suricata

Commit Graph

Author	SHA1	Message	Date
Shivani Bhardwaj	2b73a17bb0	detect: rename whitelist to score The term "whitelist" is actually used to store a list of DetectPort type items for tcp and udp in detect.h. Using the same term for also keeping the score that affects the grouping of rules is confusing. So, rename the variable to "score".	2 years ago
Shivani Bhardwaj	1f78a4fcd8	detect-engine: use only the exact match fn DetectFlagsSignatureNeedsSynPackets checks if TCP SYN flag is set among other flags. DetectFlagsSignatureNeedsSynOnlyPackets checks if only TCP SYN flag is set and no other flag. Since DetectFlagsSignatureNeedsSynOnlyPackets also already checks for TCP SYN flag, it does not need to be used in combination with DetectFlagsSignatureNeedsSynPackets as this fn seems to be the superset of the former.	2 years ago
Victor Julien	d3ccff5822	detect/asn1: handle in PMATCH Since the asn1 keyword is processing payload data, move the handling of the keyword into the PMATCH with content inspection. Use u32 as buffer length in the Rust FFI	2 years ago
Victor Julien	13cc493885	flow/timeout: clean up flow finish code	2 years ago
Victor Julien	ea4503c3e3	flow/timeout: use single packet for timeout handling In the FlowFinish logic, one or two pseudo packets are used to finish flow handling. In the case of 2 (one per direction), the logic first set up the 2 packets, then it would process them one by one. This lead to poor cache locality. This patch processes the first packet entirely first, followed by the second packet.	2 years ago
Victor Julien	2a4fd85d1d	flow/timeout: use const TcpSession; cleanup prototypes	2 years ago
Victor Julien	9639da32b7	detect/content-inspect: minor code cleanups	2 years ago
Victor Julien	a3ac3e69d6	detect/replace: minor code cleanup	2 years ago
Victor Julien	3d7e0927bf	detect/content: minor code/comment cleanups	2 years ago
Victor Julien	8ba7f23c9b	detect/content: use const pointer where possible	2 years ago
Victor Julien	643f25280b	detect/app-layer-events: constify arguments; minor cleanups	2 years ago
Victor Julien	15b545d16f	detect: improve explanation of offset tracking	2 years ago
Victor Julien	65560ad8ca	detect/content: test cleanup	2 years ago
Victor Julien	83c4de4cee	detect/bytejump: fix debug messages Remove newlines.	2 years ago
Victor Julien	474a89e098	detect/file.data: modernize test	2 years ago
Victor Julien	fa450c0531	detect: modernize unittest	2 years ago
Victor Julien	6cf0e4d604	detect/content-inspect: keyword context as const	2 years ago
Victor Julien	b69f4cb5cf	detect/pcre: match data is const at match time	2 years ago
Victor Julien	529e02686b	detect/http.uri: modernize unittest	2 years ago
Victor Julien	23d15259f5	util/print: minor code cleanups	2 years ago
Victor Julien	132fe57ac6	rust: add copyright header to common.rs	2 years ago
Victor Julien	99c616389e	util/prefilter: constify sids	2 years ago
Victor Julien	3b3b0ed30a	mpm: free sids in MpmFreePattern as well	2 years ago
Victor Julien	14c452e4c6	mpm: cleanup pattern free function Avoid redundant pointer checks; instead check once.	2 years ago
Victor Julien	0b21b543a2	mpm/ac-bs: add warning if still used Fall back to default matcher. Ticket #6586.	2 years ago
Victor Julien	2be36c0f0c	mpm: document Search callback return value	2 years ago
Victor Julien	74ef5fc3d1	mpm/ac-ks: return only unique match count Bring implementation in line with Hyperscan, which only counts unique matches. Update test to reflect the new behavior.	2 years ago
Victor Julien	83630ebb9c	mpm/ac: return only unique match count Bring implementation in line with Hyperscan, which only counts unique matches. Update test to reflect the new behavior.	2 years ago
Victor Julien	6a73b3c90b	mpm: remove ac-bs implementation Ticket: #6586.	2 years ago
Victor Julien	ee7c140028	detect: minor cleanup MPM_HS does not need a guard.	2 years ago
Jason Ish	cc0adaaf4a	userguide: remove old css files In our conf.py we reference some ReadTheDocs stylesheets that appear to be old and break formatting of some items like bulletted lists. Bug: #6589	2 years ago
Victor Julien	7f42506760	detect: reimplement discontinue matching logic Previously various steps in the content inspection logic would use a variable in the DetectEngineThreadCtx to flag that matching should be discontinued. This patch reimplements this logic by using a new return code instead. Split content inspection into public and private version, so that common initialization can be done in a single place. Update the callsites.	2 years ago
Victor Julien	368adf4599	detect/file-data: simplify content inspect loop	2 years ago
Victor Julien	ee66a7246f	detect-engine: minor content inspection cleanup	2 years ago
Victor Julien	4ccc8293b1	packet: minor macro cleanups	2 years ago
Victor Julien	9ae2cd0c59	packet: access packet data through flex array	2 years ago
Victor Julien	bc7508e4df	log-pcap: constify PcapWrite args General cleanup, but also needed for packet changes.	2 years ago
Victor Julien	f10233fecf	device/storage: use flex array instead of calculated ptr	2 years ago
Victor Julien	11d73e284c	ippair/storage: use flex array instead of calculated ptr	2 years ago
Victor Julien	3d3a62dfe6	host/storage: use flex array for host storage	2 years ago
Victor Julien	d405efd3f6	flow/storage: use flex array instead of calculated ptr	2 years ago
Victor Julien	c1b920d056	storage: use proper type instead of void ptr	2 years ago
Victor Julien	69f61c0028	storage: remove unused code Only used in a unittest; removed that as well.	2 years ago
Philippe Antoine	9c3ab36afc	source: fix resource leak CID: 1426081	2 years ago
Philippe Antoine	5954a91457	detect/filestore: fix memory leak on sig parsing Ticket: 6574 Introduced by commit `c272a646c5`	2 years ago
Victor Julien	d005fff7b9	stats: improve sync signalling Make syncs more reliable by using a atomic "sync now" variable and signalling the conditions under lock. Ticket: #6569.	2 years ago
Victor Julien	74bc27ecd5	stats: turn sync macros into functions	2 years ago
Victor Julien	3107a4953d	flow: fix condition signalling Signal threads while holding lock. This should make the signalling more reliable. From PTHREAD_COND(3): "Unlocking the mutex and suspending on the condition variable is done atomically. Thus, if all threads always acquire the mutex before signaling the condition, this guarantees that the condition cannot be signaled (and thus ignored) between the time a thread locks the mutex and the time it waits on the condition variable." Ticket: #6569.	2 years ago
Victor Julien	487b78fb3d	ippair: fix minor coverity warning CID 1554232: Data race undermines locking (LOCK_EVASION) Ticket #6565.	2 years ago
Victor Julien	1f7e61ef61	host: fix minor coverity warning CID 1554240: Data race undermines locking (LOCK_EVASION)	2 years ago

1 2 3 4 5 ...

15178 Commits (2b73a17bb04b04f5166a7a9cb4947ff1ea5592c5) All Branches Search

15178 Commits (2b73a17bb04b04f5166a7a9cb4947ff1ea5592c5)

All Branches