suricata

Commit Graph

Author	SHA1	Message	Date
Anoop Saldanha	7a7cd6999e	feature #558 . Print FP info in rule analysis + other cleanup.	12 years ago
Eric Leblond	ac5bab8838	OpenBSD: no support for profiling Local thread storage are not available so profiling is not supported.	12 years ago
Eric Leblond	7c85bee4aa	OpenBSD: magic.mc path has changed in OpenBSD 5.1	12 years ago
Victor Julien	a3f963f630	filestore: fix a case where a matching non-filestore sig could trigger the store of a partially matching filestore sig.	12 years ago
Victor Julien	3156407746	http: fix client and server body sometimes being inspected in wrong order	12 years ago
Eric Leblond	b12967534a	stream.inline: add 'auto' mode stream.inline YAML configuration variable now support the 'auto' value. In this case, inline mode is activated for IPS running mode (NFQ and IPFW) and is deactivated for IDS mode. This patch should fix bug #592.	12 years ago
Eric Leblond	b26ec60398	af-packet: fix possible infinite loop. If no packet arrives to a capture thread, it is possible that the AFPReadLoop() function goes into an infinite loop. This could cause suricata to hang at exit on non busy system. This patch adds a counter to detect when Suricata start looping in the ring to stop when it reaches this point.	12 years ago
Eric Leblond	e8a4a4c47c	af-packet: dump counter every seconds. This patch updates to kernel counters handling to be almost sure to update at least once per second.	12 years ago
Eric Leblond	3acdd4da1d	pf-ring: add counter for kernel drop and packets This patch adds a counter for kernel drop and packets by using the same strategy as the one used in af-packet.	12 years ago
Victor Julien	80d62b59ec	Fix drop (and other actions) not being applied to thresholded packets. Bug #613 .	12 years ago
Anoop Saldanha	bca1b7c52a	change default mpm to ac. Also default sgh-mpm-context is full.	12 years ago
Victor Julien	fd6df00684	Bug 585: use per detect thread libmagic ctx	12 years ago
Victor Julien	ea6fcb355b	magic: add test showing payload resulting in libmagic invalid read as reported by valgrind.	12 years ago
Anoop Saldanha	fdab6f2ab1	fix flow deadlock issue in detection engine state introduced by tx api. Issue discovered by coverity.	12 years ago
Eric Leblond	00b95c69c0	suricata: list-keywords does not depend on unittest	12 years ago
Victor Julien	83ffd1f743	luajit: suppress compiler warning	12 years ago
Anoop Saldanha	2ab62920aa	fix segv in hcbd and hsbd buffering. Increase bufffers_list_len, only we open up a space for a new tx.	12 years ago
Anoop Saldanha	b359bc03a9	unittest to reveal a bug/segv in our hsbd buffering code.	12 years ago
Victor Julien	4fab8ea6d6	http: fix http header reassembly bug causing some headers to be left out of the inspected buffer	12 years ago
Victor Julien	5cd46433d3	http: now that htp_state has a cfg reference, use it for body limits	12 years ago
Victor Julien	2763a61213	http: allow configuration of request and response body inspection limits. Issue #560 .	12 years ago
Anoop Saldanha	b99f9fe890	New app inspection engine introduced. Moved existing inspecting engines to use it.	12 years ago
Anoop Saldanha	7b4eac3e8d	Change all inspect callbacks to accept TV and a tx_id param.	12 years ago
Anoop Saldanha	10a6e6a3eb	Engine cleanup. Remove all old engine inspection and mpm functions.	12 years ago
Anoop Saldanha	b0e20a486c	update client/server/http_header to use a different form of buffering/buffer_retrieval. Now it happens per tx, based on tx id. Also notice a perf improvement with this.	12 years ago
Victor Julien	e1321f9ae6	stream: change how retransmissions are handled and detected.	12 years ago
Victor Julien	b621ed8423	stream: fix retransmission on closewait being considered out of window	12 years ago
Victor Julien	a25629b250	stream: detect retransmissions on timewait state	12 years ago
Victor Julien	6326390120	stream: accept ack with next_seq + 1 on last_ack state	12 years ago
Victor Julien	3f6ecff260	stream: disable retransmission packet before last ack sig as it is fairly common in regular traffic	12 years ago
Victor Julien	bc37cb6b8e	stream: detect retransmissions on closewait and finwait2 states	12 years ago
Victor Julien	305ed3f23b	stream: don't flag zero window probe packets as out of window. Bug #604 .	12 years ago
Victor Julien	13e60c0040	stream: detect keep-alive packets so we don't consider those invalid	12 years ago
Victor Julien	9094eb4783	stream: ignore ack value if ack flag is not set. Add stream.pkt_broken_ack event for when ack value is not 0 and ack flag not set.	12 years ago
Victor Julien	a5d9442c2d	stream: handle retransmission of lost data packet on TIME_WAIT state	12 years ago
Victor Julien	037d67cc66	stream: go from FIN_WAIT_1 to CLOSING on simultaneous close.	12 years ago
Victor Julien	6544475670	stream: don't reject RST as response to SYN because of ACK	12 years ago
Victor Julien	6f76ac176d	stream: add option to match on overlapping data Set event on overlapping data segments that have different data. Add stream-events option stream-event:reassembly_overlap_different_data and add an example rule. Issue 603.	12 years ago
Victor Julien	0b68da0b31	libhtp: don't use internal iterator It violates thread safety. #601. Suricata assures thread safety on the flow level for HTTP tracking. Part of the flow is (in case of HTTP) libhtp's htp_connp_t state. At startup the libhtp glue layer, app-layer-htp initializes as many htp_cfg_t instances as there are libhtp server configurations in the yaml. At HTTP session start, we look up the proper htp_cfg_t based on the server ip and pass it to htp_connp_create. A ptr to the relevant htp_cfg_t is part of the htp_connp_t. The htp_cfg_t contains "hooks". The are registered based on yaml config at init time. The hooks have lists of type list_t. The list is run with a built in iterator. The iterator is reset at the start of each "hook_run_all". Since multiple flows share the same htp_cfg_t flow A can reset the iterator while flow B is using it. The flow lock has no effect as flows share the htp_cfg_t. This has been observed in real traffic. hook_response_body_data was run on the same data multiple times, leading to corrupt extracted files.	12 years ago
Victor Julien	d68fd54a76	Fix/suppress a couple of harmless compiler warnings.	12 years ago
Anoop Saldanha	870a98b528	Remove dead comment about flow reference api duplicate	12 years ago
Anoop Saldanha	f08497d1e4	Move Flow Reference/Dereferene api from flow-util.h to flow.h. Remove duplicate FlowDeReference from decode.h	12 years ago
Anoop Saldanha	67981d1c5c	Update suricata to use FlowReference/FlowDeReference for the ones left out from last update.	12 years ago
Victor Julien	bb14cf899b	yaml: default to cluster_flow type for AF_PACKET and PF_RING	12 years ago
Victor Julien	72782e5a6a	profiling: fix rule profiling output sometimes missing sid,rev,gid. Bug #576 .	12 years ago
Victor Julien	10a11b750d	Add dsize check to prefilter stage Many sigs with dsize have a weak fast_pattern. Those patterns are likely to match. By filtering on dsize early, we safe a lot of cycles later.	12 years ago
Victor Julien	45cbef0735	For signatures with the dsize option set depth on any content match in that sig.	12 years ago
Victor Julien	d774d6e226	Update changelog to reflect 1.4beta2 changes	12 years ago
Victor Julien	63c64ed2cc	Clean up and update bundled docs	12 years ago
Victor Julien	4464657ca2	remove reference to non-existing file from Makefile.am	12 years ago

1 2 3 4 5 ...

3652 Commits (6441a53d3c807d711f9fbdb864459006423b97a9) All Branches Search

3652 Commits (6441a53d3c807d711f9fbdb864459006423b97a9)

All Branches