2333 Commits (391d813c82a1ff68fb778ac0e1188003f20ccf11)

Author	SHA1	Message	Date
Eric Leblond	1375e90030	Prepare multi queue support in NFQ ... This patch prepare support for multiqueue in the source file. The NFQ vars contained in Packet structure has a new member. It is a reference to the NFQ thread var it comes from. The behaviour is modified as a single verdict thread treat packet for all Netfilter queues. Locking is done in the verdict function to ensure that simultaneous modifications of counters can not occur. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	d0faa6c96e	Fix some spacing. ... This trivial patch fixes some indentation problems. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	88fb3a641e	Delete some commented code in runmodes ... This patch simply suppress some commented code in runmodes.c. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	f9e453e14c	affinity: Use configured 'threads' value if set ... This patch modifies runmodes to make them use the new 'threads' variable. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	fb3641982f	affinity: 'threads' param to configure threads number ... This patch adds a new parameter the affinity. The 'threads' keyword is used to set the number of threads to start for a family. It can only be used on family where multiple thread are laucnh in the running mode. This is mainly the case of the detect threads. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	789d46cc3c	Add per-cpu prio handling ... This patch updates affinity setting to add a support for per cpu priority setting. In exclusive mode a thread is dedicated to a CPU. This patch adds the ability to set the thread prio for all threads of a family running on a given CPU. With this patch we can write - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] medium_prio: [ "1-2" ] high_prio: [ 3 ] With this configuration, detect threads assigned to cpu 0 will have a low priority. Detect threads on cpus 1 and 2 will have prio medium... The previous configuration is equivalent to: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus low_prio: [ 0 ] high_prio: [ 3 ] prio: "medium" because the prio value is used a default. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	a11e40dedf	Pcapfile mode: support for cpu affinity settings ... This patch adds support for cpu affinity setting in the pcapfile runmode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	9d5f08e0d9	Pcap mode: use CPU affinity setting ... This patch adds support for CPU affinity settings in pcap mode. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	51df6beb26	Convert RunModeIpsNFQAuto to new affinity mode. ... The default NFQ run mode is now using the new affinity system. It thus can be configured via suricata.yaml. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	ea566d6601	Handle management thread with corresponding affinity ... This patch implement the setting of each management threads in the corresponding thread affinity. This is done by modifiying thread creation function. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	0809deafc4	Implement function needed for affinity in tm-threads ... This patch features the implementation of affinity related changes in tm-threads. In place code has been used but some refactoring has been done to avoid code duplication. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	77f2b6a7a9	Make runmode parse affinity settings. ... This patch modifies runmode to parse configuration file related to affinity settings. It also prepare the export of the set_cpu_affinity which was previously local. It is now used in the affinity and tm-threads files. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	2011366429	Include affinity in runmodes and threadvars. ... This small patch add inclusion of util-affinity.h in the files that will have to use affinity related features. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	37ee483b75	Add affinity util function and related files ... This patch adds two new files which implement advanced affinity settings. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	96e3852191	source-nfq: add define of SOL_NETLINK ... Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Martin Beyer	396b750414	Fixed optional args in SCCudaModuleGetGlobal	15 years ago
Martin Beyer	5dc5d73a66	fixed NULL checks in util-cuda	15 years ago
Martin Beyer	0d4ac48aa0	added texture reference api to util-cuda	15 years ago
Victor Julien	d10cf5b4e3	Increase stream msg size.	15 years ago
Victor Julien	ec5b622553	Inspect all stream msgs at any time when running in stream-inline mode. Skip detection for packets flagged for dropping before detect.	15 years ago
Victor Julien	48c7f18453	Fix bug in the segment insert code causing an inconsistent segment list in some overlap conditions.	15 years ago
Victor Julien	929ce0bb9b	Add a counter to NFQ for modified packets.	15 years ago
Victor Julien	05539d7357	Fix a reassembly overlap issue. Fix a inline reassembly gap handling issue.	15 years ago
Victor Julien	00e4dde6a6	Fix PKT_STREAM_EOF never being set, resulting in some raw stream chunks never being inspected. Improve debug output.	15 years ago
Victor Julien	e92ab40d39	Fix compilation for non-DEBUG case.	15 years ago
Victor Julien	1dca88fe69	Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine.	15 years ago
Victor Julien	2db06cc79e	Improve Inline reassembly wrt to GAP handling. Add more tests.	15 years ago
Victor Julien	29e02abc94	Expand and fix stream unittest helpers.	15 years ago
Victor Julien	121e9c72aa	Add more debug printing of reassembled data into the app layer api.	15 years ago
Victor Julien	4c82c0e750	Improve RawInline reassembly: remove unnecessary segments from the stream in an earlier stage. Test this properly.	15 years ago
Victor Julien	668bd46c1c	Add flow prune debug counters (disabled by default).	15 years ago
Victor Julien	4bf4382354	Make sure tunnel packets (and pseudo packets) properly decrement the flow use counter in all cases.	15 years ago
Victor Julien	37587c0b7d	Add missing stream inline files.	15 years ago
Victor Julien	3a774165fa	Initial version of a inline raw reassembly function that reassembles in a sliding window. Introduce new unittest helpers for stream reassembly.	15 years ago
Victor Julien	abdffadc1c	Add a new app layer reassembly function that is for inline use, and use it when the stream engine is in inline mode.	15 years ago
Victor Julien	8cacd5fe50	Fix the stream.inline config option. Set PKT_STREAM_EST flag also for packets that are part of a session in a state beyond TCP_ESTABLISHED.	15 years ago
Victor Julien	a8bb98836b	Don't handle and validate the TCP timestamp at the same time. Instead validate first, then later when all other validation has been done as well, handle.	15 years ago
Victor Julien	8d3f9c53a9	Minor cleanups.	15 years ago
Victor Julien	bff70eed6d	Update to depth code. Get segment from the correct pool when a payload is truncated.	15 years ago
Victor Julien	66c40f782c	Have reassembly errors also set a stream event.	15 years ago
Victor Julien	0f072648e6	Another iteration of the reassembly depth enforcement, now considering retransmissions.	15 years ago
Victor Julien	935958219d	Rename RST validation function to match convention	15 years ago
Victor Julien	94fe0d5fa2	Add ACK validation to Reset/RST validation code.	15 years ago
Victor Julien	16cd31a408	Remove unused pseudo packet reassembly code.	15 years ago
Victor Julien	bf88a6de09	Add depth comment.	15 years ago
Victor Julien	a26768ce7a	Change the way the reassembly depth is enforced. Ignore retransmissions, get rid of per session counter.	15 years ago
Victor Julien	7af9c58af7	Improve ACK value validation, timestamp checking code. Overall layout.	15 years ago
Victor Julien	0f5b6a8bd7	Fix minor comment typo.	15 years ago
Victor Julien	aa04d9eefb	Improve stream gap handling. Instead of giving up as soon as we see a gap we now wait much longer before we decide it's a gap.	15 years ago
Victor Julien	6ffb9da9be	Better support ack/psh data packets on several states. Updates to ack validation code.	15 years ago
Victor Julien	6fca55e068	Add some debug output to app-layer-htp.	15 years ago
Victor Julien	25f5589078	First round of adding 'stream events'. Basic stream tracking events added.	15 years ago
Victor Julien	2849d2b1d3	Initial code for stream 'inline' mode: packets that are (partly) overlapping with already accepted packets (meaning in the streams seg list) are rewritten to make sure they contain the exact same data.	15 years ago
Victor Julien	3857154f4b	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	8b5f553a35	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	55a863359c	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	cc116d71ef	Fix unittests after merge.	15 years ago
Gurvinder Singh	2beb7af7f8	support for validating the ACK before updating the last_ack field and also update next_seq if we missed the last packet	15 years ago
Victor Julien	acc38c9ebf	Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c955254b4e	Adapt stream code to packet memory allocation changes.	15 years ago
Victor Julien	44e678b86b	Comment out disabled unittests.	15 years ago
Victor Julien	a622ad5047	Fix new unittests introduced by rebase with next branch.	15 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Victor Julien	fadd6d6361	Add pseudo packet counter.	15 years ago
Victor Julien	f606621e8c	Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state.	15 years ago
Victor Julien	b0901ab30d	Fix compilation with --enable-debug	15 years ago
Victor Julien	6482c34909	Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets.	15 years ago
Victor Julien	2072ad80af	Never create a pseudo packet based on a pseudo packet.	15 years ago
Victor Julien	61a9936d55	Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected.	15 years ago
Gurvinder Singh	00f21f34e8	support for pseudo packet creation from reassembled stream segments	15 years ago
Victor Julien	8fa5a2c025	Split applayer and raw stream reassembly ... Split stream reassembly in 2 parts: a part that sends ack'd data to the app layer parsers as soon as it's available, and another part that queues up data into larger chunks for raw inspection.	15 years ago
Victor Julien	dda6d3e07b	Add error counters.	15 years ago
Victor Julien	3b239b3e48	Cleanup and document AppLayerHandleTCPData	15 years ago
Victor Julien	fe6bf728d3	Create a AppLayerHandleTCPData function to directly feed data from the reassembly engine to the app layer parsing.	15 years ago
Victor Julien	b5a5ef14b9	Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple.	15 years ago
Victor Julien	24f071cabb	Make sure http_cookie inspects all HTTP transactions. Clean up error messages. Get rid of unused code and dead comments.	15 years ago
Anoop Saldanha	c9897a44a4	fast pattern support for http_cookie. Also support relative modifiers	15 years ago
Anoop Saldanha	bbbedaf963	fast pattern support for http_method. Also support relative modifiers	15 years ago
Anoop Saldanha	2321a4dd58	support isdataat negation. Also fix addiing isdataat to appropriate lists	15 years ago
Victor Julien	4ae7144876	Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly.	15 years ago
Eric Leblond	9c2bdc6d0c	Main loop: increase timer. ... Timer in the main loop was of 100 usec. This patch increases it to 10 ms which should be a reasonnable delay to declare some threads dead. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	89558ab9a4	RFC: modify error treatment in PacketCopyData ... Hello Victor This patch modifies error treatment following our discussion on IRC. It tries to follow the error treatment guideline I've been able to read in the different files. I will merge this patch in the original commit if the error treatment seems ok for you. BR, Eric	15 years ago
Eric Leblond	49adc264bc	Don't print message after SCMalloc failure. ... This patch generated via coccinelle is getting rid of logging message after a SCMalloc failure. They were useless as SCMalloc already displays a message.	15 years ago
Eric Leblond	67b95c8c4d	Auto discovery of default packet size ... If default-packet-size is not set, it is possible in some case to guess a correct value. If PCAP or PF_RING are used we are linked to a "physical" interface. Thus, it is possible to get information about the link MTU and hardware header size. This give us the ability to auto discover a decent default-packet-size. If suricata is running under a different running-mode, it will default to 1514.	15 years ago
Eric Leblond	3eada85ff8	Add interface setting discovery via ioctl ... This patch adds support for MTU discovery of link following idea of go.ph1g. It also adds some function to give a approximation of link header length.	15 years ago
Eric Leblond	1db4aadd16	Supress usage of Packet declaration in tests. ... For convenience, a massive usage of 'Packet p;' declaration has been done in the tests function. Although this was completely legal, this is not possible anymore because of the new Packet allocation structure. This massive patch modifies all suricata files to use a SCMalloc allocated pointer to Packet instead. This patch has been done using coccinelle (http://coccinelle.lip6.fr) which is a semantic patching tool. This ensures that things like call to SCFree() should have not been forget because the semantic patch explicitly forces the call to SCFree(p) before each return. With this patch all unittests are running fine with a small and a big default packet size.	15 years ago
Eric Leblond	156b202597	Fix decode part of source-nfq	15 years ago
Eric Leblond	dd038c1906	Modify files to avoid direct pckt payload access ... This patch implements the needed modification of payload access in a Packet structure to support the abstraction introduced by the extended data system.	15 years ago
Eric Leblond	e802e1ed16	Modify Packet structure and prepare accessor. ... This patch modifies decode.c and decode.h to avoid the usage by default of a bigger than 65535 bytes array in Packet structure. The idea is that the packet are mainly under 1514 bytes size and a bigger size must be supported but should not be the default. If the packet length is bigger than DFLT_PACKET_SIZE then the data are stored in a dynamically allocated part of the memory. To ease the modification of the rest of the code, functions to access and set the payload/length in a Packet have been introduced. The default packet size can be set at runtime via the default-packet-size configuration variable.	15 years ago
Eric Leblond	8471626916	Fix error message and adds information to config ... This patch fixes a typo in an error message and add some information to the checksum verification option.	15 years ago
Anoop Saldanha	6fc5dae2f9	fix leak for accepted uuid list in dcerpc state	15 years ago
Victor Julien	3409513a44	Fix FlowTest* unittests to fail sometimes.	15 years ago
Eric Leblond	a69bb94335	Checksum match: fix logic problem ... This patch fixes a logic error in the checksum matches. In case the protocol is not the one tested, the test must return 0 and not 1 (test matched). Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	878d3d87db	Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported.	15 years ago
Victor Julien	18b4e3380f	Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code.	15 years ago
Victor Julien	6131dec8a1	Fix a compiler warning due to a broken prototype declaration.	15 years ago
Victor Julien	e3bde3e95d	Add a simple revision based on the git rev to the version number, like a build number.	15 years ago
Eric Leblond	56c95bf622	Convert thread PRIO to a enum ... This patch converts thread prio value to an enum. This can add some useful check by gcc in switch. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	62cf7eea4c	util-cpu: fix trivial typo in documentation ... This patch fixes a trivial typo in a documentation message. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	ffcd512167	Clean up packet pool handler on shutdown.	15 years ago
Victor Julien	b24ccf8c80	Clean up stream pmqs in the detect thread ctx.	15 years ago
Victor Julien	3710296057	Cleanup defrag engine on shutdown.	15 years ago
Anoop Saldanha	9c9f3ec963	fix mem leak in http_ engines	15 years ago
Victor Julien	0057a7c15e	Suppress a AC debug message.	15 years ago
Victor Julien	d48ff8f6aa	Extend 'append' option to stats.log as well. Small cleanups.	15 years ago
Gurvinder Singh	f4392e1dcc	added support for appending the log files	15 years ago
Pierre Chifflier	de41612ea1	Add options to choose if we log header and content in Prelude alert module. ... Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>	15 years ago
Pierre Chifflier	9a53a09c58	Log verdict in Prelude alert module ... Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>	15 years ago
Eric Leblond	f73c60b4ff	nfq: set some options on netlink socket ... This patch modify nfq system to set some options on the netlink socket. This should improve performances by handling more correctly capacity overrun.	15 years ago
Victor Julien	96ec2a76c6	Update version to 1.1beta1	15 years ago
Victor Julien	014f62247a	Another batch of clang fixes. Nothing really serious. Includes a couple of fixes for broken fixes from yesterday.	15 years ago
Victor Julien	cac95010f3	Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly.	15 years ago
Victor Julien	3f47eade6b	Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang.	15 years ago
Victor Julien	7dc4b164a8	Fix a clang warning in unittest DetectUriSigTest12.	15 years ago
Victor Julien	2c6f9abaff	Work around a suspected fp in clang.	15 years ago
Victor Julien	ac97bb7799	Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init.	15 years ago
Victor Julien	b600c9ac09	Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6.	15 years ago
Victor Julien	1112e103a8	Disable DBG_PERF by default except for when DEBUG is enabled.	15 years ago
Victor Julien	6af30e5b2e	Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error.	15 years ago
Victor Julien	743ed7626c	Fix potential null deref (introduced a few commits ago) found by clang.	15 years ago
Victor Julien	3d60e9bfeb	Clean up output.	15 years ago
Victor Julien	3fcfaef9f7	Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well.	15 years ago
Gurvinder Singh	791d177c7f	fixed the timestamp issue in http.log	15 years ago
Victor Julien	355f237bfd	Fix compiler warnings, cleanup counters config code.	15 years ago
Gurvinder Singh	ba18110abd	support for stats.log configurable and fixed timezone issue in faslog and debuglog	15 years ago
Anoop Saldanha	58c228a56b	fix sig ordering bugs. Flowvars and pktvars user type retrieval should be from pmatch list, as well as from match list. Also fix lousy unit tests	15 years ago
Victor Julien	c64b9362cf	Remove unused stream flag.	15 years ago
Victor Julien	4cacb1e970	Disable adding to unregistered mbit/s counter.	15 years ago
Anoop Saldanha	dc2c8be583	always read config.h header file first	15 years ago
Victor Julien	40de0b0270	Have each output use the global log format if none is specified for that specific output.	15 years ago
Anoop Saldanha	d241e51b32	adapt fast pattern engine analysis to reflect the new changes made to your mpm design	15 years ago
Anoop Saldanha	54854d74c1	add some header files that we missed while rebasing	15 years ago
Anoop Saldanha	05adf2de41	fix live runmode decode TM for cuda	15 years ago
Anoop Saldanha	42c1287028	renintroduce g_u8_lowercase_table for b2g cuda	15 years ago
Anoop Saldanha	1fb121d0ba	wrap cuda based util-mpm.c tests in __SC_CUDA_SUPPORT__ ifdef	15 years ago
Martin Beyer	b1c577f829	cuda streams support in b2g-cuda MPM	15 years ago
Martin Beyer	0ce86efe40	cuda handlers support multiple CUmodules per context	15 years ago
Martin Beyer	621815ded0	cuda-packet-batcher timeout supports float values	15 years ago
Anoop Saldanha	7dd2392dea	updated cuda todos. Please look at cuda-packet-batcher.c to have a look at the new todos	15 years ago
Anoop Saldanha	c734cd1bdd	make cuda mpm parameters configurable	15 years ago
Anoop Saldanha	2c08aebec1	enable write combined memory for cuda mpm. Some other minor cleanup	15 years ago
Martin Beyer	8adff3c63c	use of pagelocked memory for CUDA	15 years ago
Victor Julien	0e8e8e3728	Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing.	15 years ago
Victor Julien	b7a5f16b69	Fix FlowBitsTestSig06 test no longer working properly.	15 years ago
Victor Julien	39dea56a84	Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check.	15 years ago
Victor Julien	6943a7eb8c	Move updating the time from the pcap callback to the decoding stage in file mode.	15 years ago
Anoop Saldanha	ceb7fd748e	support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine	15 years ago
Victor Julien	16e4e3fe50	Fix request-body-limit option for libhtp config.	15 years ago
Victor Julien	39a5348d2b	Remove dead pcre code.	15 years ago
Victor Julien	6ebe7b7cd3	Change the way the request body limit is enforced.	15 years ago
Victor Julien	0cd2bce7da	Manually add unittest by Pablo Rincon from bug #210.	15 years ago
Anoop Saldanha	8bd6a38318	support relative pcre for http header. All pcre processing for http header moved to hhd engine	15 years ago
Anoop Saldanha	2b781f00d7	support relative pcre for client body. All pcre processing for client body moved to hcbd engine	15 years ago
Victor Julien	0a58f0728a	Remove redundant checks in http header and http client body code.	15 years ago
Anoop Saldanha	8c21511c99	don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage	15 years ago
Victor Julien	2422c7471a	Reduce number of locks required for http_header and http_client_body inspection.	15 years ago
Victor Julien	55ca988222	Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere.	15 years ago
Victor Julien	435d0fb327	Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering.	15 years ago
Victor Julien	169aa5581a	Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose.	15 years ago
Victor Julien	d7b92d9bfe	Consolidate several signature flags into one.	15 years ago
Victor Julien	2102a54c26	Cleanup and rearrange detection code slightly.	15 years ago
Anoop Saldanha	25588b6910	comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well	15 years ago
Anoop Saldanha	e50503e820	cleanup/remove dead code	15 years ago
Anoop Saldanha	93fa7ea828	modify detection engine to run hrhd mpm before building the match array	15 years ago
Anoop Saldanha	ea3fd38291	fix lock issue with mpms inspecting http state for body, header	15 years ago
Anoop Saldanha	b140ed1c9c	modify detection engine to run hhd mpm before building the match array	15 years ago
Anoop Saldanha	4e273f2c8b	modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set	15 years ago
Anoop Saldanha	72b0fcf419	modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set	15 years ago
Anoop Saldanha	6648d1faf0	allow sigs for http uri of the form content:one; content:two; distance:0; http_[raw_]header;	15 years ago
Anoop Saldanha	8f1d17846f	allow sigs for http uri of the form content:one; content:two; distance:0; http_uri;	15 years ago
Anoop Saldanha	07f20674ac	allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body;	15 years ago
Victor Julien	6a5d2cb40d	Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code.	15 years ago
Anoop Saldanha	eecf2d7e13	Add the makefile.am addition that I forgot to add in the previous commit for http_raw_header	15 years ago
Anoop Saldanha	7ec0382774	support fast pattern for http raw header. Also support relative modifiers for http raw header	15 years ago
Victor Julien	0c806f70bb	Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled.	15 years ago
Victor Julien	1a32d9b5ec	Fix printing unprintable characters in the engine-analysis fast_pattern mode.	15 years ago
Anoop Saldanha	075719ea8c	fix fast pattern unittests	15 years ago
Victor Julien	18d3c87947	Add check to fast pattern keyword to make sure that the offset and length don't exceed the actual pattern length.	15 years ago
Anoop Saldanha	c61c68fd36	mpm and fast pattern support for http_header. Also support relative modifiers for http_header	15 years ago
Anoop Saldanha	778ec0939c	make client body buffer limit configurable. Also some minor changes	15 years ago
Anoop Saldanha	fc46f216ca	detect-http-header.c cleanup before we start working on it	15 years ago
Anoop Saldanha	302011dbca	fix compilation issues with debug enabled.	15 years ago
Anoop Saldanha	0aa5cffb12	fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added	15 years ago
Anoop Saldanha	c227aeeacb	remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine	15 years ago
Anoop Saldanha	bbd0c5056b	store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq	15 years ago
Anoop Saldanha	68b78664fa	Add unittests for checking content flags. Fix indentation in PopulateMpmAddPatternToMpm(). Also fix DETECT_CONTENT_IS_SINGLE	15 years ago
Anoop Saldanha	b15ada8102	set content_packet_mpm and content_stream_mpm flag for content to prevent double check inside inspection code	15 years ago
Anoop Saldanha	67aecc73c2	set content_uri_mpm flag for uri content to prevent double check inside inspection code	15 years ago
Anoop Saldanha	1cd8bd3d3c	make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c	15 years ago
Anoop Saldanha	6df051321f	fix fp when content is negated and also added to mpm	15 years ago
Anoop Saldanha	5c6a65dc58	support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch]	15 years ago
Victor Julien	234656e5f6	Fix compilation in --enable-debug mode.	15 years ago
Anoop Saldanha	eade60f0fd	make some name changes. break PopulateMpm(). Set the avoid mpm double check flags	15 years ago
Anoop Saldanha	96bf15bd74	unifying content structure - http_stat_msg now uses DetectContentData	15 years ago
Anoop Saldanha	4c53a9d606	unifying content structure - http_header now uses DetectContentData	15 years ago
Anoop Saldanha	1957eee389	unifying content structure - http_method now uses DetectContentData	15 years ago
Anoop Saldanha	041f5b1a4f	unifying content structure - http_cookie now uses DetectContentData	15 years ago
Anoop Saldanha	f05b0f4e1e	unifying content structure - http_client_body now uses DetectContentData	15 years ago
Anoop Saldanha	4883efd0f6	unifying content structure - uricontent now uses DetectContentData	15 years ago
Anoop Saldanha	3b0a9ca97e	add support for http_uri; content fast_patterns	15 years ago
Anoop Saldanha	3c73854d2d	completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx	15 years ago
Anoop Saldanha	fde2c64ea7	fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format	15 years ago
Anoop Saldanha	a6899218fc	remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm()	15 years ago
Anoop Saldanha	6eaba8941c	Use new flags to indicate uricontent has a mpm set	15 years ago
Anoop Saldanha	46b4806d8e	use a single populatempm() function to add the right content for mpm	15 years ago
Anoop Saldanha	4a038511ff	Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes	15 years ago
Anoop Saldanha	ede7be34b5	replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH]	15 years ago
Anoop Saldanha	3d2f81d978	replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH]	15 years ago
Anoop Saldanha	a7353be20d	replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH]	15 years ago
Anoop Saldanha	e0476242c6	replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH]	15 years ago
Anoop Saldanha	e54358a9e1	replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]	15 years ago
Anoop Saldanha	82fd581b64	replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH]	15 years ago
Anoop Saldanha	3656879aa0	fix some dce opnum/stub tests that would have shown success always irrespective of test results	15 years ago
Anoop Saldanha	4b77f132df	add support for sigs with uricontent fast_pattern	15 years ago
Anoop Saldanha	ea8eaf31aa	Fix fast_pattern tests that always showed success, irrespective of test results	15 years ago
Victor Julien	966c7349d3	Make sure we have a response message before inspecting it in http_stat_msg.	15 years ago
Victor Julien	07ec1ee10e	Slightly cleanup detect-engine.sgh-mpm-context option parsing.	15 years ago
Anoop Saldanha	c89507836b	if sgh-mpm-context is not available in conf, alias the auto case inside the engine	15 years ago
Victor Julien	bac621760e	Fix a potential invalid memory read in the protocol name code used by alert-fastlog.	15 years ago
Gurvinder Singh	f92ba23331	add the support for >= and <= operator for byte_test	15 years ago
Victor Julien	412498f4e4	Converts port vars in http logger from uint32_t to Port and update output.	15 years ago
Gurvinder Singh	b7ff6537d2	fixed the incorrect port issue in http.log	15 years ago
Victor Julien	275bd3b7d7	Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests.	15 years ago
Victor Julien	dec4218d62	Layout updates to NFQ runmode.	15 years ago
Victor Julien	7e49aa7f76	Simplify NFQ runmode reducing the number of threads and thus queues.	15 years ago
Victor Julien	7e6f01765f	Change default of detect-engine.sgh-mpm-context to auto.	15 years ago
Victor Julien	001f91056e	Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242.	15 years ago
Victor Julien	4598274d07	Fix depth error messages referring to distance instead of depth, fix their layout.	15 years ago
Victor Julien	afdb39e5f6	Print an error if the protocol field of a signature contains a unknown/invalid value.	15 years ago
Victor Julien	8d0bc27fc4	Fix a case where alerting in inline mode would lead dropping on alert sigs.	15 years ago
Victor Julien	5a10eac5bd	Cleanup http_stat_code unittests, shrink data structure.	15 years ago
Victor Julien	1636152e32	Fix negated http_method not working properly, causing false positives.	15 years ago
Gurvinder Singh	b7da115e6d	support for http_stat_code keyword has been added to detection module	15 years ago
Gurvinder Singh	1deae70cf7	added http_stat_msg keyword support for detection module	15 years ago
Jason Ish	a4d19e4130	Add new profiling sort option, maxticks.	15 years ago
Anoop Saldanha	59923316bc	change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval	15 years ago
Anoop Saldanha	5d9a453e0d	find an optimal value for detect-engine:inspection-recursion_limit + unittest	15 years ago
Anoop Saldanha	bc99328ec8	define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code	15 years ago
William Metcalf	efeab331ea	compilation fix missing UT ifdef wrapper in reference code	15 years ago
Victor Julien	746ef0d2f8	Remove stray newline char from profiling output.	15 years ago
Victor Julien	3062b19068	Clean up output of signature ordering module.	15 years ago
Victor Julien	001dcaae84	Minor reference.config support changes: improve error handling, reduce hash table size.	15 years ago
Anoop Saldanha	88d94b136d	Support for reference.config file	15 years ago
Anoop Saldanha	f5a02833dd	code cleanup in detect-reference.c	15 years ago
Victor Julien	344ea14695	Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility.	15 years ago
Victor Julien	41fd7e51c6	Really add secunia reference support.	15 years ago
Victor Julien	33170fd181	Add secunia reference pending our reference.config support.	15 years ago
Anoop Saldanha	067e53403c	add missing sig_app_layer flags for dce sigs	15 years ago
Victor Julien	26fd2a0afd	Add telus and bid references for etpro.	15 years ago
Victor Julien	2b187a2721	Remove a BUG_ON statement from the payload inspection code.	15 years ago
Victor Julien	f2e6ec7374	Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc).	15 years ago
Anoop Saldanha	2cdb5be391	Print out file name for fast_pattern engine_analysis. Also add some info logs	15 years ago
Anoop Saldanha	0c5b82d891	provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern	15 years ago
Victor Julien	3bd7441ea5	Default to 'single' ctx for ac-gfbs as well.	15 years ago
Anoop Saldanha	e072841e93	hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones	15 years ago
Anoop Saldanha	de5db1a730	support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table	15 years ago
Anoop Saldanha	8628c572df	update todos for ac. Cleanup some memory as well.	15 years ago
Anoop Saldanha	a2d04a94b5	selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise	15 years ago
Anoop Saldanha	5cc7f90f45	fix hash bug in ac-gfbs. Should reduce the no of patterns added for single context ac-gfbs from a million to a couple of thousands. Also support no case handling. \todo support insertion of final state presence into goto_table and failure table state transitions	15 years ago
Anoop Saldanha	ded1f63323	fix ac nocase handling	15 years ago
Anoop Saldanha	174048544d	fix hash generation in b2g and ac addpattern. Brings down the no of patterns added from close to a million to a couple of thousands	15 years ago
Anoop Saldanha	29b5cb9abd	respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh	15 years ago
Anoop Saldanha	0ef684705c	support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup	15 years ago
Anoop Saldanha	b367c37ae6	suricata.yaml conf update to support single mpm context distribution over multiple sghs + code to parse this conf	15 years ago
Anoop Saldanha	4b2cf7e125	fix ac, ac-gfbs to support new changes to util-mpm.h + remove some junk code	15 years ago
Anoop Saldanha	b9a770740a	add comments and todos for ac and ac-gfbs	15 years ago
Anoop Saldanha	658ff5753d	aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table	15 years ago
Victor Julien	bfb6aac495	Sleep after checking for a thread flag in TmThreadWaitOnThreadInit now that the check is so much cheaper.	15 years ago
Victor Julien	9634389b9e	Fix TmThreadsUnsetFlag not unsetting flag if __sync_fetch_and_nand was used.	15 years ago
Pablo Rincon	fcff1ce7f4	Converting threadvar flags to atomic vars to avoid using the old spinlock	15 years ago
Anoop Saldanha	b8f5a6a4fc	throw out contents/uricnotents with invalid hex assembly	15 years ago
Anoop Saldanha	850f44022f	invalidate sigs with content/uricontent strings ", "boo, boo" + fix parsing content strings of the format content: !\"boom\";"	15 years ago
Victor Julien	5a7efe5f97	Add comment and layout update to new fast_pattern code.	15 years ago
Anoop Saldanha	a85fa6b792	support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis	15 years ago
Anoop Saldanha	0d741b9a55	fix for bug 227. For negated contents that have been added to mpm we might have pmq.pattern_id_array_cnt as 0. We can't ignore inspecting sigs if this is 0, in case the content added is negated	15 years ago
Jason Ish	9ad1924dba	Track the max ticks for each rule. ... This is the highest tick count this rule used to evaluate in a single sample.	15 years ago
Pablo Rincon	b3a8f0a90f	Fix asn1 decoder frame oob mem. Adding max stack frames to suricata.yaml	15 years ago
Victor Julien	25d1b6fec1	Adapt malloc macro's to only display errors during init, not during runtime. At runtime it could make us crawl if the system runs out of memory.	15 years ago
Victor Julien	22f770f3bf	Better handle low memory conditions.	15 years ago
Victor Julien	21c8d27300	Disable expensive unittests that don't really test anything.	15 years ago
Anoop Saldanha	7abf3a2123	fix csum handling for tcp/dup	15 years ago
Victor Julien	f1ea68e316	Store the first frag flag in the uuid as the pfc_flags field is overwritten. Part of fixing #206.	15 years ago
Pablo Rincon	14a12f5fb7	Adding atomic bitwise operations api and rwlocks support	15 years ago
Victor Julien	b8a709cbe7	Fix setting hash size in the config for b3g. Part of fix for bug #222.	15 years ago
Anoop Saldanha	e47a9b59e9	accept tcp packets with syn+urg+push	15 years ago
Gurvinder Singh	f2f0b54d25	removed xref from the alert-fastlog	15 years ago
Victor Julien	aa2c3118e3	Remove unused code from b2gm.	15 years ago
Gurvinder Singh	3eab715153	support for printing protocol names for known protocol	15 years ago
Victor Julien	b81280524c	change dcerpc warnings into debugs.	15 years ago
Victor Julien	4208bdf0f9	Fix unittest.	15 years ago
Victor Julien	cbd4c298ed	Initial version of a new bitmask based signature pre-filtering method.	15 years ago
Victor Julien	7e47d87e1a	Small layout update	15 years ago
Victor Julien	66340be072	Fix pcre compilation with debug enabled.	15 years ago
Victor Julien	091f53ce4e	Fix retval of SCMemcmp for non-SIMD implementation.	15 years ago
Victor Julien	a75556dfe5	Add memcmp functions for SSE4.1 and SSE4.2.	15 years ago
Victor Julien	1859ed54c7	Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp.	15 years ago
Victor Julien	94898a91cc	Reorganize SigMatchSignatures.	15 years ago
Victor Julien	fc248ca7a1	Many small performance updates.	15 years ago
Victor Julien	b4454b6846	Switch to b2gc as default pattern matcher as it uses less memory and is a little faster.	15 years ago
Victor Julien	57b098e98c	Add padding to commonly used data structures.	15 years ago
Victor Julien	87f88867f4	Further improve B2gc. Add B2gm. Improve memory layout.	15 years ago
Victor Julien	4329261faa	Fix setting hash size in the config for b2g pattern matcher.	15 years ago
Victor Julien	697167319e	Change BloomFilter structure layout to reflect order of access.	15 years ago
Victor Julien	3971bcc83a	Switch to faster tolower function for u8_tolower.	15 years ago
Victor Julien	9dfbab42f8	WIP B2gc	15 years ago
Victor Julien	fc1687d875	Make sure the DetectHttpMethodData structure is properly initialized before using it.	15 years ago
William Metcalf	7b13ba9f9e	Fixed broken nocase for http_method and http_header	15 years ago
Anoop Saldanha	ea902cc7d7	fix bytejump segv from bug 237	15 years ago
Anoop Saldanha	38898d9b30	fix bytetest segv from bug 237	15 years ago
Anoop Saldanha	6e5a48c92c	temporary fix, in case we still have any corner cases remaining in dce parser	15 years ago
Anoop Saldanha	24a88a689a	fix opnum parsing for fragmented request dce pdus	15 years ago
Anoop Saldanha	1097de0d9d	changed the endianness comparison to & for dcerpc pdus	15 years ago
Anoop Saldanha	a3280c1a20	throw out malformed pdus, that result the parser having parsed the required data, but we still havne't thit the frag length limit for the parser	15 years ago
Anoop Saldanha	1aea3e56be	for now ignore pdus with auth verifier. We will get back to this in the coming iteration	15 years ago
Anoop Saldanha	fc37e9d6ee	add internal ids to uuids. Use these internal ids to match uuids from bind and bind_ack. Create a new uuid list to hold all accepted uuids. Modifications to dce-iface to accomodate these changes as well + unittests	15 years ago
Anoop Saldanha	816d2ef0c0	if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this	15 years ago
Anoop Saldanha	5c5d8f8a5d	indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch	15 years ago
Anoop Saldanha	38e26e5186	modify the dce parser to accept context ids that start with a non-zero value	15 years ago
Anoop Saldanha	d57428471c	fix endianness handling for bindacksecondaryaddrlen	15 years ago
Anoop Saldanha	ba9355d688	Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well.	15 years ago
Anoop Saldanha	00f21252fa	support fragmented pdus in dce + unittest	15 years ago
Anoop Saldanha	ebc1f62050	some additional indentation changes in DCERPCParser	15 years ago
Anoop Saldanha	c2bc8ca252	fix mem leak in tailq that holds dce uuids	15 years ago
Anoop Saldanha	1c443677b2	fix indentation in DCERPCParser	15 years ago
Anoop Saldanha	fe700737a3	fix null dereference in detect parse test - clang fix	15 years ago
Gurvinder Singh	892dea31e4	added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit	15 years ago
Victor Julien	1c1c8cef89	Print engine uptime on the same line as date and time.	15 years ago
Gurvinder Singh	1d0492e2e7	added support to print the engine uptime in stats.log	15 years ago
Victor Julien	e7cb7c6b97	Make outputs part of the flowpinned threads in the AutoFp runmode.	15 years ago
Victor Julien	99ad338e91	Bump version to 1.0.2	15 years ago
Victor Julien	0eb0d48f35	Disable broken unittests and fix one.	15 years ago
Victor Julien	f1e6e80a1e	Properly set tmp_ra_base_seq in streams. By Gurvinder.	15 years ago
Gurvinder Singh	6a5bc52461	support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them	15 years ago
Victor Julien	bc55fb27dc	Compiler warning fix for memory macro's. Small layout changes.	15 years ago
Pablo Rincon	06a65cb460	moving http_client_body logic to use it per transactions. Adding unittests	15 years ago
Pablo Rincon	ee34c70ad8	Reference atomic vars with SC_ATOMIC_EXTERN properly (considering if we support atomic operations or not)	15 years ago
Pablo Rincon	5c43db85ce	Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection	15 years ago
Pablo Rincon	76af1b049b	Make malloc errors on initialization stage a fatal error, resulting on a exit() call	15 years ago
Anoop Saldanha	eb9adf8129	fix NULL indirection while parsing dce sigs - clang fix	15 years ago
Anoop Saldanha	f094523eb1	clang fix - some minor fixes for unittests	15 years ago
Pablo Rincon	bbab0f9987	Set default gid to 1 on Sig init	15 years ago
Pablo Rincon	8f3322ef73	Fix segv condition on DetectHttpMethodMatch (if the applayer unset the connp)	15 years ago
Pablo Rincon	f225bd1428	Adding modifiers /C /H and /M to pcre (http cookie, header and method)	15 years ago
Victor Julien	1d73e1fb7e	Small update to the ssh module: fix a valgrind warning and a couple of compiler warnings. Do a few small style updates.	15 years ago
Pablo Rincon	9d7baa7a9f	Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion	15 years ago
Gurvinder Singh	0dab0e3935	fix the reassembly depth test (bug 216)	15 years ago
Victor Julien	610b7702ba	Bump version to 1.0.1	16 years ago
Victor Julien	04d3832d8f	Remove ports check and fix small typo.	16 years ago
Victor Julien	a492518e7a	Properly detect detect-event-only sigs.	16 years ago
Pablo Rincon	21d79b05ad	Fix for bug221 (avoid considering sig as "decoder event only" if ports are specified). Now the sig gets grouped to get a sgh at SigMatchSignatures	16 years ago
Victor Julien	f081577fe4	Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1.	16 years ago
Victor Julien	6299fbfb0f	Fix stream msg content inspection not inspecting the correct id.	16 years ago
Anoop Saldanha	526a782002	temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus	16 years ago
Anoop Saldanha	361cf14f50	fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id	16 years ago
Anoop Saldanha	8c774a1e2a	fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting	16 years ago
Anoop Saldanha	52bb4c0670	fix endless loop in dce parser. fix parsing error of secondaryaddrlen for bindack	16 years ago
Anoop Saldanha	cda1efff29	fix mem leak in tailq that holds dce uuids	16 years ago
Anoop Saldanha	154a48fada	parse fragmented dce rpc headers correctly. Also some other minor fixes	16 years ago
Anoop Saldanha	c7fdc5ebda	do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus)	16 years ago
Anoop Saldanha	73241fc86c	support fragmented puds in dce + unittest	16 years ago
Anoop Saldanha	3ae45e5bbc	fix indentation in DCERPCParser	16 years ago
Victor Julien	c62a3d995e	Fix signatures with trailing spaces being rejected by the regex. Add test.	16 years ago
Anoop Saldanha	60c770c434	make pcre respect discontinue_matching flag in content matching functions	16 years ago
Kirby Kuehl	e8ecc94d6a	fix multiple dcerpc fragments in one packet	16 years ago
Anoop Saldanha	ce4bc5a63b	some minor modifications to the b2g cuda tests	16 years ago
Victor Julien	c25921edf0	Add config output for new stream settings.	16 years ago
Anoop Saldanha	3a0dadc0f3	Fix seg fault while running cuda tests. Don't set the alarm while running unittests, inside cuda-packet-batcher.c. Will result in a seg while the sig handler for ALRM in invoked	16 years ago
Anoop Saldanha	3536ba7348	fix seg fault due to premature cleanup/double cleanup for byte(jump|test), isdataat, on seeing no previous relative keywords	16 years ago
Pablo Rincon	c1486d7f2e	Fix bug 217 (segv on profiling summary if no rule was specified	16 years ago
Victor Julien	d1ce1c502b	Fix -Wall -Werror compilation after unittests update.	16 years ago
Pablo Rincon	0c3906a99b	Fix for bug 204 (signature ordering with flowbit priority)	16 years ago
Victor Julien	1071a53210	Fix unittests after ip_proto keyword change.	16 years ago
Pablo Rincon	70bda6506d	Fix for bug 180 (check proto specified at the IP hdr)	16 years ago
William	f7ab84ca83	PF_RING hang at exit fix	16 years ago
Victor Julien	1bd2d59253	Merge decode and stream threads in RunModeIdsPcapAuto like in the file runmode. Fix these runmodes not adhering to the cpu affinity setting if CUDA is compiled in.	16 years ago
Anoop Saldanha	ead29dc691	make detection engine use dce alstate(if present), on seeing smb traffic	16 years ago
Victor Julien	7acb97da9d	Use same mpm prepare procedure for uricontent as for normal content. More cleanups.	16 years ago
Victor Julien	9ba11dbfbd	Clean up detection engine mpm initialization phase.	16 years ago
Victor Julien	37ca07b687	Fix segv on loading signatures with unsupported combinations of pcre and the relative flag.	16 years ago
Victor Julien	0d008c8135	Change stateful detection engine to be able to start the stateful detection separate from other sigs. Fixes bugs #213, #214, #215.	16 years ago
Victor Julien	05ae4f99d8	Kick out invalid signature with uricontent and flow:to_client or flow:from_server.	16 years ago
Victor Julien	a9e78871fe	Really fix bug 205 this time, repair a broken unittest.	16 years ago
Pablo Rincon	34bb107f2c	Fix for bug 207 (depth/offset not correctly updated on certain cases)	16 years ago
Victor Julien	ef27234959	Comment out broken SSLParserTest03 test.	16 years ago
Victor Julien	196e572daa	Make sure holding up to_client reassembly stops after the proto is detected or we're sure we'll never detect it. Fixes issues related to bug 205.	16 years ago
Victor Julien	689d05b10b	Add missing protocol check in the sig matching process. This prevents FP's such as the one reported in bug #209.	16 years ago
Pablo Rincon	4c94a27b71	Fix bug 205 (at stream-tcp-reassemble)	16 years ago
Anoop Saldanha	b7a57c5210	fix setting the right value for parsed bytes in case of fragmented BIND dce PDUs	16 years ago
Anoop Saldanha	b94eaec7c2	implement relative pcre matching in detect-engine-(payload|uri|dcepayload).c. Also fix within/distance handling of RELATIVE_NEXT flag for uricontent	16 years ago
Anoop Saldanha	3a375aa43a	fix relative contents with a negated content for detect-engine-(uri|dcepayload).c like how we did for detect-engine-payload.c	16 years ago
Anoop Saldanha	ae3148aded	fix false positives for a negated content case	16 years ago
Victor Julien	0219b767b8	Fix a content pattern matching bug related to signature grouping and mpm_ctx sharing. In certain conditions (signature combinations) the mpm_stream_ctx (the ctx that handles stream pattern scanning) wasn't properly setup.	16 years ago
Kirby Kuehl	18840bd96e	properly handle bytecount of 0	16 years ago
Gurvinder Singh	7577823cdf	support for stopping the evasion, which is caused by the use of TCP RST packets for linux based systems	16 years ago
Gurvinder Singh	f0928a4555	support for enforcing the depth until when the reassembly will be performed	16 years ago
Victor Julien	13045683ff	Reenable and fix AlpDetectTestSig5	16 years ago
Pablo Rincon	c6e090f72c	App layer proto specific sigs (use the app layer to match proto)	16 years ago
Victor Julien	102092a89c	Make signature address matching more cache efficient.	16 years ago
Victor Julien	1eec149f5e	Use Address structure in DetectAddress struct.	16 years ago
Victor Julien	66dee577d7	Force stream reassembly on streams where we didn't yet detect the protocol if the stream is closing.	16 years ago
Anoop Saldanha	07491f8887	add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer	16 years ago
Anoop Saldanha	89e3d92cdb	fix creating a static array of length 0 in SigMatchGetLastSMFromLists - clang fix	16 years ago
Gurvinder Singh	8b0ca4f628	support for seperate memcaps for reassembly and stream engine	16 years ago
Victor Julien	c6ddcda7f8	Improve out of memory handling during initialization.	16 years ago
Victor Julien	718fecb6fc	Better handle low memory conditions.	16 years ago
Victor Julien	f07997fd4a	Don't set negated uricontent signature flag twice.	16 years ago
Pablo Rincon	b7076a8ea0	Don't avoid inspecting uricontents if we get no match. It can be negated uricontents (and urilens/pcre..). But at least skip the search if we get no match	16 years ago
Anoop Saldanha	016af36051	todo list for cuda-packet-batcher	16 years ago
Anoop Saldanha	42830d1c5b	fixes for dce_stub_data and content data sig parsing + more unittests	16 years ago
Pablo Rincon	169cb22dc6	Updating other http modifiers for sigs with fast_pattern option	16 years ago
Pablo Rincon	e7b537cec3	Fixing unittests for fast_pattern options compatibility	16 years ago
Victor Julien	bfd167521e	Fix DCERPC over SMB/SMB2 detection issues. Fix not updating transaction id in a stream direction if there was no sgh.	16 years ago
Victor Julien	a4951286e9	Bump version to 1.0.0	16 years ago
Pablo Rincon	cc8068be0a	Print also the Signature raw string	16 years ago
Pablo Rincon	742f066fa2	Updating the http modifers that cannot be loaded with fast_pattern	16 years ago
Pablo Rincon	693d4f54eb	Load signatures with incompatible fast_pattern option (due to design differences for optimization)	16 years ago
William Metcalf	50eb3cba6a	seems to be a race between FlowTestPrune and FLOW_DESTROY in FlowTest0* comment out the later for now	16 years ago
Victor Julien	b4db93fa94	Remove leftover printf.	16 years ago
Anoop Saldanha	673322f01f	unittests for dce_stub_data content based singature parsing + fixes	16 years ago
Anoop Saldanha	ce8d27425d	fix signature parsing to how snort does it for content based keywords along with dce_stub_data	16 years ago
Victor Julien	1fb11e939a	Improve configure messages. Make sure CUDA doesn't try to process packets that are too big.	16 years ago
Victor Julien	e14331cbb2	Fix PACKET_RECYCLE not cleaning all of the packet.	16 years ago
Victor Julien	8d737310aa	Use 'simple' queue for cuda too. Fix hanging in cuda mode.	16 years ago
Victor Julien	3c1ae607cf	Fix cuda compilation.	16 years ago
Anoop Saldanha	33f4beb0bc	batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms	16 years ago
Victor Julien	b3c22cd512	Improve app layer proto check.	16 years ago
Victor Julien	39cb1bdbda	Fix app layer sigs being recognized as decoder event only or ip only.	16 years ago
Victor Julien	587a53b904	Disable per second counters as they are unreliable.	16 years ago
Pablo Rincon	8f9bcef0e2	This patch for app-layer-ssl fix the bug #198 (SSLParserTest01). It seems that with -O2 and -O3, the compiler doesn't handle the initialization correctly (weird..)	16 years ago
Pablo Rincon	7003dc5c0d	Fix valgrind ctx error on asn1 test 06	16 years ago
Victor Julien	d41b5645ef	Make sure decoder event rules are inspected even if the packet is invalid and has no addesses or proto. Update fast log and alert debug log to display the alerts. Fixes #179.	16 years ago
Victor Julien	92858a211d	Fix STREAM_EOF flag overwriting STREAM_START flag on short streams. This made us miss short HTTP sessions.	16 years ago
Victor Julien	634b328d38	In case of error in pcap file reading mode, we shut the engine down hard instead of gracefully.	16 years ago
Victor Julien	426a7de5f2	Fix compiler warning about incomplete prototype (2).	16 years ago
Victor Julien	18c923318a	Fix bug where valid FIN packets would be rejected.	16 years ago
Victor Julien	67429e523f	Fix compiler warning about incomplete prototype.	16 years ago
Anoop Saldanha	fa373516c5	fixes the offset case for content matches + a case not handled by the prevous fix for multiple relative content matches. fix for payload.c dcepayload.c and uri.c	16 years ago
Anoop Saldanha	92eb380594	multiple relative content matches changes for detect-engine-dcepayload.c and detect-engine-uri.c like how we did for detect-engine-payload.c	16 years ago
Anoop Saldanha	5fb6981e9e	content handling changes in detect-engine-payload.c for multiple relative matches	16 years ago
Anoop Saldanha	a059ff276e	byte test and byte jump update dce matching option	16 years ago
Victor Julien	05d382f533	Fix broken stream engine config initialization: due wrong casts settings could be overwritten in memory.	16 years ago
Victor Julien	ec277b292c	Fall back to the old mutex based queue's to see if that fixes an obscure lockup at higher optimization levels in gcc in file pcap mode.	16 years ago
Victor Julien	ecb5fd3298	Add missing util-validate.h	16 years ago
Pablo Rincon	b8b511a54e	Avoid mem allocations while searching on radix trees (temporal prefix)	16 years ago
Victor Julien	1d74797b17	Attempt to work around NULL packets we're seeing ending up in queues when the compiler has optimized our code.	16 years ago
Pablo Rincon	868d4614b9	Tag engine improvements. Output tags only on unified format. Added atomic counter for tagged hosts/sessions	16 years ago
Victor Julien	8cdd02877f	Add unittests for ringbuffer.	16 years ago
Victor Julien	e685579231	Add optional structure validation code.	16 years ago
Victor Julien	b67fb5229b	Fix pcap file auto flow pinned runmode (disabled by default).	16 years ago
Victor Julien	393acd77d2	Detection improvements: uricontent escaping now working, better negated pattern (content) handling.	16 years ago
Gurvinder Singh	154a8b1ed9	fixed the build failure with profiling enabled	16 years ago
Victor Julien	37eb2290b0	Add some checks for 'impossible' conditions that become possible after enabling optimizations :-/	16 years ago
Victor Julien	017b95f9ef	More thoroughly cleanup a Packet when we recycle it. Fixes a corner case where we'd have a invalid tcp packet but p->proto would still say IPPROTO_TCP because of a previous run. Fixes bug #187.	16 years ago
William Metcalf	5580f3d9c2	PacketQueue postp added to TmEcodes for ipfw and pf_ring to silence compiler warnings	16 years ago
William Metcalf	876057a4da	missing flow init in DetectTagTestPacket04 fix ut lockup on older os's	16 years ago
Victor Julien	7454336ef5	Make SigWrapper private to detect-parse.c and rename to SigDuplWrapper to reflect it's use and purpose.	16 years ago
Anoop Saldanha	9ecade76b9	in case of duplicate signatures used the one with the latest revision	16 years ago
Pablo Rincon	eedafa3a17	Adding unittests for anchored pcres for anchored	16 years ago
Pablo Rincon	bcb0b9ef9b	Moving urilen inspection to detect-engine-uri. Adding unittests for pcre /U and urilen, in combination with uricontent	16 years ago
Anoop Saldanha	36e4b1830e	add pcre with U modifiers to the umatch sigmatch list. fix for bug 155	16 years ago
Gurvinder Singh	8852b83fa7	flowbits, flowvars, pktvars, flow flags and app layer info added to alert-debug.log	16 years ago
Pablo Rincon	95fef55507	Fix threshold handling ip addr	16 years ago
Victor Julien	580b09c2b8	Make sure we inspect all outstanding reassembled stream chunks (smsg) if the stream is shutting down. Make sure to do inspect signatures that use dsize against the tcp packet payload, even if that payload was already added to the stream. Likewise, the dsize signatures are not inspected against the reassembled stream.	16 years ago
Victor Julien	a3ff0e7210	Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185.	16 years ago
Victor Julien	d500a52b58	Fix valgrind error in tls unittest.	16 years ago
Victor Julien	cff0a0bda2	Fix segv conditions caused by broken flow cleanup code.	16 years ago
Pablo Rincon	a8cb8d830b	Fix for bug 186 and thresholding issue handling ip versions	16 years ago
Victor Julien	6eb7eea705	Fix a data race for packet pool packets when defrag/tunnel code needs a packet.	16 years ago
Victor Julien	a4cb7fced0	Fix thresholding code for packets that are neither (valid) ipv4 and ipv6.	16 years ago
Jason MacLulich	ae095e585b	o Changed SCMalloc to DecodeThreadVarsAlloc in Decode thread initialization. (Ish) o Changed htons to noths. (Ish) o Added support for handling DAG cards running DSM modules and other non-standard ETH ERF types. o Added support for allowing gracefull restarts of the fetch thread if it fails to read an ERF properly.	16 years ago
William Metcalf	d5590962ff	change LogInfo to LogDebug for icmp seq matches	16 years ago
Victor Julien	38c9d843fd	Compiler warning fix for tag, make sure we do timeout checks under lock protection as well.	16 years ago
Pablo Rincon	b931895901	Fixing flow cleanup and ctx initialization	16 years ago
Pablo Rincon	eed0ef6e69	Adding tag keyword support	16 years ago
Kirby Kuehl	83c2cdabcd	remove printf	16 years ago
Kirby Kuehl	f49c743d44	dont alloc 0 length fragment	16 years ago
Victor Julien	6d68d7a450	Disable condition based waiting in ringbuffers until we fix lockup issues.	16 years ago
Victor Julien	0231ec612d	Atomic macro's typo fix.	16 years ago
Victor Julien	8615e87623	Fix dcerpc unittest, add comments.	16 years ago
Kirby Kuehl	3a985a9f5f	fix smb leak	16 years ago
Kirby Kuehl	4545d755dd	add uuid to uuid_list for udp	16 years ago
Kirby Kuehl	c3b9305259	dcerpc udp support	16 years ago
Kirby Kuehl	22d44b0677	dcerpc udp support	16 years ago
Victor Julien	6519a86ec7	Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros.	16 years ago
Victor Julien	cb2fef8680	In the ringbuffers spin before the wait	16 years ago
Victor Julien	c7a744c937	Split ringbuffer queue handler into multiple, for mrsw, srsw, srmw modes.	16 years ago
Victor Julien	1ad289dfff	Add thread cond_t based waiting in the ringbuffer.	16 years ago
Victor Julien	dce323b1f4	Fix SCondWait -> SCCondWait typo.	16 years ago
Victor Julien	167c0295af	Merge different ringbuffer structures.	16 years ago
Victor Julien	012e602c3f	Add a (disabled by default) flow pinned runmode for file pcap.	16 years ago
Pablo Rincon	6950537a76	Move rate_filter rule tracking data from Signature to Threshold context	16 years ago
Pablo Rincon	1ae36b9a6a	Adding rate_filter support for threshold.config, multiline support and unittests	16 years ago
Victor Julien	ca7f54de25	Make sure ICMP unreach packets are not inspected against the flow sgh as it's for the original protocol, not for the ICMP packet. Fixes #174.	16 years ago
Victor Julien	b8fec77f37	Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id.	16 years ago
Victor Julien	26f69aa3a6	Bump version to 0.9.2.	16 years ago
Victor Julien	e46b72758a	Small decode-event code cleanup.	16 years ago
Victor Julien	cdc9570f0e	Have the detect.alerts counter count actual alerts.	16 years ago
Anoop Saldanha	bbb5bf5c51	allow counters clubbing for detect TM	16 years ago
Victor Julien	cb94748dab	Add missing include resulting in a compiler warning.	16 years ago
William Metcalf	0e4235cc94	FLOW_DESTROY added to clean-up UT's that init flow	16 years ago
William Metcalf	9f0bf35cfd	Set -std=gnu99 CFLAG always and Use -march=native by default if supported by installed version of gcc	16 years ago
Victor Julien	2f29b8a724	Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166.	16 years ago
Victor Julien	37442a8a84	Prefilter signatures before fully scanning them.	16 years ago
Anoop Saldanha	60668fd01d	Reset the flags used during stateful detection in ContinueDetection(). Made the tests more descriptive as well	16 years ago
Anoop Saldanha	bb8937477d	dce tests to check SigMatchSignatures()'s working against new dce transactions	16 years ago
Victor Julien	d6709b0961	Fix a segv caused by invalidly accessing the smsg_pmq array.	16 years ago
Victor Julien	8cea3779fa	Move dce payload inspection to stateful detection engine.	16 years ago
Anoop Saldanha	015385c6bd	changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not	16 years ago
Anoop Saldanha	45ea0d914e	dce stub content keywords support using dcepayload.c support for all dce related content keywords	16 years ago
Anoop Saldanha	98433f407c	dce rpc stub data held in separate buffers for request and response pdus	16 years ago
Victor Julien	31261e7583	Improve B2g performance by merging pattern array and hash.	16 years ago
Victor Julien	83b2c8abdb	Improve stateful uri detection code.	16 years ago
Victor Julien	9dd753b5f3	Scan uricontent mpm on demand.	16 years ago
Victor Julien	dd88e46f0c	Fix detect engine state unittest, add another.	16 years ago
Victor Julien	e8fce5f7fa	Convert uricontent scanning to use the detect engine state.	16 years ago
Jason MacLulich	835630efbd	Add initial support for reading packets from a DAG card, we only support reading from a single stream at this time. ... Use the --dag <dagname> cmd line option to specify from which DAG card to read pkts from. Issue at the moment with pkts being ejected during shutdown -- at the moment we ignore any packets that are not of link type Ethernet.	16 years ago
Victor Julien	49d68169ea	Allow the user to disable setting cpu affinity and allow configuring the number of detect threads relative to the number of CPU's/CPU cores.	16 years ago
Victor Julien	cb0bb668eb	Add support for retrieving float and double variables from the configuration.	16 years ago
Victor Julien	b60d2c4345	Fix flags mixup issue in the app layer.	16 years ago
Victor Julien	ba12f3c109	Applayer to flow fixes and cleanups.	16 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	16 years ago
Ondrej Slanina	6bf7d76005	added possibility to run suricata as WIN32 service	16 years ago
William Metcalf	cc76aa4bc6	properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks	16 years ago
Victor Julien	a24f288074	Moving the stream content scanning to have it's own mpm ctx.	16 years ago
Victor Julien	9a08d6c11c	Fixes to stream pattern matching.	16 years ago
Victor Julien	a0c1209a44	Inspect the reassembled stream together with the packet payload in the same direction.	16 years ago
Victor Julien	9f95ab7441	Make sure a stream that has a failing app layer inspection module no longer stops reassembly, but only app layer inspection. This way we can continue to inspect the reassembled stream.	16 years ago
Victor Julien	81f2499834	Store stream msgs processed by the app layer in the tcp session so they can be inspected by the detection module as well. The detection module returns them to the pool.	16 years ago
Victor Julien	3005297af2	Check for being properly setup before activating a thread. Fixes a potential although unlikely null-dereference.	16 years ago
Victor Julien	6c6e6321fc	Fix HTTP HEAD detection code.	16 years ago
Victor Julien	fdd0f3939e	Reduce size of event bit array in the packet structure.	16 years ago
Victor Julien	c26434fef1	Move flow use cnt to atomic and outside of the flow mutex protection.	16 years ago
Victor Julien	87345e5c60	Switch flow memuse counter to the atomic api.	16 years ago
Victor Julien	749fc2613d	Add subtracktion wrapper to the atomic api.	16 years ago
Victor Julien	3484e2abde	Fix flow engine memory handling.	16 years ago
Victor Julien	4dd0169499	Fix detection_filter issue.	16 years ago
Victor Julien	4c3e17d4ab	Fix thresholding issues.	16 years ago
Ondrej Slanina	79443b1991	added INT and TERM signals on WIN32	16 years ago
Pablo Rincon	b491ef2be0	Removing FlowAllocDirect since it's not needed anymore	16 years ago
Victor Julien	2fd31a1a11	Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory.	16 years ago
Victor Julien	b657705d8c	Fix pcap file mode not shutting down on ctrl-c	16 years ago
Victor Julien	dff6795df5	Detect cleanups.	16 years ago
Victor Julien	8e7b147a23	Fix a endless loop condition introduced by the threshold cleanup.	16 years ago
Victor Julien	d470e11352	Disable flowbits stats.	16 years ago
Victor Julien	d8ad975d09	Clean up flags keyword.	16 years ago
Victor Julien	3a8c0d2cfe	Fix ringbuffer number wrap around issue causing buffer items getting overwritten and thus lost.	16 years ago
Victor Julien	8514132851	Cleanup thresholding code.	16 years ago
Victor Julien	f80016530c	Remove unnecessary locking for thread-local packet-queues breaking on Win32.	16 years ago
Anoop Saldanha	f4120ff5d5	wrap multi line macros in do while	16 years ago
Ondrej Slanina	1357914d23	added support for synchronous log output on WIN32	16 years ago
Victor Julien	32e3fea9e6	Exclude parts of a flow that are not changing after init from the flow mutex. Cleanup flow-hash function.	16 years ago
Pablo Rincon	29a6fc2f03	Adding some flow improvements and recovery on emergency mode	16 years ago
Victor Julien	329742c10e	Small ip to pcap dev cleanup.	16 years ago
Victor Julien	1e707803c0	Enable perf counter updates in the ringbuffer queue handler.	16 years ago
William Metcalf	a42fff541f	fix for potential NULL deref on error in detect-http-method.c	16 years ago
Victor Julien	0140a14a15	Introduce atomic operations API that supports GCC's atomic operations and a fallback using (spin)locks. Convert ringbuffer api to use the new atomic api.	16 years ago
Victor Julien	daea85e491	Lock detection state reset function properly.	16 years ago
Victor Julien	0a0b33ef79	Fix adding the http_uri sigmatch to the uri list twice.	16 years ago
Victor Julien	e3fc53ecb9	Fix a corner case where the pcap receive modules could alloc packets at line rate until memory was depleted.	16 years ago
Victor Julien	0a607fce3d	Finish http_uri keyword, fix invalid read issue in one of the tests.	16 years ago
Gerardo Iglesias Galvan	55dfa36963	Add support for http_uri keyword	16 years ago
Victor Julien	2fe77bf65e	Use ringbuffers in the pcap live auto runmode as well.	16 years ago
Pablo Rincon	3b0c4133fc	Fixing asn1 relative offset, negative values	16 years ago
Gurvinder Singh	cda664a8c4	memroy leaks fixes in detection module, app layer and counters	16 years ago
Pablo Rincon	18954a2c4c	app layer ftp fix (mem leak)	16 years ago
William Metcalf	9ce1399db8	Add option for setting pcap buffer size if it is available	16 years ago
Gurvinder Singh	a0fa924c15	fixed the memory leaks in htp and radix tree	16 years ago
Victor Julien	7a6d4b57f0	Add support for class id in classification code. Submitted by firnsy@securixlive.com, thanks.	16 years ago
Gurvinder Singh	a8ca5719f6	fixed the typo in byte_jump and host.c, Thanks to rmkml for pointing out	16 years ago
Gurvinder Singh	0881be3b17	added the support for setting up distance sig when previous keyword is byte_jump (bug 163)	16 years ago
Jason Ish	ea4b7cc33b	add profiling to stateful detection engine + other fixups.	16 years ago
Jason Ish	a9ed9a8196	In profiling output, include a % for each rule.	16 years ago
Victor Julien	53acf08996	Add multi packet reading for pcap live mode. Add a partly lock free multi writer, multi reader ringbuffer.	16 years ago
Victor Julien	4e7df60b2f	Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this.	16 years ago
Victor Julien	6f502f0da5	lockfree ringbuffer wip2, including proper shutdown.	16 years ago
Victor Julien	a48a767efc	Lockfree ringbuffer wip.	16 years ago
Victor Julien	7f29166aa8	Improve memory handling in error conditions in the radix implementation.	16 years ago
Victor Julien	c73e9318b0	Bump version 0.9.1.	16 years ago
Victor Julien	10a3d7343d	Remove unnecessary header inclusion in app layer ssl.	16 years ago
Victor Julien	bc7c9d928f	Fix radix and stateful detect engine memory leaks.	16 years ago
Victor Julien	747daf4bce	Fix typo in depth changes.	16 years ago
Victor Julien	dab679889c	Properly update depth if offset+content_len < depth. Fixes #164.	16 years ago
William Metcalf	e704d90aaa	set proper caps based run_mode	16 years ago
Jason Ish	a93b2e6b84	Support for reading ERF files.	16 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	16 years ago
William Metcalf	0fc8f6cc37	More null deref fixes for util-radix-tree.c	16 years ago
William Metcalf	54da99fe53	compilation fixes for PF_RING and IPFW after removal of mutex_pending	16 years ago
Victor Julien	c2fb90c745	Fix thresholding 'both'. Fixes bug #160.	16 years ago
Victor Julien	2c8282a70b	Fix small memleak in ip only parsing code.	16 years ago
Victor Julien	54c2804ce4	Fix malformed ipv6 packet causing an endless loop in exthdr decoding.	16 years ago
Victor Julien	2910759943	Rename TranslateIPToPcapDev to PcapTranslateIPToDevice and make the length argument size_t.	16 years ago
Ondrej Slanina	55d0d1e7a1	added support for finding pcap device via it's IP.	16 years ago
William Metcalf	179372978f	Null deref fix for detect-id.c	16 years ago
William Metcalf	9728e49773	Null deref fix for detect-tls-version.c	16 years ago
William Metcalf	32a2da147b	Null deref fix for detect-engine-iponly.c	16 years ago
William Metcalf	73d2349149	Null deref fix for detect-engine-port.c	16 years ago
William Metcalf	afa8a2b8ba	Null deref fixe for detect-engine-address.c	16 years ago
William Metcalf	b856e607c9	Null deref fixes for util-radix-tree.c	16 years ago
Victor Julien	98c3f0149c	Improve SSL input validation.	16 years ago
Gurvinder Singh	5fe1dc1d24	support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling	16 years ago