Victor Julien
a96eae01fa
Disable alert-debuglog that was accidently enabled in a previous commit.
14 years ago
Victor Julien
892a8a4985
Make stream inline use the chunk size settings.
14 years ago
Victor Julien
2dc057d1b1
Set datalink on stream pseudo packets to prevent unified2 from writing a malformed record.
14 years ago
Victor Julien
5dcaaebf21
Enable logging of stream chunk in IPV6/TCP. Make sure IPV6 events have a ethernet header to work around Barnyard2 not liking DLT_RAW+IPV6.
14 years ago
Victor Julien
93815a1585
Support logging of reassembled stream data in IPv4 unified2.
14 years ago
Victor Julien
6cb9bbd1e3
Make sure TAG alerts don't work with an uninitialized alert_msg pointer.
14 years ago
Victor Julien
4f5aad1476
Enforce configurable minimum chunk size in raw stream reassembly. Minor stream cleanups, unittest updates.
14 years ago
Victor Julien
5d2a341096
Disable unused code, fix compiler warning.
14 years ago
Victor Julien
936b34ddf6
Remove minimum init chunk length code, set a default limit of 2560 to the minimum chunk size, allow toclient raw reassembly to start even if toserver hasn't started yet.
14 years ago
Victor Julien
864c8718e1
Store matching stream msg (ptr) in packets alert structure so it's available to the output plugins.
14 years ago
Victor Julien
8faacb727d
Account for seg list not always being empty when stream closes.
14 years ago
Victor Julien
ecfa2d0176
Only remove segments from segment list if they are completely before ra_base_seq.
14 years ago
Victor Julien
5bdf16380d
Make sure we actually remove no longer required segments.
14 years ago
Victor Julien
7f45a4fd58
Fix missing segment flag, fix 2 unittests broken after previous stream changes.
14 years ago
Victor Julien
4a7f6079d5
Change segment removal in stream engine to not discard segments right away. Now they are only removed if they are fully before ra_base_seq.
14 years ago
Victor Julien
6d766f91ef
Fix compiler warnings in defrag unittests.
14 years ago
Anoop Saldanha
5c880b04c9
fix ipv4 defrag + fix recursion level in defrag pseudo packet
14 years ago
Victor Julien
8654469133
Fixing libpcap 0.x.x specific code, take 2.
14 years ago
Victor Julien
140eb4fde8
Fix decode-event keyword parsing. Fix code that indicates a signature is decode-event only. Add 'pkthdr' protocol as an alias for any/ip to be used by decode-event signatures.
14 years ago
Victor Julien
c72e5f0ebb
Fix compilation of pcap reopen code for older libpcap code.
14 years ago
Victor Julien
076d77cd80
Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat.
14 years ago
Victor Julien
0814e41e50
Ignore tunnel/defrag packets in log-pcap module.
14 years ago
Victor Julien
7ef00aaf19
Fix defrag4 setting the packet length on the wrong packet.
14 years ago
Victor Julien
acda69865a
Fix potential segv in pcap logging deinit code.
14 years ago
Victor Julien
bc7e21aee6
Add special sguil mode to log-pcap to support logging into date based directory structure and rotate when the day passes. Also do not log packets beyond stream reassembly depth and encrypted traffic.
14 years ago
Victor Julien
77505f8873
Allow pcap-log to log outside of default-log-dir by passing a absolute path as filename.
14 years ago
Victor Julien
92ea1f68d4
Exit on thread restart limit reached.
14 years ago
Eric Leblond
8f4229b429
Use snprintf instead of sprintf.
14 years ago
Eric Leblond
9be1f1a31c
Use GET_PKT macros.
14 years ago
Eric Leblond
fb36c0af12
pcap: do not leave if interface goes down
...
This patch changes suricata behaviour to support interface like
ppp. Prior to this patch, a suricata listening to an interface
was leaving when the interface goes down. This patch modifies
the behaviour to automatically reconnect. Suricata retries to
open the interface every 0,5s until it succeeds.
14 years ago
Eric Leblond
56bf931959
pfring: use macro for direct access
...
Existing code was correct but it was using a direct access to
pkt field. This patch uses the newly defined macro to have a
clean access on the pkt data.
14 years ago
Eric Leblond
4495efcb62
Add macro for direct access
...
In some case, this is needed to have a direct access to the pkt
field. This patch adds macro for this usage.
14 years ago
Victor Julien
5da8bd7c1e
Fix unified2 overwriting tag alerts.
14 years ago
Victor Julien
cee615315f
Fix [drop] not being printed for IPv6 fast.log alerts.
14 years ago
Victor Julien
e19f6ebaf4
Various fixes for issues reported by clang.
14 years ago
Victor Julien
38e7d944c5
Fix icmpv4 unittest on big endian, extract embedded sport and dport even if a full tcph doesn't fit.
14 years ago
Victor Julien
92536c4952
Fix address test on big-endian.
14 years ago
Victor Julien
e0afe96920
Fix broken ICMPv4 unittests on big endian, fix broken ID macro on ICMPv6.
14 years ago
Victor Julien
f5a2017f3c
Fix counter unittest on big endian.
14 years ago
Victor Julien
6817824c92
Fix bloomfilter issue on big endian.
14 years ago
Victor Julien
e197f50727
Fix IP-Only unittests failing on Big Endian.
14 years ago
Victor Julien
b8cf50678f
Fix many address unittests using explicit byte order and thus failing on big-endian systems.
14 years ago
Victor Julien
c865ee2217
Fix compilation for nfq_set_mark code when NFQ is not enabled.
14 years ago
Eric Leblond
ee6552f25e
nfq_set_mark: handle feature in NFQ.
...
This patch implements the nfq_set_mark related modification of verdict
handling.
14 years ago
Eric Leblond
7f1a0d1ed1
coccinelle: add test for banned function
...
The added semantic patch will trigger an error if banned functions
are used.
14 years ago
Eric Leblond
9beebf621a
Add support for 'nfq_set_mark' keyword
...
This patch introduces 'nfq_set_mark' which is new rules option. If a packet
matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask
specified in the option during the verdict.
It is thus possible to trigger different behaviour on the packet inside
Linux/Netfilter.
14 years ago
Victor Julien
f1e3d636d9
Add limit option to pcap-log logging config.
14 years ago
Victor Julien
f90a5cfffd
Misc pcap logging cleanups.
14 years ago
William Metcalf
023a0f94a2
first stab at pcap logging no rotating buff etc
14 years ago
Anoop Saldanha
1f7e4bada1
add tls.no_reassemble use for sslv2 which we missed previously. Also some cleanup
14 years ago