aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,570 Commits
7 Branches
161 Tags
209 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '127ef8f903'
${ noResults }
Commit Graph

26 Commits (127ef8f903f2f0cf9101c7992d3aa7e3dcbb6bee)

Author SHA1 Message Date
Victor Julien 7074ca373b proto detection: add limit for one sided sessions 
If a session only has data in one direction, like ftp data sessions,
protocol detection will only run in one direction. This led to a
situation where reassembly would hold all the segments as proto
detection was never flagged as complete.

This patch introduces a limit for protocol detection in this case.
If the limit is reached, detection will give up.
 12 years ago
Anoop Saldanha 36bd444406 Introduce new API to allow case insensitive protocol detection patterns. 12 years ago
Anoop Saldanha 1ea5d27508 Fix for bug #989. 
In case of recursive call to protocol detection from within protocol
detection, and the recursively invoked stream still hasn't been ack'ed
yet, protocol detection doesn't take place.  In such cases we will end up
still calling the app layer with the wrong direction data.  Introduce a
check to not call app layer with wrong direction data.

When sockets are re-used reset all relevant vars correctly.

This commit fixes a bug where we were not reseting app proto detection
vars.

While fixing #989, we discovered some other bugs which have also been
fixed, or rather some features which are now updated.  One of the feature
update being if we recieve wrong direction data first, we don't reset the
protocol values for the flow.  We let the flow retain the detected
values.

Unittests have been modified to accomodate the above change.
 12 years ago
Anoop Saldanha 06db1e4cb8 Remove unused vars alp_content_module_handle and proto_map from 
struct AlpProtoDetectCtx.
 12 years ago
Anoop Saldanha c044541b1c Provide convenience macros for setting flow flags on protocol matching by 
PM and PP phase.

Replace the areas of the code that would otherwise rely on setting/reading
these flags with these macros.

Other minor tweaks to some api calls.
 12 years ago
Anoop Saldanha 00f546e739 update pmp to return whole set of matches, rather than a single match. 12 years ago
Anoop Saldanha d9686fae57 Now supports accepting port addresses as strings, like the ones accepted in our rules. As a consequence we now accept port range, and other such combination. Support PP for ports based on ipproto as well. 12 years ago
Anoop Saldanha 109662450d Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs 14 years ago
Anoop Saldanha d3989e7cee probing parser updated to always accept u32 buflens. Update all probing parser functions to accomodate this change 14 years ago
Anoop Saldanha 432c3317d2 app layer probing parser updates 14 years ago
Anoop Saldanha 6e0d98d9c4 fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx 14 years ago
Anoop Saldanha a40fdc794e Added probing parser for nbss/smb on port 139 14 years ago
Anoop Saldanha 7c31a2327e Add support for port based probing parsers for alproto detection 14 years ago
Anoop Saldanha 000ce98cd1 push all proto detection code into their respective app parser register functions for every alproto 14 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 15 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 15 years ago
Victor Julien 7a427ec7f4 Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach. 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien c352bff6fb Remove unused conditional locking code from the app layer parsing code. 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Victor Julien c1283a6628 Fix app layer proto detection code not being thread safe. 16 years ago
Victor Julien 4170ec8955 Make locking of the flow optional in the app layer subsys so we can also pass locked flows to it. 16 years ago
Victor Julien 5ecd187b6f Tie app layer parsing to the stream engine. 16 years ago
Victor Julien 4369816cdd Improvements to content keyword memory handling. 
First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more.

Couple of pattern matcher cleanups.
 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Victor Julien 8e10844f95 Initial code of Application Layer parsing framework. Rename of L7* to AppLayer*. 16 years ago