aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,845 Commits
7 Branches
161 Tags
206 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4e561d6b20'
${ noResults }
Commit Graph

125 Commits (4e561d6b206443190b1df5b83ff7e3e4adac823c)

Author SHA1 Message Date
Victor Julien 4e561d6b20 pcap/afpacket: update counters at exit 
In really short Suricata runtimes the capture counters would not
be updated. This patch does a force update at the end of the
capture loops in pcap and af-packet.
 12 years ago
Victor Julien f7b1aefaf4 Bug 1107: decoders: bail out on pseudo packets 
Flow-timeout code injects pseudo packets into the decoders, leading
to various issues. For a full explanation, see:
  https://redmine.openinfosecfoundation.org/issues/1107

This patch works around the issues with a hack. It adds a check to
each of the decoder entry points to bail out as soon as a pseudo
packet from the flow timeout is encountered.

Ticket #1107.
 12 years ago
Victor Julien 5f307acace Pass ThreadVars ptr to various thread init funcs 
To be able to register counters from AppLayerGetCtxThread, the
ThreadVars pointer needs to be available in it and thus in it's
callers:

- AppLayerGetCtxThread
- DecodeThreadVarsAlloc
- StreamTcpReassembleInitThreadCtx
 12 years ago
Victor Julien 0beb7ed781 pcap: fix stats dump logic 
pcap has a callback function that is called for each packet. Once a
second, it's meant to 'dump stats'. However, the timing logic was
broken, so it would actually dump stats for each packet.

By moving the stats second timer into the thread vars, next calls of
the callback will be able to use the stored time.
 12 years ago
Eric Leblond 3088b6ac34 Add invalid pkt counter. 
This patch adds and increments a invalid packet counter. It
does this by introducing PacketDecodeFinalize function

This function is incrementing the invalid counter and is also
signalling the packet to CUDA.
 12 years ago
Eric Leblond 286258df86 pcap: add warning about GRO and LRO usage 
Use the new GetIfaceOffloading function to display a warning message
if pcap capture is used on Linux with GRO or LRO activated. This is
helpful for kernel after 2.6.31 were pcap will use mmaped capture.
TPACKET_V2 is used and this limit the size of the packet resulting
in truncated packets when merged packets are received.
 12 years ago
Victor Julien 2982408155 pcap: register counters for old pcap versions as well 12 years ago
Victor Julien 677cd03e52 Counters: more unused code removal 12 years ago
Victor Julien 698ff4e4aa Counters: remove all unused parts of the API 12 years ago
Ken Steele 5532af4621 Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER 
This allows replacing pthread mutexes with other types of mutex.
 12 years ago
Victor Julien fc7879322e Rename GetIfaceMaxPayloadSize to GetIfaceMaxPacketSize to reflect the actual function. 12 years ago
Victor Julien bd21b5ed9c Pcap: fix snaplen autodetection, GetIfaceMTU doesn't include link layer length 12 years ago
Anoop Saldanha e7f09f24c8 Code to enable cuda support for live mode pcap and af-packet. Keep an eye 
out on the mailing list and http://planet.suricata-ids.org for performance
and other profiling data.
 12 years ago
Eric Leblond 21dda8674d Fix build with old pcap library. 
Pcap snaplen related modification broke compilation of Suricata for
system having old pcap library. This patch fixes the issue and allow
old pcap library to honour the snaplen value.
 13 years ago
Eric Leblond 2f0927fe9b pcap: add snaplen YAML variable 
This patch introduces 'snaplen' a new YAML variable in the pcap section.
It can be set per-interface to force pcap capture snaplen. If not set
it defaults to interface MTU if MTU can be known via a ioctl call and to
full capture if not.
 13 years ago
Eric Leblond e8aa66a44c pcap: add 'promisc' YAML configuration variable 
This patch adds a promisc variable to pcap configuration. It is
used to decided if interface is switched to promiscuous mode.
 13 years ago
Eric Leblond 1aaa828b63 pcap: set snaplen to MTU if available. 
Main objective of this patch is to use a dynamic snaplen to avoid
to truncate packet at the currently fixed snaplen.

It set snaplen to MTU length if the MTU can be retrieved. If not, it
does not set the snaplen which results in using a 65535 snaplen.

libpcap is trying to use mmaped capture and setup the ring by using buffer_size
as the total memory. It also use "rounded" snaplen as frame size. So if we set
snaplen to MTU when available we are optimal regarding the building of the ring.
 13 years ago
Eric Leblond 8d0260b27e Add atomic counter for iface drop. 13 years ago
Eric Leblond 7854c84972 pcap: add capture counters in stats.log. 
This patch adds three counters to stats.log:
    capture.kernel_packets    | RxPcapwlan0               | 4218
    capture.kernel_drops      | RxPcapwlan0               | 0
    capture.kernel_ifdrops    | RxPcapwlan0               | 0
This patch meant to fix bug #625.
 13 years ago
Victor Julien 829238e49c OpenBSD 5.2 build fixes, Unit test fix. 13 years ago
Anoop Saldanha b33986c887 Add a packet src for every packet generated inside suricata. 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Eric Leblond c4f9d0e0e1 Fix invalid usage of operator. 13 years ago
Victor Julien cbeb8a86b7 pcap: fix compilation on old libpcap 13 years ago
Eric Leblond eaea832a4e pcap: handle failure of packet treatment 
If the loop is breaked, this means we've got a treatment error. We
don't need to reconnect but we must exit with correct status.
 13 years ago
Anoop Saldanha 34581ce902 rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup 13 years ago
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 13 years ago
Anoop Saldanha bc6cf43840 #482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars 13 years ago
Victor Julien 3181b492f4 pcap: lock pcap_compile and pcap_setfilter calls as they are not thread safe. Fixes issues with bpf filters and multiple interfaces. 13 years ago
Victor Julien e3f66c52ec pcap: fix double free issue with bpf filter and multiple interfaces. 13 years ago
Eric Leblond 91f42b6f41 pcap: fix "work by luck" code. 14 years ago
Victor Julien 11bdf4838f Various improvements to error handling found by Coverity. 14 years ago
Victor Julien cdba2f50d1 Various fixes and improvements based on feedback by Coverity analyzer. 14 years ago
Victor Julien c4b34e6ef7 Fix various minor clang/scan-build warnings. 14 years ago
Victor Julien 64f717c880 Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv. 14 years ago
Victor Julien d24b3a0e50 Clean up csum detection output, misc fixes. 14 years ago
Eric Leblond 0399a06f4f pcap: fix typo 14 years ago
Eric Leblond db5ca0f3a4 pcap: add auto mode support 14 years ago
Eric Leblond 1d1271fd38 pcap: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Victor Julien 6d8aa6829d Remove unused variable. 14 years ago
Eric Leblond 0d7f25580d pcap: improve error handling. 
Treat TmThreadsSlotProcessPkt return.
 14 years ago
Anoop Saldanha d68f182ebd introduce SCPerfSyncCounters/SCPerfSyncCounters macro to synchronize counters 14 years ago
Anoop Saldanha f7b1972263 update broken stats.log. Use pktacqloop funcs in pcap-file, pfring, pcap-live, af-pkt to sync counters - bug #343 14 years ago
Eric Leblond 45d5c3ca59 runmode: introduce configuration dereferencing. 
A devide configuration can be used by multiple threads. It is thus
necessary to wait that all threads stop using the configuration before
freeing it. This patch introduces an atomic counter and a free function
which has to be called by each thread when it will not use anymore
the structure. If the configuration is not used anymore, it is freed
by the free function.
 14 years ago
Eric Leblond d3d99ffa13 Fix coding style and use SC* function. 
This patch fixes the coding style and uses Suricata function instead
of plain lic version.
 14 years ago
Eric Leblond d3d8beb337 pcap: factorize runmode 
This patch factorizes auto and autofp runmodes for pcap.
 14 years ago
Anoop Saldanha 3f1c4efceb Add new flags var to tm module. TMs can now set flags to identify special properties. Also use these to identify receive TMs 14 years ago
Eric Leblond de1d002ea6 Return OK when leaving cleanly. 14 years ago
Eric Leblond 2631e5f14f pcap: get rid of old API. 14 years ago
Eric Leblond effa295489 pcap: add "single" runmode 
This patch adds support for the "single" mode to the pcap live
mode.
 14 years ago