suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	f1117ba2dc	iponly: fix unittests	9 years ago
Victor Julien	7d11af16ef	detect: minor debug output cleanup	9 years ago
Jason Ish	796dd5223b	tests: no longer necessary to provide successful return code 1 pass, 0 is fail.	10 years ago
Victor Julien	6b2fb3fd5d	Fix minor format string issues	10 years ago
Victor Julien	9bbef55c4d	Fix harmless typo in IPOnlyCIDRItemNew's SCReturnPtr use	10 years ago
Victor Julien	0bc27c7dc7	rule-vars: take detect engine as arg	11 years ago
Victor Julien	e9857200b3	detect: set action from utility function Set actions that are set directly from Signatures using the new utility function DetectSignatureApplyActions. This will apply the actions and also store info about the 'drop' that first made the rule drop.	11 years ago
Ken Steele	1874784c10	Create optimized sig_arrays from sig_lists Create a copy of the SigMatch data in the sig_lists linked-lists and store it in an array for faster access and not next and previous pointers. The array is then used when calling the Match() functions. Gives a 7.7% speed up on one test.	11 years ago
Ken Steele	923a77e952	Change Match() function to take const SigMatchCtx* The Match functions don't need a pointer to the SigMatch object, just the context pointer contained inside, so pass the Context to the Match function rather than the SigMatch object. This allows for further optimization. Change SigMatch->ctx to have type SigMatchCtx* rather than void* for better type checking. This requires adding type casts when using or assigning it. The SigMatch contex should not be changed by the Match() funciton, so pass it as a const SigMatchCtx*.	11 years ago
Ken Steele	8f1d75039a	Enforce function coding standard Functions should be defined as: int foo(void) { } Rather than: int food(void) { } All functions where changed by a script to match this standard.	11 years ago
Victor Julien	ed877c64d1	Bug 611: fix for iponly Fix Bug 611 for ip-only rules as well. If 'alert ip' rule has ports, don't match on protocols that don't have ports. Like ICMP. Bug #611.	12 years ago
Victor Julien	01b80e2d8f	detect ip-only: update radix usage Update IP-only lookups to the changed radix API. The return of user_data is treated as a succesful lookup, instead of the node.	12 years ago
Victor Julien	941d5a1081	Don't use strdup in ip-only address parsing	12 years ago
Victor Julien	7b687da726	profiling: add tracking of missing keywords	12 years ago
Victor Julien	97bfcac444	profiling: introduce per keyword profiling Initial version of per keyword profiling. Prints stats about how ofter a keyword was checked and what the costs were.	12 years ago
Victor Julien	edeeb7ed44	Store TX id with alerts When generating an alert and storing it in the packet, store the tx_id as well. This way the output modules can log the tx_id and access the proper tx for logging. Issue #904.	12 years ago
Victor Julien	7f8d256e7c	Fix tests that didn't expect radix to be freed	12 years ago
Anoop Saldanha	e2f4144d99	fix for #920 . Cull the space before the address specified in address var variables.	12 years ago
Victor Julien	f4dcba6de3	In case of fragments, don't consider ports. Bug #847 .	12 years ago
Eric Leblond	3f107fa130	decode: Packet action start with PACKET Rename all Packet action macro to have them prefixed by PACKET.	12 years ago
Eric Leblond	efaa9a7302	action handling: define and use macros The action field in Packet structure should not be accessed directly as the tunneled packet needs to update the root packet and not the initial packet. This patch is fixing issue #819 where suricata was not able to drop fragmented packets in AF_PACKET IPS mode. It also fixes drop capability for tunneled packets.	12 years ago
Victor Julien	5f4c52801e	Fix protocol check for IP-only (#689 ).	13 years ago
Anoop Saldanha	b1ce94babe	Temporary fix for bug #599 . Treat sigs with negated addresses as non ip-only. This fix exposes bug #608, which results in 2 failed unittest which have now been disabled by this commit. Would be reenabled when we have #608 fix in.	13 years ago
Anoop Saldanha	fdc666f732	unittest to show failure for bug #599 .	13 years ago
Victor Julien	e30b1bfe64	Simple IP reputation implementation	13 years ago
Victor Julien	84bad6db77	Silence compiler warnings found by clang	13 years ago
Victor Julien	80d62b59ec	Fix drop (and other actions) not being applied to thresholded packets. Bug #613 .	13 years ago
Victor Julien	c3f4f8d46a	Dead code cleanup. Coverity 728047, 728048, 728049.	13 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Eric Leblond	d292004880	Add some missing checks of SCStrdup return.	13 years ago
Eric Leblond	fd7b6db22d	sig: Add ipv6 and ipv4 to list of protocols With this patch it is possible to do: alert ipv6 any any -> any any or alert ip4 any any -> any any to match on IPv4 or IPv6 packets.	13 years ago
Victor Julien	af97c36c08	Properly clean signature's ip only data.	13 years ago
Victor Julien	ea0d172693	No longer pass StreamMsg to output for alert logging, instead use the same callback code as is used for state alerts.	13 years ago
Anoop Saldanha	7495f59773	bug #451 fix for parsing address. Increase buffer size	13 years ago
Victor Julien	c4b34e6ef7	Fix various minor clang/scan-build warnings.	14 years ago
Victor Julien	8339ca6d4e	Implement post match support for ip-only.	14 years ago
Victor Julien	9324ed7b90	Fix icmpv6 ip-only rule not firing. #363 .	14 years ago
Victor Julien	c1a40447c1	IP Only cleanup: make most functions static. Add error message on address parsing issues.	14 years ago
Anoop Saldanha	7433d92dd2	undo this commit - commit `eff08f93d8` Author: Anoop Saldanha <poonaatsoc@gmail.com> Date: Thu Nov 3 14:31:24 2011 +0530 update failing unittest to reflect the mpm design update Fixed a bug in the mpm code that would make all the changes in the commit just undone wrong.	14 years ago
Anoop Saldanha	eff08f93d8	update failing unittest to reflect the mpm design update	14 years ago
Victor Julien	6bad2dbd79	Don't match on IP only rules that use ports if packet is not (proper) TCP, UDP or SCTP. Rules out frags matching as well.	14 years ago
Victor Julien	e13181496c	ip-only: added support for matching on ports.	14 years ago
Eric Leblond	6b9d1012ff	Transform inet_ntop call into PrintInet one.	14 years ago
Anoop Saldanha	7e5c52c80b	add flowbits:set; only sigs to be treated as ip only	14 years ago
Gerardo Iglesias Galvan	5d85b0f7b7	Fix potential crash in ip-only address parsing code	14 years ago
Victor Julien	864c8718e1	Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.	15 years ago
Pablo Rincon	fb5fb3ab3f	IPOnly module fix for building stage. Radix Tree fix inserting diferent netmask user datas	15 years ago
Eric Leblond	49adc264bc	Don't print message after SCMalloc failure. This patch generated via coccinelle is getting rid of logging message after a SCMalloc failure. They were useless as SCMalloc already displays a message.	15 years ago
Pablo Rincon	5c43db85ce	Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection	15 years ago
Victor Julien	1071a53210	Fix unittests after ip_proto keyword change.	15 years ago

1 2

91 Commits (suricata-3.2.1)