aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,099 Commits
7 Branches
161 Tags
210 MiB
master
main-7.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'dad1f85edb'
${ noResults }
Commit Graph

109 Commits (dad1f85edb59406a00164e6533c31ca12253b790)

Author SHA1 Message Date
Antti Tönkyrä 63a47967d7 source-pfring: don't set cluster mode when using ZC and VLAN tracking is disabled 10 years ago
Victor Julien 14466a803d decode: create util function for basic counter updates 10 years ago
Victor Julien 752f03e7a4 counters: remaining s/SCPerf/Stats/g 10 years ago
Victor Julien 30cce2bd29 counters: s/SCPerfCounterSetUI64/StatsSetUI64/g 10 years ago
Victor Julien 1c0b4ee0ae counters: s/SCPerfCounterIncr/StatsIncr/g 10 years ago
Victor Julien 8992275b0c counters: s/SCPerfCounterAddUI64/StatsAddUI64/g 10 years ago
Victor Julien 1ef786e7cb counters: rename register API calls 
Also remove 'type' parameter which was always the same.
 10 years ago
Victor Julien b293a4b7d0 counters: remove unused description 10 years ago
Victor Julien 55cfab89e4 counters: SCPerfGetLocalCounterValue cleanup 
Return u64, update arguments.
 10 years ago
Victor Julien b34c6dc93a counters: remove references to SCPerfCounterAddDouble 
They were all in comments anyway.
 10 years ago
Victor Julien e9b067c1eb counters: make increment call take threadvars 
This hides the implementation from the caller.
 10 years ago
Victor Julien 9a8bff7d96 counters: threadvars s/sc_perf_pca/perf_private_ctx/g 10 years ago
Giuseppe Longo 1ad2a231fe pfring: fixes memleaks 
This fixes some memory leaks
Bug #1184
 11 years ago
Ken Steele a781fc5c2e Make suricata_ctl_flags be volatile 
The global variable suricata_ctl_flags needs to volatile, otherwise the
compiler might not cause the variable to be read every time because it
doesn't know other threads might write the variable.

This was causing Suricata to not exit under some conditions.
 11 years ago
Giuseppe Longo 2d43dae934 PF_RING: force cluster type if vlan is disabled 
If vlan is disabled the cluster_flow mode will still take VLAN tags
into account due to using pf_ring's 6-tuple mode.
So this forces to use pf_ring's 5-tuple mode.

Bug #1292
 11 years ago
Giuseppe Longo 8c09648ad0 pfring: removes old API and #ifdef chunks 11 years ago
Ken Steele 8f1d75039a Enforce function coding standard 
Functions should be defined as:

int foo(void)
{
}

Rather than:
int food(void) {
}

All functions where changed by a script to match this standard.
 11 years ago
Victor Julien 98c88d5170 decode: pass ThreadVars to DecodeThreadVarsFree 
Flow output thread data deinit function which will be called from
DecodeThreadVarsFree will need it.
 11 years ago
Victor Julien c4a8e2cd14 Remove unused variables 11 years ago
Ken Steele 28ccea51d3 Add error checking for pthread_setspecific() and pthread_key_create(). 11 years ago
Ken Steele 3c6e01f653 Replace ringbuffer in Packet Pool with a stack for better cache locality 
Using a stack for free Packet storage causes recently freed Packets to be
reused quickly, while there is more likelihood of the data still being in
cache.

The new structure has a per-thread private stack for allocating Packets
which does not need any locking. Since Packets can be freed by any thread,
there is a second stack (return stack) for freeing packets by other threads.
The return stack is protected by a mutex. Packets are moved from the return
stack to the private stack when the private stack is empty.

Returning packets back to their "home" stack keeps the stacks from getting out
of balance.

The PacketPoolInit() function is now called by each thread that will be
allocating packets. Each thread allocates max_pending_packets, which is a
change from before, where that was the total number of packets across all
threads.
 11 years ago
Mats Klepsland 1f3fbbc992 Fix bug #1206 
PF_RING ZC uses clusters in the same way as PF_RING DNA. Therefore,
this bug can be fixed as it was fixed for DNA (bug #598).
 11 years ago
Victor Julien 900fc6fdc7 pfring: clean up decode thread local storage 
Clean up the thread local data the decode portion of pfring uses.

Bug #978
 11 years ago
Victor Julien fdb1bd9668 pfring: call enable_ring after set_cluster 
Move pfring_enable_ring to the start of ReceivePfringLoop() so that
it's guaranteed to be called after all threads have called
pfring_set_cluster first.

This is necessary because pfring will already make packets available
to thread N, while thread N+1 is still registering itself. This leads
to cases where the first packet(s) of a flow are processed by a
different thread in Suricata than the later ones.

This is a race condition only at start up. New flows after the pfring
initialization is complete will not be influenced by this.

Bug #1129.
 12 years ago
Eric Leblond 1fa4233d67 pfring: get vlan id from header 
PF_RING is delivering the packet with VLAN header stripped. This
patch updates the code to get the information from PF_RING extended
header information.

This patch uses the new function SCKernelVersionIsAtLeast to know
that we've got a old kernel that do not strip the VLAN header from
the message before sending it to userspace.
 12 years ago
Eric Leblond 3ce39433dd capture: use 64 bits counters 
Some of the packets counters were using a 32bit integer. Given the
bandwidth that is often seen, this is not a good idea. This patch
switches to 64bit counter.
 12 years ago
Victor Julien f7b1aefaf4 Bug 1107: decoders: bail out on pseudo packets 
Flow-timeout code injects pseudo packets into the decoders, leading
to various issues. For a full explanation, see:
  https://redmine.openinfosecfoundation.org/issues/1107

This patch works around the issues with a hack. It adds a check to
each of the decoder entry points to bail out as soon as a pseudo
packet from the flow timeout is encountered.

Ticket #1107.
 12 years ago
Victor Julien 5f307acace Pass ThreadVars ptr to various thread init funcs 
To be able to register counters from AppLayerGetCtxThread, the
ThreadVars pointer needs to be available in it and thus in it's
callers:

- AppLayerGetCtxThread
- DecodeThreadVarsAlloc
- StreamTcpReassembleInitThreadCtx
 12 years ago
Eric Leblond c115e63dc2 pfring: fix live device counter usage 
Live device counter was in fact the number of packets seen by suricata
and not the total number of packet reported by pfring. This patch fixes
this by using counter provided by kernel instead.

Pfring kernel counter is per socket and is not cleared after read.
So to get the number of packet on the interface we can add the new
value for this thread and add it to the interface counter.
 12 years ago
Ken Steele 882d98733f Fix pfring so that zero-copy mode can work. 
Detect when default_packet_size is zero, which enables zero-copy mode for
pfring and in that case, do what AF Packet does and set pkt_ext pointer to
the data and set PKT_ZERO_COPY flag.
 12 years ago
Eric Leblond 28c5c68192 error checking: add missing alloc error treatment 
The return of some malloc like functions was not treated in some
places of the code.
 12 years ago
Eric Leblond 3088b6ac34 Add invalid pkt counter. 
This patch adds and increments a invalid packet counter. It
does this by introducing PacketDecodeFinalize function

This function is incrementing the invalid counter and is also
signalling the packet to CUDA.
 12 years ago
Eric Leblond 853732210e pfring: improve error reporting at device opening 
This patch improves the error message displayed if pfring_open fails.
 12 years ago
Victor Julien 677cd03e52 Counters: more unused code removal 12 years ago
Victor Julien 698ff4e4aa Counters: remove all unused parts of the API 12 years ago
Ken Steele 5532af4621 Create SCMUTEX_INITIALIZER to abstract out PTHREAD_MUTEX_INITIALIZER 
This allows replacing pthread mutexes with other types of mutex.
 12 years ago
Eric Leblond c6e8c5bf1f pf_ring: avoid to ask for extended header. 
This patch update pf_ring capture to avoid to ask for extended
header. They are only needed when rxonly checksum checks is used
and this is only possible when interface is not a DNA interface.
 12 years ago
Anoop Saldanha 9698a5d78c Code to enable cuda support for pfring live mode. 12 years ago
Eric Leblond e14a817fbd pfring: delete unused define. 13 years ago
Eric Leblond ca1a70a04b pfring: fix build failure 13 years ago
Eric Leblond 8d0260b27e Add atomic counter for iface drop. 13 years ago
Eric Leblond 8957113550 pf-ring: fix build 13 years ago
Eric Leblond d3195b0f70 pf_ring: don't set cluster for DNA interface. 13 years ago
Eric Leblond 3acdd4da1d pf-ring: add counter for kernel drop and packets 
This patch adds a counter for kernel drop and packets by using the
same strategy as the one used in af-packet.
 13 years ago
Anoop Saldanha b33986c887 Add a packet src for every packet generated inside suricata. 13 years ago
Eric Leblond 928ade1d04 pf-ring: suppress unused variable. 13 years ago
Eric Leblond c3b9a5e97f pf-ring: add missing header. 13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment. 
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
 13 years ago
Eric Leblond 566674ae4a Fix logic operator. 
Previous patches on the same subject did not fixed this error as it
was undetected because the code was not compiled on my setup.
 13 years ago
Eric Leblond cdbc9be1c3 pf_ring: set cluster_id even if only one thread is used. 13 years ago