suricata

Commit Graph

Author	SHA1	Message	Date
Eric Leblond	3f107fa130	decode: Packet action start with PACKET Rename all Packet action macro to have them prefixed by PACKET.	12 years ago
Eric Leblond	a35c367942	action handling: use macro for test. Use test macro instead of direct access to action field. This patch has been obtained by using the following spatch file: @@ Packet *p; expression E; @@ - p->action & E + TEST_PACKET_ACTION(p, E)	12 years ago
Eric Leblond	efaa9a7302	action handling: define and use macros The action field in Packet structure should not be accessed directly as the tunneled packet needs to update the root packet and not the initial packet. This patch is fixing issue #819 where suricata was not able to drop fragmented packets in AF_PACKET IPS mode. It also fixes drop capability for tunneled packets.	12 years ago
Anoop Saldanha	ab1f8afbc3	Removed Signature->order_id and replaced it with Signature->num.	12 years ago
Victor Julien	37c80ea508	If an IP-only pass rule matches, set the no inspect flag for that flow. Bug #718 .	13 years ago
Last G	8ae11f73b2	Added parentheses to fix Eclipse static code analysis Fixed bug in action priority (REJECT_DST had lowest prio)	13 years ago
Victor Julien	80d62b59ec	Fix drop (and other actions) not being applied to thresholded packets. Bug #613 .	13 years ago
Victor Julien	ea0d172693	No longer pass StreamMsg to output for alert logging, instead use the same callback code as is used for state alerts.	13 years ago
Anoop Saldanha	c34713321a	fix rate filter alert suppression. Log error if rate filter has count of 0. Other minor fixes as well	13 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Eric Leblond	ba9fb53461	threshold: fix handling of multiple threshold. This patch fixes the unittest and may fix the real work.	14 years ago
Victor Julien	e0d7f64a14	Fix thresholding code suppressing an alert if no threshold/suppress rules needed to be checked.	14 years ago
Eric Leblond	86f9759427	threshold: fix thresholding on signature with multiple threshold. This patch uses the newly introduced SigGetThresholdTypeIter function to try all threshold for a signature. This should fix issue #366.	14 years ago
Eric Leblond	60a99915c1	doc: create http support group This patch create an httplayer group and adds related files to it. It also fixes some typo in documentation string and format.	14 years ago
Victor Julien	75439863ed	Shrink PacketAlerts structure so that Packet structure is a lot smaller. Reduce max events per packet from 256 to 15.	14 years ago
Victor Julien	6cb9bbd1e3	Make sure TAG alerts don't work with an uninitialized alert_msg pointer.	14 years ago
Victor Julien	864c8718e1	Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.	14 years ago
Victor Julien	cac95010f3	Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly.	15 years ago
Anoop Saldanha	ede7be34b5	replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH]	15 years ago
Victor Julien	8d0bc27fc4	Fix a case where alerting in inline mode would lead dropping on alert sigs.	15 years ago
Pablo Rincon	5c43db85ce	Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection	15 years ago
Pablo Rincon	868d4614b9	Tag engine improvements. Output tags only on unified format. Added atomic counter for tagged hosts/sessions	15 years ago
Victor Julien	a4cb7fced0	Fix thresholding code for packets that are neither (valid) ipv4 and ipv6.	15 years ago
Pablo Rincon	eed0ef6e69	Adding tag keyword support	15 years ago
Pablo Rincon	1ae36b9a6a	Adding rate_filter support for threshold.config, multiline support and unittests	15 years ago
Victor Julien	cdc9570f0e	Have the detect.alerts counter count actual alerts.	15 years ago
Victor Julien	2fd31a1a11	Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory.	15 years ago
Victor Julien	7a6d4b57f0	Add support for class id in classification code. Submitted by firnsy@securixlive.com, thanks.	15 years ago
Victor Julien	42eeb84c9a	Properly lock flow before setting IP only action flags. Small alert api cleanups.	15 years ago
Pablo Rincon	9bae6a8628	Moving alert logic to detect-engine-alert.c	15 years ago
Victor Julien	a372c1d14e	Fix/workaround a strange detection issue.	15 years ago
Pablo Rincon	e18e2ec998	Changing threshold logic	15 years ago

32 Commits (4749420f325acc5965cd942d78ba9ce28c686eda)