aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,908 Commits
7 Branches
161 Tags
176 MiB
main-7.0.x
master
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e1a309a6b2'
${ noResults }
Commit Graph

2741 Commits (e1a309a6b20405c7706f13d3357dd79ee9b9e791)

Author SHA1 Message Date
Victor Julien 28e15be526 Clean up default output. Use simpler output format for releases. 14 years ago
Victor Julien ff9fb7e1b5 Assume offloading in use if 1/10th of the packets has a bad checksum. 14 years ago
Victor Julien 9bea84918c Fix checksum offloading auto detection typo: it should be 1/5th instead of 1/10th. 14 years ago
Victor Julien c4b34e6ef7 Fix various minor clang/scan-build warnings. 14 years ago
Victor Julien 791fc2f6ea Adapt signature ordering to new flowbits post-match handling. 14 years ago
Victor Julien 8339ca6d4e Implement post match support for ip-only. 14 years ago
Victor Julien e69c584317 Let timing out flow use pseudo packets also if state is not fully closed. 14 years ago
Victor Julien 6eeab37ab3 Add post-match list, move flowbits set, etc functions to it. Move flowint set, etc functions to it as well. 14 years ago
Victor Julien 0818a151ec Add reject support to live single, autofp and workers runmodes. 14 years ago
Eric Leblond 0b2c7dfa5d runmode: Add Reject to IPS worker mode. 14 years ago
Victor Julien 515d070554 Print elapsed time with millisecond precision. 14 years ago
Victor Julien aac2d91bcc Set DROP flag for reject action so in addition to sending the rst, in IPS mode also drop the offending packet. 14 years ago
Victor Julien f084874998 Fix HTTP state and raw stream not being inspected at the same time. Adds an exception to transaction id handling for HTTP. 14 years ago
Victor Julien 16cfae2f51 Trigger raw stream reassembly on receiving a full HTTP request or response. 14 years ago
Victor Julien f773942ce0 Disable printing dreaded app layer error messages to the screen: app layer events are here to safe us. 14 years ago
Victor Julien f713b653ab Convert error logging for HTTP to use new app layer event API. Expose libhtp warnings to this as well. 14 years ago
Victor Julien e55390e4e7 Add check to invalidate signatures that inspect raw http headers in the to_client direction (response headers) if libhtp hasn't been patched yet. Also add hack to disable the test for unittests, many tests fail and we'll fix those ASAP. 14 years ago
Victor Julien 1ac6054c23 Clean up configure check for htp_tx_get_response_headers_raw. Misc changes. 14 years ago
Anoop Saldanha 4acd5a04e6 Enable http raw response header inspection only if libhtp supports raw response header buffering which should be available post 0.2.6 14 years ago
Anoop Saldanha 9c4954ff42 support http response raw header inspection + carry out hrhd mpm on both request/response headers + add unittests for the same 14 years ago
Anoop Saldanha 1b434f5fff hhd unittests for response headers 14 years ago
Anoop Saldanha e5c3e2cdb1 carry out hhd mpm on both request/response headers 14 years ago
Anoop Saldanha 30247dce8c bug 389 - support http response header inspection + fix bug with stateful inspection for sigs that would have both request/response inpection 14 years ago
Victor Julien 64f717c880 Set 'livedev' in pcap acquisition module for older libpcap version as well. Fixes a segv. 14 years ago
Victor Julien 026a4efc57 Make sure that continued stateful detection only inspects sigs in the proper direction. 14 years ago
Victor Julien 21ee59e6f3 Add signature direction (flow:toserver/flow:toclient) as a signature flag. 14 years ago
Victor Julien d5402d33d4 Simplify detection loop. Inspect packet keywords before the state. 14 years ago
Victor Julien 7fa22e8453 Rename app_layer_events to app-layer-events. Misc fixes/changes. 14 years ago
Victor Julien ecd457db7b Allow flowint names to have dots in them. 14 years ago
Anoop Saldanha 5311cd4866 Support for smtp decoder events 14 years ago
Anoop Saldanha eea5ab4a7a Support for app layer decoder events added + app_layer_event keyword added 14 years ago
Victor Julien 4c1e417d49 Allow non-existing flowints to be incremented. A 'set' to 0 is implied in this case. 14 years ago
Victor Julien d24b3a0e50 Clean up csum detection output, misc fixes. 14 years ago
Eric Leblond 9a2a4802f4 pf-ring: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Supported mode are yes, no, auto and rx-only.
 14 years ago
Eric Leblond 0399a06f4f pcap: fix typo 14 years ago
Eric Leblond db5ca0f3a4 pcap: add auto mode support 14 years ago
Eric Leblond a565148fb1 af-packet: fallback if 'kernel' mode is not supported 
This patch adds a fallback to full checksum validation if 'kernel'
mode is not supported by the running kernel.
 14 years ago
Eric Leblond 51eb96053c af-packet: auto mode support 14 years ago
Eric Leblond c3eaa6cc60 Add per-interface counter for invalid checksum. 
This patch adds a per-device counter for invalid checksum as
well as a simple packet counter.
 14 years ago
Eric Leblond 745b61171a Introduce LiveGetDevice function 14 years ago
Eric Leblond e893e860d4 Rename LiveGetDevice to LiveGetDeviceName 
The function LiveGetDevice is returning a point to
the name of the interface. This patch renames it to
LiveGetDeviceName which is more appropriate.
 14 years ago
Eric Leblond 1d1271fd38 pcap: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Eric Leblond 6062e00c2b af-packet: add support for checksum verif mode 
This patch adds support for checksum verification mode.
Auto mode is not yet supported.
 14 years ago
Eric Leblond 551cb3e4c2 decode: introduce checksum mode enum. 14 years ago
Eric Leblond 623bb38d1c af-packet: Fix typo in error message. 14 years ago
Eric Leblond 8d635ddfc2 detect-csum: incomplete checksum is a valid checksum 
This patch modify checksum match to not alert on packet with
incomplete checksum. They will be checksummed later and thus
can be considered as valid one.
 14 years ago
Eric Leblond 67f791e891 af-packet: add variable to disable offloading detection 
This flag adds variable to disable offloading detection. The effect
of the flag is to avoid to transmit auxiliary data at each packet.
This could result in a potential performance gain.
 14 years ago
Eric Leblond f6ddaf3341 af-packet: parse message to find lack of checksum 
Emitted packet can have checksum offloading. This patch reads
af-packet message parameter to see if the kernel has sent a non
checksummed packet.
 14 years ago
Eric Leblond 5dc46ae7c7 pf-ring: Mark emitted traffic as non checksummed 
The traffic sent by an interface is potentially offloaded. This
patch adds detection of TX packets and set the corresponding flag.
 14 years ago
Eric Leblond 81bc6f5518 Treat incomplete checksum. 
Checksum of local traffic is often offloaded to the network device.
This causes some problems on parsing of this traffic. This patch
introduces a PKT_INCOMPLETE_CHECKSUM flag which can be used to
indicate that the checksum is not computed/correct for good reason.
 14 years ago
Victor Julien 9324ed7b90 Fix icmpv6 ip-only rule not firing. #363. 14 years ago
Anoop Saldanha 517040c4af indentation fix 14 years ago
Anoop Saldanha 37b223645a fix detection engine for alert stability. Fix cases where we have multiple rules having same pattern. We should see good perf increase(~5%) with this change, now that we avoid unnecessary inspection" 14 years ago
Anoop Saldanha 42bc22cfa5 indendation fix 14 years ago
Anoop Saldanha ecc7a769a7 reclaim mpm contexts if no patterns are added to it, even in non-full mode 14 years ago
Anoop Saldanha 1389cf6913 update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda 14 years ago
Anoop Saldanha 92643f6110 introduce separate mpm ctxs for tcp/udp/other_protos 14 years ago
Anoop Saldanha a5dec3cb2e refactor all http mpm engine code 14 years ago
Anoop Saldanha 34cf557abf fix indentation 14 years ago
Anoop Saldanha 5b91cec4ae remove unnecessary if/else checks 14 years ago
Victor Julien ada4066238 Add counters for SYN, SYN/ACK and RST TCP packets. Issue #251. 14 years ago
Victor Julien 298289f43f Let flow:only_stream and flow:no_stream set the require packet and require stream flags. Toss out sigs with conflicting settings. Rename flow:stream_only to flow:only_stream. Fixes #261. 14 years ago
Victor Julien c04f45ccb9 Add tcp-pkt and tcp-stream 'protocols' to force a signature to inspect only packet or stream data. 14 years ago
Victor Julien 2c62b50ed5 Fix 2 compiler warnings. 14 years ago
Mike Pomraning cfced01641 Use strlcpy 14 years ago
Mike Pomraning 914b10a8e6 Touch up Makefile for SCConfLogOpenGeneric. 14 years ago
Mike Pomraning dfec9c0f6a Switch 'fast', 'http-log', 'drop' and 'alert-debug' to SCConfLogOpenGeneric. 14 years ago
Mike Pomraning dec34afa40 SCConfLogOpenGeneric() abstraction for regular and AF_UNIX logs. 
util-logopenfile.[ch] implements the abstraction; util-error.[ch]
modified to include a socket-specific error code; output.h adds a
default filetype for logs ("regular").
 14 years ago
Victor Julien a1cb769205 Switch log-file module to use new absolute path detection code. 14 years ago
Victor Julien 4cbaeb408c Add functions to determine whether a path is absolute or relative. 14 years ago
Victor Julien a397599fbb file extraction: add waldo option to file log module. This will store the last used file_id so extracted files won't get overwritten is Suricata is restarted. 14 years ago
Victor Julien effe01ae7b Add Init and DeInit calls to the thread module API. 14 years ago
Eric Leblond 7fb78a0ff6 Fix compilation warning. 14 years ago
Victor Julien 08f3ef7685 Reshuffle version printing so -V prints it only once. 14 years ago
Eric Leblond 1bebb9831d logging: don't display debug message before setting params. 14 years ago
Eric Leblond 05f562fdc3 logging: use SCLogDebug instead of printf 
This patch uses SCLogDebug instead of printf to enable filtering
of the log message by the log filtering option.
 14 years ago
Eric Leblond 9545a56426 ipfw: suppress poll before sendto 
Calling poll before using sendto seems a bit overkill.
 14 years ago
Eric Leblond 6f1b40dd4b ipfw: don't use socket lock in 'worker' mode 
This patch is the IPFW version of NFQ latest patch.
 14 years ago
Eric Leblond 58855494c1 nfq: do not use mutex in 'worker' mode 
Using a mutex on the queue handle is not necessary in 'worker' mode
as there is no concurrent access to it.
 14 years ago
Eric Leblond ef3951d914 runmode: export running mode 
This will permit to put some optimisation in different components.
This is done via the RunmodeGetActive() function.
 14 years ago
Victor Julien c908574545 Use strtoul instead of strtol for sid parsing. Fixes parsing of really large sid numbers. Fixes #393. 14 years ago
Victor Julien c1a40447c1 IP Only cleanup: make most functions static. Add error message on address parsing issues. 14 years ago
Victor Julien e0cf2ccb91 Fix invalid direction error message. 14 years ago
Eric Leblond db19680794 pcap: fix auto runmode 
This patch fixes initialization of a pointer. The lack of it was
causing an invalid interface value to be given to suricata (in
the case no interface was given on the command line).

Reported-by: Delta Yeh <delta.yeh@gmail.com>
 14 years ago
Victor Julien 5a769c02ee Stream engine: handling packets with ACK|CWR. 14 years ago
Anoop Saldanha 999c34111e bug #341 - support for urilen check on both norm and raw buffers 14 years ago
Victor Julien 158d72e7f3 file-inspection: inspect new files in same tx but opposite direction as well. 14 years ago
Victor Julien a6e75aff21 file-extraction: improve handling of complex multipart bodies. 14 years ago
Victor Julien 4eda31df4d file inspection: unset new file available flag when appropriate, prevents duplicate alerts. 14 years ago
Anoop Saldanha 6e2c921037 indentation fixes for ac-gfbs 14 years ago
Anoop Saldanha 2eb3aff0af Further improve compression for ac-gfbs. Character codes shifted to 8 bits from 16/32 bits 14 years ago
Victor Julien 0712300a1c Remove stream BUG_ON's that could fire on TCP session reuse. 14 years ago
Anoop Saldanha 0cde8072f4 fix ffr shutdown segv. We need to supply stream TV the the stream engine 14 years ago
Anoop Saldanha 5620844f7d ac-gfbs fix output presence combination with mod table 14 years ago
Anoop Saldanha 153f2ad3eb ac-gfbs update. Minor improvement of compression for state 0. Improves performance 14 years ago
Anoop Saldanha c6cd59bda4 Update ac-gfbs with some rearrangement. Increased performance from 4-10% 14 years ago
Anoop Saldanha e18cf72c13 fix bug in size parsing API. Pass the string returned by pcre_get_substring and not the passed arg. Also use strtod. Solves usage issues on windows 14 years ago
Victor Julien 842b01cc9c Remove duplicate sys/prctl.h configure check. Wrap another include in HAVE_SYS_PRCTL_H. 14 years ago
Eileen Donlon aaa5a78dfe Moved prctl.h check to configure 14 years ago
deltay 37dc83d411 ignore signal SIGPIPE and SIGSYS 14 years ago