aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
5,003 Commits
7 Branches
161 Tags
169 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '2d25f12cda'
${ noResults }
Commit Graph

176 Commits (2d25f12cda60ebaf8448f79ff94ee84c2969b329)

Author SHA1 Message Date
Victor Julien 8527b8e08e App Layer: cleanup state func naming 
Rename functions related to AppLayerState to be more consistent.
 12 years ago
Anoop Saldanha 429c6388f6 App layer API rewritten. The main files in question are: 
app-layer.[ch], app-layer-detect-proto.[ch] and app-layer-parser.[ch].

Things addressed in this commit:
- Brings out a proper separation between protocol detection phase and the
  parser phase.
- The dns app layer now is registered such that we don't use "dnstcp" and
  "dnsudp" in the rules.  A user who previously wrote a rule like this -

  "alert dnstcp....." or
  "alert dnsudp....."

  would now have to use,

  alert dns (ipproto:tcp;) or
  alert udp (app-layer-protocol:dns;) or
  alert ip (ipproto:udp; app-layer-protocol:dns;)

  The same rules extend to other another such protocol, dcerpc.
- The app layer parser api now takes in the ipproto while registering
  callbacks.
- The app inspection/detection engine also takes an ipproto.
- All app layer parser functions now take direction as STREAM_TOSERVER or
  STREAM_TOCLIENT, as opposed to 0 or 1, which was taken by some of the
  functions.
- FlowInitialize() and FlowRecycle() now resets proto to 0.  This is
  needed by unittests, which would try to clean the flow, and that would
  call the api, AppLayerParserCleanupParserState(), which would try to
  clean the app state, but the app layer now needs an ipproto to figure
  out which api to internally call to clean the state, and if the ipproto
  is 0, it would return without trying to clean the state.
- A lot of unittests are now updated where if they are using a flow and
  they need to use the app layer, we would set a flow ipproto.
- The "app-layer" section in the yaml conf has also been updated as well.
 12 years ago
Ken Steele d12834769a Add const for Packet * in flow functions. 
By moving FlowReference() out of FlowGetFlowFromHash() and into the one
function that calls it, all the flow functions take const Packet * instead
of Packet *.
 12 years ago
Ken Steele c1b9f0e1f4 Formatting and comment updates in flow files 
Some reformatting to meet coding standards.

Added a few comments to make it more clear where p->flow gets set.
 12 years ago
Ken Steele b08ddfa7f1 Support for Tile Gx atomic instructions 
Tilera's GCC supports the GCC __sync_ intrinsics.

Increase the size of some atomic variables for better performance on
Tile.  The Tile-Gx architecture has native support for 32-bit and
64-bit atomic operations, but not 8-bit and 16-bit, which are emulated
using 32-bit atomics, so changing some 16-bit and 8-bit atomic into
ints improves performance.

Increasing the size of the atomic variables modified in this change
does not increase the total size of the structures in which they
reside because of existing padding requirements. The one case that
would increase the size of the structure (Flow_) was confitionalized
to only change the size on Tile.
 12 years ago
Ken Steele d84079ba7d Move FlowIncrUsecnt to header file to allow for inlining. 
Move FlowIncrUsecnt() and FlowDecrUsecnt() from flow.c to flow.h to
allow for inlining.
 12 years ago
Eric Leblond 4db2fc2cbb Add per-flow generic storage 
This patch adds a per-flow storage that can be created via the functions
available in flow-storage.c.
 12 years ago
Victor Julien 298d21372b flow: only BUG_ON use_cnt in flows when compiled with debug-validation 13 years ago
Anoop Saldanha b22a0cffbb cleanup flowtimeout threadvars retrieval + 
throw back pseudo pkt back to packetpool inside flow timeout.
 13 years ago
Last G 8ae11f73b2 Added parentheses to fix Eclipse static code analysis 
Fixed bug in action priority (REJECT_DST had lowest prio)
 13 years ago
Anoop Saldanha 3d74fa964a Update all flow referencing to use the new FlowReference and FlowDeReference 
macros.
 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Victor Julien a5587fec2e flow: remove unused prune-flows option 13 years ago
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 13 years ago
Victor Julien bf4ab2f7e1 Fix misc issues picked up by coccinelle. 14 years ago
Victor Julien 19a7e7f395 flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default. 14 years ago
Victor Julien f4b542d703 Enforce memcap limit before allocating hash table in host and flow engines. 14 years ago
Victor Julien 4157d9408d Various small flow and host table fixes. 14 years ago
Victor Julien db24258acf Undo changes from 88b8f15663. Atomic stack implementation had a-b-a problem. 14 years ago
Victor Julien 88b8f15663 Add atomic stack implementation. Convert flow spare queue to use this stack. Remove now unused flow-queue code. 14 years ago
Victor Julien 0150e66ede flow engine: improve scalability 
Major redesign of the flow engine. Remove the flow queues that turned
out to be major choke points when using many threads. Flow manager now
walks the hash table directly. Simplify the way we get a new flow in
case of emergency.
 14 years ago
Victor Julien bfb3f1b7cf flow: Refactor how FlowPrune deals with forced timeouts, improving locking logic. 14 years ago
Nikolay Denev 139768dd58 Do not use underscored config vars internally. 14 years ago
Victor Julien 28e15be526 Clean up default output. Use simpler output format for releases. 14 years ago
Anoop Saldanha 7c9d1b80fd Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls 14 years ago
Anoop Saldanha e0c13434ef bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+ 14 years ago
Anoop Saldanha cc7db6315c Move setting packet iponly flags from decode section to stream section 14 years ago
Victor Julien 322779fb23 flow engine: release flow lock earlier in flow kill/prune process. Minor cleanups. 14 years ago
Victor Julien 5401764697 flow engine: minor cleanup. 14 years ago
Victor Julien ad4e016288 flow engine: make FlowEnqueue lock the queue. Adapt callers. 14 years ago
Victor Julien fbbdbb251f flow engine: remove unneeded 'need_srclock' argument for FlowRequeue 14 years ago
Victor Julien 0331da9773 flow engine: introduce FlowRequeueMoveToSpare 
As part of a clean up of how FlowRequeue is used, introduce
FlowRequeueMoveToSpare for moving a flow from a locked queue to the
spare queue.
 14 years ago
Victor Julien 7fa3df33f2 flow engine: introduce FlowRequeueMoveToBot 
As part of a clean up of how FlowRequeue is used, introduce
FlowRequeueMoveToBot for moving a flow to the bottom of it's queue.
 14 years ago
Victor Julien ae1e4c1d7d Add missing hash row unlock. 14 years ago
Victor Julien e1022ee5ae file-extraction: Disconnect file handling from flow and move into the app layer state. 14 years ago
Pablo Rincon 6d60b3a747 filename and fileext keywords 14 years ago
Victor Julien 06904c9024 App Layer cleanup 
Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate.
Various cleanups and dead code removal from the app layer API.
Should safe 100+ bytes memory per flow on 64 bit.
Updated lots of unittests to reflect these changes.
 14 years ago
Victor Julien 9769510ba3 flow: support requeue of flows from closed to new list for TCP ssn reuse. 14 years ago
Anoop Saldanha dcaef183e8 fix compiler warning for printf format 14 years ago
Victor Julien 9baa16af63 Convert flow memcap to u64. Bug #332. 14 years ago
pilcrow ed69eeab14 Safer macro parenthesization and do/while use 14 years ago
Anoop Saldanha b6ba944e6d Rearrange flow manager functions into flow-manager.[ch]. Some other minor changes/updates 14 years ago
Anoop Saldanha 7c729d2d53 some more code cleanup + comments added 14 years ago
Anoop Saldanha d14fdb1156 Remove the unnecessary unittest runmode check to get the test working. Modify tests to get it working around this 14 years ago
Anoop Saldanha 16884a0dea refix failing unittest 14 years ago
Anoop Saldanha 552e72e35e fix failing unittest 14 years ago
Anoop Saldanha 0957c0f8a4 shutdown timeout reassembly shouldn't check timeout flag set or not on flow 14 years ago
Anoop Saldanha 54f6e4ff4d Merge thread kill functions. Merge slot's tm_id with the one used by packet profiling. Remove some junk unused code from ms sync pts. Timeout setup cleanup as well. packet q dbg_maxlen now u32 var. 14 years ago
Anoop Saldanha e335bdbfbc Code cleanup. All code to kill flow manager thread under one function now. 14 years ago
Anoop Saldanha 99a496e852 Indentation fixes 14 years ago