aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,981 Commits
8 Branches
165 Tags
228 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9beebf621a'
${ noResults }
Commit Graph

1875 Commits (9beebf621a0e69340b98f7ad2b8f355494b58fb8)

Author SHA1 Message Date
Victor Julien 169aa5581a Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose. 15 years ago
Victor Julien d7b92d9bfe Consolidate several signature flags into one. 15 years ago
Victor Julien 2102a54c26 Cleanup and rearrange detection code slightly. 15 years ago
Anoop Saldanha 25588b6910 comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well 15 years ago
Anoop Saldanha e50503e820 cleanup/remove dead code 15 years ago
Anoop Saldanha 93fa7ea828 modify detection engine to run hrhd mpm before building the match array 15 years ago
Anoop Saldanha ea3fd38291 fix lock issue with mpms inspecting http state for body, header 15 years ago
Anoop Saldanha b140ed1c9c modify detection engine to run hhd mpm before building the match array 15 years ago
Anoop Saldanha 4e273f2c8b modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set 15 years ago
Anoop Saldanha 72b0fcf419 modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set 15 years ago
Anoop Saldanha 6648d1faf0 allow sigs for http uri of the form content:one; content:two; distance:0; http_[raw_]header; 15 years ago
Anoop Saldanha 8f1d17846f allow sigs for http uri of the form content:one; content:two; distance:0; http_uri; 15 years ago
Anoop Saldanha 07f20674ac allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body; 15 years ago
Victor Julien 6a5d2cb40d Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code. 15 years ago
Anoop Saldanha eecf2d7e13 Add the makefile.am addition that I forgot to add in the previous commit for http_raw_header 15 years ago
Anoop Saldanha 7ec0382774 support fast pattern for http raw header. Also support relative modifiers for http raw header 15 years ago
Victor Julien 0c806f70bb Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled. 15 years ago
Victor Julien 1a32d9b5ec Fix printing unprintable characters in the engine-analysis fast_pattern mode. 15 years ago
Anoop Saldanha 075719ea8c fix fast pattern unittests 15 years ago
Victor Julien 18d3c87947 Add check to fast pattern keyword to make sure that the offset and length don't exceed the actual pattern length. 15 years ago
Anoop Saldanha c61c68fd36 mpm and fast pattern support for http_header. Also support relative modifiers for http_header 15 years ago
Anoop Saldanha 778ec0939c make client body buffer limit configurable. Also some minor changes 15 years ago
Anoop Saldanha fc46f216ca detect-http-header.c cleanup before we start working on it 15 years ago
Anoop Saldanha 302011dbca fix compilation issues with debug enabled. 15 years ago
Anoop Saldanha 0aa5cffb12 fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added 15 years ago
Anoop Saldanha c227aeeacb remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine 15 years ago
Anoop Saldanha bbd0c5056b store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq 15 years ago
Anoop Saldanha 68b78664fa Add unittests for checking content flags. Fix indentation in PopulateMpmAddPatternToMpm(). Also fix DETECT_CONTENT_IS_SINGLE 15 years ago
Anoop Saldanha b15ada8102 set content_packet_mpm and content_stream_mpm flag for content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 67aecc73c2 set content_uri_mpm flag for uri content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 1cd8bd3d3c make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c 15 years ago
Anoop Saldanha 6df051321f fix fp when content is negated and also added to mpm 15 years ago
Anoop Saldanha 5c6a65dc58 support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch] 15 years ago
Victor Julien 234656e5f6 Fix compilation in --enable-debug mode. 15 years ago
Anoop Saldanha eade60f0fd make some name changes. break PopulateMpm(). Set the avoid mpm double check flags 15 years ago
Anoop Saldanha 96bf15bd74 unifying content structure - http_stat_msg now uses DetectContentData 15 years ago
Anoop Saldanha 4c53a9d606 unifying content structure - http_header now uses DetectContentData 15 years ago
Anoop Saldanha 1957eee389 unifying content structure - http_method now uses DetectContentData 15 years ago
Anoop Saldanha 041f5b1a4f unifying content structure - http_cookie now uses DetectContentData 15 years ago
Anoop Saldanha f05b0f4e1e unifying content structure - http_client_body now uses DetectContentData 15 years ago
Anoop Saldanha 4883efd0f6 unifying content structure - uricontent now uses DetectContentData 15 years ago
Anoop Saldanha 3b0a9ca97e add support for http_uri; content fast_patterns 15 years ago
Anoop Saldanha 3c73854d2d completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx 15 years ago
Anoop Saldanha fde2c64ea7 fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format 15 years ago
Anoop Saldanha a6899218fc remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm() 15 years ago
Anoop Saldanha 6eaba8941c Use new flags to indicate uricontent has a mpm set 15 years ago
Anoop Saldanha 46b4806d8e use a single populatempm() function to add the right content for mpm 15 years ago
Anoop Saldanha 4a038511ff Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes 15 years ago
Anoop Saldanha ede7be34b5 replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH] 15 years ago
Anoop Saldanha 3d2f81d978 replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH] 15 years ago
Anoop Saldanha a7353be20d replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH] 15 years ago
Anoop Saldanha e0476242c6 replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH] 15 years ago
Anoop Saldanha e54358a9e1 replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH] 15 years ago
Anoop Saldanha 82fd581b64 replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH] 15 years ago
Anoop Saldanha 3656879aa0 fix some dce opnum/stub tests that would have shown success always irrespective of test results 15 years ago
Anoop Saldanha 4b77f132df add support for sigs with uricontent fast_pattern 15 years ago
Anoop Saldanha ea8eaf31aa Fix fast_pattern tests that always showed success, irrespective of test results 15 years ago
Victor Julien 966c7349d3 Make sure we have a response message before inspecting it in http_stat_msg. 15 years ago
Victor Julien 07ec1ee10e Slightly cleanup detect-engine.sgh-mpm-context option parsing. 15 years ago
Anoop Saldanha c89507836b if sgh-mpm-context is not available in conf, alias the auto case inside the engine 15 years ago
Victor Julien bac621760e Fix a potential invalid memory read in the protocol name code used by alert-fastlog. 15 years ago
Gurvinder Singh f92ba23331 add the support for >= and <= operator for byte_test 15 years ago
Victor Julien 412498f4e4 Converts port vars in http logger from uint32_t to Port and update output. 15 years ago
Gurvinder Singh b7ff6537d2 fixed the incorrect port issue in http.log 15 years ago
Victor Julien 275bd3b7d7 Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests. 15 years ago
Victor Julien dec4218d62 Layout updates to NFQ runmode. 15 years ago
Victor Julien 7e49aa7f76 Simplify NFQ runmode reducing the number of threads and thus queues. 15 years ago
Victor Julien 7e6f01765f Change default of detect-engine.sgh-mpm-context to auto. 15 years ago
Victor Julien 001f91056e Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242. 15 years ago
Victor Julien 4598274d07 Fix depth error messages referring to distance instead of depth, fix their layout. 15 years ago
Victor Julien afdb39e5f6 Print an error if the protocol field of a signature contains a unknown/invalid value. 15 years ago
Victor Julien 8d0bc27fc4 Fix a case where alerting in inline mode would lead dropping on alert sigs. 15 years ago
Victor Julien 5a10eac5bd Cleanup http_stat_code unittests, shrink data structure. 15 years ago
Victor Julien 1636152e32 Fix negated http_method not working properly, causing false positives. 15 years ago
Gurvinder Singh b7da115e6d support for http_stat_code keyword has been added to detection module 15 years ago
Gurvinder Singh 1deae70cf7 added http_stat_msg keyword support for detection module 15 years ago
Jason Ish a4d19e4130 Add new profiling sort option, maxticks. 15 years ago
Anoop Saldanha 59923316bc change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval 15 years ago
Anoop Saldanha 5d9a453e0d find an optimal value for detect-engine:inspection-recursion_limit + unittest 15 years ago
Anoop Saldanha bc99328ec8 define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code 15 years ago
William Metcalf efeab331ea compilation fix missing UT ifdef wrapper in reference code 15 years ago
Victor Julien 746ef0d2f8 Remove stray newline char from profiling output. 15 years ago
Victor Julien 3062b19068 Clean up output of signature ordering module. 15 years ago
Victor Julien 001dcaae84 Minor reference.config support changes: improve error handling, reduce hash table size. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha f5a02833dd code cleanup in detect-reference.c 15 years ago
Victor Julien 344ea14695 Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility. 15 years ago
Victor Julien 41fd7e51c6 Really add secunia reference support. 15 years ago
Victor Julien 33170fd181 Add secunia reference pending our reference.config support. 15 years ago
Anoop Saldanha 067e53403c add missing sig_app_layer flags for dce sigs 15 years ago
Victor Julien 26fd2a0afd Add telus and bid references for etpro. 15 years ago
Victor Julien 2b187a2721 Remove a BUG_ON statement from the payload inspection code. 15 years ago
Victor Julien f2e6ec7374 Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc). 15 years ago
Anoop Saldanha 2cdb5be391 Print out file name for fast_pattern engine_analysis. Also add some info logs 15 years ago
Anoop Saldanha 0c5b82d891 provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern 15 years ago
Victor Julien 3bd7441ea5 Default to 'single' ctx for ac-gfbs as well. 15 years ago
Anoop Saldanha e072841e93 hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones 15 years ago
Anoop Saldanha de5db1a730 support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table 15 years ago
Anoop Saldanha 8628c572df update todos for ac. Cleanup some memory as well. 15 years ago
Anoop Saldanha a2d04a94b5 selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise 15 years ago
Anoop Saldanha 5cc7f90f45 fix hash bug in ac-gfbs. Should reduce the no of patterns added for single context ac-gfbs from a million to a couple of thousands. Also support no case handling. \todo support insertion of final state presence into goto_table and failure table state transitions 15 years ago
Anoop Saldanha ded1f63323 fix ac nocase handling 15 years ago
Anoop Saldanha 174048544d fix hash generation in b2g and ac addpattern. Brings down the no of patterns added from close to a million to a couple of thousands 15 years ago
Anoop Saldanha 29b5cb9abd respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh 15 years ago
Anoop Saldanha 0ef684705c support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup 15 years ago
Anoop Saldanha b367c37ae6 suricata.yaml conf update to support single mpm context distribution over multiple sghs + code to parse this conf 15 years ago
Anoop Saldanha 4b2cf7e125 fix ac, ac-gfbs to support new changes to util-mpm.h + remove some junk code 15 years ago
Anoop Saldanha b9a770740a add comments and todos for ac and ac-gfbs 15 years ago
Anoop Saldanha 658ff5753d aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table 15 years ago
Victor Julien bfb6aac495 Sleep after checking for a thread flag in TmThreadWaitOnThreadInit now that the check is so much cheaper. 15 years ago
Victor Julien 9634389b9e Fix TmThreadsUnsetFlag not unsetting flag if __sync_fetch_and_nand was used. 15 years ago
Pablo Rincon fcff1ce7f4 Converting threadvar flags to atomic vars to avoid using the old spinlock 15 years ago
Anoop Saldanha b8f5a6a4fc throw out contents/uricnotents with invalid hex assembly 15 years ago
Anoop Saldanha 850f44022f invalidate sigs with content/uricontent strings ", "boo, boo" + fix parsing content strings of the format content: !\"boom\";" 15 years ago
Victor Julien 5a7efe5f97 Add comment and layout update to new fast_pattern code. 15 years ago
Anoop Saldanha a85fa6b792 support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis 15 years ago
Anoop Saldanha 0d741b9a55 fix for bug 227. For negated contents that have been added to mpm we might have pmq.pattern_id_array_cnt as 0. We can't ignore inspecting sigs if this is 0, in case the content added is negated 15 years ago
Jason Ish 9ad1924dba Track the max ticks for each rule. 
This is the highest tick count this rule used to evaluate in a single sample.
 15 years ago
Pablo Rincon b3a8f0a90f Fix asn1 decoder frame oob mem. Adding max stack frames to suricata.yaml 15 years ago
Victor Julien 25d1b6fec1 Adapt malloc macro's to only display errors during init, not during runtime. At runtime it could make us crawl if the system runs out of memory. 15 years ago
Victor Julien 22f770f3bf Better handle low memory conditions. 15 years ago
Victor Julien 21c8d27300 Disable expensive unittests that don't really test anything. 15 years ago
Anoop Saldanha 7abf3a2123 fix csum handling for tcp/dup 15 years ago
Victor Julien f1ea68e316 Store the first frag flag in the uuid as the pfc_flags field is overwritten. Part of fixing #206. 15 years ago
Pablo Rincon 14a12f5fb7 Adding atomic bitwise operations api and rwlocks support 15 years ago
Victor Julien b8a709cbe7 Fix setting hash size in the config for b3g. Part of fix for bug #222. 15 years ago
Anoop Saldanha e47a9b59e9 accept tcp packets with syn+urg+push 15 years ago
Gurvinder Singh f2f0b54d25 removed xref from the alert-fastlog 15 years ago
Victor Julien aa2c3118e3 Remove unused code from b2gm. 15 years ago
Gurvinder Singh 3eab715153 support for printing protocol names for known protocol 15 years ago
Victor Julien b81280524c change dcerpc warnings into debugs. 15 years ago
Victor Julien 4208bdf0f9 Fix unittest. 15 years ago
Victor Julien cbd4c298ed Initial version of a new bitmask based signature pre-filtering method. 15 years ago
Victor Julien 7e47d87e1a Small layout update 15 years ago
Victor Julien 66340be072 Fix pcre compilation with debug enabled. 15 years ago
Victor Julien 091f53ce4e Fix retval of SCMemcmp for non-SIMD implementation. 15 years ago
Victor Julien a75556dfe5 Add memcmp functions for SSE4.1 and SSE4.2. 15 years ago
Victor Julien 1859ed54c7 Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp. 15 years ago
Victor Julien 94898a91cc Reorganize SigMatchSignatures. 15 years ago
Victor Julien fc248ca7a1 Many small performance updates. 15 years ago
Victor Julien b4454b6846 Switch to b2gc as default pattern matcher as it uses less memory and is a little faster. 15 years ago
Victor Julien 57b098e98c Add padding to commonly used data structures. 15 years ago
Victor Julien 87f88867f4 Further improve B2gc. Add B2gm. Improve memory layout. 15 years ago
Victor Julien 4329261faa Fix setting hash size in the config for b2g pattern matcher. 15 years ago
Victor Julien 697167319e Change BloomFilter structure layout to reflect order of access. 15 years ago
Victor Julien 3971bcc83a Switch to faster tolower function for u8_tolower. 15 years ago
Victor Julien 9dfbab42f8 WIP B2gc 15 years ago
Victor Julien fc1687d875 Make sure the DetectHttpMethodData structure is properly initialized before using it. 15 years ago
William Metcalf 7b13ba9f9e Fixed broken nocase for http_method and http_header 15 years ago
Anoop Saldanha ea902cc7d7 fix bytejump segv from bug 237 15 years ago
Anoop Saldanha 38898d9b30 fix bytetest segv from bug 237 15 years ago
Anoop Saldanha 6e5a48c92c temporary fix, in case we still have any corner cases remaining in dce parser 15 years ago
Anoop Saldanha 24a88a689a fix opnum parsing for fragmented request dce pdus 15 years ago
Anoop Saldanha 1097de0d9d changed the endianness comparison to & for dcerpc pdus 15 years ago
Anoop Saldanha a3280c1a20 throw out malformed pdus, that result the parser having parsed the required data, but we still havne't thit the frag length limit for the parser 15 years ago
Anoop Saldanha 1aea3e56be for now ignore pdus with auth verifier. We will get back to this in the coming iteration 15 years ago
Anoop Saldanha fc37e9d6ee add internal ids to uuids. Use these internal ids to match uuids from bind and bind_ack. Create a new uuid list to hold all accepted uuids. Modifications to dce-iface to accomodate these changes as well + unittests 15 years ago
Anoop Saldanha 816d2ef0c0 if malformed pdus push the bytesprocessed beyond frag_length, that's a sure endless loop. Avoid it, by reseting the dce state on seeing this 15 years ago
Anoop Saldanha 5c5d8f8a5d indentation fix in DCERPCParseBINDCTXItem, following changes from the previous patch 15 years ago
Anoop Saldanha 38e26e5186 modify the dce parser to accept context ids that start with a non-zero value 15 years ago
Anoop Saldanha d57428471c fix endianness handling for bindacksecondaryaddrlen 15 years ago
Anoop Saldanha ba9355d688 Flag if we see a fragged pdu. Do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus). Also reset the dce state vars on seeing an invalid PDU. Some minor fixes with respect to endianess as well. 15 years ago
Anoop Saldanha 00f21252fa support fragmented pdus in dce + unittest 15 years ago
Anoop Saldanha ebc1f62050 some additional indentation changes in DCERPCParser 15 years ago
Anoop Saldanha c2bc8ca252 fix mem leak in tailq that holds dce uuids 15 years ago
Anoop Saldanha 1c443677b2 fix indentation in DCERPCParser 15 years ago
Anoop Saldanha fe700737a3 fix null dereference in detect parse test - clang fix 15 years ago
Gurvinder Singh 892dea31e4 added the counter for tcp.segment_memcap_drop to show the dropped segments count due to memory limit 15 years ago
Victor Julien 1c1c8cef89 Print engine uptime on the same line as date and time. 15 years ago
Gurvinder Singh 1d0492e2e7 added support to print the engine uptime in stats.log 15 years ago
Victor Julien e7cb7c6b97 Make outputs part of the flowpinned threads in the AutoFp runmode. 15 years ago
Victor Julien 99ad338e91 Bump version to 1.0.2 15 years ago
Victor Julien 0eb0d48f35 Disable broken unittests and fix one. 15 years ago
Victor Julien f1e6e80a1e Properly set tmp_ra_base_seq in streams. By Gurvinder. 15 years ago
Gurvinder Singh 6a5bc52461 support for several tcp evasion attacks. Thanks to Judy Novak and G2 Inc for reporting them 15 years ago
Victor Julien bc55fb27dc Compiler warning fix for memory macro's. Small layout changes. 15 years ago
Pablo Rincon 06a65cb460 moving http_client_body logic to use it per transactions. Adding unittests 15 years ago
Pablo Rincon ee34c70ad8 Reference atomic vars with SC_ATOMIC_EXTERN properly (considering if we support atomic operations or not) 15 years ago
Pablo Rincon 5c43db85ce Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Anoop Saldanha eb9adf8129 fix NULL indirection while parsing dce sigs - clang fix 15 years ago
Anoop Saldanha f094523eb1 clang fix - some minor fixes for unittests 15 years ago
Pablo Rincon bbab0f9987 Set default gid to 1 on Sig init 15 years ago
Pablo Rincon 8f3322ef73 Fix segv condition on DetectHttpMethodMatch (if the applayer unset the connp) 15 years ago
Pablo Rincon f225bd1428 Adding modifiers /C /H and /M to pcre (http cookie, header and method) 15 years ago
Victor Julien 1d73e1fb7e Small update to the ssh module: fix a valgrind warning and a couple of compiler warnings. Do a few small style updates. 15 years ago
Pablo Rincon 9d7baa7a9f Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion 15 years ago
Gurvinder Singh 0dab0e3935 fix the reassembly depth test (bug 216) 15 years ago
Victor Julien 610b7702ba Bump version to 1.0.1 16 years ago
Victor Julien 04d3832d8f Remove ports check and fix small typo. 16 years ago
Victor Julien a492518e7a Properly detect detect-event-only sigs. 16 years ago
Pablo Rincon 21d79b05ad Fix for bug221 (avoid considering sig as "decoder event only" if ports are specified). Now the sig gets grouped to get a sgh at SigMatchSignatures 16 years ago
Victor Julien f081577fe4 Revert yesterday's dcerpc commits as there were to many corner cases for it to go into 1.0.1. 16 years ago
Victor Julien 6299fbfb0f Fix stream msg content inspection not inspecting the correct id. 16 years ago
Anoop Saldanha 526a782002 temporary fix for dcerpc so that we don't loop endlessly, till we cover all cases with fragged pdus 16 years ago
Anoop Saldanha 361cf14f50 fix endless loop. Change dce parser to accept ctx ids that always start with a ctx with a 0 ctx id 16 years ago
Anoop Saldanha 8c774a1e2a fix 206. Keep a count of uuids that don't belong to the first frag. Change dce_iface to match against uuids based on any_frag setting 16 years ago
Anoop Saldanha 52bb4c0670 fix endless loop in dce parser. fix parsing error of secondaryaddrlen for bindack 16 years ago
Anoop Saldanha cda1efff29 fix mem leak in tailq that holds dce uuids 16 years ago
Anoop Saldanha 154a48fada parse fragmented dce rpc headers correctly. Also some other minor fixes 16 years ago
Anoop Saldanha c7fdc5ebda do not reset dce stub buffer, if we are dealing with fragmented pdus(holds good only for first frag request pdus) 16 years ago
Anoop Saldanha 73241fc86c support fragmented puds in dce + unittest 16 years ago
Anoop Saldanha 3ae45e5bbc fix indentation in DCERPCParser 16 years ago
Victor Julien c62a3d995e Fix signatures with trailing spaces being rejected by the regex. Add test. 16 years ago
Anoop Saldanha 60c770c434 make pcre respect discontinue_matching flag in content matching functions 16 years ago
Kirby Kuehl e8ecc94d6a fix multiple dcerpc fragments in one packet 16 years ago
Anoop Saldanha ce4bc5a63b some minor modifications to the b2g cuda tests 16 years ago
Victor Julien c25921edf0 Add config output for new stream settings. 16 years ago
Anoop Saldanha 3a0dadc0f3 Fix seg fault while running cuda tests. Don't set the alarm while running unittests, inside cuda-packet-batcher.c. Will result in a seg while the sig handler for ALRM in invoked 16 years ago
Anoop Saldanha 3536ba7348 fix seg fault due to premature cleanup/double cleanup for byte(jump|test), isdataat, on seeing no previous relative keywords 16 years ago
Pablo Rincon c1486d7f2e Fix bug 217 (segv on profiling summary if no rule was specified 16 years ago
Victor Julien d1ce1c502b Fix -Wall -Werror compilation after unittests update. 16 years ago
Pablo Rincon 0c3906a99b Fix for bug 204 (signature ordering with flowbit priority) 16 years ago
Victor Julien 1071a53210 Fix unittests after ip_proto keyword change. 16 years ago
Pablo Rincon 70bda6506d Fix for bug 180 (check proto specified at the IP hdr) 16 years ago
William f7ab84ca83 PF_RING hang at exit fix 16 years ago
Victor Julien 1bd2d59253 Merge decode and stream threads in RunModeIdsPcapAuto like in the file runmode. Fix these runmodes not adhering to the cpu affinity setting if CUDA is compiled in. 16 years ago
Anoop Saldanha ead29dc691 make detection engine use dce alstate(if present), on seeing smb traffic 16 years ago
Victor Julien 7acb97da9d Use same mpm prepare procedure for uricontent as for normal content. More cleanups. 16 years ago
Victor Julien 9ba11dbfbd Clean up detection engine mpm initialization phase. 16 years ago
Victor Julien 37ca07b687 Fix segv on loading signatures with unsupported combinations of pcre and the relative flag. 16 years ago
Victor Julien 0d008c8135 Change stateful detection engine to be able to start the stateful detection separate from other sigs. Fixes bugs #213, #214, #215. 16 years ago
Victor Julien 05ae4f99d8 Kick out invalid signature with uricontent and flow:to_client or flow:from_server. 16 years ago
Victor Julien a9e78871fe Really fix bug 205 this time, repair a broken unittest. 16 years ago
Pablo Rincon 34bb107f2c Fix for bug 207 (depth/offset not correctly updated on certain cases) 16 years ago
Victor Julien ef27234959 Comment out broken SSLParserTest03 test. 16 years ago
Victor Julien 196e572daa Make sure holding up to_client reassembly stops after the proto is detected or we're sure we'll never detect it. Fixes issues related to bug 205. 16 years ago
Victor Julien 689d05b10b Add missing protocol check in the sig matching process. This prevents FP's such as the one reported in bug #209. 16 years ago
Pablo Rincon 4c94a27b71 Fix bug 205 (at stream-tcp-reassemble) 16 years ago
Anoop Saldanha b7a57c5210 fix setting the right value for parsed bytes in case of fragmented BIND dce PDUs 16 years ago
Anoop Saldanha b94eaec7c2 implement relative pcre matching in detect-engine-(payload|uri|dcepayload).c. Also fix within/distance handling of RELATIVE_NEXT flag for uricontent 16 years ago
Anoop Saldanha 3a375aa43a fix relative contents with a negated content for detect-engine-(uri|dcepayload).c like how we did for detect-engine-payload.c 16 years ago
Anoop Saldanha ae3148aded fix false positives for a negated content case 16 years ago
Victor Julien 0219b767b8 Fix a content pattern matching bug related to signature grouping and mpm_ctx sharing. In certain conditions (signature combinations) the mpm_stream_ctx (the ctx that handles stream pattern scanning) wasn't properly setup. 16 years ago
Kirby Kuehl 18840bd96e properly handle bytecount of 0 16 years ago
Gurvinder Singh 7577823cdf support for stopping the evasion, which is caused by the use of TCP RST packets for linux based systems 16 years ago
Gurvinder Singh f0928a4555 support for enforcing the depth until when the reassembly will be performed 16 years ago
Victor Julien 13045683ff Reenable and fix AlpDetectTestSig5 16 years ago
Pablo Rincon c6e090f72c App layer proto specific sigs (use the app layer to match proto) 16 years ago
Victor Julien 102092a89c Make signature address matching more cache efficient. 16 years ago
Victor Julien 1eec149f5e Use Address structure in DetectAddress struct. 16 years ago
Victor Julien 66dee577d7 Force stream reassembly on streams where we didn't yet detect the protocol if the stream is closing. 16 years ago
Anoop Saldanha 07491f8887 add --list-cuda-cards option to list the cuda cards on the system. Add conf parameter to select the cuda device to use. Also change the threshhold limit to 2.4k packets to buffer 16 years ago
Anoop Saldanha 89e3d92cdb fix creating a static array of length 0 in SigMatchGetLastSMFromLists - clang fix 16 years ago
Gurvinder Singh 8b0ca4f628 support for seperate memcaps for reassembly and stream engine 16 years ago
Victor Julien c6ddcda7f8 Improve out of memory handling during initialization. 16 years ago
Victor Julien 718fecb6fc Better handle low memory conditions. 16 years ago
Victor Julien f07997fd4a Don't set negated uricontent signature flag twice. 16 years ago
Pablo Rincon b7076a8ea0 Don't avoid inspecting uricontents if we get no match. It can be negated uricontents (and urilens/pcre..). But at least skip the search if we get no match 16 years ago
Anoop Saldanha 016af36051 todo list for cuda-packet-batcher 16 years ago
Anoop Saldanha 42830d1c5b fixes for dce_stub_data and content data sig parsing + more unittests 16 years ago
Pablo Rincon 169cb22dc6 Updating other http modifiers for sigs with fast_pattern option 16 years ago
Pablo Rincon e7b537cec3 Fixing unittests for fast_pattern options compatibility 16 years ago
Victor Julien bfd167521e Fix DCERPC over SMB/SMB2 detection issues. Fix not updating transaction id in a stream direction if there was no sgh. 16 years ago
Victor Julien a4951286e9 Bump version to 1.0.0 16 years ago
Pablo Rincon cc8068be0a Print also the Signature raw string 16 years ago
Pablo Rincon 742f066fa2 Updating the http modifers that cannot be loaded with fast_pattern 16 years ago
Pablo Rincon 693d4f54eb Load signatures with incompatible fast_pattern option (due to design differences for optimization) 16 years ago
William Metcalf 50eb3cba6a seems to be a race between FlowTestPrune and FLOW_DESTROY in FlowTest0* comment out the later for now 16 years ago
Victor Julien b4db93fa94 Remove leftover printf. 16 years ago
Anoop Saldanha 673322f01f unittests for dce_stub_data content based singature parsing + fixes 16 years ago
Anoop Saldanha ce8d27425d fix signature parsing to how snort does it for content based keywords along with dce_stub_data 16 years ago
Victor Julien 1fb11e939a Improve configure messages. Make sure CUDA doesn't try to process packets that are too big. 16 years ago
Victor Julien e14331cbb2 Fix PACKET_RECYCLE not cleaning all of the packet. 16 years ago
Victor Julien 8d737310aa Use 'simple' queue for cuda too. Fix hanging in cuda mode. 16 years ago
Victor Julien 3c1ae607cf Fix cuda compilation. 16 years ago
Anoop Saldanha 33f4beb0bc batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms 16 years ago
Victor Julien b3c22cd512 Improve app layer proto check. 16 years ago
Victor Julien 39cb1bdbda Fix app layer sigs being recognized as decoder event only or ip only. 16 years ago
Victor Julien 587a53b904 Disable per second counters as they are unreliable. 16 years ago
Pablo Rincon 8f9bcef0e2 This patch for app-layer-ssl fix the bug #198 (SSLParserTest01). It seems that with -O2 and -O3, the compiler doesn't handle the initialization correctly (weird..) 16 years ago
Pablo Rincon 7003dc5c0d Fix valgrind ctx error on asn1 test 06 16 years ago
Victor Julien d41b5645ef Make sure decoder event rules are inspected even if the packet is invalid and has no addesses or proto. Update fast log and alert debug log to display the alerts. Fixes #179. 16 years ago
Victor Julien 92858a211d Fix STREAM_EOF flag overwriting STREAM_START flag on short streams. This made us miss short HTTP sessions. 16 years ago
Victor Julien 634b328d38 In case of error in pcap file reading mode, we shut the engine down hard instead of gracefully. 16 years ago
Victor Julien 426a7de5f2 Fix compiler warning about incomplete prototype (2). 16 years ago
Victor Julien 18c923318a Fix bug where valid FIN packets would be rejected. 16 years ago
Victor Julien 67429e523f Fix compiler warning about incomplete prototype. 16 years ago
Anoop Saldanha fa373516c5 fixes the offset case for content matches + a case not handled by the prevous fix for multiple relative content matches. fix for payload.c dcepayload.c and uri.c 16 years ago
Anoop Saldanha 92eb380594 multiple relative content matches changes for detect-engine-dcepayload.c and detect-engine-uri.c like how we did for detect-engine-payload.c 16 years ago
Anoop Saldanha 5fb6981e9e content handling changes in detect-engine-payload.c for multiple relative matches 16 years ago
Anoop Saldanha a059ff276e byte test and byte jump update dce matching option 16 years ago
Victor Julien 05d382f533 Fix broken stream engine config initialization: due wrong casts settings could be overwritten in memory. 16 years ago
Victor Julien ec277b292c Fall back to the old mutex based queue's to see if that fixes an obscure lockup at higher optimization levels in gcc in file pcap mode. 16 years ago
Victor Julien ecb5fd3298 Add missing util-validate.h 16 years ago
Pablo Rincon b8b511a54e Avoid mem allocations while searching on radix trees (temporal prefix) 16 years ago
Victor Julien 1d74797b17 Attempt to work around NULL packets we're seeing ending up in queues when the compiler has optimized our code. 16 years ago
Pablo Rincon 868d4614b9 Tag engine improvements. Output tags only on unified format. Added atomic counter for tagged hosts/sessions 16 years ago
Victor Julien 8cdd02877f Add unittests for ringbuffer. 16 years ago
Victor Julien e685579231 Add optional structure validation code. 16 years ago
Victor Julien b67fb5229b Fix pcap file auto flow pinned runmode (disabled by default). 16 years ago
Victor Julien 393acd77d2 Detection improvements: uricontent escaping now working, better negated pattern (content) handling. 16 years ago
Gurvinder Singh 154a8b1ed9 fixed the build failure with profiling enabled 16 years ago
Victor Julien 37eb2290b0 Add some checks for 'impossible' conditions that become possible after enabling optimizations :-/ 16 years ago
Victor Julien 017b95f9ef More thoroughly cleanup a Packet when we recycle it. Fixes a corner case where we'd have a invalid tcp packet but p->proto would still say IPPROTO_TCP because of a previous run. Fixes bug #187. 16 years ago
William Metcalf 5580f3d9c2 PacketQueue postp added to TmEcodes for ipfw and pf_ring to silence compiler warnings 16 years ago
William Metcalf 876057a4da missing flow init in DetectTagTestPacket04 fix ut lockup on older os's 16 years ago
Victor Julien 7454336ef5 Make SigWrapper private to detect-parse.c and rename to SigDuplWrapper to reflect it's use and purpose. 16 years ago
Anoop Saldanha 9ecade76b9 in case of duplicate signatures used the one with the latest revision 16 years ago
Pablo Rincon eedafa3a17 Adding unittests for anchored pcres for anchored 16 years ago