suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	09e5ea230a	app-layer: update UDP entry function Update AppLayerHandleUdp to take the ThreadVars pointer as an argument in prepraration of handling counters in this function.	12 years ago
Anoop Saldanha	429c6388f6	App layer API rewritten. The main files in question are: app-layer.[ch], app-layer-detect-proto.[ch] and app-layer-parser.[ch]. Things addressed in this commit: - Brings out a proper separation between protocol detection phase and the parser phase. - The dns app layer now is registered such that we don't use "dnstcp" and "dnsudp" in the rules. A user who previously wrote a rule like this - "alert dnstcp....." or "alert dnsudp....." would now have to use, alert dns (ipproto:tcp;) or alert udp (app-layer-protocol:dns;) or alert ip (ipproto:udp; app-layer-protocol:dns;) The same rules extend to other another such protocol, dcerpc. - The app layer parser api now takes in the ipproto while registering callbacks. - The app inspection/detection engine also takes an ipproto. - All app layer parser functions now take direction as STREAM_TOSERVER or STREAM_TOCLIENT, as opposed to 0 or 1, which was taken by some of the functions. - FlowInitialize() and FlowRecycle() now resets proto to 0. This is needed by unittests, which would try to clean the flow, and that would call the api, AppLayerParserCleanupParserState(), which would try to clean the app state, but the app layer now needs an ipproto to figure out which api to internally call to clean the state, and if the ipproto is 0, it would return without trying to clean the state. - A lot of unittests are now updated where if they are using a flow and they need to use the app layer, we would set a flow ipproto. - The "app-layer" section in the yaml conf has also been updated as well.	12 years ago
Eric Leblond	b2c58b8d14	Set packet invalid flag during decoding. This patch set a new value in pkt->flag to signal that a packet is invalid during decoding. The patch has been obtained via a coccinelle transformation.	12 years ago
Eric Leblond	d4b7ecfbe3	decode: update API to return error In some cases, the decoding is not possible and some really invalid packet can be created. This is in particular the case of tunnel. In that case, it is more interesting to forget about the tunneled packet and only consider the original packet. DecodeTunnel function is maked as warn_unused_result because it is meaningful for the decoder to know if the underlying data were not correct. And in this case, only focus detection on the content.	12 years ago
Victor Julien	49087f21e4	Optimizations to reduce branch misses	12 years ago
Eric Leblond	6480cd1b9c	Teredo tunnel supports This patch should fix #480 by adding the support of Teredo tunnel. The IPv6 content of the tunnel will be parsed in a similar way as what is done the GRE tunnel. Signatures will then be matched on the IPv6 content.	13 years ago
Eric Leblond	acf10525f6	doc: add decode group and related documentation.	14 years ago
Eric Leblond	7425bf5ca6	Rename some decode event structure and macro. This patch renames DECODER_SET_EVENT, DECODER_ISSET_EVENT and some other structures to ENGINE equivalent to take into account the fact the event list is now related to all engines and not only to decoder.	14 years ago
Victor Julien	e1d4e16645	Simplify packet decoding macro's.	14 years ago
Victor Julien	ba12f3c109	Applayer to flow fixes and cleanups.	15 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	15 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	15 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	15 years ago
Pablo Rincon	d85176bb8b	Moving inline functions to the .h files, so gcc can inline them correctly	16 years ago
Victor Julien	ecf86f9c23	Rename to Suricata.	16 years ago
Anoop Saldanha	ceb7e495ae	refactoring perf stats code	16 years ago
Breno Silva	c43319c337	Regular expression for UnitTests Signed-off-by: Brian Rectanus <brectanu@gmail.com>	16 years ago
Victor Julien	91bc83e5c6	More logging API usage changes.	16 years ago
Victor Julien	3a28171fbd	Another round of logging api usage updates.	16 years ago
Anoop Saldanha	22c0ec2bc5	Added support for the csum-<protocol> rules keyword to the detection engine. Keywords added are ipv4-csum, tcpv4-csum, tcpv6-csum, udpv4-csum, udpv6-csum, icmpv4-csum and icmpv6-csum	16 years ago
Anoop Saldanha	401a0313d4	checksum calculation functions for icmpv6, udp over ipv6 and tcp over ipv6	16 years ago
Anoop Saldanha	41dd0f8e62	checksum calculation functions for ipv4, tcp, udpv4, icmpv4	16 years ago
Victor Julien	57f71f7e4b	Pass the DecodeThreadVars to all Decoder functions properly. Improve the error handling.	16 years ago
Anoop Saldanha	244f5d547a	new registration functions for the stats api, with local thread storage for counter ids	16 years ago
Brian Rectanus	fa5939ca91	64 bit cleanup part2	16 years ago
Anoop Saldanha	d0e70309c0	Implements counters for the decode module	16 years ago
William Metcalf	1ae490e6c8	Small debug fix in decode-udp.c	16 years ago
Victor Julien	657be002d1	Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping.	16 years ago
Victor Julien	efb10fc0d6	big update	16 years ago
William Metcalf	7006085195	udp decoding added icmp unreachables added to reject	16 years ago

30 Commits (2d25f12cda60ebaf8448f79ff94ee84c2969b329)