aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,135 Commits
11 Branches
161 Tags
180 MiB
dependabot/github_actions/actions/download-artifact-5.0.0
dependabot/github_actions/codecov/codecov-action-5.5.0
dependabot/github_actions/actions/checkout-5
dependabot/github_actions/github/codeql-action-3.30.0
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9209eaeaf6'
${ noResults }
Commit Graph

1073 Commits (9209eaeaf671638d3d340cfb5c7768a40e81d1a7)

Author SHA1 Message Date
Victor Julien 1b8f391607 Fixup flowbits signature keyword parsing memory handling. 16 years ago
Steve Grubb c95cd2e80a memory leak cleanups in misc places 
Hello,

This is all the rest of the memory leaks I found.

*In src/source-pcap-file.c at line 152, ptv is not being freed.
*In src/util-unittest-helper.c at line 152, p was not being freed.
*In src/log-httplog.c at line 195, aft was not being freed
*In src/counters.c at line 51, log_filename was not being freed. At line 1188
pctx is being tested to see if its NULL. However, at 1173 it exits the
function if it were NULL. This test is not needed and should be deleted.
*In src/defrag.c at line 351, tracker was not being freed. At line 390, dc is
being checked for NULL but this was already done at line 384. Probably what
was meant was checking the value of dc->frag_table which was just assigned.

The patch below makes the above described changes.

-Steve
 16 years ago
Steve Grubb 60ad9d29c5 Memory leak cleanup in detectors 
Hello,

I ran the code through an analysis program and found several leaks that
should be cleaned up.

*In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL
will never be true since that is the loop entry test.
*In src/detect-engine-port.c at line 1133, the test for p == NULL will
never be true since that is the loop entry test.
*In src/detect-engine-mpm.c at line 263 is a return without freeing
fast_pattern
*In src/detect-ack.c at line 80 and 85, data catches the return from malloc.
One of them should be deleted.
*In src/detect-seq.c at line 81 and 86, data catches the return from malloc.
One of them should be deleted.
*In src/detect-content.c at line 749, many of the paths that lead to the error
exit still has temp pointing to allocated memory. To clean this up, temp
should be set to NULL if not immediately assigning and new value.
*In src/detect-uricontent.c at line 319, both cd and str needto be freed. At
lines 344, str needs to be freed. And at line 347 str and temp need to be
freed.
*In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was
not being freed at line 235.
*In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd
and str were not being freed.
*In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str
was not being freed.
*In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str
and cd was not being freed.
*In src/detect-pcre.c at line 389, there is an extra free of "re" that should
be deleted.
*In src/detect-depth.c at line 42 & 48, str has not been freed.
*In src/detect-distance.c at line 49 and 55, str has not been freed
*In src/detect-offset.c at line 45, str has not been freed.

The patch below fixes these issues.

-Steve
 16 years ago
Steve Grubb f6653752c5 memory leak cleanup in alerts 
Hello,

I ran the code through an analysis program and found several memory leaks
in the alert code.

*In src/alert-fastlog.c at line 178, aft was not being freed
*In src/alert-debuglog.c at line 205, aftwas not being freed
*In src/alert-unified-log.c at lines 234 and 243, aun was not being freed
*In src/alert-unified-alert.c at lines 219 and 230, aun was not being freed
*In src/alert-unified2-alert.c at line 505, aun was not being freed

The patch below fixes this.

-Steve
 16 years ago
Victor Julien 5f5a44b365 PPPoE fixes. 16 years ago
William Metcalf 82978f9f27 new pfring runmode for quad core, other small pfring fixes 16 years ago
Victor Julien 434da6b965 Set no reassembly flags on sessions we don't recognize the protocol for. 16 years ago
Gurvinder Singh f6b0c481b0 urilen support for engine 16 years ago
Victor Julien 9b4f3f918b Fix broken debug code in stream reassembly 16 years ago
Pablo Rincon c1e6aabb0a Small fix 16 years ago
Pablo Rincon 705471e4ee Adding single pattern matcher algorithms. If you cannot store a context for the patterns, use SpmSearch() macro. Adding unittests and stats 16 years ago
Victor Julien cae8e06cb9 Properly lock app layer result pool and add some debugging code for memory tracking. 16 years ago
Victor Julien 4284276b11 Merge applayer detect function into normal match function. Should speed up detection. 16 years ago
Victor Julien bcd0682150 Make engine startup a little less verbose. 16 years ago
Jason Ish 5076452707 Potential fix for issue 60. 
- Increase the packet buffer so it can hold the link header when we
  have maximum size IP datagrams.
- Fix ip header length and pkt length calculation for re-assembled
  packets.
 16 years ago
Victor Julien 9d3a9273dd Rename fmem_t to SCFmem and make sure it's not exported. 16 years ago
Pablo Rincon 673afeb4d3 fmemopen wrapper added (fix compilation problems on macosx and freebsd) 16 years ago
Victor Julien 42e8a01221 Make sure pcre PCRE_EXTRA_MATCH_LIMIT_RECURSION check works with strict compiler settings. 16 years ago
William Metcalf 5bde121754 --enable-gccprofile sets -pg flag detect presence of pcre recursion 16 years ago
Eric Leblond db2d483d11 convert action_type to enum 
This patch converts packet action type to an enum. This will
provide some facilities and ease bad value detection by gcc.
 16 years ago
Gerardo Iglesias Galvan f5743afed5 Fix logging messages related to icmp_id parsing 16 years ago
Gerardo Iglesias Galvan 4b39ddaf95 Fix logging messages related to icmp_id parsing 16 years ago
Breno Silva 1d055b0e09 ICMP Seq Rule Keyword 16 years ago
Victor Julien 34e11e4784 Fixup unused variable compiler warning in the dce code. 16 years ago
root ddf5995049 endianness handling update 16 years ago
Kirby Kuehl 3d59f40640 style patch 16 years ago
root 706bb95209 fix bug 61 16 years ago
Jason Ish 7aac64f262 unit test for issue 59. 16 years ago
Jason Ish a7b37afc4e Fix issue 59. Drop a fragment that extends past the maximum IP packet size. 16 years ago
Gurvinder Singh fea277b2aa memory leak fixes 16 years ago
Gurvinder Singh 5c8d90afc8 memory leak fixes 16 years ago
Gurvinder Singh 66cc392177 init b46 16 years ago
Kirby Kuehl 90b42232fa dcerpc request smb transact and fix for dcerpc bindack 16 years ago
Gurvinder Singh 8f00718b0d bug 57 16 years ago
Eric Leblond 51be576a30 nfq: modify queue length computation logic 
This patch modifies  max queue length computation logic. The max queue
length was set to MAX_PENDING which is the total number of packet
processed simultaneously in suricata.

This value is correct but this will not permit to take all burst
effects into account (read sudden quantity of packet that arrives
faster than suricata is enable to parse). Furthermore there is a
delaying system when suricata gets overloaded which make necessary
to have packet storable into kernel for some time.

To improve this situation the patch increases the maximum queue
length to NFQ_BURST_FACTOR (4) time the MAX_PENDING packet and
it also increase the nfnetlink buffer size to be able to store
all packets waiting for suricata in the netlink receive buffer.
 16 years ago
Eric Leblond 775ac9ad9d fix code file permission 
detect-http-method.c was executable.
 16 years ago
Eric Leblond 84dfc0172a gcc warning fixes. 
This patch fixes gcc warning:
    warning: suggest braces around empty body in an ‘if’ statement
This was the case in  when the macro SCLogDebug was used:
    if (ssn != NULL)
        SCLogDebug("ssn->alproto %"PRIu16"", ssn->alproto);

It also fixes a signed-unsigned comparison.
 16 years ago
Eric Leblond 72d48f6658 nfq: add sanity checking 
This patch adds sanity checking to payload handling. It set length
of packet to zero if an error occurs.
 16 years ago
Eric Leblond 56cccdfa62 nfq: use switch instead of 'else if' 
This patch convert a 'else if' serie to a switch to increase
the readability of the decision related code.

 Please enter the commit message for your changes. Lines starting
 16 years ago
Eric Leblond c96586446b ethernet: use switch instead of 'else if' 
This patch uses a switch instead of a 'else if' series. It also
adds a debug message for unsupported ethernet type.
 16 years ago
Eric Leblond 6cf00d6204 Fix typo in Makefile.am 
This patch fixes a typo in Makefile.am which was preventing
'make tags' from working.
 16 years ago
Victor Julien 9295193968 Fixup unittest error output for RAW decoder. 16 years ago
William Metcalf c5d0b492d3 small unittest fixes to decode-raw.c 16 years ago
William Metcalf 8a64321340 raw pcap support additionl ipv4/6 validation 16 years ago
Pablo Rincon 0c9f51498a Small fixes at unittest helper functions and TestBidirec03 16 years ago
Pablo Rincon c80160b96d More examples of unittest helper functions usage reference 16 years ago
Pablo Rincon b6a3395c08 Adding unittest helper functions for building generic packets, checking arrays of expected match results, perform generic tests, etc. Look at util-unittest-helper.c and detect-ipproto.c for references 16 years ago
Jason Ish 095f2cf6ef Consistency fix.. Xxxlog -> XxxLog. 16 years ago
Jason Ish e204d07717 Have output modules register themselves so run mode configurator becomes aware of them for purposes of being configured from the config file. 16 years ago
Victor Julien 9b90c553b5 Clean ip fields from packet as well when the packet is reused. Prevents issues with malformed packets that are rejected by the decoders before ipaddresses are set. 16 years ago
Victor Julien 27a138d862 Suppress some flow messages. 16 years ago
Gurvinder Singh b0dcd02c1b bug 56 patch 16 years ago
Victor Julien eb67bb442e Fixup unittests that use buffers that simulate configuration files. They now include the YAML header. 16 years ago
Jason Ish 4e1acf5fd2 Require that the configuration file begins with a valid YAML version. At this time this means the configuration file must begin with 
%YAML 1.1
 16 years ago
Jason Ish 5e318aa342 Fix issue 55. 
Don't process any key/value pairs until we've hitting a mapping.
 16 years ago
Jason Ish c4f178f3d7 Do not seen_last unless the packet with more_frags=0 was actually inserted into the frag tracker. Fixes issue 53. 
Add unit test for this failure case.
 16 years ago
Jason Ish fc5df7d064 don't create a new tracker when frags are received in reverse order. 16 years ago
Gerardo Iglesias Galvan 40c514f295 Fix bug in logging msg when using --init-errors-fatal 16 years ago
Gerardo Iglesias Galvan 5eb819b0f4 Add signature line no. to error message when parsing fails 16 years ago
Gerardo Iglesias Galvan fae92f8d7b Fix bug#30. Fix logging call from prev patch 16 years ago
Gerardo Iglesias Galvan 988dc5520b Improve output when loading rules 16 years ago
Victor Julien 56556eb550 Set payload no inspect flag for packets with encapsulated packets as these are inspected separately 16 years ago
Victor Julien 9ececacda3 Fix packet timestamp handling for encapsulated packets. 16 years ago
Jason Ish 4c83652ad3 initialize vars 16 years ago
Victor Julien c1283a6628 Fix app layer proto detection code not being thread safe. 16 years ago
Gurvinder Singh fde948f488 bug 41 patch 16 years ago
Victor Julien fcabd1b2ba Fix typo. 16 years ago
Jason Ish cf95fa7c74 configurable outputs for nfq and pcap file. 16 years ago
Jason Ish a05436af8c Configurable alert outputs for PF_RING modes. 16 years ago
Jason Ish 844c444af1 Use the configuration file to setup alert logging (and http logging). 
Only setup for the live pcap modes at the moment.
 16 years ago
Victor Julien 13e10ccd86 Enable bytes per sec and mbit per sec for nfq as well 16 years ago
Anoop Saldanha e45b626b24 refactoring, tests for address engine ipv4 16 years ago
Jason Ish 1aabe6f7c1 in the unit tests make sure memory allocated from the pool was returned. 16 years ago
Jason Ish 6547725b39 consolidate more common code between ipv4 and ipv6. 16 years ago
Jason Ish 176c6e5668 use a common insert method for ipv4 and ipv6 16 years ago
Jason Ish ccbf8bcae5 Use the V6 insert and re-assembly logic for IPv4 as well. Its a little simpler to track and update. 16 years ago
root 9b74a2765e 64 bit portability 16 years ago
Victor Julien d7958f7983 fix wrong keyword name 16 years ago
Victor Julien 9ee6d6906f Add some safety checks. 16 years ago
Anoop Saldanha 06a640e794 fix for bug #47 16 years ago
Anoop Saldanha a83f7abcc1 logging module bug 6 fix 16 years ago
Victor Julien 6b36e23e45 Fix not decreasing the flow use_cnt reference counter in some cases from the app layer detection code. This caused some streams to never fully time out and thus clutter up the flow table and session pool. 16 years ago
Victor Julien c3269dbcb4 Fix compiler warning in http method code 16 years ago
Brian Rectanus c22d42693a Added http_method rule keyword. 16 years ago
Gurvinder Singh 6814ea1a0f some more stream fixes 16 years ago
Victor Julien 94ae001dec Fixup month displaying for the stats log. 16 years ago
Victor Julien 5e8413aeea Don't scan more of a stream for proto detection than necessary. 16 years ago
Gurvinder Singh a66c6752d5 stream os_policy support 16 years ago
Anoop Saldanha eea0e2a807 Radix Tree fixes/updates 16 years ago
Victor Julien 8f7cff1d53 Fix compilation with -Wextra 16 years ago
Victor Julien b7bac14040 Fixup code to compile with -Wall -Werror -Wextra -Wno-unused-parameter compiler options. 16 years ago
Gurvinder Singh 4e1dc0bd83 bug 41 patch 16 years ago
Gurvinder Singh 567bbf604b stream reassembling fixes 16 years ago
Jason Ish 6520d42b4c Allow nested sequences. 16 years ago
Jason Ish d86282af9c pretty up ConfDump output for when there is no valid prefix 16 years ago
Jason Ish 668b86cba4 Fix issue 36. Give each unit test a fresh configuration context - helps tests pass when a config file is passed in, which can 
mess up the "expected" output, as this is testing loading
values into the configuration system.
 16 years ago
Jason Ish 749647a69d use const 16 years ago
root 5113636744 bind and bind_ack tracking 16 years ago
Victor Julien 1f09a88c93 Improve default-log-dir error checking and reporting. 16 years ago
Anoop Saldanha 750600ab17 check for the existance of default logging directory 16 years ago
Anoop Saldanha 8189f4d88e Change error log messags to debug ones in the log modules 16 years ago
Victor Julien f5ef0cc3b8 Exit if no classification.config has been found. 16 years ago
Victor Julien 9e5f7459c2 Actually use classification msg 16 years ago
Victor Julien 2b66667a76 Make sure we can't overflow our packet alert storage 16 years ago
Jason Ish 527d735500 Suppress these debug lines. 16 years ago
Victor Julien 9b422c443e Fix up initialization and hopefully make the SEQ macro's fix up an 64bit issue we're seeing... 16 years ago
Victor Julien 18aa59b391 Fix compilation and a small memory error. 16 years ago
Anoop Saldanha f684989f98 dce_iface, dce_opnum, dce_stub_data keyword support 16 years ago
Victor Julien d284f0d333 Set default classification file location in the config file. 16 years ago
Victor Julien ecab1fae36 Remove contents of VRT classification.config. 16 years ago
Anoop Saldanha 011b74df63 Modify the classification config tests to use the buffer than a temp file and also fix an invalid free 16 years ago
Anoop Saldanha bc4df59414 Support for Classtype keyword and Classification Config file 16 years ago
Victor Julien f0be69dcd0 Fixup smb/smb2/dcerpc wrt loops, debug printing, style. 16 years ago
Victor Julien 4c2782e971 Improve depth and offset setup error reporting 16 years ago
Victor Julien f6f0ad94ce silence a debug statement in the msg handling 16 years ago
Victor Julien d5c732f1f9 Add tag keyword stub 16 years ago
Victor Julien b2adf31595 online abort() in stream reassembly if were in debug mode 16 years ago
Victor Julien ef6ab4efa0 Add pcre negate support. 16 years ago
William Metcalf 1d553c940b failing unit test showing negated pcre treated as nonnegated match 16 years ago
Victor Julien 040e62f3ec Fixup noisy debug statement 16 years ago
Victor Julien 7b2610ba1f Fix extra spaces confusing content and uricontent. 16 years ago
Gurvinder Singh a19fbf22e2 bug 29 patch 16 years ago
Victor Julien ae94b102cb Improve distance/within/nocase handling, sig parsing error reporting. 16 years ago
Victor Julien 4862488dac add version output, -V option 16 years ago
Victor Julien 6beee776ca Move rand seed code into util-random 16 years ago
Pablo Rincon 6224c30548 Adding preseending to rands 16 years ago
Jason Ish b2ee780788 "last" policy for ipv6 16 years ago
Jason Ish ecc50b8b2f add first policy for ipv6 frag re-assembly 16 years ago
Jason Ish d9380a8cb5 solaris policy for ipv6 16 years ago
Jason Ish ce20c33634 multiline rule support. 16 years ago
Will Metcalf 23aa6cf642 more fixes for exit on sig init failure 16 years ago
Will Metcalf f2b1e66a6a fixes for init failure stuff 16 years ago
Victor Julien 778228d1c5 Flags keyword fix. Fatal init fix. 16 years ago
Victor Julien 35e884f303 Make sure offset modifies depth. 16 years ago
William Metcalf c63b1e0f67 failing unit test depth doesn't take into account offset 16 years ago
Will Metcalf cc3c1779cd more project name updates 16 years ago
Victor Julien 9bbe43c019 Fixup calculation of the minimum scan pattern lenght in some cases. 16 years ago
Victor Julien aa736b01d6 Fix thresholding coding changing unlocked and supposed to be static memory areas. 16 years ago
Victor Julien c969294fef Make sure icmp rules also apply to icmpv6 16 years ago
Gurvinder Singh 8cfdf6c666 bug 18 patch update 16 years ago
Gurvinder Singh b92886a79a bug#18 and some minor changes 16 years ago
Gurvinder Singh 542a43437e bug19 patch 16 years ago
Pablo Rincon 0e83759ed4 Small fix 16 years ago
Victor Julien 1d12de9500 DetectContentChunkMatchTest11 is no longer expected to fail. 16 years ago
Victor Julien 18441c2be7 Fix broken pattern len compilation causing certain patterns to no match when they should. 16 years ago
Victor Julien 0ab9adabd4 Test PortTestMatchDoubleNegation is no longer expected to fail. 16 years ago
Victor Julien 0a699857d6 Fix negation for addresses as well. 16 years ago
Victor Julien 50c07f9901 Fix wrong negation of ports. 16 years ago
Victor Julien 10cc9d5b6a Add icmp flow handling. 16 years ago
Victor Julien 71ed2d38f5 Fix scan patterns sometimes not being added to the scan ctx. Should fix bug #9. 16 years ago
William Metcalf c40e81d42b failing unittest rules with same content match fail 16 years ago
Victor Julien a8116f65c8 Fix packet flags field not being cleared properly when the packet is being reused. Add some debug statements and cleanup some. 16 years ago
Victor Julien e2376948dd Clean up smb/dcerpc code 16 years ago
root 48cdc8e0fd DCERPC BIND work 16 years ago
Jason Ish 9d55a41e49 Windows and Linux policies for IPV6 frag reassembly. 16 years ago
Victor Julien 4824868766 Application layer detection improvements 
- improve locking of application layer handling, making sure that the flow cannot be freed/cleared when the detection engine is still working with it.
- add a check to the app layer detection to make sure that a match function will only inspect an app layer state if it's of the right type.
 16 years ago
Victor Julien 310a182217 Fix signatures not being initialized properly 16 years ago
Victor Julien 6fe5509617 Fix compiler warning when using HTP rev 68. 16 years ago
Victor Julien 79b15bd1cc fix typo 16 years ago
Victor Julien 53041eeb67 Small cleanups. 16 years ago
Victor Julien 8cc792a3c7 Fix potential deadlock in http cookie match. 16 years ago
Pablo Rincon f729d6f7b3 Changing some more printfs with logging api 16 years ago
Pablo Rincon f2f9b83280 Adding FTP app layer parser and ftpbounce detection at L7 16 years ago
Victor Julien d35dd1c4ea Improve http cookie htp state checking before using it. 16 years ago
Pablo Rincon 6f76ed6804 Match content fail when two contents are specified in the same rule and the last of them has length = 1 16 years ago
Anoop Saldanha f8edb74439 double port/address negation is parsed incorrectly 16 years ago
Victor Julien 6ab64706b0 Improve threshold hash table handling. 16 years ago
Gurvinder Singh 8c8b8596c8 fixed bug 18 16 years ago
Gurvinder Singh 8287ebe12c bug 21 fixing patch 16 years ago
Anoop Saldanha 4d430060d2 fix for unclear error messages bug 15 16 years ago
Anoop Saldanha 47ad1e5b2e detect-engine-address.[ch] refactoring 16 years ago
Anoop Saldanha 2c0345f55e Fix for Unified Alert Test Bug #14 16 years ago
Gerardo Iglesias Galvan 7e87f373b9 Add icmp_id keyword support 16 years ago
Victor Julien 01976a0b74 Support for sigs with both pkt and applayer detect 
Sets a flowbit with the sig id if the packet matches match. Checks
on that if the app layer matches match. Currently misuses the
flowbits api for this in a way that needs fixing.
 16 years ago
Victor Julien 493715c0d2 Implement alert sid storage in the flow so we can check previous alerts in the flow. 16 years ago
Victor Julien 9fd46e9425 Support for sigs with both pkt and applayer detect 
Sets a flowbit with the sig id if the packet matches match. Checks
on that if the app layer matches match. Currently misuses the
flowbits api for this in a way that needs fixing.
 16 years ago
Gurvinder Singh 0419ad7c9a fixed 23 bug 16 years ago
Victor Julien 4f843ff8e9 Improve matching of packet and app layer sigs. 16 years ago
Pablo Rincon 992aaa3d79 Small fix on SigMatchSignaturesAppLayer() and SigMatchSignatures() 16 years ago
Pablo Rincon 459a823a09 Reutilize the filename buffer and avoid malloc's 16 years ago
Pablo Rincon 5f59def86a Force reset size_current to 0 after rotate 16 years ago
Jason Ish fdb1c9c4f2 cleanup warnings. 16 years ago
Jason Ish 6cc0771d6f - Fix memory leak error when freeing node. 
- Cleanup ConfDump output a little.
 16 years ago
Victor Julien 4c79e6d5b6 compile fixes 16 years ago
Jason Ish 28cad3429c An example of how logging could be configured from the log file. 16 years ago
Jason Ish 90c46ee2c9 Add the ability to lookup a child ConfNode, or just the value of a child ConfNode. 16 years ago
Jason Ish 59ec05645f Index sequence items - allows us to store sequences of mappings in the configuration database. 16 years ago
Gurvinder Singh 0a85fd6787 htp error fixed 16 years ago
Gurvinder Singh d8433c7255 fixed-pool-error-and-tcp-state-transition 16 years ago
Victor Julien 53e3e6dee8 Fix compilation after suricata rename. 16 years ago
Pablo Rincon 7473f716bd Improving error report on runmodes and daemon compatibility 16 years ago
Gerardo Iglesias Galvan 5471baf8f4 Change case values to their corresponding enum values 16 years ago
Gerardo Iglesias Galvan e917065e26 Add support for daemon, checking for valid combination of modes 16 years ago
Victor Julien 8490208ba1 Fix bug fix 16 years ago
Victor Julien fa5dbaeb1d Fix segv when testing for sid 2002181 16 years ago
Breno Silva 69eb869cc9 Threshold Rule 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Gurvinder Singh 71a77bf8d6 removeh http_cookie flag 16 years ago
Gurvinder Singh 85f054cac2 changed to DetectHttpCookieData 16 years ago
Gurvinder Singh a0f184866c http_cookie keywork support 16 years ago
Victor Julien 18fe3818dc Remove need_lock from app layer parsers. 16 years ago
William Metcalf 7e2408d273 FreeBSD correct arch specific gettid defs 16 years ago
Gurvinder Singh 7ce586bc77 updated htp error info 16 years ago
Victor Julien ba7e8012af Add some debugging and simplify locking for app layer slightly. 16 years ago
Gurvinder Singh fc2f7f29fa app layer htp error handling and fixes for memory leaks and segv 16 years ago
Victor Julien aa653157bf Convert stats printing in nfq to logging api. 16 years ago
Victor Julien e5301effe6 Make nfq module use logging api. 16 years ago
Pablo Rincon a67bd2457b Loading rules from config support 16 years ago
Victor Julien 3233888c65 Disable noisy debugging statements 16 years ago
Kirby Kuehl 73bdc8a5c3 fix unittests 16 years ago
Kirby Kuehl c20bc68367 readandx and writeandx parsing for smb 16 years ago
Kirby Kuehl 57331ea2a2 add smb2 proto and smb, smb2, dcerpc unit tests 16 years ago
Jason Ish 0d92f0018b First cut at IPv6 re-assembly. Only BSD policy for now, packets don't actually get passed to it yet though. 16 years ago
Pablo Rincon c816af822e Adding support to load rule files from config 16 years ago
Gerardo Iglesias Galvan 7642e53f06 Fix warnings from previous patch. Add info to usage output. 16 years ago
Gerardo Iglesias Galvan b254719ffc Add fatal failures on unittest and siginit failure (using Conf API) 16 years ago
Pablo Rincon 658eac2825 Adding max pattern length for bidirectional operator. Please, use DetectEngineAppendSig() at the unittests. Look at the bidirectional operator unittests for a usage reference. 16 years ago
Pablo Rincon 1ad6d75dfe Added rpc keyword support at packet level 16 years ago
Victor Julien d388444ac3 Use updated mutex calls. 16 years ago
Gurvinder Singh ad3e463974 updated error info ouput 16 years ago
Anoop Saldanha cd0de89bd4 Fix for handling negated content "\!CONTENT" 16 years ago
William Metcalf 16d2bf6b8e unit test showing flags:0 alerting when it shouldn't 16 years ago
Breno Silva 0acf472392 Flags Issue 16 years ago
William Metcalf ec1cb9c0db more invalid netmask fixes and unittest 16 years ago
Victor Julien d5c11f7abd Make engine initialization a bit more quiet. 16 years ago
Victor Julien eaaf0bd61c Use correct mutex call in flow-vars code. 16 years ago
Pablo Rincon 43a1ae9a4b Changing some printf to SCLogDebug at flow vars 16 years ago
Pablo Rincon c6c7742464 Added support at Flowints for keywords isset and notset 16 years ago
Pablo Rincon a8d7b71490 First version of flowints 16 years ago
Gurvinder Singh 1b39e602d0 fixed port info 16 years ago
Gerardo Iglesias 991d421394 Changed printf's to logging API functions 16 years ago
Pablo Rincon e26833be3f Changing mutex/spinlocks/conditions naming types 16 years ago
Victor Julien 406ee2ce70 Use new threading calls in htp code. 16 years ago
Pablo Rincon 769022f4be Adding support for Mac OS X, FreeBSD, centrailizing mutex/spins/conditions in a macro API, and some unittests 16 years ago
Victor Julien 4cae27522d Fix http module warnings. 16 years ago
Gurvinder Singh 2d6cf71d37 added htp unit test 16 years ago
Gurvinder Singh 07f7ba55b8 initial support for HTP module init 16 years ago
Victor Julien 6e9b582be6 Fixup rebase typo. 16 years ago
Gurvinder Singh c1e485cc44 app layer error handling 16 years ago
root 43fb771268 smb2 work 16 years ago
root 0f5f82efee smb2 work 16 years ago
root 74667e697a better smb parsing 16 years ago
Victor Julien 2213ff933f Compile fix. 16 years ago
Brian Rectanus 44083b6505 Fixed warning in detect-content. 16 years ago
Gurvinder Singh 91407e0938 fixed DetectByteTest bug 16 years ago
Pablo Rincon 6206ffb530 Adding bidirectional operator support and unittests 16 years ago
Breno Silva c552ccbd93 PCRE O Modifier 16 years ago
Victor Julien 574bcea09d initial version of better error checking/handling in the app layer code 16 years ago
Victor Julien 09dd7889a1 TLS: small updates to the tls parser 
- small updates to the TLS parser after merging Gurvinders TLS work with my work.
 16 years ago
Victor Julien 2cfa284999 Fix app layer detect to actually work. 16 years ago
Victor Julien a1d33e2d0b Compilation fixes after merge. 16 years ago
Victor Julien 7cda445c49 Add unitttest. 16 years ago
Victor Julien f1f7df0766 First iteration of doing app layer detection. 16 years ago
Victor Julien f31d8e0444 TLS no inspect: fixes and cleanups 
- use byte extraction functions for getting the msg length
 - cleanup the parsing routines for multiple msgs
 - add unittests for multimsg payloads
 16 years ago
Gurvinder Singh a16e7b7455 tls no reassembly support 16 years ago
Victor Julien 54b9663cd1 TCP streams: support falling back to 3WHS when we were led to believe we were in 4WHS mode. Add unittests. 16 years ago
Victor Julien 2af6ed0c8c Support newly reported 4WHS TCP setup. 16 years ago
William Metcalf af13665684 failing unit test where fast_pattern rule and non-fast_pattern rule inspect same payload 16 years ago
Anoop Saldanha 45acb64a61 Bug fix for fast_pattern - bug #8 16 years ago
Victor Julien 5c3bbb8d61 Time handling: improve time handling in unittests 
- make sure before each unittest is run the time is reset
- add functions to set the time to current time and increment the time
- convert alert-unified* Rotate tests to use them
- convert time based counters to use them
- use GetTime instead of gettimeofday for creating the unified* filenames
 16 years ago
Pablo Rincon a64af4adca Forgot to add this file 16 years ago
Pablo Rincon 15855e11f3 Fixing alert unified log file rotation. Adding unittests 16 years ago
Victor Julien 746d12071e Fix merge artifacts. 16 years ago
William Metcalf 0db1d01b0c port space negation notification 16 years ago
Gurvinder Singh 3f23f52c52 Fixed FlowTest01 and StreamReassemblyTest30 16 years ago
Gurvinder Singh d2765511ce async stream handling support 16 years ago
William Metcalf 88497ec539 detect-dsize regex doxygen logging subsys changes 16 years ago
Anoop Saldanha bb8a84d967 todo comment update for address and port parsing 16 years ago
Victor Julien 621c8dd921 Make sure we don't sleep to test time lapses, we can modify the engine's time internally for that. 16 years ago
Anoop Saldanha 30a7ea2141 adapted counters to use util-time.[ch] 16 years ago
Anoop Saldanha c8b423578a Updates for counters time based patch 16 years ago
Anoop Saldanha 8beef4a9fc stats upgrade. Added interval counters to the decoder module 16 years ago
Anoop Saldanha ceb7e495ae refactoring perf stats code 16 years ago
Victor Julien fdf8943dfb Remove a few commented out code lines. 16 years ago
Anoop Saldanha 8c9df4cd6b modifications to PatternMatchPreprarePopulateMpm to fasten fast_pattern processing 16 years ago
Anoop Saldanha bb5bd91045 Support to get the last sigmatch of a particular type. To be used for content and its modifiers 16 years ago
Anoop Saldanha 7a10ddc07b Fixes for the fast-pattern tests and a couple of other minor changes 16 years ago
Anoop Saldanha 6ca5dbc9e9 Support fast_pattern modifier keyword for content 16 years ago
Victor Julien 07bcc8cc9a Fix signatures with ports and/or addresses but without sigmatches. 16 years ago
Victor Julien 50b2e381e0 Set the DETECT_CONTENT_WITHIN_NEXT and DETECT_CONTENT_DISTANCE_NEXT flags on content chunks if appropriate. 16 years ago
Victor Julien a004724aea Add some debugging code 16 years ago
Victor Julien dd232fcd6e Fix debug compilation 16 years ago
Anoop Saldanha 1c7ac13c25 Support for negated content 16 years ago
Victor Julien 6346d1ddcf Add function name printing to the default output while we're still in development. 16 years ago
Victor Julien 0aaf603317 Fix another case where distance/within checks didn't fully work as expected. 16 years ago
Pablo Rincon ce3abca399 Adding some unittests (one of them dodoesn't work but should) 16 years ago
Pablo Rincon 84411f73c3 Commeting out a unittest. 16 years ago
Pablo Rincon 9a3c21fbf3 Updating real unittests. Small fix on TestWithinDistanceOffsetDepth to skip to the next DETECT_CONTENT SigMatch. Adding some checks on within/distance setups. 16 years ago
Victor Julien 241db64dd7 Fix a few memory issues. 16 years ago
Pablo Rincon 7e4377224a Small fix at detect-parse.c, need to continue with MatchTest05 16 years ago
Pablo Rincon f233f9fa31 Adding detect_content chunks handling for max_pattern_length and unittests. Updating modifiers to use it. 16 years ago
Victor Julien 981ca859cb Fixes for distance and within content modifiers. 16 years ago
William Metcalf 884b1034b4 failed unittest for within distance 16 years ago
Victor Julien 171edda02a Fix compilation of address and port error messages in debug mode. 16 years ago
Anoop Saldanha dc44700ce5 Support vars lookup from conf file. Current patch support address and port group vars lookup 16 years ago
Victor Julien 951b4d5cf4 Fix within in some corner cases and add some more tests. 16 years ago
Anoop Saldanha 204aca4431 Support host os flavour retrieval functions with raw network addresses 16 years ago
Anoop Saldanha 96614c60f2 change the netmask to uint8_t for the ip handling part of the radix tree and also use 255 instead of -1 to indicate the absence of a netblock 16 years ago
Anoop Saldanha 3f91af89a2 Added comments to the the Host OS API test 16 years ago
Anoop Saldanha 22771d5f52 Updated doxygen comment for host os function 16 years ago
Anoop Saldanha 7dbc117b37 Host OS Table API. Modifications also make to the radix tree to handle netblocks 16 years ago
Victor Julien 4f2164677a - Fix pattern matchers b2g and b3g not being able to deal with a single pattern of the max pattern length (32 bytes by default). 
- Fix the setting of the correct pattern matcher when it was set in the detection ctx.
- Add tests for the fixes.
 16 years ago
Victor Julien f2a388ac8d Cleanup comments. 16 years ago
Victor Julien 34d44266fd Create reputation.h 16 years ago
William Metcalf 258cac889a silence pfring compiler warning 16 years ago
Victor Julien d6be6ceb19 Fixup artifact from automatic renames: rename DetectAddresssHead to DetectAddressHead. 16 years ago
Victor Julien e5b990a8ab Fixup siggroup merge artifacts. 16 years ago
Anoop Saldanha 78db80ea15 Unittests and style fix for detect-engine-siggroup.[ch] 16 years ago
Victor Julien 83d1e283bb Improve message on test expected to fail at this point. 16 years ago
Pablo Rincon 0df58406ee Adding Unittests, doxygen comments, coding style, logging support 16 years ago
Victor Julien cc442f1772 Fixup flow bits sig tests to work with the changes to the pattern matchers. 16 years ago
Breno Silva 6d1eb3e728 FlowBits Unit Tests 16 years ago
Breno Silva 2dee4cec13 FlowBits Unit Tests 16 years ago
Victor Julien c5dd31868d Small detect engine proto cleanups. 16 years ago
Gurvinder Singh 34e526d853 TTL macros suppport 16 years ago
Gurvinder Singh 90fea03af5 added comments and some minor changes 16 years ago
Gurvinder Singh cacbf31aad support for ttl keyword 16 years ago
Victor Julien deb511f51a Fix a compiler warning on Ubuntu 9.10 gcc 4.4.1 in the pattern matchers where the size of the thread ctx can be optimized to 0. 16 years ago
Victor Julien 8b8e2fef2d Fix msg parsing. 16 years ago
William Metcalf e458b2a26e detct-msg changes and unittests 16 years ago
William Metcalf f217370ac7 fixed for invalid netmask being set to 0 16 years ago
Victor Julien de8caa7964 Rename DetectAddressGroup* to DetectAddress* 16 years ago
Victor Julien 13dca5e8ce Cleanup of address functions. 16 years ago
Victor Julien 3c7a038477 Further memory cleanups. Split out init only vars out of the sig group head. 16 years ago
Victor Julien 32e51e5e5a Replace sgh refcnt by a flag. 16 years ago
Victor Julien 91d14964b6 Fixup formatting on the smb code. 16 years ago
William Metcalf 5fc3005103 added check for full al_parser_table 16 years ago
root f3e3d3873f fix smb and dcerpc unit tests 16 years ago
Kirby Kuehl ecaa701bdf smb and dcerpc work 16 years ago
Victor Julien bf72331849 Fix compilation warning in conf test. 16 years ago
Jason Ish ec9fa7b0a7 Files missed in last commit. 
Update Conf API to allow direct access to nodes.

    A configuration node is now a tailq head and a tailq entry.  This allows us to build
    n-ary type trees to build something DOM like.

    Properly process lists so a list of rule files (for example) can be loaded.
 16 years ago
Jason Ish d39a291427 Refactor yaml loader so we can load strings or files. 16 years ago
William Metcalf 4175206417 unittest regex changes and fixes 16 years ago
Victor Julien 2d0e9658f8 Speed up per sgh content maxlen calc. Remove mpm ptrs from mpm ctx. Add unittests testing the detection engine internals. 16 years ago
Victor Julien e4c98c562c Merge DetectAddressData and DetectAddressGroup 16 years ago
Victor Julien 15ab5d7003 More engine init memleaks fixed. HashListTable remove function fixed. 16 years ago
Victor Julien 7a7bb7a390 Get rid of global mpm_ctx. 16 years ago
Victor Julien fbe87a3ad5 Bunch of mostly unittest related memleak fixes. 16 years ago
Victor Julien 227cc082a1 Fix small memleak at engine init. 16 years ago
Gurvinder Singh 02fb39b913 detect-engine-proto unit tests and comments 16 years ago
Gurvinder Singh f2213b066f fast track stream handling and its unitests 16 years ago
Brian Rectanus b796541e57 Ack/Seq Keywords part 2 16 years ago
Brian Rectanus ed30067bd7 Ack/Seq Keywords 16 years ago
Victor Julien 56e45e0c16 Fix warning free compilation of defrag. Fix a missing variable initialization that cause a segv in the unittests. 16 years ago
Jason Ish e0b9e85230 Break out checksum fixup code to make the license separation more clear. 16 years ago
Victor Julien 97c991f75b Remove unused var and fix compilation with DEBUG enabled. 16 years ago
Jamie 0dc471db9c looking inside ICMP packets 16 years ago
Brian Rectanus ec6c5258b6 Sameip Keyword 16 years ago
Breno Silva f9b422bba7 FlagBits fix 
Signed-off-by: Brian Rectanus <brectanu@gmail.com>
 16 years ago
Victor Julien 4fb4dd59e4 Detect errors in the spin locks which somehow seems to fix some deadlocking withing valgrind. 16 years ago