aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,135 Commits
7 Branches
161 Tags
176 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9209eaeaf6'
${ noResults }
Commit Graph

1073 Commits (9209eaeaf671638d3d340cfb5c7768a40e81d1a7)

Author SHA1 Message Date
Victor Julien d3244e51eb Fix big endian iponly handling. 16 years ago
Victor Julien 59ccef9a11 Handle ip only matching correctly on big endian systems. Thanks to Yao-Min Chen for figuring this out. 16 years ago
Pablo Rincon cef12d30b5 Unified output fixes: alert count per module (not per thread), fix timestamps on pcap mode, write *all* the alerts of a packet, write the log header once also on unified alert 16 years ago
Breno Silva b02bb6b6b4 VLAN Support 16 years ago
Pablo Rincon 29d51a6182 Using the loggin API in source-pcap and source-pcap-file 16 years ago
Gurvinder Singh 5293681860 b86 16 years ago
Victor Julien 4f3a04a410 Disable htp cleanup code as I'm not yet convinced it does what it should. 16 years ago
Gurvinder Singh bf236e4567 better htp memory handling & flow valgrind error fixed 16 years ago
Jason Ish 763fb4a583 Fix threading issues with unified-log. - Only write the header once, on opening, not per thread init. - Track the size in the log file ctx, not per thread. 16 years ago
Victor Julien defc6595c6 Make pcre P have it's own sm type. 16 years ago
Pablo Rincon 0165b3f0d8 pcre P modifier support (pcre match over http body requests) 16 years ago
Gerardo Iglesias Galvan ba6d807a6e Improve information about errors on signature failure 16 years ago
Jason Ish cc28284598 Set the ethernet header pointer. Without this, alert-unified-log will add an extra ethernet header to every alert logged. 16 years ago
Kirby Kuehl 565eab1f54 fix bug88 16 years ago
Kirby Kuehl a334a87109 smb safety checks 16 years ago
Kirby Kuehl bea30a6db6 bug 88 validate dcerpc header 16 years ago
Jason Ish 9e4da4f8e7 supply pcre_get_substring with the proper start of the string. 16 years ago
Kirby Kuehl a8c3718b56 signed unsigned comparision fix for 64 bit 16 years ago
William Metcalf 7099da431b small fix for source-pfring.c after stat err rename 16 years ago
Jason Ish e87d4f8a28 Split the defrag counters into ipv4 and ipv6. 16 years ago
Victor Julien 2cb2989ad8 Apply configurable max pending packets to nfq and ipfw 16 years ago
Jason Ish 7142fdb780 quick way to make max_pending configurable. 16 years ago
Victor Julien 187949b9ad Make urilen inspect the normalized uri, cleanup uri (error) handling. 16 years ago
Jason Ish 6b562f7aa6 Issue 82 - fragment counters. - number of fragments - number reassembled - number of timeouts 16 years ago
Victor Julien 3d0355bae8 Compile fix. 16 years ago
William Metcalf c3e70accd2 pcap and pfring exit stats 16 years ago
Victor Julien b99e10236c Fix a endless loop condition in the smb parser and make dcerpc parser more quiet. 16 years ago
Victor Julien 16aebe5add Fixup smb tests. 16 years ago
Kirby Kuehl 957b43b3d6 signed unsigned comparision cleanup 16 years ago
Kirby Kuehl 40a0fd5e97 fix warning 16 years ago
Kirby Kuehl 4b05bc281d fix padding bug 16 years ago
Kirby Kuehl 6aac8d55a6 reset smb bytesprocessed when complete 16 years ago
Kirby Kuehl 4dd2f621ac smb writeandx dcerpc over smb 16 years ago
Pablo Rincon 583c686170 Allowing no case options for flow keyword. Adding unittests for this 16 years ago
Victor Julien 194015c6cf Fix reject code to not send resets for all alerts. 16 years ago
William Metcalf f925ac9351 printf to logging subsys conversion for src/detect-bytejump.c 16 years ago
Gurvinder Singh 999a200bc9 pattern matcher options support 16 years ago
Pablo Rincon d0404d8447 Renaming errors with naming conventions 16 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 16 years ago
Jason Ish 8f618b2121 - actually re-inject ipv6 re-assembled packets. - set the next header. 16 years ago
Jason Ish 8570976ee0 Fix for lists that are children of another list. Fix memory leak by only setting the sequence index value to the first item found. 16 years ago
Victor Julien 501c8814b6 fix crash in urilen 16 years ago
Victor Julien ed7762e843 Disable unused jabber proto detection as it made the proto detection code look way more into the stream than without it. 16 years ago
Jason Ish 6f73aca1e8 I know Snort defaults to syslog in daemon mode, but should we? 
Stick to the logging configuration defined in the config file
in daemon mode.
 16 years ago
Jason Ish c72d6be58b Making logging configurable. If no logging outputs are defined the default will be used. - Currently per output log formatting is not available. 16 years ago
Breno Silva a857fa7170 FragOffset Rule Keyword 16 years ago
Breno Silva 7e299834d2 FragOffset Rule Keyword 16 years ago
Victor Julien f96511a8b1 Check reassembly limits against correct stream direction. Set proper direction flag in stream msgs. 16 years ago
Gurvinder Singh ed99e73622 bug 78 16 years ago
Kirby Kuehl 58c8103a4b fix unittest 16 years ago
Victor Julien 53c9276d51 Cleanup pcap output. 16 years ago
Victor Julien e0aacac4c6 Move bpf string retrieval to it's own function. Clean up pcap sourcres a bit. 16 years ago
William Metcalf ba46c16aac bpf support for pcap modes 16 years ago
Pierre Chifflier 4515ae13e4 Add Prelude output plugin 
Add support for reporting alerts to the Prelude SIEM system, using
libprelude to send IDMEF (RFC4765) messages.

Each message contains the alert description and reference (using
the SID/GID), and a normalized description (assessment, impact,
sources etc.)

libprelude handles the connection with the manager (collecting component),
spooling and sending the event asynchronously. It also offers transport
security (using TLS and trusted certificates) and reliability (events
are retransmitted if not sent successfully).

This modules requires a Prelude profile to work (see man prelude-admin
and the Prelude Handbook for help).

Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 16 years ago
Gurvinder Singh cf5266094d bug 66 patch 16 years ago
Victor Julien 148883cedf Work around for unsupported CONNECT support handling. 16 years ago
Victor Julien 7deb4e9f09 Cleanup AppLayerDetectGetProto a bit. 16 years ago
Victor Julien fd409049cb First step for proper HTTP CONNECT handling. 16 years ago
Victor Julien 9f3f9e9ba1 Fix ipfw verdict. 16 years ago
Gurvinder Singh 3cad20946d bug 64 patch 16 years ago
Victor Julien 53977fded6 Small compilation fixes when debugging is disabled. 16 years ago
Victor Julien 6a53ab9c5a Stream engine memory handling update 
The stream engine memory handling needed updating as it didn't scale. Changes:

- pools can now be initialized to size 0, meaning unlimited
- stream engine uses a memcap setting. Sessions, segments and aldata is part
  of this, app layer state isn't.
- memory is accounted using a global int that is spinlocked.
- a counter for sessions that have not been picked up because of memcap was
  added.
- all reassembly errors are converted to debug msgs.
 16 years ago
Victor Julien df4c642c70 Fix weird compile error 16 years ago
Victor Julien b1531f7244 Manually merge Pablo's IPFW action patch. 16 years ago
Pablo Rincon 51dc773eec Changing the veredict actions to flags to allow simultaneous veredict 16 years ago
Nick Rogness 2b7b78f1bf Intial IPFW support FreeBSD and OSX 16 years ago
Jason Ish fbf03a927d Fix issue 71. The insert and re-assemble need to be done under the same tracker lock. 16 years ago
Victor Julien f7f33ec889 Fix the flow manager sleeping for way too long in some situations. 16 years ago
Kirby Kuehl 298bf4cc88 dcerpc over smb for transact 16 years ago
Victor Julien bbfe1d293e Fix merge artifact. 16 years ago
Victor Julien f08d01a8e8 Set sensible tcp timeout defaults and no longer set the timeouts from the stream engine. 16 years ago
Pablo Rincon 7f250a814a Fixing redeclaration of run_mode 16 years ago
Pablo Rincon 5592189c04 Loading flow settings from config 16 years ago
Kirby Kuehl 8efbe491a1 dcerpc refactoring 16 years ago
Kirby Kuehl 008de4321b refactor dcerpc in prep for dcerpc over smb 16 years ago
Anoop Saldanha 546e9b5f28 AddressCutNot fix for address engine ipv6 16 years ago
Anoop Saldanha e25696afce engine address ipv6 refactored 16 years ago
Gurvinder Singh d9677c7e2a bug 76 patch 16 years ago
Jason Ish 0a5bc2d600 Fix issue 74. separate initialization of run modes from adding them to a thread. - fixes issues with multiple output threads. 16 years ago
Pablo Rincon 260e581929 First version of the reputation API 16 years ago
Kirby Kuehl f15ca04889 fix padding calculation and stubdata parser for dcerpc 16 years ago
William Metcalf 811f2f605d small fix for ! inside of content match 16 years ago
Pablo Rincon 9ec2057a21 Small fix, renaming 16 years ago
Victor Julien 2481f2102b Add missing return value evaluation in port parsing and fix broken unittest. 16 years ago
Victor Julien b3bcba077f Only inspect http flows against uri sigs, clean up uri scanning code. 16 years ago
Gurvinder Singh 0cb43d27e9 uricontent new design 16 years ago
Gurvinder Singh 356a8bf385 applayer uri match and modified http handling 16 years ago
Victor Julien fcb03099a3 Fix reassembly updating the wrong stream on ACK 
The stream reassembly updated the wrong stream on received ACK packets. Instead
of the opposing stream it updated the stream in packet direction. This caused
issues in the app layer handling.

Updated the unittests as well.
 16 years ago
Pablo Rincon 256d745b39 Including header file for cpu detection 16 years ago
Pablo Rincon 17cd010b0c Detect the number of CPUs configured and online. Printing a small summary at the startup 16 years ago
Victor Julien 0d3da34f64 remove unused variables 16 years ago
Victor Julien c352bff6fb Remove unused conditional locking code from the app layer parsing code. 16 years ago
Breno Silva 5461c60ada Allow threshold options in any order 16 years ago
Victor Julien d446b85237 Remove obsolete files. 16 years ago
Steve Grubb f853da7940 Get make distcheck working 
Hello,

Below is a patch that gets "make distcheck" working. Its against the
current code in git. The project version was set to 0.1 in configure,
I changed that to 0.8.1 just so its actually relevant. You might want
to set that to something else.

After checking this patch, I find that there are several source code
files in src/ that are not getting compiled:

-app-layer-detect.c
-app-layer-detect.h
-app-layer-http.c
-reputation.h

Are these new or abandoned? Anyways...here's the patch.

-Steve
 16 years ago
root b5529f7131 add stubdata pointer 16 years ago
Kirby Kuehl 08915649f3 fix double free 16 years ago
Victor Julien f4a23f2325 Fixup noisy debug statement. 16 years ago
Victor Julien 0d34990d7f Add OpenBSD's strlcpy and strlcat and replace all strcat/strcpy/strncat/strncpy by those calls. 16 years ago
Jason Ish 7d920a1254 Fix issue 65. 
- Update unit test to trigger the failure found in the issue 65 pcap.
- Increase pkt buffer to account for the IPv6 header, as a maximum
  size IPv6 datagram is 40 + 0xffff.
- Account for IPv4 header when checking where end of fragment lies.
- Second sanity check during re-assembly to check for writing past
  the end of the pkt buffer.
 16 years ago
Victor Julien 1b8f391607 Fixup flowbits signature keyword parsing memory handling. 16 years ago
Steve Grubb c95cd2e80a memory leak cleanups in misc places 
Hello,

This is all the rest of the memory leaks I found.

*In src/source-pcap-file.c at line 152, ptv is not being freed.
*In src/util-unittest-helper.c at line 152, p was not being freed.
*In src/log-httplog.c at line 195, aft was not being freed
*In src/counters.c at line 51, log_filename was not being freed. At line 1188
pctx is being tested to see if its NULL. However, at 1173 it exits the
function if it were NULL. This test is not needed and should be deleted.
*In src/defrag.c at line 351, tracker was not being freed. At line 390, dc is
being checked for NULL but this was already done at line 384. Probably what
was meant was checking the value of dc->frag_table which was just assigned.

The patch below makes the above described changes.

-Steve
 16 years ago
Steve Grubb 60ad9d29c5 Memory leak cleanup in detectors 
Hello,

I ran the code through an analysis program and found several leaks that
should be cleaned up.

*In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL
will never be true since that is the loop entry test.
*In src/detect-engine-port.c at line 1133, the test for p == NULL will
never be true since that is the loop entry test.
*In src/detect-engine-mpm.c at line 263 is a return without freeing
fast_pattern
*In src/detect-ack.c at line 80 and 85, data catches the return from malloc.
One of them should be deleted.
*In src/detect-seq.c at line 81 and 86, data catches the return from malloc.
One of them should be deleted.
*In src/detect-content.c at line 749, many of the paths that lead to the error
exit still has temp pointing to allocated memory. To clean this up, temp
should be set to NULL if not immediately assigning and new value.
*In src/detect-uricontent.c at line 319, both cd and str needto be freed. At
lines 344, str needs to be freed. And at line 347 str and temp need to be
freed.
*In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was
not being freed at line 235.
*In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd
and str were not being freed.
*In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str
was not being freed.
*In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str
and cd was not being freed.
*In src/detect-pcre.c at line 389, there is an extra free of "re" that should
be deleted.
*In src/detect-depth.c at line 42 & 48, str has not been freed.
*In src/detect-distance.c at line 49 and 55, str has not been freed
*In src/detect-offset.c at line 45, str has not been freed.

The patch below fixes these issues.

-Steve
 16 years ago
Steve Grubb f6653752c5 memory leak cleanup in alerts 
Hello,

I ran the code through an analysis program and found several memory leaks
in the alert code.

*In src/alert-fastlog.c at line 178, aft was not being freed
*In src/alert-debuglog.c at line 205, aftwas not being freed
*In src/alert-unified-log.c at lines 234 and 243, aun was not being freed
*In src/alert-unified-alert.c at lines 219 and 230, aun was not being freed
*In src/alert-unified2-alert.c at line 505, aun was not being freed

The patch below fixes this.

-Steve
 16 years ago
Victor Julien 5f5a44b365 PPPoE fixes. 16 years ago
William Metcalf 82978f9f27 new pfring runmode for quad core, other small pfring fixes 16 years ago
Victor Julien 434da6b965 Set no reassembly flags on sessions we don't recognize the protocol for. 16 years ago
Gurvinder Singh f6b0c481b0 urilen support for engine 16 years ago
Victor Julien 9b4f3f918b Fix broken debug code in stream reassembly 16 years ago
Pablo Rincon c1e6aabb0a Small fix 16 years ago
Pablo Rincon 705471e4ee Adding single pattern matcher algorithms. If you cannot store a context for the patterns, use SpmSearch() macro. Adding unittests and stats 16 years ago
Victor Julien cae8e06cb9 Properly lock app layer result pool and add some debugging code for memory tracking. 16 years ago
Victor Julien 4284276b11 Merge applayer detect function into normal match function. Should speed up detection. 16 years ago
Victor Julien bcd0682150 Make engine startup a little less verbose. 16 years ago
Jason Ish 5076452707 Potential fix for issue 60. 
- Increase the packet buffer so it can hold the link header when we
  have maximum size IP datagrams.
- Fix ip header length and pkt length calculation for re-assembled
  packets.
 16 years ago
Victor Julien 9d3a9273dd Rename fmem_t to SCFmem and make sure it's not exported. 16 years ago
Pablo Rincon 673afeb4d3 fmemopen wrapper added (fix compilation problems on macosx and freebsd) 16 years ago
Victor Julien 42e8a01221 Make sure pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION check works with strict compiler settings. 16 years ago
William Metcalf 5bde121754 --enable-gccprofile sets -pg flag detect presence of pcre recursion 16 years ago
Eric Leblond db2d483d11 convert action_type to enum 
This patch converts packet action type to an enum. This will
provide some facilities and ease bad value detection by gcc.
 16 years ago
Gerardo Iglesias Galvan f5743afed5 Fix logging messages related to icmp_id parsing 16 years ago
Gerardo Iglesias Galvan 4b39ddaf95 Fix logging messages related to icmp_id parsing 16 years ago
Breno Silva 1d055b0e09 ICMP Seq Rule Keyword 16 years ago
Victor Julien 34e11e4784 Fixup unused variable compiler warning in the dce code. 16 years ago
root ddf5995049 endianness handling update 16 years ago
Kirby Kuehl 3d59f40640 style patch 16 years ago
root 706bb95209 fix bug 61 16 years ago
Jason Ish 7aac64f262 unit test for issue 59. 16 years ago
Jason Ish a7b37afc4e Fix issue 59. Drop a fragment that extends past the maximum IP packet size. 16 years ago
Gurvinder Singh fea277b2aa memory leak fixes 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Gurvinder Singh 66cc392177 init b46 16 years ago
Kirby Kuehl 90b42232fa dcerpc request smb transact and fix for dcerpc bindack 16 years ago
Gurvinder Singh 8f00718b0d bug 57 16 years ago
Eric Leblond 51be576a30 nfq: modify queue length computation logic 
This patch modifies  max queue length computation logic. The max queue
length was set to MAX_PENDING which is the total number of packet
processed simultaneously in suricata.

This value is correct but this will not permit to take all burst
effects into account (read sudden quantity of packet that arrives
faster than suricata is enable to parse). Furthermore there is a
delaying system when suricata gets overloaded which make necessary
to have packet storable into kernel for some time.

To improve this situation the patch increases the maximum queue
length to NFQ_BURST_FACTOR (4) time the MAX_PENDING packet and
it also increase the nfnetlink buffer size to be able to store
all packets waiting for suricata in the netlink receive buffer.
 16 years ago
Eric Leblond 775ac9ad9d fix code file permission 
detect-http-method.c was executable.
 16 years ago
Eric Leblond 84dfc0172a gcc warning fixes. 
This patch fixes gcc warning:
    warning: suggest braces around empty body in an ‘if’ statement
This was the case in  when the macro SCLogDebug was used:
    if (ssn != NULL)
        SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);

It also fixes a signed-unsigned comparison.
 16 years ago
Eric Leblond 72d48f6658 nfq: add sanity checking 
This patch adds sanity checking to payload handling. It set length
of packet to zero if an error occurs.
 16 years ago
Eric Leblond 56cccdfa62 nfq: use switch instead of 'else if' 
This patch convert a 'else if' serie to a switch to increase
the readability of the decision related code.

 Please enter the commit message for your changes. Lines starting
 16 years ago
Eric Leblond c96586446b ethernet: use switch instead of 'else if' 
This patch uses a switch instead of a 'else if' series. It also
adds a debug message for unsupported ethernet type.
 16 years ago
Eric Leblond 6cf00d6204 Fix typo in Makefile.am 
This patch fixes a typo in Makefile.am which was preventing
'make tags' from working.
 16 years ago
Victor Julien 9295193968 Fixup unittest error output for RAW decoder. 16 years ago
William Metcalf c5d0b492d3 small unittest fixes to decode-raw.c 16 years ago
William Metcalf 8a64321340 raw pcap support additionl ipv4/6 validation 16 years ago
Pablo Rincon 0c9f51498a Small fixes at unittest helper functions and TestBidirec03 16 years ago
Pablo Rincon c80160b96d More examples of unittest helper functions usage reference 16 years ago
Pablo Rincon b6a3395c08 Adding unittest helper functions for building generic packets, checking arrays of expected match results, perform generic tests, etc. Look at util-unittest-helper.c and detect-ipproto.c for references 16 years ago
Jason Ish 095f2cf6ef Consistency fix.. Xxxlog -> XxxLog. 16 years ago
Jason Ish e204d07717 Have output modules register themselves so run mode configurator becomes aware of them for purposes of being configured from the config file. 16 years ago
Victor Julien 9b90c553b5 Clean ip fields from packet as well when the packet is reused. Prevents issues with malformed packets that are rejected by the decoders before ipaddresses are set. 16 years ago
Victor Julien 27a138d862 Suppress some flow messages. 16 years ago
Gurvinder Singh b0dcd02c1b bug 56 patch 16 years ago
Victor Julien eb67bb442e Fixup unittests that use buffers that simulate configuration files. They now include the YAML header. 16 years ago
Jason Ish 4e1acf5fd2 Require that the configuration file begins with a valid YAML version. At this time this means the configuration file must begin with 
%YAML 1.1
 16 years ago
Jason Ish 5e318aa342 Fix issue 55. 
Don't process any key/value pairs until we've hitting a mapping.
 16 years ago
Jason Ish c4f178f3d7 Do not seen_last unless the packet with more_frags=0 was actually inserted into the frag tracker. Fixes issue 53. 
Add unit test for this failure case.
 16 years ago
Jason Ish fc5df7d064 don't create a new tracker when frags are received in reverse order. 16 years ago
Gerardo Iglesias Galvan 40c514f295 Fix bug in logging msg when using --init-errors-fatal 16 years ago
Gerardo Iglesias Galvan 5eb819b0f4 Add signature line no. to error message when parsing fails 16 years ago
Gerardo Iglesias Galvan fae92f8d7b Fix bug#30. Fix logging call from prev patch 16 years ago
Gerardo Iglesias Galvan 988dc5520b Improve output when loading rules 16 years ago
Victor Julien 56556eb550 Set payload no inspect flag for packets with encapsulated packets as these are inspected separately 16 years ago
Victor Julien 9ececacda3 Fix packet timestamp handling for encapsulated packets. 16 years ago
Jason Ish 4c83652ad3 initialize vars 16 years ago
Victor Julien c1283a6628 Fix app layer proto detection code not being thread safe. 16 years ago
Gurvinder Singh fde948f488 bug 41 patch 16 years ago
Victor Julien fcabd1b2ba Fix typo. 16 years ago
Jason Ish cf95fa7c74 configurable outputs for nfq and pcap file. 16 years ago
Jason Ish a05436af8c Configurable alert outputs for PF_RING modes. 16 years ago
Jason Ish 844c444af1 Use the configuration file to setup alert logging (and http logging). 
Only setup for the live pcap modes at the moment.
 16 years ago
Victor Julien 13e10ccd86 Enable bytes per sec and mbit per sec for nfq as well 16 years ago
Anoop Saldanha e45b626b24 refactoring, tests for address engine ipv4 16 years ago
Jason Ish 1aabe6f7c1 in the unit tests make sure memory allocated from the pool was returned. 16 years ago
Jason Ish 6547725b39 consolidate more common code between ipv4 and ipv6. 16 years ago
Jason Ish 176c6e5668 use a common insert method for ipv4 and ipv6 16 years ago
Jason Ish ccbf8bcae5 Use the V6 insert and re-assembly logic for IPv4 as well. Its a little simpler to track and update. 16 years ago
root 9b74a2765e 64 bit portability 16 years ago
Victor Julien d7958f7983 fix wrong keyword name 16 years ago
Victor Julien 9ee6d6906f Add some safety checks. 16 years ago
Anoop Saldanha 06a640e794 fix for bug #47 16 years ago
Anoop Saldanha a83f7abcc1 logging module bug 6 fix 16 years ago
Victor Julien 6b36e23e45 Fix not decreasing the flow use_cnt reference counter in some cases from the app layer detection code. This caused some streams to never fully time out and thus clutter up the flow table and session pool. 16 years ago
Victor Julien c3269dbcb4 Fix compiler warning in http method code 16 years ago
Brian Rectanus c22d42693a Added http_method rule keyword. 16 years ago
Gurvinder Singh 6814ea1a0f some more stream fixes 16 years ago
Victor Julien 94ae001dec Fixup month displaying for the stats log. 16 years ago
Victor Julien 5e8413aeea Don't scan more of a stream for proto detection than necessary. 16 years ago
Gurvinder Singh a66c6752d5 stream os_policy support 16 years ago
Anoop Saldanha eea0e2a807 Radix Tree fixes/updates 16 years ago
Victor Julien 8f7cff1d53 Fix compilation with -Wextra 16 years ago
Victor Julien b7bac14040 Fixup code to compile with -Wall -Werror -Wextra -Wno-unused-parameter compiler options. 16 years ago
Gurvinder Singh 4e1dc0bd83 bug 41 patch 16 years ago
Gurvinder Singh 567bbf604b stream reassembling fixes 16 years ago
Jason Ish 6520d42b4c Allow nested sequences. 16 years ago
Jason Ish d86282af9c pretty up ConfDump output for when there is no valid prefix 16 years ago
Jason Ish 668b86cba4 Fix issue 36. Give each unit test a fresh configuration context - helps tests pass when a config file is passed in, which can 
mess up the "expected" output, as this is testing loading
values into the configuration system.
 16 years ago
Jason Ish 749647a69d use const 16 years ago
root 5113636744 bind and bind_ack tracking 16 years ago
Victor Julien 1f09a88c93 Improve default-log-dir error checking and reporting. 16 years ago
Anoop Saldanha 750600ab17 check for the existance of default logging directory 16 years ago
Anoop Saldanha 8189f4d88e Change error log messags to debug ones in the log modules 16 years ago
Victor Julien f5ef0cc3b8 Exit if no classification.config has been found. 16 years ago
Victor Julien 9e5f7459c2 Actually use classification msg 16 years ago
Victor Julien 2b66667a76 Make sure we can't overflow our packet alert storage 16 years ago
Jason Ish 527d735500 Suppress these debug lines. 16 years ago
Victor Julien 9b422c443e Fix up initialization and hopefully make the SEQ macro's fix up an 64bit issue we're seeing... 16 years ago
Victor Julien 18aa59b391 Fix compilation and a small memory error. 16 years ago
Anoop Saldanha f684989f98 dce_iface, dce_opnum, dce_stub_data keyword support 16 years ago
Victor Julien d284f0d333 Set default classification file location in the config file. 16 years ago
Victor Julien ecab1fae36 Remove contents of VRT classification.config. 16 years ago
Anoop Saldanha 011b74df63 Modify the classification config tests to use the buffer than a temp file and also fix an invalid free 16 years ago
Anoop Saldanha bc4df59414 Support for Classtype keyword and Classification Config file 16 years ago
Victor Julien f0be69dcd0 Fixup smb/smb2/dcerpc wrt loops, debug printing, style. 16 years ago
Victor Julien 4c2782e971 Improve depth and offset setup error reporting 16 years ago
Victor Julien f6f0ad94ce silence a debug statement in the msg handling 16 years ago
Victor Julien d5c732f1f9 Add tag keyword stub 16 years ago
Victor Julien b2adf31595 online abort() in stream reassembly if were in debug mode 16 years ago
Victor Julien ef6ab4efa0 Add pcre negate support. 16 years ago
William Metcalf 1d553c940b failing unit test showing negated pcre treated as nonnegated match 16 years ago
Victor Julien 040e62f3ec Fixup noisy debug statement 16 years ago
Victor Julien 7b2610ba1f Fix extra spaces confusing content and uricontent. 16 years ago
Gurvinder Singh a19fbf22e2 bug 29 patch 16 years ago
Victor Julien ae94b102cb Improve distance/within/nocase handling, sig parsing error reporting. 16 years ago
Victor Julien 4862488dac add version output, -V option 16 years ago
Victor Julien 6beee776ca Move rand seed code into util-random 16 years ago
Pablo Rincon 6224c30548 Adding preseending to rands 16 years ago
Jason Ish b2ee780788 "last" policy for ipv6 16 years ago
Jason Ish ecc50b8b2f add first policy for ipv6 frag re-assembly 16 years ago
Jason Ish d9380a8cb5 solaris policy for ipv6 16 years ago
Jason Ish ce20c33634 multiline rule support. 16 years ago
Will Metcalf 23aa6cf642 more fixes for exit on sig init failure 16 years ago
Will Metcalf f2b1e66a6a fixes for init failure stuff 16 years ago
Victor Julien 778228d1c5 Flags keyword fix. Fatal init fix. 16 years ago
Victor Julien 35e884f303 Make sure offset modifies depth. 16 years ago
William Metcalf c63b1e0f67 failing unit test depth doesn't take into account offset 16 years ago
Will Metcalf cc3c1779cd more project name updates 16 years ago
Victor Julien 9bbe43c019 Fixup calculation of the minimum scan pattern lenght in some cases. 16 years ago
Victor Julien aa736b01d6 Fix thresholding coding changing unlocked and supposed to be static memory areas. 16 years ago
Victor Julien c969294fef Make sure icmp rules also apply to icmpv6 16 years ago
Gurvinder Singh 8cfdf6c666 bug 18 patch update 16 years ago
Gurvinder Singh b92886a79a bug#18 and some minor changes 16 years ago
Gurvinder Singh 542a43437e bug19 patch 16 years ago
Pablo Rincon 0e83759ed4 Small fix 16 years ago
Victor Julien 1d12de9500 DetectContentChunkMatchTest11 is no longer expected to fail. 16 years ago
Victor Julien 18441c2be7 Fix broken pattern len compilation causing certain patterns to no match when they should. 16 years ago
Victor Julien 0ab9adabd4 Test PortTestMatchDoubleNegation is no longer expected to fail. 16 years ago
Victor Julien 0a699857d6 Fix negation for addresses as well. 16 years ago
Victor Julien 50c07f9901 Fix wrong negation of ports. 16 years ago
Victor Julien 10cc9d5b6a Add icmp flow handling. 16 years ago
Victor Julien 71ed2d38f5 Fix scan patterns sometimes not being added to the scan ctx. Should fix bug #9. 16 years ago