suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	14896365ef	detect: remove Threadvars argument from API calls Remove it as it's (almost) never used. If it is really needed it can be accessed through DetectEngineThreadCtx::tv as well.	6 years ago
Victor Julien	6bf35a42f1	detect/mark: use postmatch instead of tag list Keep the tag list for just tags. Post match list is better so the keyword also works with pass and noalert rules.	6 years ago
Victor Julien	4dbf600d64	detect/mark: minor code cleanups	6 years ago
Victor Julien	ab1200fbd7	compiler: more strict compiler warnings Set flags by default: -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wcast-align -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char Fix minor compiler warnings for these new flags on gcc and clang.	8 years ago
Victor Julien	bfd4bc8233	detect: constify Signature/SigMatch use at runtime	9 years ago
Victor Julien	7021959689	nfq: suppress CID 1374302 and 1374303	9 years ago
Victor Julien	629fa30345	nfq_set_mask: set mark on root pkt for tunnels	9 years ago
Victor Julien	e67ae0f174	detect keywords: use parse regex util func	9 years ago
Jason Ish	796dd5223b	tests: no longer necessary to provide successful return code 1 pass, 0 is fail.	9 years ago
Jason Ish	52983bf314	tests: convert all test to return 0 on failure, 1 on success	9 years ago
Ken Steele	923a77e952	Change Match() function to take const SigMatchCtx* The Match functions don't need a pointer to the SigMatch object, just the context pointer contained inside, so pass the Context to the Match function rather than the SigMatch object. This allows for further optimization. Change SigMatch->ctx to have type SigMatchCtx* rather than void* for better type checking. This requires adding type casts when using or assigning it. The SigMatch contex should not be changed by the Match() funciton, so pass it as a const SigMatchCtx*.	11 years ago
Ken Steele	8f1d75039a	Enforce function coding standard Functions should be defined as: int foo(void) { } Rather than: int food(void) { } All functions where changed by a script to match this standard.	11 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Anoop Saldanha	ff38d42bf1	code cleanup - replace SigMatchAppendTag with SigMatchAppendSMToList	14 years ago
Victor Julien	c865ee2217	Fix compilation for nfq_set_mark code when NFQ is not enabled.	15 years ago
Eric Leblond	9beebf621a	Add support for 'nfq_set_mark' keyword This patch introduces 'nfq_set_mark' which is new rules option. If a packet matches a rule using nfq_set_mark in NFQ mode, it is marked with the mark/mask specified in the option during the verdict. It is thus possible to trigger different behaviour on the packet inside Linux/Netfilter.	15 years ago

16 Commits (07df1ce6afffb35c0acd25b3b787ce04643306b1)