suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	5cd46433d3	http: now that htp_state has a cfg reference, use it for body limits	13 years ago
Victor Julien	2763a61213	http: allow configuration of request and response body inspection limits. Issue #560 .	13 years ago
Victor Julien	aa4ae98d37	http: fix multipart parsing leading to missing chunks of files in file extraction.	13 years ago
Anoop Saldanha	028c6c1782	Make available custom features of libhtp. The power of libhtp customisation now available to users. Options available - path-backslash-separators: yes path-compress-separators: yes path-control-char-handling: none path-convert-utf8: yes path-decode-separators: yes path-decode-u-encoding: yes path-invalid-encoding-handling: preserve_percent path-invalid-utf8-handling: none path-nul-encoded-handling: none path-nul-raw-handling: none set-path-replacement-char: ? set-path-unicode-mapping: bestfit You can use this for your libhtp customisation. Options explained in our wiki. https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Advanced_libhtp_customization	13 years ago
Anoop Saldanha	340542c44e	refactor htpconfigure()	13 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Victor Julien	fcc21ae4cc	http: fix multipart parsing bug	13 years ago
Victor Julien	869109a6a0	stream/app layer: add Truncate app layer callback that is called if stream depth is reached. Use it to trunc open files in HTTP.	13 years ago
Eric Leblond	92679442ca	Convert to atomic and disable check on HTP config change. This patch converts the series of variable to an atomic. Furthermore, as the callbacks are now always run, it is not necessary anymore to refuse a ruleswap if HTP parameters are changing.	13 years ago
Eric Leblond	66a083dafa	Get rid of AppLayerHtpRegisterExtraCallbacks This patch add a early exit condition to the body handling callback. This permits to avoid to avoid a complex system to handle htp object change.	13 years ago
Victor Julien	e737e2dc56	http: after path double decoding, also normalize the path again. #504 .	13 years ago
Victor Julien	e839cea9e5	Http: don't double decode URI path and query by default. Instead add per server options to enable double decoding for both cases. #464 #504 .	13 years ago
Victor Julien	ad827ad030	http: add more decoding unittests.	13 years ago
Victor Julien	43c7fd7585	file inspection: improve logging when stream.depth limit is reached. #493 .	13 years ago
Victor Julien	0c98980e21	http: add unittest to test \r in header line.	13 years ago
Anoop Saldanha	6fa46d7526	If new ruleset requires any htp callbacks that aren't already set, don't load new ruleset; request user to restart suricata + disable setting fileinsepection flags unconditionally in main	13 years ago
Victor Julien	ab3fcb01f9	http: decode double decoded path and query string characters. Bug #464 .	13 years ago
Victor Julien	f2f8dfd8d6	http: add test to make sure a missing space between header name and value is not a problem (ref #474 ).	13 years ago
Victor Julien	00948c86d5	Add debug messages to HTTP error/warning handling.	13 years ago
Anoop Saldanha	64625675ce	set stream_eof flag per stream, only when the stream initiates a close. Fix htp parser to close connection per direction based on this	13 years ago
Anoop Saldanha	608f4fe787	bug 452 - enable http extra callbacks for configs other than the default configs	13 years ago
Victor Julien	d378b76c04	http: body inspection improvement Improve http_client_body and file_data performance when request and response body limits are set to high values.	13 years ago
Victor Julien	4354434522	Add htp error debug printing.	13 years ago
Victor Julien	18837dce92	http: improve multipart parsing, skip empty records.	13 years ago
Victor Julien	18e81b7ba9	Bail out early if we're in http tunnel mode.	14 years ago
Anoop Saldanha	109662450d	Add new command line option --list-app-layer-protocols to list supported app layer protocols in sigs	14 years ago
Victor Julien	fe9258f0fb	Fix issue discovered by Anoop. Passing u32 ptr to a size_t can caused badness.	14 years ago
Victor Julien	e3935a2af2	Improve http filename parsing.	14 years ago
Victor Julien	e21d8cdf01	file extract: improve multipart parsing and set events on some error conditions.	14 years ago
Victor Julien	cdba2f50d1	Various fixes and improvements based on feedback by Coverity analyzer.	14 years ago
Victor Julien	3702a33ae9	file-inspection: support POST requests that do not use multipart.	14 years ago
Victor Julien	64827e3864	file-inspection: use filename= value from Content-Disposition where available to determine the filename in GET requests.	14 years ago
Victor Julien	93d121bf21	Update app layer events for HTTP now that libhtp has fixes for some response errors.	14 years ago
Victor Julien	16cfae2f51	Trigger raw stream reassembly on receiving a full HTTP request or response.	14 years ago
Victor Julien	f713b653ab	Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well.	14 years ago
Victor Julien	a6e75aff21	file-extraction: improve handling of complex multipart bodies.	14 years ago
Anoop Saldanha	4b8ebb5c53	set default response body limit for specific http server conf	14 years ago
Anoop Saldanha	6240131a4e	updates to accomodate master rebase	14 years ago
Anoop Saldanha	7c9d1b80fd	Update size parsing API with new calls for returing u8, u16, u32 and u64 values. Make updates in the codebase to use these new calls	14 years ago
Anoop Saldanha	e0c13434ef	bug 333 - support new Size Parsing API. Update various conf params inside the engine to use this API to parse sizes in the format xxx <-just the no represents bytes, xxxkb <- kilobytes, xxxmb <- megabytes, xxxgb <- gigabytes, where xxx is a \d+	14 years ago
Victor Julien	004b5dde88	Support libhtp's different handling of CONNECT requests.	14 years ago
Victor Julien	33848124d1	Fix a multipart body parsing issue.	14 years ago
Victor Julien	d59ca75e46	file extract: split toserver and toclient tracking Split toserver and toclient file tracking for the http state.	14 years ago
Victor Julien	1c934acc85	Don't store fd per file (too many fd's). Enable IPv6 storing. Close file on receiving stream end flag.	14 years ago
Victor Julien	b402d97179	File carving -- enable reponse file extraction - Enable response body tracking - Enable file extraction for responses - File store meta file includes magic, close reason. - Option to force magic lookup for all stored files. - Fix libmagic calls thead safety.	14 years ago
Victor Julien	66a3cd96a8	Prepare HTTP response body tracking.	14 years ago
Victor Julien	e1022ee5ae	file-extraction: Disconnect file handling from flow and move into the app layer state.	14 years ago
Victor Julien	23e01d23d3	Implement filestore keyword, including a way for the stateful detection engine to conclude that a file will never have to be stored.	14 years ago
Victor Julien	403b2788d6	Add support for extracting PUT files.	14 years ago
Victor Julien	59cda9a358	Fix not using new htp callback when using the bundled htp. Add indication to --build-info. Fix valgrind warning in test and further improve test.	14 years ago

1 2 3

150 Commits (844e4dba11867fb9f2b91292a9b73b10a5ec415a)