suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	27e585f6d0	htp: update version numbers of bundled htp	14 years ago
Victor Julien	d7efd062e7	Update Changelog to reflect changes in 1.3.2 release.	14 years ago
Victor Julien	6cba9b7c4f	http: fix multipart parsing leading to missing chunks of files in file extraction.	14 years ago
Anoop Saldanha	2f8e83c539	fix for #562 . disable inspection bypass for stream mpm patterns.	14 years ago
Victor Julien	3c841ae931	bug #572 : make sure we use profiling fallback for all architectures except x86_64 and i386.	14 years ago
Victor Julien	5ef71806a0	Fix flow keyword compilation failure.	14 years ago
Anoop Saldanha	1a0873ff10	fix for bug #575 . If sig has no_stream set, don't mask it as requiring flow. Should get rid of FNs any.	14 years ago
Victor Julien	16cd305d96	http: fix multipart parsing bug	14 years ago
Victor Julien	6688b23e60	stream: never resend reassembled data to app layer.	14 years ago
Eric Leblond	6f40f6c846	pf_ring: set cluster_id even if only one thread is used.	14 years ago
Eric Leblond	0a5bda8d34	defrag: don't use message for repetitive error When nothing can be fetch from the pool, this can repeat frequently. Thus displaying a message in the log will not help. This patch uses a counter instead of a log message. As this is a sort of memcap this is conformed to what is done for other issues of the same type.	14 years ago
Eric Leblond	2e4a16d1ee	ipfw: avoid critical error for broadcast In some setup, suricata may receive broadcast packets and the call to sendto may fail if the wrong interface is choosen by kernel. This patch change the error treatment to avoid to leave when this problem occurs.	14 years ago
Eric Leblond	2fe39cf867	freebsd: fix function usage. The unlock function was not correctly used in error treatment.	14 years ago
Eric Leblond	79c75bbb4d	af-packet: fix kernel offset issue It seems that, in some case, there is a read waiting but the offset in the ring buffer is not correct and Suricata need to walk the ring to find the correct place and make the read.	14 years ago
pi-rho	12aae61a3c	fix regression (clobbered register; redmine #534 )	14 years ago
Victor Julien	e28835af91	Update Changelog to include 1.3.1 changes.	14 years ago
Victor Julien	f1b6f7a9e6	rule analyzer: make analyzer aware of http_user_agent pcre flag /V.	14 years ago
Victor Julien	e737e2dc56	http: after path double decoding, also normalize the path again. #504 .	14 years ago
Victor Julien	e839cea9e5	Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504 .	14 years ago
Victor Julien	e0bfcb7dde	Only set SIG_FLAG_REQUIRE_STREAM if signature inspects TCP.	14 years ago
Victor Julien	bd6b865473	rule analyzer: fix fast pattern analyzer reporting wrong filename (same as rule analyzer).	14 years ago
Eric Leblond	11c3167583	stream-tcp: no checksum alert if validation is off This patch disables checksum alert if checksum-validation is set to no in the configuration file. Without this patch, when parsing a pcap which checksum offloading, it was not possible to get rid of event caused by checksum validation.	14 years ago
Victor Julien	c51a3aad17	stream: handle case where Suricata sees 3whs-ACK but server doesn't. Bug #523 .	14 years ago
Victor Julien	5cc8a09257	stream: fix unittest broken by new flags handling.	14 years ago
Victor Julien	ad827ad030	http: add more decoding unittests.	14 years ago
Victor Julien	4c6fd7ad4c	Bug #510 . Produce error if max-pending-packets is higher than 65534.	14 years ago
Victor Julien	6841171882	profiling: fix 'match' counter sometimes not incrementing. #460 .	14 years ago
Victor Julien	f9cde717e7	Use SCFree instead of free in DER decoder.	14 years ago
Victor Julien	c44f4c13fc	stream: improve TCP flags handling	14 years ago
Eric Leblond	09e709d1c5	af-packet: fix reconnect code Reconnect code was in a "work by luck" stage as we did not update the socket number after reconnect.	14 years ago
Anoop Saldanha	64fad5b36e	Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig. Noticing a good spike in perf with et_pro ruleset. Thanks to Will Metcalf for the suggestion.	14 years ago
Anoop Saldanha	fe4c66461f	bug #466 - Updated getticks() to serialize execution of rdtsc with cpuid	14 years ago
Anoop Saldanha	41bb3b95f9	bug 508 - List (ack \| cwr \| ecn) combination to be accepted by our stream engine. This isn't a perfect solution. More like we have patched this for the case we are in tcp's established state. The right solution would be to accept states based on the presence(using operator OR) of certain flags in the tcp header, rather than list out all possible flag combinations.	14 years ago
Anoop Saldanha	1c41672f5e	invalidate sigs if depth > content_length	14 years ago
Eric Leblond	8ebc625711	tls: fix keyword regular expression Space, dash and comma are valid.	14 years ago
Eric Leblond	a369f8c359	af-packet: loop on ring if there is data to read. This patch should bring some improvements by looping on the ring when there is some data available instead of getting back to the poll. It also fix recovery in case of drops on the ring because the poll command will not return correctly in this case.	14 years ago
Eric Leblond	4df509f87a	defrag: use IP ID in hash This patch fixes the collision issue observed on an intensive network trafic. When there is fragmentation it is the case for all data exchanged between two hosts. Thus using a hash func only involving IP addresses (and protocol) was leading to a collision for all exchanges between the hosts. At a larger scale, it was resulting in a packet loss. By using the IP ID instead of the protocol family, we introduce a real difference between the trackers.	14 years ago
Victor Julien	a5587fec2e	flow: remove unused prune-flows option	14 years ago
Anoop Saldanha	bf6cd48259	if a sig's set as stream sig only, don't updated it as both stream and pkt sig if offset/depth's present bug #495 - update rule analyzer to not warn on offset_depth-tcp_pkt update if sig is stream only bug #497 - rule_warnings fixed	14 years ago
Anoop Saldanha	b2f589527a	Set thread name Suricata-Main for main thread and LiveRuleSwap for live swap thread	14 years ago
Anoop Saldanha	a0bce6362e	bug 499 - update host os info enum map to use - instead of _ + add new unittests	14 years ago
Anoop Saldanha	7833883a8f	bug #496 - don't warn about offset/depth for packet sigs	14 years ago
Victor Julien	d8356c5ebd	Windows build and other misc fixes.	14 years ago
Victor Julien	2295777691	Update changelog for 1.3 release.	14 years ago
Eric Leblond	a3465fb971	Rename 'worker' running mode to 'workers' This patch renamed the 'worker' running mode into 'workers'. Thus, there is only one name in Suricata for the same thing. Backward compatibility is ensured by replacing "worker" by "workers" when the old name is used. A warning is printed in the log when the old name is used.	14 years ago
Anoop Saldanha	34f0897163	check if all packets are processed before disabling detect threads + kill all threads <= detect after FFR + other minor fixes	14 years ago
Victor Julien	be5fed869d	conf api: remove dead code	14 years ago
Victor Julien	c2e484ae88	rule analyzer: fix detecting stream match	14 years ago
Anoop Saldanha	946a9ece32	rule analyzer updated for sigs with offset/depth set + alproto set	14 years ago
Anoop Saldanha	960d421f9d	Update SigValidate() to allow http keywords to be specified in the right flow direction	14 years ago

1 2 3 4 5 ...

3374 Commits (suricata-1.3.2) All Branches Search

3374 Commits (suricata-1.3.2)

All Branches