suricata

Commit Graph

Author	SHA1	Message	Date
Gurvinder Singh	8852b83fa7	flowbits, flowvars, pktvars, flow flags and app layer info added to alert-debug.log	15 years ago
Victor Julien	580b09c2b8	Make sure we inspect all outstanding reassembled stream chunks (smsg) if the stream is shutting down. Make sure to do inspect signatures that use dsize against the tcp packet payload, even if that payload was already added to the stream. Likewise, the dsize signatures are not inspected against the reassembled stream.	15 years ago
Victor Julien	a3ff0e7210	Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185 .	15 years ago
Pablo Rincon	a8cb8d830b	Fix for bug 186 and thresholding issue handling ip versions	15 years ago
Pablo Rincon	eed0ef6e69	Adding tag keyword support	15 years ago
Victor Julien	ca7f54de25	Make sure ICMP unreach packets are not inspected against the flow sgh as it's for the original protocol, not for the ICMP packet. Fixes #174 .	15 years ago
Victor Julien	b8fec77f37	Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id.	15 years ago
Victor Julien	cdc9570f0e	Have the detect.alerts counter count actual alerts.	15 years ago
William Metcalf	0e4235cc94	FLOW_DESTROY added to clean-up UT's that init flow	15 years ago
Victor Julien	2f29b8a724	Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166 .	15 years ago
Victor Julien	37442a8a84	Prefilter signatures before fully scanning them.	15 years ago
Victor Julien	d6709b0961	Fix a segv caused by invalidly accessing the smsg_pmq array.	15 years ago
Victor Julien	8cea3779fa	Move dce payload inspection to stateful detection engine.	15 years ago
Anoop Saldanha	45ea0d914e	dce stub content keywords support using dcepayload.c support for all dce related content keywords	15 years ago
Victor Julien	83b2c8abdb	Improve stateful uri detection code.	15 years ago
Victor Julien	9dd753b5f3	Scan uricontent mpm on demand.	15 years ago
Victor Julien	e8fce5f7fa	Convert uricontent scanning to use the detect engine state.	15 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	15 years ago
William Metcalf	cc76aa4bc6	properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks	15 years ago
Victor Julien	a24f288074	Moving the stream content scanning to have it's own mpm ctx.	15 years ago
Victor Julien	9a08d6c11c	Fixes to stream pattern matching.	15 years ago
Victor Julien	a0c1209a44	Inspect the reassembled stream together with the packet payload in the same direction.	15 years ago
Victor Julien	81f2499834	Store stream msgs processed by the app layer in the tcp session so they can be inspected by the detection module as well. The detection module returns them to the pool.	15 years ago
Victor Julien	c26434fef1	Move flow use cnt to atomic and outside of the flow mutex protection.	15 years ago
Victor Julien	2fd31a1a11	Remove dsize grouping from detection engine grouping reducing memory usage. Store sgh in flow to reduce lookups. Reduce locking in alert handling. Increase default grouping values as we use less memory.	15 years ago
Victor Julien	dff6795df5	Detect cleanups.	15 years ago
Gerardo Iglesias Galvan	55dfa36963	Add support for http_uri keyword	15 years ago
Jason Ish	ea4b7cc33b	add profiling to stateful detection engine + other fixups.	15 years ago
Victor Julien	4e7df60b2f	Make pcap file mode read multiple packets per 'read'. Update threading model to deal with this.	15 years ago
Pablo Rincon	3fa3229e01	ASN1 decoder and keyword implementation	15 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	15 years ago
Jason Ish	18e5ac8cde	Basic rule profiling even though the results may be skewed by a bad rule in a grouping of rules.	15 years ago
Victor Julien	42eeb84c9a	Properly lock flow before setting IP only action flags. Small alert api cleanups.	15 years ago
Pablo Rincon	9bae6a8628	Moving alert logic to detect-engine-alert.c	15 years ago
Gerardo Iglesias Galvan	9f4fae5b1a	Fix inconsistent use of dynamic memory allocation	15 years ago
William Metcalf	8d66323f62	clang fixes for null derefrences	15 years ago
Victor Julien	e27cefa6f7	Complete conversion of pattern id mpm storage vs sig id storage.	15 years ago
Victor Julien	46831e0f8f	Fix signature grouping bug for protocols without ports. Add debugging code.	15 years ago
Victor Julien	7a427ec7f4	Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach.	15 years ago
Pablo Rincon	46187bfe73	Fix action logic after last pass changes	15 years ago
Gurvinder Singh	3721037de5	unittests for bug 134&139 and some typo correction	15 years ago
Victor Julien	a372c1d14e	Fix/workaround a strange detection issue.	15 years ago
Victor Julien	ce90e87304	Fix failing thresholding unittests	15 years ago
Pablo Rincon	e18e2ec998	Changing threshold logic	15 years ago
Pablo Rincon	8bcdf29ab7	Small fix on pass action handling and added more unittests	15 years ago
Pablo Rincon	1238668961	Adding actions order and suport for rule action "pass"	15 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	15 years ago
Victor Julien	070ed778b8	Libcap-ng support by Gurvinder Singh and myself. Basic support for per thread caps is added, but not activated as it doesn't seem to work yet. Work around for incompatibility between libnet 1.1 and libcap-ng added.	15 years ago
Pablo Rincon	ab02ab9ead	adding http_header keyword support	15 years ago
Pablo Rincon	224a33f19e	Moving inline functions to the .h files, so gcc can inline them correctly	15 years ago

1 2 3 4 5 ...

277 Commits (eedafa3a17a7a56a3221ad44ff54ff139aded3c2)