suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	a05df345de	Introduce host table, make tag use it Add a host table similar to the flow table. A hash using fine grained locking. Flow manager for now takes care of book keeping / garbage collecting. Tag subsystem now uses this for host based tagging instead of the global tag hash table. Because the latter used a global lock and the new code uses very fine grained locking this patch should improve scalability.	14 years ago
Victor Julien	0150e66ede	flow engine: improve scalability Major redesign of the flow engine. Remove the flow queues that turned out to be major choke points when using many threads. Flow manager now walks the hash table directly. Simplify the way we get a new flow in case of emergency.	14 years ago
Victor Julien	cdba2f50d1	Various fixes and improvements based on feedback by Coverity analyzer.	14 years ago
Nikolay Denev	139768dd58	Do not use underscored config vars internally.	14 years ago
Victor Julien	2197f1a625	file-inspection: split 'file' output module into file-store and file-log. Store stores files. Log logs json records.	14 years ago
Victor Julien	860971eca0	Misc afpacket changes.	14 years ago
Victor Julien	337f7861a4	Make sure that if not built against libnss, we still compile. Only no md5 for you then\!	14 years ago
Victor Julien	69b3df96fb	Initial on the fly MD5 calculation for extracted files using libnss.	14 years ago
Anoop Saldanha	e682796d03	feature #414 - support listing supported keywords. Remove support for dummy keywords __address__, __proto__, __port__. Remove support for recursive keyword and all references to it	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	2007c2711c	Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword	14 years ago
Victor Julien	489b8b8bcc	Allow other yaml files to be included in the main yaml.	14 years ago
Victor Julien	1d9f6ff8f2	Initial Napatech support by Randy Caldejon / nPulse.	14 years ago
Victor Julien	87e6be610a	Issue warning if libhtp version used is not up to date.	14 years ago
Victor Julien	39ef24ccc4	Fix pcap -i mode.	14 years ago
Victor Julien	e526525f83	Fix pcap -i <ip>.	14 years ago
Victor Julien	35467db151	Indicate that the Suricata version used is a release or a git checkout.	14 years ago
Victor Julien	28e15be526	Clean up default output. Use simpler output format for releases.	14 years ago
Victor Julien	515d070554	Print elapsed time with millisecond precision.	14 years ago
Victor Julien	1ac6054c23	Clean up configure check for htp_tx_get_response_headers_raw. Misc changes.	14 years ago
Victor Julien	effe01ae7b	Add Init and DeInit calls to the thread module API.	14 years ago
Victor Julien	08f3ef7685	Reshuffle version printing so -V prints it only once.	14 years ago
deltay	37dc83d411	ignore signal SIGPIPE and SIGSYS	14 years ago
Victor Julien	89f83e714c	Introduce http_server_body keyword. The http_server_body content modifier modifies the previous content to inspect the normalized (dechunked, unzipped) http_server_body. The workings are similar to http_client_body. Additionally, a new pcre flag was introduced "/S". To facilitate this change the signature flags field was changed to be 64 bit.	14 years ago
Eric Leblond	6e7a8f38bf	ipfw: Add support for autofp and worker runmode This patch convert ipfw code to the PcktAcqLoop API and rework the running mode to use the running mode wrapper already used by NFQ.	14 years ago
Eric Leblond	5cfdd7594f	util-device: Modify function name. This patch modifies LiveBuildQueueList name to LiveBuildDeviceList to have a consistent naming accross function. It also adds a doxygen comment to add author and description of util-device.c file.	14 years ago
Victor Julien	678213c9f4	Fix ParseSizeString return code and a compiler warning.	14 years ago
Anoop Saldanha	7c9d1b80fd	Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls	14 years ago
Anoop Saldanha	e0c13434ef	bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+	14 years ago
Eileen Donlon	dbdf2d888f	Enable/disable core dump in config (feature 319)	14 years ago
Victor Julien	34450b9b57	Don't parse layers / ext headers above ipv6 frag header. This is taken care of by defrag.	14 years ago
Victor Julien	63c9a3ab85	Remove duplicate include.	14 years ago
Victor Julien	f4a6f4b293	Add libmagic detection, linking and a basic API.	14 years ago
Victor Julien	1eef36b011	Initial checkin of a log-file module, that can write files extracted from flows to disk.	14 years ago
Pablo Rincon	6d60b3a747	filename and fileext keywords	14 years ago
deltay	211193b0af	Get pidfile from config file if not available in command options	14 years ago
Victor Julien	8cc82c7241	Add -S commandline option that loads a rule file exclusively. Issue #338 .	14 years ago
Victor Julien	55da9787a4	Win32 compile fixes.	14 years ago
Eric Leblond	391d813c82	Remove unified1 output module.	14 years ago
Eric Leblond	27f1d88374	Add pcap-info alert format. This patch adds a new alert format called pcap-info. It aims at providing an easy to parse one-line per-alert format containing the packet id in the parsed pcap for each alert. This permit to add information inside the pcap parser. This format is made to be used with suriwire which is a plugin for wireshark. Its target is to enable the display of suricata results inside wireshark. This format doesn't use append mode per default because a clean file is needed to operate with wireshark. The format is a list of values separated by ':': Packet number:GID of matching signature:SID of signature:REV of signature:Flow:To Server:To Client:0:0:Message of signature The two zero are not yet used values. Candidate for usage is the part of the packet that matched the signature.	14 years ago
Eric Leblond	788fa1e5a1	pfring: Fix typo in help.	14 years ago
Eric Leblond	c75fffe92d	Improve help message Usage of command line has evolved with the introduction of long option. This patch updates the description of the related options.	14 years ago
Eric Leblond	dc075a74a2	pcap: add --pcap option This patch adds a --pcap option which can be used to select or an interface if an argument is provided or the interfaces defined in the configuration file.	14 years ago
Eric Leblond	d9d8286671	pfring: restore compatibility with v1.0 config Compatibility of pfring module with previous version was broken. This patch restores backward compatibility.	14 years ago
Eric Leblond	a64dcfeba2	pfring: use factorisation function This patch convert pfring to pktacqloop and use the new factorisation function. This also fixes commmand line parsing of pfring which is now able to work like af-packet: - 'suricata -c s.yaml --pfring' start suricata with all interfaces in conf - 'suricata -c s.yaml --pfring=eth2' start suricata on eth2	14 years ago
Anoop Saldanha	b6ba944e6d	Rearrange flow manager functions into flow-manager.[ch]. Some other minor changes/updates	14 years ago
Anoop Saldanha	727a950e39	Move time elapsed right after we finish all packet processing	14 years ago
Anoop Saldanha	c365bafbf6	We now inspect timed out streams + streams not processed as yet, at engine shutdown	14 years ago
Anoop Saldanha	a844eecb0e	- Updated all runmodes to use synchronization points, right before each thread(slot function) tries to de-init the thread. - Main thread now first disables receive thread(s) before it kills receive and rest of the threads.	14 years ago
Victor Julien	3d396e8b1e	Update PCRE JIT code to support official JIT implementation in pcre-8.20-RC1.	14 years ago

1 2 3 4 5

228 Commits (41e9dba20bdf74344f352e05431aa27d9550e527)