suricata

Commit Graph

Author	SHA1	Message	Date
Eric Leblond	e399e74fc1	source-nfq: Factorize buffer usage A big sized buffer was allocated at each packet parsing. This patch uses a per-thread variable to have a persistent memory usage. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1e600c1054	source-nfq: add simulated non-terminal NFQUEUE verdict This patch adds a new mode for NFQ inline mode. The idea is to simulate a non final NFQUEUE rules. This permit to do send all needed packets to suricata via a simple FORWARD rule: iptables -I FORWARD -m mark ! --mark $MARK/$MASK -j NFQUEUE And below, we have a standard filtering ruleset. To do so, suricata issues a NF_REPEAT instead of a NF_ACCEPT verdict and put a mark ($MARK) with respect to a mask ($MASK) on the handled packet. NF_REPEAT verdict has for effect to have the packet reinjected at start of the hook after the verdict. As it has been marked by suricata during the verdict it will not rematch the initial rules and make his way to the following classical ruleset. Mode, mark and mask can be configured via suricata.yaml file with the following syntax: nfq: repeat_mode: (false\|true) mark: $MARK mask: $MASK Default is false to preserve backward compatibility. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Eric Leblond	1375e90030	Prepare multi queue support in NFQ This patch prepare support for multiqueue in the source file. The NFQ vars contained in Packet structure has a new member. It is a reference to the NFQ thread var it comes from. The behaviour is modified as a single verdict thread treat packet for all Netfilter queues. Locking is done in the verdict function to ensure that simultaneous modifications of counters can not occur. Signed-off-by: Eric Leblond <eric@regit.org>	15 years ago
Victor Julien	929ce0bb9b	Add a counter to NFQ for modified packets.	15 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	15 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	16 years ago
Jan Jezek	366671a8ce	Added inline mode support on Windows	16 years ago
Pablo Rincon	e26833be3f	Changing mutex/spinlocks/conditions naming types	16 years ago
Pablo Rincon	769022f4be	Adding support for Mac OS X, FreeBSD, centrailizing mutex/spins/conditions in a macro API, and some unittests	16 years ago
Brian Rectanus	fa5939ca91	64 bit cleanup part2	16 years ago
Victor Julien	175eaeca93	Slightly moved around the NFQ define a bit.	16 years ago
William Metcalf	a3510f2025	Made NFQ optional via --enable-nfqueue, --enable-logsigs will now load local.rules in the path other fixes	16 years ago
Victor Julien	689bbfdc45	Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful. Remove the Trie multi pattern matcher code. It wasn't used anymore.	16 years ago
Victor Julien	4c4862d838	Improve logging, add alert-output module, at module exit stats, add HTTP POST uri capture.	16 years ago
Victor Julien	28d9415e37	New approach to tunnel decoding.	16 years ago
Victor Julien	867d493d7f	Source NFQ update... less hackish, but still needs work as soon as we know how to do configuration.	16 years ago
Victor Julien	bab4b62376	Initial add of the files.	16 years ago

17 Commits (c617d7cbfd381189cc5cf235c39fe006e3146f7f)