suricata

Commit Graph

Author	SHA1	Message	Date
Shivani Bhardwaj	623229728d	signature: rename num to iid to signify that it refers to the internal ID of the signature and distinguish it from the "id" param that signifies the "sid" specified in a rule.	3 months ago
Philippe Antoine	41fcf3b356	detect: fix some -Wshorten-64-to-32 warnings Ticket: #6186	3 months ago
Victor Julien	f60e1efc8a	detect: start of pkt hooks New facility to allow a user to specify where to hook a rule into the engine. This patch adds this for packets, adding two hooks: - `all`: to let a rule be evaluated by all rules - `flow_start`: to have a rule be evaluated only for the first packet in both directions Implemented by adding a hook flags field in the packet.	4 months ago
Victor Julien	956c8bebd1	detect/prefilter: use sig mask to exclude pkt engines Add an argument to the packet prefilter registration function to include `SignatureMask` flags. This will be used at runtime to only call these prefilter engines when the mask check passes.	1 year ago
Victor Julien	86681c9d7c	detect: move init only array to init data	4 years ago
Jeff Lucovsky	1eeb96696b	general: Cleanup bool usage	4 years ago
Victor Julien	7d6835958b	detect/prefilter: fix null ptr deref on invalid rule A bad rule 'icode:<0; prefilter;' would trigger a null ptr deref in ApplyToU8Hash. Bug #4375.	4 years ago
Philippe Antoine	2d765d6c68	detect: fix overflows in SetupU8Hash For instance ">255" resulted in overflow	4 years ago
Philippe Antoine	bb7abbd6ec	detect: extend PrefilterPacketHeaderValue to 16 bytes	5 years ago
Jeff Lucovsky	be4c6b85de	general: Convert _Bool to bool This commit addresses task 3167 and changes usages of '_Bool` to `bool`. The latter is included from `suricata-common.h`	6 years ago
Victor Julien	91296d1eec	detect/prefilter: add de_ctx to registration	8 years ago
Victor Julien	f370e88135	detect: move init only Signature members to init_data	9 years ago
Victor Julien	e2eb9f8ede	prefilter: add 'extra match' logic to packet engines Many of the packet engines are very generic. Rules are generally more limited. A rule like 'alert tcp any any -> any 888 (flags:S; sid:1;)' would still be inspected against every SYN packet in most cases (it depends a bit on rule grouping though). This extra match logic adds an additional check to these packet engines. It can add a check based on alproto, source port and dest port. It uses only one of these 3. Priority order is src port > alproto > dst port. For the ports only 'single' ports are used at this time.	9 years ago
Victor Julien	8798bf48b2	profiling: support prefilter engines	9 years ago
Victor Julien	ea26ee906f	prefilter: intro common engine for u8 matches	9 years ago
Victor Julien	99b9896bd7	prefilter: common funcs for packet header prefilters	9 years ago

16 Commits (10150e95ad0c6aa9e5af6f39f709e87b3b3b0ba9)