suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	862b708a70	Fix stream unittest.	15 years ago
Anoop Saldanha	88115902b0	Have separate parser vars in smtp to hold dynamic buffers for parsing fragmented lines	15 years ago
Anoop Saldanha	576ec7da66	smtp parser support	15 years ago
Victor Julien	add02a4ef3	Fix handling of FIN/ACK packet on TCP state TCP_FIN_WAIT2.	15 years ago
Victor Julien	16b41a5eff	Use p->proto in detect to determine TCP/UDP/SCTP.	15 years ago
Victor Julien	ebe99a2597	Fix unified2 packet length not being set properly for reassembled stream packets.	15 years ago
Victor Julien	047b19d271	Fix a reassembly bug that in some cases could lead to a crash.	15 years ago
Victor Julien	22a97af226	Only compile byte_extract unittests if --enable-unittests is enabled.	15 years ago
Eric Leblond	5727fac988	cpu affinity: detect a missed invalid case This patch improves the error handling in the definition of cpu set. It detect when the max value is too big and display the name of the invalid cpu set in error message.	15 years ago
Eric Leblond	d34e85c203	Fix #290 : avoid looping when affinity is invalid This patch adds a loop counter to detect when the cpu_set does not intersect the set of available CPUs.	15 years ago
Victor Julien	e5cc68a91f	Attempt to work around missing __WORDSIZE define on FreeBSD.	15 years ago
Victor Julien	4025567a5a	Fix a number of unittests not properly initializing a packet causing issues on some archs.	15 years ago
Victor Julien	43b2e63c1e	Fix minor compiler comments in CUDA code.	15 years ago
Martin Beyer	2f1262b446	fixed cuda build: portability issues and nvcc version check	15 years ago
Martin Beyer	736f09c4bc	fixed ptxdump for python3	15 years ago
Martin Beyer	49d66430bc	build cuda modules with make	15 years ago
Victor Julien	f7f037c1d1	Make sure stateful detection engine inspecting HTTP streams works well for to_client rules as well.	15 years ago
Anoop Saldanha	b4427e81ec	minor fixes in endianness handling in dcerpc and dce detection engine	15 years ago
Kirby Kuehl	acfc9a8ab0	Improve DCERPC big endian support when parsing BIND CTX Items (UUID). Make default byte packing order for the slow path little endian. Byte swapping on slow path will occur if big endian. This is a readability change, not a functional change.	15 years ago
Anoop Saldanha	5ccd9a8347	byte_extract support for isdataat added	15 years ago
Anoop Saldanha	35f3eafa5e	byte extract added to the engine. Detection support added for packet payload, uri and dce detection engines	15 years ago
Eric Leblond	64b069369e	Unified2: Use local variable for header copy Due to the chaining of function call, the per-thread buffer was overwritten. This was causing invalid data to be output. This patch restores a local variable usage for the writing of the header which are rather small and thus should not be a performance and security issue.	15 years ago
Eric Leblond	9d24e3aacc	Fix len computation.	15 years ago
deltay	170efc8d38	Register http parser callbacks in the right place.	15 years ago
Victor Julien	1174df9712	Fix passing a uint8_t as an int. Breaks on some args.	15 years ago
Victor Julien	ad175c8aec	Fix complition on OS/archs that don't support atomic variables.	15 years ago
Victor Julien	0ea883edf3	Fix broken stateful detection unittest.	15 years ago
Victor Julien	3f409db486	Use pmmintrin.h as older gcc's don't have immintrin.h it seems.	15 years ago
Victor Julien	73efb4c70f	Add a app layer state and stateful detection engine counter that makes sure the stateful inspection is only done when the state changes.	15 years ago
Victor Julien	50aceb11eb	Clean up stateful detection code.	15 years ago
Victor Julien	0768ca9806	Fix SIMD mask checking on 64 bit systems.	15 years ago
Victor Julien	350215966b	Fix signature mask bitorder.	15 years ago
Victor Julien	aa822c0ac1	Always reset alert cnt and always increment det_ctx->pkts.	15 years ago
Victor Julien	1e0b050a54	Add more mask flags.	15 years ago
Victor Julien	4b52823ab6	Use 64 bit mask on 64-bit systems.	15 years ago
Victor Julien	e5b6c0f518	Check 32 masks per run instead of 16 in the SIMD code.	15 years ago
Victor Julien	2dbfdd40af	Clean up new SIMD mask checking code, improve non-SIMD checks.	15 years ago
Victor Julien	b421019cef	Match packet mask against 16 signature masks at once using SIMD instructions for SSE3 and up.	15 years ago
Victor Julien	8f43670b16	Add wrappers for aligned memory allocation.	15 years ago
Victor Julien	7e128176d2	Add Vector datatype for SSE operations.	15 years ago
Victor Julien	bc5738d57d	Add compiler and hardware barrier macro's.	15 years ago
Victor Julien	90ebb6f01f	Fix broken fix.	15 years ago
Gerardo Iglesias Galvan	a3e0325075	Don't loose memory if PoolInit fails	15 years ago
Gerardo Iglesias Galvan	363285d485	No need to check array pointer	15 years ago
Gerardo Iglesias Galvan	a2b7b77434	Make sure we always check the result of TmThreadCreatePacketHandler	15 years ago
Gerardo Iglesias Galvan	f545df3ea7	Fix potential issue in TmThreadsSlot1NoIn	15 years ago
Gerardo Iglesias Galvan	a9509eea2e	Fix very minor mem leak when setting bpf filter	15 years ago
Gerardo Iglesias Galvan	4c4c2a5583	Remove dead code from the BoyerMoore implementation	15 years ago
Gerardo Iglesias Galvan	b1e7c0b123	Properly free data in tag match function	15 years ago
Gerardo Iglesias Galvan	570e0ec9e4	Fix potential memory leak in ASN1 parsing code in low memory conditions	15 years ago
Gerardo Iglesias Galvan	313067f47f	Check return code of DetectEngineCtxInit at startup	15 years ago
Gerardo Iglesias Galvan	c968ca0f85	Fix potential small issue with ftell and fseek	15 years ago
Gerardo Iglesias Galvan	dd5e438d6f	Make all access to memory tracking counters in stream engine lock protected	15 years ago
Gerardo Iglesias Galvan	36290297dc	Remove dead code from reference handling	15 years ago
Gerardo Iglesias Galvan	44692c83aa	Properly check retval for config and conversion function calls	15 years ago
Gerardo Iglesias Galvan	5ac8ab9a61	Check inet_pton retval and properly cleanup on error in unittest helper	15 years ago
Gerardo Iglesias Galvan	58f713254e	Make sure return value of fgetc isn't truncated	15 years ago
Gerardo Iglesias Galvan	bd6d1bfac4	Fix potential crash in classtype parsing code	15 years ago
Gerardo Iglesias Galvan	73dd5562c3	Fix potential crash in signature parsing code	15 years ago
Gerardo Iglesias Galvan	91c001f93b	Fix potential crash in initialization cleanup code	15 years ago
Gerardo Iglesias Galvan	5d85b0f7b7	Fix potential crash in ip-only address parsing code	15 years ago
Gerardo Iglesias Galvan	a56592e556	Make sure we do all after the null check in HTPStateFree	15 years ago
Gerardo Iglesias Galvan	c4832814b4	Prevent a memory leak on low memory conditions in http client body handling	15 years ago
Gerardo Iglesias Galvan	2836e0de4e	Fix potential alert-unified-log recourse leak during initialization	15 years ago
Gerardo Iglesias Galvan	0f458495c7	Fix potential prelude recourse leak during initialization	15 years ago
Gerardo Iglesias Galvan	db94f01831	Fix declaration hiding len parameter in IPv6 decoder	15 years ago
Gerardo Iglesias Galvan	305140d081	Silence coverity warning	15 years ago
Eric Leblond	bc68c108a7	NFQ: use per thread allocated data for recv buffer.	15 years ago
Pierre Chifflier	a2b37e7487	Prelude: fix test always returning true Fix wrong logic in test for error handling code. Signed-off-by: Pierre Chifflier <chifflier@wzdftpd.net>	15 years ago
deltay	2856cf0de5	#277 ignore bpf filter if fread failed.	15 years ago
Eric Leblond	4b0c8f6567	Use local thread variable buffer in alert unified2.	15 years ago
Eric Leblond	c8a811e69d	Make use of per function/thread data in alert unified. This patch replaces a local variable buffer by the usage of the data contained in the local thread variable.	15 years ago
Victor Julien	63f6de58cb	Fix HTP unittests that test pre 0.2.6 libhtp issue. HTP config wasn't restored properly.	15 years ago
Victor Julien	326047eec1	Add unittests for debugging a libhtp issue.	15 years ago
Jason Ish	7257fed0f3	Fix bug 288, accept true in output configuration. Refactor a bit to run checks for truth through a common function that takes yes, true, on and 1 as true values.	15 years ago
Anoop Saldanha	b819643635	coverity - logging system buffer overrun fix	15 years ago
Victor Julien	6dba98f277	Remove dead code from flowbits parsing.	15 years ago
Victor Julien	e866aa3e15	Fix TAG removal in certain conditions.	15 years ago
Victor Julien	f4aad76bb4	Make sure we don't process TAG records from the flow multiple times and outside the flow lock.	15 years ago
Victor Julien	6384b39f18	Remove unused and broken htp code.	15 years ago
Victor Julien	e1d4e16645	Simplify packet decoding macro's.	15 years ago
deltay	e3270f20b2	#277 Add -F option to load bpf filter from file	15 years ago
Victor Julien	b73939bcef	Clean up & better check includes to allow Windows to build.	15 years ago
Victor Julien	be5ad4402d	Fix stream reassembly engine compilation on Windows.	15 years ago
Victor Julien	40bf422453	Fix log-pcap compilation on Windows.	15 years ago
Victor Julien	5d9c093d65	Don't compile alert-syslog module on Windows, it doesn't work anyway.	15 years ago
Victor Julien	da086894e5	Remove unnecessary include that breaks windows builds.	15 years ago
Victor Julien	95387b2297	Include <windows.h> to get access to THREAD_PRIORITY_* defines.	15 years ago
Victor Julien	dd97d136a9	Rearrange syslog.h including so we won't fail to build on win32.	15 years ago
Victor Julien	e16a566a96	Account for distance when checking within. Bug #285 .	15 years ago
Victor Julien	7f88158fb3	Remove a debug statement from single pcap file runmode.	15 years ago
Victor Julien	52eb8d2be0	Convert mutex protected tunnel counters to lockless atomic counters.	15 years ago
Victor Julien	54cd3552e1	Remove tunnel_proto field from Packet structure.	15 years ago
Victor Julien	3d22713b09	Convert Packet tunnel variables to bit flag checks.	15 years ago
Victor Julien	75439863ed	Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15.	15 years ago
Victor Julien	d3f19a3851	Fix memcmp checks that prevent reading past buffer boundary.	15 years ago
Victor Julien	4a2d4eef5a	Properly reset IPv6 extension headers structure.	15 years ago
Victor Julien	962462e470	Fix SSE memcmp functions reading beyond the buffer. Add tests to bench them.	15 years ago
Victor Julien	ece8e5444b	Minor profiling fix: don't close stdout.	15 years ago
William	d74fe520e5	Experimental support for PCRE-sljit enable via --enable-pcre-sljit	15 years ago
William	85643fe780	Convert to logging perf stats to file by default. Add a few columns to output avg ticks per match, avg ticks non match, allow sorting on based on them.	15 years ago
Victor Julien	36917c7d66	Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test.	15 years ago
Victor Julien	a3e2b35536	Add configure check for new htp 0.2.5 uri normalize hook.	15 years ago
Victor Julien	15ce850387	Add support for new libhtp htp_config_register_request_uri_normalize callback.	15 years ago
Anoop Saldanha	6e0d98d9c4	fix valgrind issue for SMB test. Small restructuring. probing_parsers global variable now part of AlpProtoDetectCtx	15 years ago
Anoop Saldanha	7f8fb0f00d	fix bounds checking in smb probing parser	15 years ago
Victor Julien	149ee6b648	Disable to_client http detection. Libhtp expects to_server data first.	15 years ago
Victor Julien	8999de2f93	Add proper RST handling to all TCP states.	15 years ago
Victor Julien	9a58a02559	Wrap HTP code that is only used in debug mode in debug ifdefs.	15 years ago
Victor Julien	a5d9c86dd3	Shrink Flow structure with 20 bytes (on 32 bit) and reorder it. Clean up init, recycle, destroy macro's.	15 years ago
Anoop Saldanha	61635f302c	indentation changes in app-layer-smb.c	15 years ago
Anoop Saldanha	a40fdc794e	Added probing parser for nbss/smb on port 139	15 years ago
Anoop Saldanha	b7b7bbec37	code indentation changes in app-layer-smb.c	15 years ago
Anoop Saldanha	7c31a2327e	Add support for port based probing parsers for alproto detection	15 years ago
Anoop Saldanha	fe6e41e3ef	Removed FLOW_AL_NO_APPLAYER_INSPECTION. Moved it as FLOW_NO_APPLAYER_INSPECTION in Flow->flags. Turned Flow->flags into uint32_t and removed Flow->alflags	15 years ago
Anoop Saldanha	0c94d910e4	Removed FLOW_AL_STREAM_TOSERVER and FLOW_AL_STREAM_TOCLIENT. Use STREAM_TOSERVER and STREAM_TOCLIENT instead	15 years ago
Anoop Saldanha	ac5584a863	Removed FLOW_AL_PROTO_DETECT_DONE. Replaced it with FLOW_ALPROTO_DETECT_DONE, stored it in Flow->flags	15 years ago
Anoop Saldanha	49e2b580cb	Removed FLOW_AL_PROTO_UNKNOWN. We don't need this flag	15 years ago
Anoop Saldanha	38fe2b9070	Removed FLOW_AL_STREAM_START, EOF and GAP flags. We don't need these. Just use STREAM_* flags	15 years ago
Anoop Saldanha	000ce98cd1	push all proto detection code into their respective app parser register functions for every alproto	15 years ago
Anoop Saldanha	aab4a43145	Add C and E flags to flags keyword. We still support 1 and 2 for backward compatibility	15 years ago
Anoop Saldanha	78bf2579aa	move pseudo packet creation outside defragreassemble loop	15 years ago
Victor Julien	f303f3f523	Fix a logic error in the SACK list cleanup causing a memleak and invalid memory access at the same time.	15 years ago
Victor Julien	1578ef1e3e	Make sure that the stream engine fully reassembles both sides of the session upon receiving a valid RST.	15 years ago
Victor Julien	83c3f15812	Minor fixes in defrag engine, shrink DefragTracker_ structure.	15 years ago
Jason Ish	0385f72669	Use separate frag decoder events for IPv4 and IPv6.	15 years ago
Jason Ish	de1c40c44f	Set decoder event on fragment overlaps.	15 years ago
Jason Ish	7f5e120d60	Cleanup assignment of the default defrag policy.	15 years ago
Jason Ish	6da9c64a28	Set decoder event when re-assembled fragments would exceed max IP packet size.	15 years ago
Victor Julien	96c2f2c877	Fix 2 stream reassembly unittests	15 years ago
Victor Julien	14ad853b94	Process a stream end pseudo packet when going from TIME_WAIT to CLOSED.	15 years ago
Victor Julien	3b40b02a1b	Stream reassembly fixes.	15 years ago
Victor Julien	c88630639e	Fix setting libhtp personality.	15 years ago
Victor Julien	6aa551c558	Small optimizations to IPV4 and TCP header parsing.	15 years ago
Victor Julien	d0374ced38	Implement SACK in the stream engine.	15 years ago
Victor Julien	6fc075d4ae	Add TCP packet SACK option decoding.	15 years ago
Victor Julien	dbe291bc50	Allow for 0 (unlimited) HTTP request_body_limit, fix option parsing.	15 years ago
Victor Julien	136f55efc7	Fix a memory leak in flow recycle code causing the detection engine state not to be fully freed (recycled) but reference to memory removed anyway.	15 years ago
Victor Julien	38a7d1777f	Bump version to 1.1beta2	15 years ago
Victor Julien	a0799f0ff9	Wait longer at shutdown before concluding it's taking too long. Hopefully enables our slow QA boxes to complete in time.	15 years ago
Anoop Saldanha	d245f15f14	disable mpm pattern's retest skipping in detection engine for uri, hcbd, hmd, hrhd, hhd, hmd, hcd	15 years ago
Victor Julien	681f8329a6	Make error on <- direction operation use more explicit.	15 years ago
Victor Julien	cd75201dc7	Fix pfring commandline handling.	15 years ago
Victor Julien	778b92ef40	Make sure to only alloc a new pseudo packet once during ip defrag.	15 years ago
Victor Julien	5f2a0653b4	If engine shutdown (processing in-engine packets) times out, exit Suricata with EXIT_FAILURE.	15 years ago
Victor Julien	9ca0658a6e	Clear pcap_cnt variable on packet recycle.	15 years ago
Victor Julien	03ea563e93	Don't set ip{4,6} header on reassembled ip packet until we know for sure what buffer the packet is stored in.	15 years ago
Victor Julien	f5674eff74	Fix a copy issue in PacketCopyDataOffset.	15 years ago
Victor Julien	8978266a91	If shutdown doesn't complete processing all packets that are already in the engine within 30 seconds, force quit.	15 years ago
Victor Julien	5d2f633c48	Properly initialize pfring runmode before using it. Fix malformed conf api calls.	15 years ago
Anoop Saldanha	966119b6aa	support for http_raw_uri keyword + mpm engine	15 years ago
Victor Julien	169104a803	Slightly clean up --list-runmodes output.	15 years ago
Anoop Saldanha	e4d890e186	modify runmode api to accept conf runmode paramter as a char string, instead of an interger id	15 years ago
Anoop Saldanha	fb4ffc9aef	fixed runmode name changes that was missed in the previous changes to the runmode api	15 years ago
Anoop Saldanha	229f7281ea	list runmodes. Allow specification of runmode id from cof file. Also allow for command line override	15 years ago
Anoop Saldanha	05686e70a5	fix coding indentation + neaten runmode code	15 years ago
Anoop Saldanha	d7c707e656	modify runmodes to take all arguments from the conf API	15 years ago
Anoop Saldanha	a165d45da9	naming changes for runmodes	15 years ago
Anoop Saldanha	6fceeda8c5	move erf dag runmode into its own file runmode-erf-dag.[ch]	15 years ago
Anoop Saldanha	f51cf34210	move erf file runmode into its own file runmode-erf-file.[ch]	15 years ago
Anoop Saldanha	86eabbc2f5	move ipfw runmode into its own file runmode-ipfw.[ch]	15 years ago
Anoop Saldanha	036015d6b9	move nfq runmode into its own file runmode-nfq.[ch]	15 years ago
Anoop Saldanha	9affa39b29	move pfring runmode into its own file runmode-pfring.[ch]	15 years ago
Anoop Saldanha	e7ac1d7c4c	move pcap file runmode into its own file runmode-pcap-file.[ch]	15 years ago
Anoop Saldanha	f6af567ce0	move pcap live runmode into its own file runmode-pcap.[ch]	15 years ago
Victor Julien	892a8a4985	Make stream inline use the chunk size settings.	15 years ago
Victor Julien	2dc057d1b1	Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record.	15 years ago
Victor Julien	5dcaaebf21	Enable logging of stream chunk in IPV6/TCP. Make sure IPV6 events have a ethernet header to work around Barnyard2 not liking DLT_RAW+IPV6.	15 years ago
Victor Julien	93815a1585	Support logging of reassembled stream data in IPv4 unified2.	15 years ago
Victor Julien	6cb9bbd1e3	Make sure TAG alerts don't work with an uninitialized alert_msg pointer.	15 years ago
Victor Julien	4f5aad1476	Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates.	15 years ago
Victor Julien	5d2a341096	Disable unused code, fix compiler warning.	15 years ago
Victor Julien	936b34ddf6	Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet.	15 years ago
Victor Julien	864c8718e1	Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.	15 years ago
Victor Julien	8faacb727d	Account for seg list not always being empty when stream closes.	15 years ago
Victor Julien	ecfa2d0176	Only remove segments from segment list if they are completely before ra_base_seq.	15 years ago
Victor Julien	5bdf16380d	Make sure we actually remove no longer required segments.	15 years ago
Victor Julien	7f45a4fd58	Fix missing segment flag, fix 2 unittests broken after previous stream changes.	15 years ago
Victor Julien	4a7f6079d5	Change segment removal in stream engine to not discard segments right away. Now they are only removed if they are fully before ra_base_seq.	15 years ago
Victor Julien	6d766f91ef	Fix compiler warnings in defrag unittests.	15 years ago
Anoop Saldanha	5c880b04c9	fix ipv4 defrag + fix recursion level in defrag pseudo packet	15 years ago
Victor Julien	8654469133	Fixing libpcap 0.x.x specific code, take 2.	15 years ago
Victor Julien	140eb4fde8	Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures.	15 years ago
Victor Julien	c72e5f0ebb	Fix compilation of pcap reopen code for older libpcap code.	15 years ago
Victor Julien	076d77cd80	Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat.	15 years ago
Victor Julien	0814e41e50	Ignore tunnel/defrag packets in log-pcap module.	15 years ago
Victor Julien	7ef00aaf19	Fix defrag4 setting the packet length on the wrong packet.	15 years ago
Victor Julien	acda69865a	Fix potential segv in pcap logging deinit code.	15 years ago
Victor Julien	bc7e21aee6	Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic.	15 years ago
Victor Julien	77505f8873	Allow pcap-log to log outside of default-log-dir by passing a absolute path as filename.	15 years ago
Victor Julien	92ea1f68d4	Exit on thread restart limit reached.	15 years ago
Eric Leblond	8f4229b429	Use snprintf instead of sprintf.	15 years ago
Eric Leblond	9be1f1a31c	Use GET_PKT macros.	15 years ago
Eric Leblond	fb36c0af12	pcap: do not leave if interface goes down This patch changes suricata behaviour to support interface like ppp. Prior to this patch, a suricata listening to an interface was leaving when the interface goes down. This patch modifies the behaviour to automatically reconnect. Suricata retries to open the interface every 0,5s until it succeeds.	15 years ago
Eric Leblond	56bf931959	pfring: use macro for direct access Existing code was correct but it was using a direct access to pkt field. This patch uses the newly defined macro to have a clean access on the pkt data.	15 years ago
Eric Leblond	4495efcb62	Add macro for direct access In some case, this is needed to have a direct access to the pkt field. This patch adds macro for this usage.	15 years ago
Victor Julien	5da8bd7c1e	Fix unified2 overwriting tag alerts.	15 years ago
Victor Julien	cee615315f	Fix [drop] not being printed for IPv6 fast.log alerts.	15 years ago
Victor Julien	e19f6ebaf4	Various fixes for issues reported by clang.	15 years ago
Victor Julien	38e7d944c5	Fix icmpv4 unittest on big endian, extract embedded sport and dport even if a full tcph doesn't fit.	15 years ago
Victor Julien	92536c4952	Fix address test on big-endian.	15 years ago
Victor Julien	e0afe96920	Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6.	15 years ago
Victor Julien	f5a2017f3c	Fix counter unittest on big endian.	15 years ago
Victor Julien	6817824c92	Fix bloomfilter issue on big endian.	15 years ago
Victor Julien	e197f50727	Fix IP-Only unittests failing on Big Endian.	15 years ago
Victor Julien	b8cf50678f	Fix many address unittests using explicit byte order and thus failing on big-endian systems.	15 years ago
Victor Julien	c865ee2217	Fix compilation for nfq_set_mark code when NFQ is not enabled.	15 years ago
Eric Leblond	ee6552f25e	nfq_set_mark: handle feature in NFQ. This patch implements the nfq_set_mark related modification of verdict handling.	15 years ago
Eric Leblond	9beebf621a	Add support for 'nfq_set_mark' keyword This patch introduces 'nfq_set_mark' which is new rules option. If a packet matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask specified in the option during the verdict. It is thus possible to trigger different behaviour on the packet inside Linux/Netfilter.	15 years ago
Victor Julien	f90a5cfffd	Misc pcap logging cleanups.	15 years ago
William Metcalf	023a0f94a2	first stab at pcap logging no rotating buff etc	15 years ago
Anoop Saldanha	1f7e4bada1	add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup	15 years ago
Victor Julien	71d0eabdec	Add a few extra safety checks in new SSL code.	15 years ago
Anoop Saldanha	c105a739e9	support for ssl_state keyword added	15 years ago
Anoop Saldanha	013d3aea1c	update ssl parser test. Some minor indentation changes	15 years ago
Anoop Saldanha	7a2046328c	some naming changes in ssl parser and ssl related keywords	15 years ago
Anoop Saldanha	4c570777c4	delete files app-layer-tls.[ch]	15 years ago
Anoop Saldanha	b639718787	replace the contents of app-layer-ssl.[ch] with the contents from app-layer-tls.[ch]	15 years ago
Anoop Saldanha	cacf0a9017	disabled sslv23 proto detection which we enabled previously. Although this is right, need to test a couple of things	15 years ago
Anoop Saldanha	4e8de99dcd	tls/ssl parser modifications/fixes. We now have just one file doing all the ssl parsing stuff, i.e. app-layer-tls.[ch], instead of app-layer-ssl.[ch] and app-layer-tls.[ch]	15 years ago
Anoop Saldanha	8b17275451	dcerpc parser todo update	15 years ago
Anoop Saldanha	8c6d4531ee	sslv23 support with ssl2 record format with version set to 3.0	15 years ago
Victor Julien	07a85427dd	Add --build-info command line option to output some basic build settings.	15 years ago
Victor Julien	174db08567	Force reassembly of unack'd data on receiving a valid RST packet.	15 years ago
Victor Julien	b9429ecec1	Fix invalid RST considered valid due to wrong returns codes. Only validate ACK from a RST packet if an ACK value was set.	15 years ago
Victor Julien	cb67d61ab5	Fix broken setup of end of stream pseudo packet.	15 years ago
Victor Julien	99fca03810	Move unittest code into UNITTESTS ifdefs in the HTP parser. Fixes a compiler warning.	15 years ago
Victor Julien	0dc6333d22	Fix compiler warnings about unused IPv6 Address code.	15 years ago
Victor Julien	b9fd978253	Fix compiler warnings in two unittests.	15 years ago
Victor Julien	a3be22cd5a	Fix compiler warning in isdataat keyword setup code.	15 years ago
Victor Julien	bbe071252b	Make sure PID is logged as well in alert-syslog output.	15 years ago
Victor Julien	da423a59d5	Allow users of the alert-syslog to set the identity.	15 years ago
Victor Julien	07776c113b	Fix valgrind error on pfring_recv, rename threads from RecvPfring to RxPfring so the name still looks right for 100+ threads. Add --pfring commandline option that just enables pfring, then takes interface from config.	15 years ago
Victor Julien	3aeb86d836	Fix header_len in GRE decoder getting out of control in some cases.	15 years ago
Victor Julien	1c9e48ae98	Fix compilation error on non-pfring systems.	15 years ago
Victor Julien	91f28afef4	Add option to PF_RING to have multiple reader threads. Improve general performance of the PF_RING module.	15 years ago
Victor Julien	edeec290f6	Fix missing rename for request-body-limit to request_body_limit.	15 years ago
Eric Leblond	3b3a8ffb94	detect-gid: suppress unused type The DetectGidData type is not used in the code. This patch removes the type definition from code.	15 years ago
Eric Leblond	ad44f1cfc1	fix possible typo in strtoul error handling.	15 years ago
Eric Leblond	04f2afa81b	nfq: fix exit function Exit function was trying to close the nfq handler even if it was null. This was causing a crash.	15 years ago
Eric Leblond	277a384af7	Use already defined macro instead of integer Code was using a integer instead of the already defined macro.	15 years ago
Pablo Rincon	ce3b76a102	Fix compilation on Mac OS X (it was missing IPPROTO_SCTP definition)	15 years ago
Victor Julien	153f9298e7	Fix priority handling during the signature parsing stage. Fixes #275 .	15 years ago
Gurvinder Singh	27f67c97de	log error on duplicate sig and also for dup sig with newer revision	15 years ago
Victor Julien	8a390971e7	Print [drop] as well for syslog output.	15 years ago
Victor Julien	0377ae0817	Reduce SCTP_HEADER_LEN to reflect actual pkt header size.	15 years ago
Eric Leblond	005dc599a6	detect.c: Fix usage of integer standing for protocol This patch fixes direct usage of integer to code protocol value.	15 years ago
Eric Leblond	2c80f18dc9	detect: Add sctp detection and parsing. This patch adds the support of SCTP in signature subsystem.	15 years ago
Eric Leblond	674b0bfae7	flow: Add basic SCTP support This patch adds a basic flow support to SCTP. SCTP specificities like the verification tag are not taken into account.	15 years ago
Eric Leblond	01e955bc27	Add SCTP to packet validation Validation util was missing a test on sctph which can not be null for SCTP packets.	15 years ago
Eric Leblond	a823160384	detect: Add support for sctp option in rule 'sctp' can now be used as a keyword in signature. It is at the same level as the 'tcp' or 'udp' keywords.	15 years ago
Eric Leblond	482991ad6d	decode: add support for SCTP protocol This patch adds a new counter for SCTP and defines some macros needed for SCTP support.	15 years ago
Eric Leblond	8be92fdd99	SCTP support: add parsing of sctp This patch adds support of SCTP in all part of the code in charge of decoding packets.	15 years ago
Eric Leblond	e1d966eaf6	Makefile: add sctp files to build This patch simply adds decode-sctp files to the compilation.	15 years ago
Eric Leblond	b69fd02284	decode sctp: basic SCTP decoding. This files are basically a dummy conversion of UDP one. It provides basic decoding (source port and destination port). There is no chunk hanldling which means that suricata regexp will match on all packet content except initial header and not only on userspace data.	15 years ago
Eric Leblond	17af1ca123	decode-event: Add SCTP event Almost empty now, because the only definition is packet too small.	15 years ago
Victor Julien	987ce57a02	Wrap a number of BUG_ON's in the detection engine in DEBUG ifdefs as the conditions they check for are not serious enough to abort the engine.	15 years ago
Victor Julien	a3303fcf9d	Rename request-body-limit to request_body_limit to remain consistant with other options. Keep old notation around for compatibility.	15 years ago
Victor Julien	0d6d0ae371	Increase logline max length.	15 years ago
Victor Julien	6047a9b562	Improve byte to numeric value error reporting and testing.	15 years ago
Victor Julien	b233105cc2	Fix a issue in stream reassembly causing the segment list getting into a inconsistent state.	15 years ago
Eric Leblond	4e9231266a	Compilation fix for OpenBSD and win32. This patch fixes compilation on OpenBSD platform. It is running fine on a pcap file. The patch should also fix compilation on WIN32 platform but this is not tested.	15 years ago
Victor Julien	a8db8b334b	Remove debug stream testing code from non-debug builds.	15 years ago
Victor Julien	477bc1d050	Set DROP flag on a packet in addition to the REJECT flags. This makes sure we not only send a reject, but also drop the offending packet. Closes #248 .	15 years ago
Pablo Rincon	fb5fb3ab3f	IPOnly module fix for building stage. Radix Tree fix inserting diferent netmask user datas	15 years ago
Pablo Rincon	35c168ab03	Fix CPU_* macros for Mac OS X	15 years ago
Eric Leblond	0cf05856d0	Fix Packet usage. This patch suppresses remaining direct access to pkt and pktlen in the Packet structure.	15 years ago
Victor Julien	cec7ece697	Don't print drop log on pseudo packet.	15 years ago
Victor Julien	1ace091bd4	Minor drop log cleanups.	15 years ago
Gurvinder Singh	7d0781b349	added support to log dropped packet as netfilter logs while in inline mode	15 years ago
Victor Julien	1681705e62	Don't print errors/warnings based on malformed traffic.	15 years ago
Anoop Saldanha	9845718138	fix detect-ssl-version.c unittests to accomodate new changes	15 years ago
Anoop Saldanha	95f9f2c28d	minor indentation changes	15 years ago
Gurvinder Singh	8f8b1212af	support for ssl_version keyword	15 years ago
Eric Leblond	a8417377e7	Don't use direct pkt access pkt field in Packet needs to be accessed via macro. This patch supress some direct access.	15 years ago
Victor Julien	addab7b5ee	Don't test the several packet detection checks against pseudo packets as the matches would not be meaningful anyway. Prevents a segv in the csum detection.	15 years ago
Victor Julien	a2465ffc1c	Fix FreeBSD's compilation of the new affinity code.	15 years ago
Victor Julien	b963890de1	Reenable SSE3 memcmp and switch AC memcmp to use the SCMemcmp wrapper.	15 years ago
Victor Julien	6f58ef13c4	Improve error cleanup in output function. Thanks to iswalker.	15 years ago
Eric Leblond	183af9ada5	Replace malloc by SCMalloc in util-mpm-ac	15 years ago
Eric Leblond	c732351077	Replace free and malloc by SC functions.	15 years ago
Victor Julien	35b938a8db	Don't pass config to unittests run in make check.	15 years ago
Eric Leblond	0044bb221b	Add suricata unittests to 'make check' This patch adds a run of suricata's unittests to 'make check'	15 years ago
Eric Leblond	66a15e2d6d	Fix some Packet initialisation. This patch fixes Packet initialisation. In some place the pkt field was not set after a memset used to zero the structure and this could lead to some problems.	15 years ago
Anoop Saldanha	8e95884333	Use normal memcmp in ac. Improves perf	15 years ago
Martin Beyer	66d496c255	Added case sensitive unit test to util-mpm-ac	15 years ago
Anoop Saldanha	79b9eba0f0	fix case sensitive bug in ac	15 years ago
Victor Julien	1c7b7a01a6	Add option to set the syslog level for the alerts. Minor cleanups.	15 years ago
Gurvinder Singh	e5edc6e8e3	add the support to log the fast.log alerts type to syslog	15 years ago
Victor Julien	d424ac7c61	Fix nfq lockup due to improper handling of PKT_PSEUDO_STREAM_END packets.	15 years ago
Victor Julien	c9f9e3f9a4	Add configure check for signed or unsigned nfq_get_payload, adapt code.	15 years ago
Eric Leblond	aedb61b7d2	affinity: lock get next cpu function The function getting next CPU to use need to be locked as init of the threads are done concurrently.	15 years ago
Eric Leblond	0b5e5b8772	affinity: change config format and misc fixes This patch fixes some problem with affinity work and modify the configuration file format. For example, the detect cup set can be formatted as follow: - detect_cpu_set: cpu: [ "all" ] mode: "exclusive" # run detect threads in these cpus prio: low: [ 0 ] # threads on CPU 0 have low prio medium: [ "1-2" ] # threads on CPU 1 and 2 have medium prio high: [ 3 ] # threads on CPU 3 have high prio default: "medium" #default priority is "medium"	15 years ago
Eric Leblond	c74116949c	source-nfq: improve nfq option system This patch modifies the NFQ option system to avoid implicit choice. 'nfq.mode' is now a string which can take a value in the 'accept', 'repeat' and 'route' set. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	94596ff282	source-nfq: add queue redirect support This patch adds the support of queue redirect. If 'next_queue' variable is set, the verdict sent to kernel is modified to contain the indication of a queue number (equal to 'next_queue') which will receive the packet after the verdict. This feature can be used to chain easily tools using NFQUEUE. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	aded7b4fae	source-nfq: add detection of already treated packet. This patch adds detection of already treated packet. If a packet is coming with an already set mark, it will be accepted and the processing of the packet is aborted. The patch display a message when the problem occurs but the number of message is limited to a fix counter in a way to avoid flooding the log. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	e399e74fc1	source-nfq: Factorize buffer usage A big sized buffer was allocated at each packet parsing. This patch uses a per-thread variable to have a persistent memory usage. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1e600c1054	source-nfq: add simulated non-terminal NFQUEUE verdict This patch adds a new mode for NFQ inline mode. The idea is to simulate a non final NFQUEUE rules. This permit to do send all needed packets to suricata via a simple FORWARD rule: iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE And below, we have a standard filtering ruleset. To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and put a mark ($MARK) with respect to a mask ($MASK) on the handled packet. NF_REPEAT verdict has for effect to have the packet reinjected at start of the hook after the verdict. As it has been marked by suricata during the verdict it will not rematch the initial rules and make his way to the following classical ruleset. Mode, mark and mask can be configured via suricata.yaml file with the following syntax: nfq: repeat_mode: (false\|true) mark: $MARK mask: $MASK Default is false to preserve backward compatibility. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	72ec56ab23	source-nfq: autodetection of queue max length function Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	8330747234	Add multi queue support to NFQ run mode This patch adds support for multiple Netfilter queue in the NFQ run mode. Suricata can now be started on multiple queue by using a comma separated list of queue identifier on the command line. The following syntax: suricata -q 0 -q 1 -c /opt/suricata/etc/suricata.yaml will start a suricata listening to Netfilter queue 0 and 1. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago

... 4 5 6 7 8 ...

2333 Commits (391d813c82a1ff68fb778ac0e1188003f20ccf11)