aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
3,517 Commits
7 Branches
161 Tags
202 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd292004880'
${ noResults }
Commit Graph

103 Commits (d2920048801b68d6075ff9672710c4a1f59e4707)

Author SHA1 Message Date
Eric Leblond c4f9d0e0e1 Fix invalid usage of operator. 13 years ago
Victor Julien cbeb8a86b7 pcap: fix compilation on old libpcap 13 years ago
Eric Leblond eaea832a4e pcap: handle failure of packet treatment 
If the loop is breaked, this means we've got a treatment error. We
don't need to reconnect but we must exit with correct status.
 13 years ago
Anoop Saldanha 34581ce902 rx TMs shouldn't return TM_ECODE_FAILED if engine is in shutdown mode + minor cleanup 13 years ago
Eric Leblond 0227a87fcb cleaning: fix warning when building with clang. 
clang was issuing some warnings related to unused return in function.
This patch adds some needed error treatment and ignore the rest of the
warnings by adding a cast to void.
 13 years ago
Anoop Saldanha bc6cf43840 #482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars 13 years ago
Victor Julien 3181b492f4 pcap: lock pcap_compile and pcap_setfilter calls as they are not thread safe. Fixes issues with bpf filters and multiple interfaces. 13 years ago
Victor Julien e3f66c52ec pcap: fix double free issue with bpf filter and multiple interfaces. 13 years ago
Eric Leblond 91f42b6f41 pcap: fix "work by luck" code. 13 years ago
Victor Julien 11bdf4838f Various improvements to error handling found by Coverity. 14 years ago
Victor Julien cdba2f50d1 Various fixes and improvements based on feedback by Coverity analyzer. 14 years ago
Victor Julien c4b34e6ef7 Fix various minor clang/scan-build warnings. 14 years ago
Victor Julien 64f717c880 Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv. 14 years ago
Victor Julien d24b3a0e50 Clean up csum detection output, misc fixes. 14 years ago
Eric Leblond 0399a06f4f pcap: fix typo 14 years ago
Eric Leblond db5ca0f3a4 pcap: add auto mode support 14 years ago
Eric Leblond 1d1271fd38 pcap: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Victor Julien 6d8aa6829d Remove unused variable. 14 years ago
Eric Leblond 0d7f25580d pcap: improve error handling. 
Treat TmThreadsSlotProcessPkt return.
 14 years ago
Anoop Saldanha d68f182ebd introduce SCPerfSyncCounters/SCPerfSyncCounters macro to synchronize counters 14 years ago
Anoop Saldanha f7b1972263 update broken stats.log. Use pktacqloop funcs in pcap-file, pfring, pcap-live, af-pkt to sync counters - bug #343 14 years ago
Eric Leblond 45d5c3ca59 runmode: introduce configuration dereferencing. 
A devide configuration can be used by multiple threads. It is thus
necessary to wait that all threads stop using the configuration before
freeing it. This patch introduces an atomic counter and a free function
which has to be called by each thread when it will not use anymore
the structure. If the configuration is not used anymore, it is freed
by the free function.
 14 years ago
Eric Leblond d3d99ffa13 Fix coding style and use SC* function. 
This patch fixes the coding style and uses Suricata function instead
of plain lic version.
 14 years ago
Eric Leblond d3d8beb337 pcap: factorize runmode 
This patch factorizes auto and autofp runmodes for pcap.
 14 years ago
Anoop Saldanha 3f1c4efceb Add new flags var to tm module. TMs can now set flags to identify special properties. Also use these to identify receive TMs 14 years ago
Eric Leblond de1d002ea6 Return OK when leaving cleanly. 14 years ago
Eric Leblond 2631e5f14f pcap: get rid of old API. 14 years ago
Eric Leblond effa295489 pcap: add "single" runmode 
This patch adds support for the "single" mode to the pcap live
mode.
 14 years ago
Eric Leblond 871b21892a factorize pcap live device function 
They are not specific to pcap and could thus be used in other module.
 14 years ago
Victor Julien 820b0ded82 Add per packet profiling. 
Per packet profiling uses tick based accounting. It has 2 outputs, a summary
and a csv file that contains per packet stats.

Stats per packet include:
 1) total ticks spent
 2) ticks spent per individual thread module
 3) "threading overhead" which is simply calculated by subtracting (2) of (1).

A number of changes were made to integrate the new code in a clean way:
a number of generic enums are now placed in tm-threads-common.h so we can
include them from any part of the engine.

Code depends on --enable-profiling just like the rule profiling code.

New yaml parameters:

profiling:
  # packet profiling
  packets:

    # Profiling can be disabled here, but it will still have a
    # performance impact if compiled in.
    enabled: yes
    filename: packet_stats.log
    append: yes

    # per packet csv output
    csv:

      # Output can be disabled here, but it will still have a
      # performance impact if compiled in.
      enabled: no
      filename: packet_stats.csv

Example output of summary stats:

IP ver   Proto   cnt        min      max          avg
------   -----   ------     ------   ----------   -------
 IPv4       6     19436      11448      5404365     32993
 IPv4     256         4      11511        49968     30575

Per Thread module stats:

Thread Module              IP ver   Proto   cnt        min      max          avg
------------------------   ------   -----   ------     ------   ----------   -------
TMM_DECODEPCAPFILE          IPv4       6     19434       1242        47889      1770
TMM_DETECT                  IPv4       6     19436       1107       137241      1504
TMM_ALERTFASTLOG            IPv4       6     19436         90         1323       155
TMM_ALERTUNIFIED2ALERT      IPv4       6     19436        108         1359       138
TMM_ALERTDEBUGLOG           IPv4       6     19436         90         1134       154
TMM_LOGHTTPLOG              IPv4       6     19436        414      5392089      7944
TMM_STREAMTCP               IPv4       6     19434        828      1299159     19438

The proto 256 is a counter for handling of pseudo/tunnel packets.

Example output of csv:

pcap_cnt,ipver,ipproto,total,TMM_DECODENFQ,TMM_VERDICTNFQ,TMM_RECEIVENFQ,TMM_RECEIVEPCAP,TMM_RECEIVEPCAPFILE,TMM_DECODEPCAP,TMM_DECODEPCAPFILE,TMM_RECEIVEPFRING,TMM_DECODEPFRING,TMM_DETECT,TMM_ALERTFASTLOG,TMM_ALERTFASTLOG4,TMM_ALERTFASTLOG6,TMM_ALERTUNIFIEDLOG,TMM_ALERTUNIFIEDALERT,TMM_ALERTUNIFIED2ALERT,TMM_ALERTPRELUDE,TMM_ALERTDEBUGLOG,TMM_ALERTSYSLOG,TMM_LOGDROPLOG,TMM_ALERTSYSLOG4,TMM_ALERTSYSLOG6,TMM_RESPONDREJECT,TMM_LOGHTTPLOG,TMM_LOGHTTPLOG4,TMM_LOGHTTPLOG6,TMM_PCAPLOG,TMM_STREAMTCP,TMM_DECODEIPFW,TMM_VERDICTIPFW,TMM_RECEIVEIPFW,TMM_RECEIVEERFFILE,TMM_DECODEERFFILE,TMM_RECEIVEERFDAG,TMM_DECODEERFDAG,threading
1,4,6,172008,0,0,0,0,0,0,47889,0,0,48582,1323,0,0,0,0,1359,0,1134,0,0,0,0,0,8028,0,0,0,49356,0,0,0,0,0,0,0,14337

First line of the file contains labels.

2 example gnuplot scripts added to plot the data.
 14 years ago
William 61fe05b220 Fix for silly pcap counters mistake made by me. ps_recv includes dropped packets. 14 years ago
Eric Leblond 586aae0ff3 Indentation fix on source-pcap. 14 years ago
Victor Julien 8654469133 Fixing libpcap 0.x.x specific code, take 2. 15 years ago
Victor Julien c72e5f0ebb Fix compilation of pcap reopen code for older libpcap code. 15 years ago
Victor Julien 076d77cd80 Add strncpy and strncat to banned function list as we have better replacements: strlcpy and strlcat. 15 years ago
Eric Leblond fb36c0af12 pcap: do not leave if interface goes down 
This patch changes suricata behaviour to support interface like
ppp. Prior to this patch, a suricata listening to an interface
was leaving when the interface goes down. This patch modifies
the behaviour to automatically reconnect. Suricata retries to
open the interface every 0,5s until it succeeds.
 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Victor Julien 878d3d87db Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported. 15 years ago
Victor Julien 4cacb1e970 Disable adding to unregistered mbit/s counter. 15 years ago
Victor Julien 6519a86ec7 Move packet pool to ringbuffer, update packet pool api and ringbuffer api. Remove memset usage from PACKET_RECYCLE, add proper cleanup macros. 15 years ago
Victor Julien dce323b1f4 Fix SCondWait -> SCCondWait typo. 15 years ago
Pablo Rincon 8cc525c939 UDP support at AppLayer message handling 15 years ago
Victor Julien 329742c10e Small ip to pcap dev cleanup. 15 years ago
Victor Julien e3fc53ecb9 Fix a corner case where the pcap receive modules could alloc packets at line rate until memory was depleted. 15 years ago
William Metcalf 9ce1399db8 Add option for setting pcap buffer size if it is available 15 years ago
Victor Julien 53acf08996 Add multi packet reading for pcap live mode. Add a partly lock free multi writer, multi reader ringbuffer. 15 years ago
Victor Julien 4e7df60b2f Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this. 15 years ago
William Metcalf 2eef905c07 GPL and Copyright header updates. 15 years ago
Victor Julien 2910759943 Rename TranslateIPToPcapDev to PcapTranslateIPToDevice and make the length argument size_t. 15 years ago
Ondrej Slanina 55d0d1e7a1 added support for finding pcap device via it's IP. 15 years ago