aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,995 Commits
7 Branches
161 Tags
209 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '165f129c61'
${ noResults }
Commit Graph

228 Commits (165f129c61c74d18deff78449636c5880e997bcc)

Author SHA1 Message Date
Victor Julien 48c7f18453 Fix bug in the segment insert code causing an inconsistent segment list in some overlap conditions. 15 years ago
Victor Julien 05539d7357 Fix a reassembly overlap issue. Fix a inline reassembly gap handling issue. 15 years ago
Victor Julien e92ab40d39 Fix compilation for non-DEBUG case. 15 years ago
Victor Julien 2db06cc79e Improve Inline reassembly wrt to GAP handling. Add more tests. 15 years ago
Victor Julien 4c82c0e750 Improve RawInline reassembly: remove unnecessary segments from the stream in an earlier stage. Test this properly. 15 years ago
Victor Julien 3a774165fa Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly. 15 years ago
Victor Julien abdffadc1c Add a new app layer reassembly function that is for inline use, and use it when the stream engine is in inline mode. 15 years ago
Victor Julien bff70eed6d Update to depth code. Get segment from the correct pool when a payload is truncated. 15 years ago
Victor Julien 66c40f782c Have reassembly errors also set a stream event. 15 years ago
Victor Julien 0f072648e6 Another iteration of the reassembly depth enforcement, now considering retransmissions. 15 years ago
Victor Julien 16cd31a408 Remove unused pseudo packet reassembly code. 15 years ago
Victor Julien bf88a6de09 Add depth comment. 15 years ago
Victor Julien a26768ce7a Change the way the reassembly depth is enforced. Ignore retransmissions, get rid of per session counter. 15 years ago
Victor Julien aa04d9eefb Improve stream gap handling. Instead of giving up as soon as we see a gap we now wait much longer before we decide it's a gap. 15 years ago
Victor Julien 2849d2b1d3 Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data. 15 years ago
Victor Julien 8b5f553a35 Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected. 15 years ago
Gurvinder Singh 55a863359c support for pseudo packet creation from reassembled stream segments 15 years ago
Victor Julien 44e678b86b Comment out disabled unittests. 15 years ago
Victor Julien 1d971b53a6 Update all unittests 15 years ago
Victor Julien b0901ab30d Fix compilation with --enable-debug 15 years ago
Victor Julien 61a9936d55 Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected. 15 years ago
Gurvinder Singh 00f21f34e8 support for pseudo packet creation from reassembled stream segments 15 years ago
Victor Julien 8fa5a2c025 Split applayer and raw stream reassembly 
Split stream reassembly in 2 parts: a part that sends ack'd data to the app
layer parsers as soon as it's available, and another part that queues up
data into larger chunks for raw inspection.
 15 years ago
Victor Julien dda6d3e07b Add error counters. 15 years ago
Victor Julien 4ae7144876 Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly. 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Victor Julien 1d73e1fb7e Small update to the ssh module: fix a valgrind warning and a couple of compiler warnings. Do a few small style updates. 15 years ago
Pablo Rincon 9d7baa7a9f Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion 15 years ago
Gurvinder Singh 0dab0e3935 fix the reassembly depth test (bug 216) 15 years ago
Victor Julien a9e78871fe Really fix bug 205 this time, repair a broken unittest. 15 years ago
Victor Julien 196e572daa Make sure holding up to_client reassembly stops after the proto is detected or we're sure we'll never detect it. Fixes issues related to bug 205. 15 years ago
Pablo Rincon 4c94a27b71 Fix bug 205 (at stream-tcp-reassemble) 15 years ago
Gurvinder Singh f0928a4555 support for enforcing the depth until when the reassembly will be performed 15 years ago
Victor Julien 66dee577d7 Force stream reassembly on streams where we didn't yet detect the protocol if the stream is closing. 15 years ago
Gurvinder Singh 8b0ca4f628 support for seperate memcaps for reassembly and stream engine 15 years ago
Victor Julien 92858a211d Fix STREAM_EOF flag overwriting STREAM_START flag on short streams. This made us miss short HTTP sessions. 15 years ago
Victor Julien a3ff0e7210 Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185. 15 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 15 years ago
William Metcalf cc76aa4bc6 properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks 15 years ago
Victor Julien 9a08d6c11c Fixes to stream pattern matching. 15 years ago
Victor Julien 81f2499834 Store stream msgs processed by the app layer in the tcp session so they can be inspected by the detection module as well. The detection module returns them to the pool. 15 years ago
Victor Julien c26434fef1 Move flow use cnt to atomic and outside of the flow mutex protection. 15 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 15 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 15 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine. 
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
 15 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 15 years ago
Victor Julien ecf5a8fbcc Fix broken stream unittest. 15 years ago
Victor Julien 7a427ec7f4 Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach. 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien b6a45fd1a4 Hack around cornercase in debug code in stream engine. Works around #140. 15 years ago
Victor Julien e0c2c86342 Make HTTP proto detection more reliable. Add HEAD keyword. Thanks rmkml for the report/request. 15 years ago
Victor Julien 59c5e819b1 Fix compilation if debugging is disabled. 16 years ago
Victor Julien ad02732907 Properly cleanup stream engine spinlocks and mutexes at shutdown. Fixes drd errors in unittests. 16 years ago
Victor Julien 156b844ccb Fix tcp segment list corruption bug 16 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 16 years ago
Gurvinder Singh 8e444f1772 stream and application layer improvements 16 years ago
Victor Julien 3d7b882bde Make sure all smsgs are handled every time, even in case or error. The fuzzer found an issue where unhandled messages remained in the queue leading to threading issues. 16 years ago
Gurvinder Singh 7438f981da stream memory leaks fixed and unit tests added 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Victor Julien f96511a8b1 Check reassembly limits against correct stream direction. Set proper direction flag in stream msgs. 16 years ago
Gurvinder Singh ed99e73622 bug 78 16 years ago
Victor Julien 53977fded6 Small compilation fixes when debugging is disabled. 16 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 16 years ago
Gurvinder Singh d9677c7e2a bug 76 patch 16 years ago
Victor Julien fcb03099a3 Fix reassembly updating the wrong stream on ACK 
The stream reassembly updated the wrong stream on received ACK packets. Instead
of the opposing stream it updated the stream in packet direction. This caused
issues in the app layer handling.

Updated the unittests as well.
 16 years ago
Victor Julien c352bff6fb Remove unused conditional locking code from the app layer parsing code. 16 years ago
Victor Julien 9b4f3f918b Fix broken debug code in stream reassembly 16 years ago
Victor Julien cae8e06cb9 Properly lock app layer result pool and add some debugging code for memory tracking. 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Gurvinder Singh 8f00718b0d bug 57 16 years ago
Gurvinder Singh b0dcd02c1b bug 56 patch 16 years ago
Victor Julien c1283a6628 Fix app layer proto detection code not being thread safe. 16 years ago
Gurvinder Singh fde948f488 bug 41 patch 16 years ago
Gurvinder Singh 6814ea1a0f some more stream fixes 16 years ago
Gurvinder Singh a66c6752d5 stream os_policy support 16 years ago
Gurvinder Singh 4e1dc0bd83 bug 41 patch 16 years ago
Gurvinder Singh 567bbf604b stream reassembling fixes 16 years ago
Victor Julien b2adf31595 online abort() in stream reassembly if were in debug mode 16 years ago
Gurvinder Singh a19fbf22e2 bug 29 patch 16 years ago
Victor Julien a8116f65c8 Fix packet flags field not being cleared properly when the packet is being reused. Add some debug statements and cleanup some. 16 years ago
Gurvinder Singh d8433c7255 fixed-pool-error-and-tcp-state-transition 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Pablo Rincon e26833be3f Changing mutex/spinlocks/conditions naming types 16 years ago
Pablo Rincon 769022f4be Adding support for Mac OS X, FreeBSD, centrailizing mutex/spins/conditions in a macro API, and some unittests 16 years ago
Gurvinder Singh c1e485cc44 app layer error handling 16 years ago
Gurvinder Singh 3f23f52c52 Fixed FlowTest01 and StreamReassemblyTest30 16 years ago
Gurvinder Singh f2213b066f fast track stream handling and its unitests 16 years ago
Breno Silva c43319c337 Regular expression for UnitTests 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Victor Julien 4914d8d903 Small stream fixes. 16 years ago
Victor Julien 968d8df12b More logging API usage. Changed logging macro's slightly so the vars inside them won't conflict with vars used by the calling function. 16 years ago
Victor Julien 91bc83e5c6 More logging API usage changes. 16 years ago
Victor Julien 3a28171fbd Another round of logging api usage updates. 16 years ago
Victor Julien be3bbe0a85 Fix segv in reassembly. Fix sequence gap handling tests. 16 years ago
Victor Julien b3cb29b758 Fix engine lockup due to mutex locking error. 16 years ago
Victor Julien 4170ec8955 Make locking of the flow optional in the app layer subsys so we can also pass locked flows to it. 16 years ago
Victor Julien 5ecd187b6f Tie app layer parsing to the stream engine. 16 years ago
Victor Julien 0d0ffb9963 Reorganize header inclusions. 16 years ago
Victor Julien edfddcb282 Clean up stream tests memory handling. Remove counters in the address handling that were thread unsafe. 16 years ago
Victor Julien 15b75d727a Fix reassembly unittests. 16 years ago
Victor Julien b102ea2123 Big update: 
- Implement "closing" state in flow.
- Add protocol specific timeouts.
- Lots of stream tracking updates, fixing a lot of out of window issues.
- Stream reassembly fixes.
- Implement a new IDS runmode with 4 stream and detect threads.
- Added a BUG_ON macro that aborts the engine if the expression is true.
- Better balance the flow queue handler for traffic that doesn't have flow (like icmp currently).
- Simplify application level protocol in the Tcp Session.
- Add some debugging memory counters.
 16 years ago
Gurvinder Singh a65d558d2f Changed the debug message 16 years ago
Victor Julien 44b6042cf9 Fix wrong data type used in a reassembly error checking. 16 years ago
Victor Julien 18f556ade1 Fix a number of broken overlap calculations. Add comments exmplaining them all. 16 years ago
Victor Julien 84da1e9dc4 Add seg_list integrity testing to reassemly. Remove all debug output but some. Better deal with packets before the point that we already reassembled. 16 years ago
Gurvinder Singh 65ebb5611d Task 4 handling of missed packets by IDS only and both IDs and end host 16 years ago
Gurvinder Singh feecb7406a Fixed some issues in gap handling 16 years ago
Gurvinder Singh 0a32b6491f Handling of IDS missed packets and its unitests 16 years ago
Gurvinder Singh b267d4072a test the bug in freeing memory 16 years ago
Gurvinder Singh bcebbebdfd Handling IDS missed packets 16 years ago
Victor Julien 4369816cdd Improvements to content keyword memory handling. 
First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more.

Couple of pattern matcher cleanups.
 16 years ago
Victor Julien 25aa05fdb2 use C99 int's. 16 years ago
Gurvinder Singh 6393b6778c unittests for gap handling 16 years ago
Victor Julien 5501212e62 Fix sizeof printf related compiler warnings. 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Victor Julien 8e10844f95 Initial code of Application Layer parsing framework. Rename of L7* to AppLayer*. 16 years ago
Victor Julien 4f358c5a07 Fix list handling in reassembly 16 years ago
Victor Julien 54ae12b1f9 Fixes for the stream reassembly. It turned out that using both a prev_seg pointer and a list_seg->prev pointer at the same time was not the best of ideas. So removed the prev_seg ptr. Cleaned up some copy functions too. Added some more debug statements. Made sure the L7 stuff doesn't kick in when running the unittests for reassembly. 16 years ago
Victor Julien 387472185d Small reshuffling of the unittests, fix of a buffer overflow, hide some dbg output in the stream reassembly. 16 years ago
Gurvinder Singh 994473cea0 Target Based Stream Reassembly with comments 16 years ago
Victor Julien f5eeea5b0b Make sure flow isn't freed while stream msgs are still in use. 16 years ago
Victor Julien 051f21e797 Output more info about sequence gaps. 16 years ago
Victor Julien c42fa78287 Fix wrong segment ordering, fix stream messages not being queue'd right. 16 years ago
Victor Julien c957dc7775 Updates & cleanups to stream & l7 stuff 16 years ago
Victor Julien 1c2240cfeb Stream reassembly update and WIP code for L7 modules. 16 years ago
Victor Julien 51a9e36e10 Remove vips references. Rename to eidps. 16 years ago
Victor Julien 668e9514d7 Pool update. Stream reassembly start. 16 years ago