aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,303 Commits
7 Branches
155 Tags
198 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '329742c10e'
${ noResults }
Commit Graph

1231 Commits (329742c10e0e0f151f9cacddc0ece981d6ba15bd)

Author SHA1 Message Date
Victor Julien ae2698c9cc Properly cleanup used mutexes and condition vars in the flow subsys. 15 years ago
Victor Julien 38f7479af2 Make sure we set the address family (AF_INET & AF_INET6) in the flow's address structures. Needed by HTP personalities code. 15 years ago
Victor Julien fe55d996c1 Improve yaml loaded debug output formatting. 15 years ago
Victor Julien ad02732907 Properly cleanup stream engine spinlocks and mutexes at shutdown. Fixes drd errors in unittests. 15 years ago
Victor Julien 531594a35f Small error message and comment update to the nocase keyword. 15 years ago
Anoop Saldanha a9d3a85b56 support nocase and negation for http_cookie 15 years ago
Victor Julien 71b327bd23 Improve error detection in the pidfile api. 15 years ago
Pablo Rincon 9803def006 Adding pidfile support (thanks to Steve Grubb for the patch) 15 years ago
Anoop Saldanha 9e94768385 fix for bug 108 15 years ago
Anoop Saldanha 47037ef9ec fix for bug 115 15 years ago
Victor Julien 2d45a5994a Fix invalid free in HTP config deinit. 15 years ago
Victor Julien fe7ece997a Different approach to the reference keyword. Lots of cleanups, bug fixes in reference keyword code and tests. 15 years ago
Breno Silva 89baf93a40 Reference Support 15 years ago
Victor Julien 65c9d00730 Remove duplicate cuda kernel file. 15 years ago
Victor Julien 44b6380a70 Improve http body chunk memory handling robustness. 15 years ago
Pablo Rincon fe7948a7ae Modifications on http body request handling 15 years ago
Pablo Rincon 2ce728d019 Adding support for ecn flags after the handshake 15 years ago
Victor Julien 01c0e316b9 Cleanup of libnet patch. 15 years ago
William Metcalf 3678dda185 libnet now optional 15 years ago
Anoop Saldanha 35bd0c6b39 compiled and added a 64 bit version of the cuda b2g kernel 15 years ago
Anoop Saldanha 606516911b added x86_64 for the b2g cuda code 15 years ago
Pablo Rincon f862de2ee6 Fixing some code reviews (Thanks to Steve Grubb) 15 years ago
Pablo Rincon 86185ecd97 Enable spm inspection with precooked pattern contexts on content, uricontent and http_client_body (we will also add this to http_header when it gets commited) 15 years ago
Pablo Rincon 227fe516a0 Adding Boyer Moore context to content patterns, should speed up the search 15 years ago
Pablo Rincon 720f46642f Fix redmine issue 49 (allow pcre to end a pattern with an escaped slash, '\') 15 years ago
Victor Julien 8f0fe76346 Minor dbg output formatting fix. 15 years ago
Victor Julien 15bfa7aa4e Rename CUDA kernel 15 years ago
Anoop Saldanha a91a760fff Add the mpm b2g cuda kernel file into the codebase 15 years ago
Victor Julien 7dcc1daa89 Pcap eof msg can be informational 15 years ago
Victor Julien c5e15213f7 Improve pcap file mode EOF message. Fixes #123. Small cleanups to pcap file code. 15 years ago
Anoop Saldanha e6af69e10e fix for bug 114 15 years ago
Victor Julien 156b844ccb Fix tcp segment list corruption bug 15 years ago
Victor Julien e6ba571c0b Rename structures that don't adhere to our naming conventions. 15 years ago
Victor Julien 4129146a71 Because the HTP personalities code changes how the htp state's connp is initialized, we need to check for it in more places. 15 years ago
Victor Julien ead13bda4a Small cleanup and comment update to htp code. 15 years ago
Brian Rectanus a9cdd2bbae Add htp personality configuration. 15 years ago
Brian Rectanus 4b94babf5d Add functions to radix to add ip/netblocks as string. Add macro to get node user data. Cleanup radix code, docs and printing info. Export all printing functions. 15 years ago
Victor Julien ffd85ac4a6 Use correct datatype in HTPCallbackResponse fixing possible endless looping issues. 15 years ago
Pablo Rincon 2c722c9374 Adding radix tree unittests. Fixing a ipv6 issue with netmasks of 32 (was being handled as if it were ipv4) 15 years ago
Pablo Rincon 6a188f1e6b Fixing memleak also for SCRadixRemoveKey (SCRadixAddKey creates a prefix, but it's the one that the node will hold) 15 years ago
Victor Julien 2b3479577b Fix ecn/cwr unittests 15 years ago
Victor Julien 5eb4095b9a Comment ECN/CWR changes more. 15 years ago
Pablo Rincon 83ddc5813a Support for ecn/cwr TCP sessions 15 years ago
Victor Julien 047238351a Remove loop from radix unittest. We can detect memleaks with valgrind. 15 years ago
Pablo Rincon a5218664c9 Register the free function for nodes of the radix trees at unittests 15 years ago
Pablo Rincon 7cc6edbb09 Unittest used to check the radix memleak located at searching 15 years ago
Pablo Rincon ef3ac7f126 Release the tmp prefix used for searching on the radix tree 15 years ago
Anoop Saldanha 53e8120c9d adapt b2g cuda code for the mpm architecture change 15 years ago
Victor Julien 15c67bfbd2 Fix locking issue in the uri scanning code. 15 years ago
Anoop Saldanha 2c9366b83c Enable flag in http_client_body for http request body callback 15 years ago
Pablo Rincon 07680c954e Small fix handling netmasks belonging to the same octect on BestMatch search 15 years ago
Pablo Rincon b8b569c8f4 Compare uint8_t's with one byte 15 years ago
Pablo Rincon e7a989e305 IP Only Engine using radix trees 15 years ago
Victor Julien ced401b554 Update http_client_body code to recent changes. 15 years ago
Anoop Saldanha 97d49d8f5e support for http_client_body keyword 15 years ago
Victor Julien 74dfbc0c49 Move flow flags to flow.h 15 years ago
Breno Silva 81abe635c8 Global Threshold config 15 years ago
Victor Julien 26e8a0a06a Cleanup global threshold code. 15 years ago
Breno Silva 67f2026279 Global Threshold config 15 years ago
Victor Julien 08600df6b1 Small uri cleanups. 15 years ago
Pablo Rincon c7350a8ac6 Fixing some naming convention issues and incorrect error messages 15 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 15 years ago
Victor Julien e3552a8e3f Add more comments to detect and flow structures. 15 years ago
Gurvinder Singh 8e444f1772 stream and application layer improvements 15 years ago
Victor Julien 3d7b882bde Make sure all smsgs are handled every time, even in case or error. The fuzzer found an issue where unhandled messages remained in the queue leading to threading issues. 15 years ago
Victor Julien cb8aaa5968 Make sure we only run the app layer proto detection (successfully) once per flow. Solves an issue found by the fuzzer where both flow directions were detected as different protos, messing up the app layer parser. 15 years ago
Victor Julien 68576947e2 Small SMB cleanups. 15 years ago
Victor Julien f4ee4f5670 Properly clear list tail ptr in segment list. 15 years ago
William Metcalf b0faeb91d7 small PF_RING update cmd line opts changed 15 years ago
Gurvinder Singh 4879045c6f bug 102 patch 15 years ago
Victor Julien 4fd4c1331e Fix broken unittest, improve within error messaging. 15 years ago
Anoop Saldanha c54b91ed94 fix for bug 113 15 years ago
Victor Julien 6be0778532 Comment SigMatchSignatures a bit. 15 years ago
Kirby Kuehl f08d3e76ee add maximum andx chain depth 15 years ago
Jason Ish acaee78b1c Fix bug 125. - Always bail on parse errors. - Exit if loading the config file fails. - Display the line number where the parsing failed. 15 years ago
Victor Julien 449205cfeb Remove wrong copyright info, cleanup headers. 15 years ago
Kirby Kuehl afb08d388d make sure we have input_len 15 years ago
Pablo Rincon 4a351c07a6 Bug 103, bound checks at pppoe, added macros for 4bit fields 15 years ago
root ddf995da3b pfring support lb type, and now uses logging subsys 15 years ago
Victor Julien 057031acce Don't inspect more methods than necessary. 15 years ago
Pierre Chifflier 5535e083a0 Fix prelude init and cleanup sequence using OutputCtx 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 15 years ago
Jason Ish 37bb733929 Looks like something happened in a previous merge: - Don't set the limit here, its already set. - Don't write the log file header here, its also been written. 15 years ago
Jason Ish 40f9653c06 Have output plugs use an OutputCtx which is a little more generic than LogFileCtx. The OutputCtx provides a place for module private data to avoi overriding the LogFileCtx. 15 years ago
Victor Julien 99d5dc3d2a Don't scan more cookie headers than necessary. 15 years ago
Victor Julien c1a19bcd6b Fix compilation of new detect-filter code, fix ip-only compatibility of detect-filter code. 15 years ago
Gerardo Iglesias Galvan ef2ae76c42 Add support for detection_filter keyword 15 years ago
Jason Ish eab93e766a Do policy lookup for defrag. Add unit test for a default host os policy. Update example config to use a default. Add 2 new policies to the stream to cover all the policies for stream and defrag. 15 years ago
Gurvinder Singh 7438f981da stream memory leaks fixed and unit tests added 15 years ago
Victor Julien 90006d94a6 Fix compilation 15 years ago
Jason Ish 5c3ab2b73f Load host OS info from the configuration. 15 years ago
Victor Julien 297001c6d9 Only process a app layer sig if it has the proper state. Make sure a sig can't have conflicting sigmatches, such as ftpbouce and uricontent. 15 years ago
Victor Julien ec47f840f3 Remove more scan references. 15 years ago
Victor Julien bee4e04664 More scan/search related cleanups. 15 years ago
Victor Julien 7a8cd61fdf Cleanups. 15 years ago
Victor Julien 153d1425fe Fix nocase searching in payload search phase. 15 years ago
Victor Julien 80dc4f1dbe Further simplify content api: merge flags that indicate a next relative match, remove chunks as they are unnecessary now, make negated a bitflag. 15 years ago
Victor Julien f0d68b633e Remove nosearch flag from pattern api and add a generic bitwise flags field. 15 years ago
Victor Julien 1e01fd613c Remove all references to the scan phase from the pattern matchers and it's api. 15 years ago
Victor Julien dd846c9b0e Remove all search code from the pattern matchers, cleanup mpm api, remove unused http code, more cleanups. 15 years ago
Victor Julien 6990d9c91b Fix thresholding signature unittests. Because of the bug fix that made thresholding compatible to ip-only sigs the test sigs needed to be made non-ip-only. 15 years ago
Victor Julien f298fec872 Make sure nocase applies to the last pattern, content or uricontent. 15 years ago
Victor Julien 24b5149adf Remove search phase from b2g pattern matcher. 15 years ago
Victor Julien 0e7cb90212 Fix broken pmatch list handling. 15 years ago
Victor Julien 27f3382066 Fix rules with thresholding set not being able to be ip-only. 15 years ago
Victor Julien 8b30226914 Detection keyword cleanup 15 years ago
Victor Julien 6637873348 Update prev ptrs in SigMatchReplaceContent 15 years ago
Victor Julien b259e362cd Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now. 15 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 15 years ago
Victor Julien 50e41817a7 Share content id's between identical patterns. 15 years ago
Victor Julien 4494545d3a Fix bogus error message. 15 years ago
Victor Julien 5e3f072fa6 Clean up flow mutexes after use. 15 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 15 years ago
Pablo Rincon ebcbc859e3 Fix on IPOnly match at flows, for inline mode 15 years ago
Anoop Saldanha 505088e7bc Fix for bug 50. Make timebased counters more accurate 15 years ago
Victor Julien f442c1f5ec Make sure log-http checks for a valid p->flow ptr before using it. 15 years ago
Victor Julien 51f2bc1d81 Fix compilation on Linux, add error checking to Win32 SCFmemopen and properly indent. 15 years ago
Jan Jezek 4e72ccf987 Fixed Win32 compilation, unit tests now compile. 15 years ago
Victor Julien d6c53b68bf Fix two separate segv's in the http logging code. 15 years ago
Victor Julien e462364e68 Use snprintf instead sprintf 15 years ago
Gurvinder Singh 8ff242beff bug 98 patch 15 years ago
Victor Julien 045eaec95b Fix file permissions. 15 years ago
William Metcalf 260d0d7673 Steve Grub fixes... Thanx Steve! 15 years ago
William Metcalf 0fe4373b67 Rolled back to 0.2.x branch renamed htp to libhtp 15 years ago
Victor Julien dc11247511 Change the way we replace contents by http_method and http_cookie, fixing #90. 15 years ago
Victor Julien 45b85c063a Fix segv in http log module. 15 years ago
Victor Julien 60685f8b3c Make unittests run more quiet. 15 years ago
Jason Ish 7537013e16 Fix bug 99. 
- Handle the case where the parent node already exists in ConfSet.
- Deal with allow_override properly when a node has already been
  set with ConfSet.
 15 years ago
Jan Jezek c1cbdf6ae9 Win32 build fixed. 15 years ago
Pablo Rincon 7719216575 Setting thread priorities with nice 15 years ago
Jason Ish 73700af92b afaik integer increments are not atomic, so put inside the lock 15 years ago
Gurvinder Singh 50f7d0a887 app layer htp logging and better htp request handling. removed recent_in_tx. 15 years ago
Victor Julien aa1564791d Disable thread priority code until we understand it better. 15 years ago
William Metcalf f7111f3847 import of integrated htp lib and small libnet fixes 15 years ago
Gurvinder Singh 4768e42159 bug 95 patch 15 years ago
Jason Ish ea277a0b36 Cleanup of configuration internals. Use an n-ary type tree for everything instead of a first level hash branching off into n-ary type trees. 
Reduces the code and uses a uniform internal data structure.
 15 years ago
Pablo Rincon 38dc7ffebc Adding settings for detect engine group config 15 years ago
Jason Ish fbdf1baf1c - rebase 
Provide limits to the unified outputs.
 15 years ago
Victor Julien 16b6f536a0 Fixup Linux compilation after applying win32 patches. 15 years ago
Jan Jezek bff652d2f3 Added missing win32 files. 15 years ago
Jan Jezek fe6a72befc Code is now compilable on the Win32 platform 15 years ago
Victor Julien f0b9ad3f1f Update version to 0.8.1 15 years ago
Victor Julien b28488508b Cleanup threading cpu affinity and prio output. 15 years ago
Victor Julien c1e2e53809 Mhz->MHz 15 years ago
Anoop Saldanha 903b24667b Some more formating changes for cuda startup device info logs 15 years ago
Anoop Saldanha 07034d0d85 Updated cuda device information logs with some minor formatting changes 15 years ago
Anoop Saldanha 1a5ee37bd3 Added cuda logs for the engine, which shows device info and memory usage 15 years ago
Anoop Saldanha 30940c9a94 pack all the packet pattern scan and search packet setup for cuda into a function inside util-cuda-handlers.[ch] 15 years ago
Victor Julien 963691387a Disable unused uri scanning code. 15 years ago
Anoop Saldanha 8cf60d6645 Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher. 15 years ago
Anoop Saldanha c26e92733d handle the cuda cleanup at shutdown. should get rid of any errors from the call to SigGroupCleanup 15 years ago
Victor Julien d281a6b8ac CUDA build system support & compile fixes 
- add configure support for CUDA
- make sure all code compiles if CUDA is disabled
- fix compiler warnings
 15 years ago
Anoop Saldanha a2948fc25c valgrind fixes for b2g cuda mpm 15 years ago
Anoop Saldanha 41e6735b92 mpm b2g cuda support added 15 years ago
Anoop Saldanha 84df26d3fd cuda interface 15 years ago
Pablo Rincon 985d565cfd Change priorities only if we are EUID == 0 15 years ago
Pablo Rincon 80f5008728 Adding default priority for all the threads 15 years ago
Pablo Rincon b482471a7d Adding auto runmodes based on available core/cpu's. Setting thread priorities 15 years ago
Pablo Rincon 34216fd3e2 bug87 Fix IPOnly veredicts on flows 15 years ago
Victor Julien d3244e51eb Fix big endian iponly handling. 15 years ago
Victor Julien 59ccef9a11 Handle ip only matching correctly on big endian systems. Thanks to Yao-Min Chen for figuring this out. 15 years ago
Pablo Rincon cef12d30b5 Unified output fixes: alert count per module (not per thread), fix timestamps on pcap mode, write *all* the alerts of a packet, write the log header once also on unified alert 15 years ago
Breno Silva b02bb6b6b4 VLAN Support 15 years ago
Pablo Rincon 29d51a6182 Using the loggin API in source-pcap and source-pcap-file 15 years ago
Gurvinder Singh 5293681860 b86 15 years ago
Victor Julien 4f3a04a410 Disable htp cleanup code as I'm not yet convinced it does what it should. 15 years ago
Gurvinder Singh bf236e4567 better htp memory handling & flow valgrind error fixed 15 years ago
Jason Ish 763fb4a583 Fix threading issues with unified-log. - Only write the header once, on opening, not per thread init. - Track the size in the log file ctx, not per thread. 15 years ago
Victor Julien defc6595c6 Make pcre P have it's own sm type. 15 years ago
Pablo Rincon 0165b3f0d8 pcre P modifier support (pcre match over http body requests) 15 years ago
Gerardo Iglesias Galvan ba6d807a6e Improve information about errors on signature failure 15 years ago
Jason Ish cc28284598 Set the ethernet header pointer. Without this, alert-unified-log will add an extra ethernet header to every alert logged. 15 years ago
Kirby Kuehl 565eab1f54 fix bug88 15 years ago
Kirby Kuehl a334a87109 smb safety checks 15 years ago
Kirby Kuehl bea30a6db6 bug 88 validate dcerpc header 15 years ago
Jason Ish 9e4da4f8e7 supply pcre_get_substring with the proper start of the string. 15 years ago
Kirby Kuehl a8c3718b56 signed unsigned comparision fix for 64 bit 15 years ago
William Metcalf 7099da431b small fix for source-pfring.c after stat err rename 15 years ago
Jason Ish e87d4f8a28 Split the defrag counters into ipv4 and ipv6. 15 years ago
Victor Julien 2cb2989ad8 Apply configurable max pending packets to nfq and ipfw 15 years ago
Jason Ish 7142fdb780 quick way to make max_pending configurable. 15 years ago
Victor Julien 187949b9ad Make urilen inspect the normalized uri, cleanup uri (error) handling. 15 years ago
Jason Ish 6b562f7aa6 Issue 82 - fragment counters. - number of fragments - number reassembled - number of timeouts 15 years ago
Victor Julien 3d0355bae8 Compile fix. 15 years ago
William Metcalf c3e70accd2 pcap and pfring exit stats 15 years ago
Victor Julien b99e10236c Fix a endless loop condition in the smb parser and make dcerpc parser more quiet. 15 years ago
Victor Julien 16aebe5add Fixup smb tests. 15 years ago
Kirby Kuehl 957b43b3d6 signed unsigned comparision cleanup 15 years ago
Kirby Kuehl 40a0fd5e97 fix warning 15 years ago
Kirby Kuehl 4b05bc281d fix padding bug 15 years ago
Kirby Kuehl 6aac8d55a6 reset smb bytesprocessed when complete 15 years ago
Kirby Kuehl 4dd2f621ac smb writeandx dcerpc over smb 15 years ago
Pablo Rincon 583c686170 Allowing no case options for flow keyword. Adding unittests for this 15 years ago
Victor Julien 194015c6cf Fix reject code to not send resets for all alerts. 15 years ago
William Metcalf f925ac9351 printf to logging subsys conversion for src/detect-bytejump.c 15 years ago
Gurvinder Singh 999a200bc9 pattern matcher options support 15 years ago
Pablo Rincon d0404d8447 Renaming errors with naming conventions 15 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 15 years ago
Jason Ish 8f618b2121 - actually re-inject ipv6 re-assembled packets. - set the next header. 15 years ago
Jason Ish 8570976ee0 Fix for lists that are children of another list. Fix memory leak by only setting the sequence index value to the first item found. 15 years ago
Victor Julien 501c8814b6 fix crash in urilen 15 years ago
Victor Julien ed7762e843 Disable unused jabber proto detection as it made the proto detection code look way more into the stream than without it. 15 years ago
Jason Ish 6f73aca1e8 I know Snort defaults to syslog in daemon mode, but should we? 
Stick to the logging configuration defined in the config file
in daemon mode.
 15 years ago
Jason Ish c72d6be58b Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available. 15 years ago
Breno Silva a857fa7170 FragOffset Rule Keyword 15 years ago
Breno Silva 7e299834d2 FragOffset Rule Keyword 15 years ago
Victor Julien f96511a8b1 Check reassembly limits against correct stream direction. Set proper direction flag in stream msgs. 15 years ago
Gurvinder Singh ed99e73622 bug 78 15 years ago
Kirby Kuehl 58c8103a4b fix unittest 15 years ago
Victor Julien 53c9276d51 Cleanup pcap output. 15 years ago
Victor Julien e0aacac4c6 Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit. 15 years ago
William Metcalf ba46c16aac bpf support for pcap modes 15 years ago
Pierre Chifflier 4515ae13e4 Add Prelude output plugin 
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.

Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)

libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).

Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 15 years ago
Gurvinder Singh cf5266094d bug 66 patch 15 years ago
Victor Julien 148883cedf Work around for unsupported CONNECT support handling. 15 years ago
Victor Julien 7deb4e9f09 Cleanup AppLayerDetectGetProto a bit. 15 years ago
Victor Julien fd409049cb First step for proper HTTP CONNECT handling. 15 years ago
Victor Julien 9f3f9e9ba1 Fix ipfw verdict. 15 years ago
Gurvinder Singh 3cad20946d bug 64 patch 15 years ago
Victor Julien 53977fded6 Small compilation fixes when debugging is disabled. 15 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 15 years ago
Victor Julien df4c642c70 Fix weird compile error 15 years ago
Victor Julien b1531f7244 Manually merge Pablo's IPFW action patch. 15 years ago
Pablo Rincon 51dc773eec Changing the veredict actions to flags to allow simultaneous veredict 15 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 15 years ago
Jason Ish fbf03a927d Fix issue 71. The insert and re-assemble need to be done under the same tracker lock. 15 years ago
Victor Julien f7f33ec889 Fix the flow manager sleeping for way too long in some situations. 15 years ago
Kirby Kuehl 298bf4cc88 dcerpc over smb for transact 15 years ago
Victor Julien bbfe1d293e Fix merge artifact. 15 years ago
Victor Julien f08d01a8e8 Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine. 15 years ago
Pablo Rincon 7f250a814a Fixing redeclaration of run_mode 15 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 15 years ago
Kirby Kuehl 8efbe491a1 dcerpc refactoring 15 years ago
Kirby Kuehl 008de4321b refactor dcerpc in prep for dcerpc over smb 15 years ago
Anoop Saldanha 546e9b5f28 AddressCutNot fix for address engine ipv6 15 years ago
Anoop Saldanha e25696afce engine address ipv6 refactored 15 years ago
Gurvinder Singh d9677c7e2a bug 76 patch 15 years ago
Jason Ish 0a5bc2d600 Fix issue 74. separate initialization of run modes from adding them to a thread. - fixes issues with multiple output threads. 15 years ago
Pablo Rincon 260e581929 First version of the reputation API 15 years ago
Kirby Kuehl f15ca04889 fix padding calculation and stubdata parser for dcerpc 15 years ago
William Metcalf 811f2f605d small fix for ! inside of content match 15 years ago
Pablo Rincon 9ec2057a21 Small fix, renaming 15 years ago
Victor Julien 2481f2102b Add missing return value evaluation in port parsing and fix broken unittest. 15 years ago
Victor Julien b3bcba077f Only inspect http flows against uri sigs, clean up uri scanning code. 15 years ago
Gurvinder Singh 0cb43d27e9 uricontent new design 15 years ago
Gurvinder Singh 356a8bf385 applayer uri match and modified http handling 15 years ago
Victor Julien fcb03099a3 Fix reassembly updating the wrong stream on ACK 
The stream reassembly updated the wrong stream on received ACK packets. Instead
of the opposing stream it updated the stream in packet direction. This caused
issues in the app layer handling.

Updated the unittests as well.
 15 years ago
Pablo Rincon 256d745b39 Including header file for cpu detection 15 years ago
Pablo Rincon 17cd010b0c Detect the number of CPUs configured and online. Printing a small summary at the startup 15 years ago
Victor Julien 0d3da34f64 remove unused variables 15 years ago
Victor Julien c352bff6fb Remove unused conditional locking code from the app layer parsing code. 15 years ago