suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	a96eae01fa	Disable alert-debuglog that was accidently enabled in a previous commit.	14 years ago
Victor Julien	892a8a4985	Make stream inline use the chunk size settings.	14 years ago
Victor Julien	2dc057d1b1	Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record.	14 years ago
Victor Julien	5dcaaebf21	Enable logging of stream chunk in IPV6/TCP. Make sure IPV6 events have a ethernet header to work around Barnyard2 not liking DLT_RAW+IPV6.	14 years ago
Victor Julien	93815a1585	Support logging of reassembled stream data in IPv4 unified2.	14 years ago
Victor Julien	6cb9bbd1e3	Make sure TAG alerts don't work with an uninitialized alert_msg pointer.	14 years ago
Victor Julien	4f5aad1476	Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates.	14 years ago
Victor Julien	5d2a341096	Disable unused code, fix compiler warning.	14 years ago
Victor Julien	936b34ddf6	Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet.	14 years ago
Victor Julien	864c8718e1	Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.	14 years ago
Victor Julien	8faacb727d	Account for seg list not always being empty when stream closes.	14 years ago
Victor Julien	ecfa2d0176	Only remove segments from segment list if they are completely before ra_base_seq.	14 years ago
Victor Julien	5bdf16380d	Make sure we actually remove no longer required segments.	14 years ago
Victor Julien	7f45a4fd58	Fix missing segment flag, fix 2 unittests broken after previous stream changes.	14 years ago
Victor Julien	4a7f6079d5	Change segment removal in stream engine to not discard segments right away. Now they are only removed if they are fully before ra_base_seq.	14 years ago
Victor Julien	6d766f91ef	Fix compiler warnings in defrag unittests.	14 years ago
Anoop Saldanha	5c880b04c9	fix ipv4 defrag + fix recursion level in defrag pseudo packet	14 years ago
Victor Julien	8654469133	Fixing libpcap 0.x.x specific code, take 2.	14 years ago
Victor Julien	140eb4fde8	Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures.	14 years ago
Victor Julien	c72e5f0ebb	Fix compilation of pcap reopen code for older libpcap code.	14 years ago
Victor Julien	076d77cd80	Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat.	14 years ago
Victor Julien	0814e41e50	Ignore tunnel/defrag packets in log-pcap module.	14 years ago
Victor Julien	7ef00aaf19	Fix defrag4 setting the packet length on the wrong packet.	14 years ago
Victor Julien	acda69865a	Fix potential segv in pcap logging deinit code.	14 years ago
Victor Julien	bc7e21aee6	Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic.	14 years ago
Victor Julien	77505f8873	Allow pcap-log to log outside of default-log-dir by passing a absolute path as filename.	14 years ago
Victor Julien	92ea1f68d4	Exit on thread restart limit reached.	14 years ago
Eric Leblond	8f4229b429	Use snprintf instead of sprintf.	14 years ago
Eric Leblond	9be1f1a31c	Use GET_PKT macros.	14 years ago
Eric Leblond	fb36c0af12	pcap: do not leave if interface goes down This patch changes suricata behaviour to support interface like ppp. Prior to this patch, a suricata listening to an interface was leaving when the interface goes down. This patch modifies the behaviour to automatically reconnect. Suricata retries to open the interface every 0,5s until it succeeds.	14 years ago
Eric Leblond	56bf931959	pfring: use macro for direct access Existing code was correct but it was using a direct access to pkt field. This patch uses the newly defined macro to have a clean access on the pkt data.	14 years ago
Eric Leblond	4495efcb62	Add macro for direct access In some case, this is needed to have a direct access to the pkt field. This patch adds macro for this usage.	14 years ago
Victor Julien	5da8bd7c1e	Fix unified2 overwriting tag alerts.	14 years ago
Victor Julien	cee615315f	Fix [drop] not being printed for IPv6 fast.log alerts.	14 years ago
Victor Julien	e19f6ebaf4	Various fixes for issues reported by clang.	14 years ago
Victor Julien	38e7d944c5	Fix icmpv4 unittest on big endian, extract embedded sport and dport even if a full tcph doesn't fit.	14 years ago
Victor Julien	92536c4952	Fix address test on big-endian.	14 years ago
Victor Julien	e0afe96920	Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6.	14 years ago
Victor Julien	f5a2017f3c	Fix counter unittest on big endian.	14 years ago
Victor Julien	6817824c92	Fix bloomfilter issue on big endian.	14 years ago
Victor Julien	e197f50727	Fix IP-Only unittests failing on Big Endian.	14 years ago
Victor Julien	b8cf50678f	Fix many address unittests using explicit byte order and thus failing on big-endian systems.	14 years ago
Victor Julien	c865ee2217	Fix compilation for nfq_set_mark code when NFQ is not enabled.	14 years ago
Eric Leblond	ee6552f25e	nfq_set_mark: handle feature in NFQ. This patch implements the nfq_set_mark related modification of verdict handling.	14 years ago
Eric Leblond	7f1a0d1ed1	coccinelle: add test for banned function The added semantic patch will trigger an error if banned functions are used.	14 years ago
Eric Leblond	9beebf621a	Add support for 'nfq_set_mark' keyword This patch introduces 'nfq_set_mark' which is new rules option. If a packet matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask specified in the option during the verdict. It is thus possible to trigger different behaviour on the packet inside Linux/Netfilter.	14 years ago
Victor Julien	f1e3d636d9	Add limit option to pcap-log logging config.	14 years ago
Victor Julien	f90a5cfffd	Misc pcap logging cleanups.	14 years ago
William Metcalf	023a0f94a2	first stab at pcap logging no rotating buff etc	14 years ago
Anoop Saldanha	1f7e4bada1	add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup	14 years ago

1 2 3 4 5 ...

2026 Commits (a96eae01facb79d114c0d4b993f459e84e696958) All Branches Search

2026 Commits (a96eae01facb79d114c0d4b993f459e84e696958)

All Branches