Anoop Saldanha
|
1cd8bd3d3c
|
make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c
|
14 years ago |
Anoop Saldanha
|
6df051321f
|
fix fp when content is negated and also added to mpm
|
14 years ago |
Anoop Saldanha
|
5c6a65dc58
|
support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch]
|
14 years ago |
Victor Julien
|
234656e5f6
|
Fix compilation in --enable-debug mode.
|
14 years ago |
Anoop Saldanha
|
eade60f0fd
|
make some name changes. break PopulateMpm(). Set the avoid mpm double check flags
|
14 years ago |
Anoop Saldanha
|
96bf15bd74
|
unifying content structure - http_stat_msg now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
4c53a9d606
|
unifying content structure - http_header now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
1957eee389
|
unifying content structure - http_method now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
041f5b1a4f
|
unifying content structure - http_cookie now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
f05b0f4e1e
|
unifying content structure - http_client_body now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
4883efd0f6
|
unifying content structure - uricontent now uses DetectContentData
|
14 years ago |
Anoop Saldanha
|
3b0a9ca97e
|
add support for http_uri; content fast_patterns
|
14 years ago |
Anoop Saldanha
|
3c73854d2d
|
completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx
|
14 years ago |
Anoop Saldanha
|
fde2c64ea7
|
fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format
|
14 years ago |
Anoop Saldanha
|
a6899218fc
|
remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm()
|
14 years ago |
Anoop Saldanha
|
6eaba8941c
|
Use new flags to indicate uricontent has a mpm set
|
14 years ago |
Anoop Saldanha
|
46b4806d8e
|
use a single populatempm() function to add the right content for mpm
|
14 years ago |
Anoop Saldanha
|
4a038511ff
|
Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes
|
14 years ago |
Anoop Saldanha
|
ede7be34b5
|
replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH]
|
14 years ago |
Anoop Saldanha
|
3d2f81d978
|
replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH]
|
14 years ago |
Anoop Saldanha
|
a7353be20d
|
replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH]
|
14 years ago |
Anoop Saldanha
|
e0476242c6
|
replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH]
|
14 years ago |
Anoop Saldanha
|
e54358a9e1
|
replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]
|
14 years ago |
Anoop Saldanha
|
82fd581b64
|
replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH]
|
14 years ago |
Anoop Saldanha
|
3656879aa0
|
fix some dce opnum/stub tests that would have shown success always irrespective of test results
|
14 years ago |
Anoop Saldanha
|
4b77f132df
|
add support for sigs with uricontent fast_pattern
|
14 years ago |
Anoop Saldanha
|
ea8eaf31aa
|
Fix fast_pattern tests that always showed success, irrespective of test results
|
14 years ago |
Victor Julien
|
966c7349d3
|
Make sure we have a response message before inspecting it in http_stat_msg.
|
14 years ago |
Victor Julien
|
07ec1ee10e
|
Slightly cleanup detect-engine.sgh-mpm-context option parsing.
|
14 years ago |
Anoop Saldanha
|
c89507836b
|
if sgh-mpm-context is not available in conf, alias the auto case inside the engine
|
14 years ago |
Victor Julien
|
bac621760e
|
Fix a potential invalid memory read in the protocol name code used by alert-fastlog.
|
14 years ago |
Gurvinder Singh
|
f92ba23331
|
add the support for >= and <= operator for byte_test
|
14 years ago |
Victor Julien
|
412498f4e4
|
Converts port vars in http logger from uint32_t to Port and update output.
|
14 years ago |
Gurvinder Singh
|
b7ff6537d2
|
fixed the incorrect port issue in http.log
|
14 years ago |
Victor Julien
|
275bd3b7d7
|
Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests.
|
14 years ago |
Victor Julien
|
dec4218d62
|
Layout updates to NFQ runmode.
|
14 years ago |
Victor Julien
|
7e49aa7f76
|
Simplify NFQ runmode reducing the number of threads and thus queues.
|
14 years ago |
Victor Julien
|
7e6f01765f
|
Change default of detect-engine.sgh-mpm-context to auto.
|
14 years ago |
Victor Julien
|
001f91056e
|
Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242.
|
14 years ago |
Victor Julien
|
4598274d07
|
Fix depth error messages referring to distance instead of depth, fix their layout.
|
14 years ago |
Victor Julien
|
afdb39e5f6
|
Print an error if the protocol field of a signature contains a unknown/invalid value.
|
14 years ago |
Victor Julien
|
8d0bc27fc4
|
Fix a case where alerting in inline mode would lead dropping on alert sigs.
|
14 years ago |
Victor Julien
|
5a10eac5bd
|
Cleanup http_stat_code unittests, shrink data structure.
|
14 years ago |
Victor Julien
|
1636152e32
|
Fix negated http_method not working properly, causing false positives.
|
14 years ago |
Gurvinder Singh
|
b7da115e6d
|
support for http_stat_code keyword has been added to detection module
|
14 years ago |
Gurvinder Singh
|
1deae70cf7
|
added http_stat_msg keyword support for detection module
|
14 years ago |
Jason Ish
|
a4d19e4130
|
Add new profiling sort option, maxticks.
|
14 years ago |
Anoop Saldanha
|
59923316bc
|
change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval
|
14 years ago |
Anoop Saldanha
|
5d9a453e0d
|
find an optimal value for detect-engine:inspection-recursion_limit + unittest
|
14 years ago |
Anoop Saldanha
|
bc99328ec8
|
define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code
|
14 years ago |