file is closed/truncated anyway, logging is still required.	11 years ago
Victor Julien	08b06bac3f	smtp: register file truncate callback Tag files as truncated from this callback so storing/logging displays the correct info.	11 years ago
Victor Julien	2b9ef87527	smtp: convert logger to tx logger Move from packet logger to tx logger.	11 years ago
Victor Julien	d0357c6169	smtp: add file inspection engine Fix file inspection engine. TODO: test	11 years ago
Victor Julien	56b74c8b5b	smtp: make TX aware Store mime decoding context per transaction. For this the parser creates a TX when the mime body decoding starts.	11 years ago
Victor Julien	cb4440324e	mime: redo PrintChars using PrintRawDataFp	11 years ago
Victor Julien	f979e92f68	decode mime: refactor & cleanup Partly to work around cppchecks: [src/util-decode-mime.c:1085]: (error) Memory leak: url	11 years ago
Victor Julien	54df86658c	mime: rename mime-decode.[ch] to util-decode-mime.[ch]	11 years ago
Victor Julien	6035470ffb	mime: style updates	11 years ago
Victor Julien	595acf2dfc	mime decode: reshuffle data structures to reduce structure sizes	11 years ago
Victor Julien	9a573c5704	output smtp: fix call	11 years ago
Victor Julien	de44a5af94	decode mime: clean up includes	11 years ago
Victor Julien	cd55b657c2	mime decode: improve MimeDecParseLineTest01 and MimeDecParseLineTest02 tests	11 years ago
Victor Julien	dd4b506cc2	decode mime: fix scan-build issues	11 years ago
Victor Julien	f91d52a0d2	mime decode: fix memory leak	11 years ago
Victor Julien	bffceb7115	mime decode: remove unused url counter	11 years ago
Victor Julien	d72f8c7de5	output smtp: clean up memory at shutdown	11 years ago
Victor Julien	c712ab2299	Fix compiler warning	11 years ago
Victor Julien	106bbc78e1	mime: refactor buffer use Turn all buffers into uint8_t (from char) and no longer use the string functions like strncpy/strncasecmp on them. Store url and field names as lowercase, and also search/compare them as lowercase. This allows us to use SCMemcmp.	11 years ago
Tom DeCanio	f55c94cb54	smtp-mime: preinitialize base64 decoder space Preinit with zeros.	11 years ago
Tom DeCanio	c279f07d2a	mime-decode: clean up after MimeDecParseFullMsgTest01.	11 years ago
Tom DeCanio	4503ffeee9	mime-decode: fix minor memory leak if Mime parser initialization were to fail.	11 years ago
Tom DeCanio	1ab5f72fdd	mime-decode: remove "comparison between signed and unsigned integer expressions" warnings	11 years ago
Tom DeCanio	e5c36952d6	app-layer-smtp: move old smtp-mime section in suricata.yaml into app-layer-protocols.smtp.mine section and update code to accomodate.	11 years ago
Tom DeCanio	3e10ee4608	PR review comment. Use protocol to discern log type.	11 years ago
Tom DeCanio	f1c160ed22	smtp: turn on smtp mime decoding and enable smtp eve logging.	11 years ago
Tom DeCanio	746da75615	eve-log: catch and log URLs in basic text emails without mime encapsulation. expand pointer walk protection.	11 years ago
Tom DeCanio	471967aafd	mime-decode: don't scan attachment's data for URLs. move event pointer lookup inside extract_urls and protect pointer walk.	11 years ago
Tom DeCanio	6467a5d563	app-layer-smtp: fix Test14. Was running one byte past end of buffer. Declare Unit Test 14's data as static.	11 years ago
Eric Leblond	260872ccd9	smtp layer: fix unittests Synchronize test 14 with the new application layer API and improve debug messages.	11 years ago
Tom DeCanio	31f8f5cf20	eve-log: SMTP JSON logger	11 years ago
Tom DeCanio	7850d896a8	smtp-mime: add server reply codes returned from outlook server	11 years ago
David Abarbanel	c2dc686742	SMTP MIME Email Message decoder	11 years ago
Ken Steele	a781fc5c2e	Make suricata_ctl_flags be volatile The global variable suricata_ctl_flags needs to volatile, otherwise the compiler might not cause the variable to be read every time because it doesn't know other threads might write the variable. This was causing Suricata to not exit under some conditions.	11 years ago
Victor Julien	503cc3de69	stream/async: improve handling of syn/ack pickup If we picked up the ssn with a syn/ack, we don't need to make more assumptions about sack and wscale after that.	11 years ago
Victor Julien	1656148490	stream/async: fix session setup issues For these 2 cases: 1. Missing SYN: -> syn <= missing <- syn/ack -> ack -> data 2. Missing SYN and 3whs ACK: -> syn <= missing <- syn/ack -> ack <= missing -> data Fix session pickup. The next_win settings weren't correctly set, so that packets were rejected. Bug 1190.	11 years ago
Victor Julien	b2e80a0f66	stream: improve tracking with pkt loss in async If 3whs SYN/ACK and ACK are missing we can still pick up the session if in async-oneside mode. -> syn <- syn/ack <= missing -> ack <= missing -> data Bug 1190.	11 years ago
Victor Julien	033409a042	iprep: cleanup ctx on shutdown ~~Dr.M~~ Error #1: LEAK 480 direct bytes 0x0aae7fc0-0x0aae81a0 + 0 indirect bytes ~~Dr.M~~ # 0 replace_malloc [/work/drmemory_package/common/alloc_replace.c:2373] ~~Dr.M~~ # 1 SRepInit [.../Suricata/src/reputation.c:594] ~~Dr.M~~ # 2 DetectEngineCtxInit [.../src/detect-engine.c:844] ~~Dr.M~~ # 3 main [.../Suricata/src/suricata.c:2230]	11 years ago
Ken Steele	b2b1239ddf	Make AppLayerProfiling functions inline The entire body of these functions are protected by ifdef PROFILING. If the functions are inlined, then this check removes the need for the function entirely. Previously, the empty function was still called, even when not built for profiling. The functions showed as being 0.25% of total CPU time without being built for profiling.	11 years ago
Giuseppe Longo	07fffa6a7d	Fixes comments for pfring section in suricata.yaml Bug #1301	11 years ago
Giuseppe Longo	2d43dae934	PF_RING: force cluster type if vlan is disabled If vlan is disabled the cluster_flow mode will still take VLAN tags into account due to using pf_ring's 6-tuple mode. So this forces to use pf_ring's 5-tuple mode. Bug #1292	11 years ago
Giuseppe Longo	395d5b7f61	iprep: add unit tests for cidr Implements unit tests to test the new API	11 years ago
Giuseppe Longo	5499cb71b0	detect-iprep: extends cidr Adds new API to check if an IP address is belong to a netblock and gets the value.	11 years ago

1 2 3 4 5 ...

5376 Commits (f7c2c219cd4b268a4bbb105dbd14e1d0b36b8ea0) All Branches Search

5376 Commits (f7c2c219cd4b268a4bbb105dbd14e1d0b36b8ea0)

All Branches