aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,891 Commits
7 Branches
161 Tags
204 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'aedb61b7d2'
${ noResults }
Commit Graph

83 Commits (aedb61b7d22d48d45c76666d667a18d5683c164c)

Author SHA1 Message Date
Eric Leblond c74116949c source-nfq: improve nfq option system 
This patch modifies the NFQ option system to avoid implicit
choice. 'nfq.mode' is now a string which can take a value
in the 'accept', 'repeat' and 'route' set.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 94596ff282 source-nfq: add queue redirect support 
This patch adds the support of queue redirect. If 'next_queue'
variable is set, the verdict sent to kernel is modified to contain
the indication of a queue number (equal to 'next_queue') which will
receive the packet after the verdict. This feature can be used to
chain easily tools using NFQUEUE.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond aded7b4fae source-nfq: add detection of already treated packet. 
This patch adds detection of already treated packet. If a packet is
coming with an already set mark, it will be accepted and the processing
of the packet is aborted.
The patch display a message when the problem occurs but the number of
message is limited to a fix counter in a way to avoid flooding the log.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond e399e74fc1 source-nfq: Factorize buffer usage 
A big sized buffer was allocated at each packet parsing. This patch
uses a per-thread variable to have a persistent memory usage.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 1e600c1054 source-nfq: add simulated non-terminal NFQUEUE verdict 
This patch adds a new mode for NFQ inline mode. The idea is to
simulate a non final NFQUEUE rules.
This permit to do send all needed packets to suricata via a simple
FORWARD rule:
    iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE
And below, we have a standard filtering ruleset.

To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and
put a mark ($MARK) with respect to a mask ($MASK) on the handled packet.

NF_REPEAT verdict has for effect to have the packet reinjected at start
of the hook after the verdict. As it has been marked by suricata during
the verdict it will not rematch the initial rules and make his way to
the following classical ruleset.

Mode, mark and mask can be configured via suricata.yaml file with the
following syntax:
   nfq:
     repeat_mode: (false|true)
     mark: $MARK
     mask: $MASK
Default is false to preserve backward compatibility.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 72ec56ab23 source-nfq: autodetection of queue max length function 
Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 1375e90030 Prepare multi queue support in NFQ 
This patch prepare support for multiqueue in the
source file. The NFQ vars contained in Packet structure
has a new member. It is a reference to the NFQ thread var
it comes from. The behaviour is modified as a single verdict
thread treat packet for all Netfilter queues.

Locking is done in the verdict function to ensure that
simultaneous modifications of counters can not occur.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 96e3852191 source-nfq: add define of SOL_NETLINK 
Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Victor Julien 929ce0bb9b Add a counter to NFQ for modified packets. 15 years ago
Victor Julien 1dca88fe69 Do the actual checksum recalculation and packet replacement on modifing a packet in the stream engine. 15 years ago
Victor Julien acc38c9ebf Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets. 15 years ago
Eric Leblond 89558ab9a4 RFC: modify error treatment in PacketCopyData 
Hello Victor
This patch modifies error treatment following our discussion on IRC.
It tries to follow the error treatment guideline I've been able to
read in the different files.
I will merge this patch in the original commit if the error treatment
seems ok for you.

BR,
Eric
 15 years ago
Eric Leblond 156b202597 Fix decode part of source-nfq 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Eric Leblond f73c60b4ff nfq: set some options on netlink socket 
This patch modify nfq system to set some options on the netlink socket.
This should improve performances by handling more correctly capacity
overrun.
 15 years ago
Victor Julien 4cacb1e970 Disable adding to unregistered mbit/s counter. 15 years ago
Victor Julien 6519a86ec7 Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros. 15 years ago
Victor Julien dce323b1f4 Fix SCondWait -> SCCondWait typo. 15 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 15 years ago
Victor Julien 4e7df60b2f Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this. 15 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 15 years ago
William Metcalf b629b7c5c1 only show cli opts via help that we have support for 15 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 15 years ago
Victor Julien bb685751d9 Fix NFQ receive/verdict race condition in cases where the packetpool is empty. 15 years ago
Victor Julien 647b1c0eba Fix NFQ compilation. 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Victor Julien 070ed778b8 Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added. 15 years ago
Victor Julien 591c898f6a NFQ inline changes 
- split NFQRecvPkt into a Linux and Windows version for readability
- Add many function header comments
- convert tabs to spaces in Windows code.
 15 years ago
Jan Jezek 366671a8ce Added inline mode support on Windows 15 years ago
Victor Julien eeb98c6900 Move SCSetThreadName to proper functions. 15 years ago
Gerardo Iglesias Galvan 9f35a24a1f Set threads name. Fix bug #83 15 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Victor Julien 16b6f536a0 Fixup Linux compilation after applying win32 patches. 16 years ago
Gurvinder Singh 5293681860 b86 16 years ago
Victor Julien 2cb2989ad8 Apply configurable max pending packets to nfq and ipfw 16 years ago
Pablo Rincon ad2c136e8f Renaming errors (naming conventions) 16 years ago
Gurvinder Singh cf5266094d bug 66 patch 16 years ago
Victor Julien df4c642c70 Fix weird compile error 16 years ago
Pablo Rincon 51dc773eec Changing the veredict actions to flags to allow simultaneous veredict 16 years ago
Eric Leblond 51be576a30 nfq: modify queue length computation logic 
This patch modifies  max queue length computation logic. The max queue
length was set to MAX_PENDING which is the total number of packet
processed simultaneously in suricata.

This value is correct but this will not permit to take all burst
effects into account (read sudden quantity of packet that arrives
faster than suricata is enable to parse). Furthermore there is a
delaying system when suricata gets overloaded which make necessary
to have packet storable into kernel for some time.

To improve this situation the patch increases the maximum queue
length to NFQ_BURST_FACTOR (4) time the MAX_PENDING packet and
it also increase the nfnetlink buffer size to be able to store
all packets waiting for suricata in the netlink receive buffer.
 16 years ago
Eric Leblond 72d48f6658 nfq: add sanity checking 
This patch adds sanity checking to payload handling. It set length
of packet to zero if an error occurs.
 16 years ago
Eric Leblond 56cccdfa62 nfq: use switch instead of 'else if' 
This patch convert a 'else if' serie to a switch to increase
the readability of the decision related code.

 Please enter the commit message for your changes. Lines starting
 16 years ago
Victor Julien 13e10ccd86 Enable bytes per sec and mbit per sec for nfq as well 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Victor Julien aa653157bf Convert stats printing in nfq to logging api. 16 years ago
Victor Julien e5301effe6 Make nfq module use logging api. 16 years ago
Pablo Rincon e26833be3f Changing mutex/spinlocks/conditions naming types 16 years ago
Pablo Rincon 769022f4be Adding support for Mac OS X, FreeBSD, centrailizing mutex/spins/conditions in a macro API, and some unittests 16 years ago
Anoop Saldanha 8beef4a9fc stats upgrade. Added interval counters to the decoder module 16 years ago
Anoop Saldanha ceb7e495ae refactoring perf stats code 16 years ago