suricata

Commit Graph

Author	SHA1	Message	Date
Anoop Saldanha	c9af50ea0c	code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	bbb9f35f26	code cleanup - replace SigMatchGetLastSM with SigMatchGetLastSMFromLists	14 years ago
Anoop Saldanha	9a6aef459e	modify all relevant app layer API calls to accomodate passing parser local storage argument	14 years ago
Victor Julien	06904c9024	App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.	14 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Eric Leblond	1db4aadd16	Supress usage of Packet declaration in tests. For convenience, a massive usage of 'Packet p;' declaration has been done in the tests function. Although this was completely legal, this is not possible anymore because of the new Packet allocation structure. This massive patch modifies all suricata files to use a SCMalloc allocated pointer to Packet instead. This patch has been done using coccinelle (http://coccinelle.lip6.fr) which is a semantic patching tool. This ensures that things like call to SCFree() should have not been forget because the semantic patch explicitly forces the call to SCFree(p) before each return. With this patch all unittests are running fine with a small and a big default packet size.	15 years ago
Anoop Saldanha	a7353be20d	replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH]	15 years ago
Anoop Saldanha	e54358a9e1	replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]	15 years ago
Victor Julien	fc248ca7a1	Many small performance updates.	15 years ago
Victor Julien	d1ce1c502b	Fix -Wall -Werror compilation after unittests update.	16 years ago
Victor Julien	1071a53210	Fix unittests after ip_proto keyword change.	16 years ago
William Metcalf	0e4235cc94	FLOW_DESTROY added to clean-up UT's that init flow	16 years ago
Victor Julien	2f29b8a724	Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166 .	16 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	16 years ago
William Metcalf	cc76aa4bc6	properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks	16 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	16 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	16 years ago
Gurvinder Singh	69a4fee757	fixed the API and logic error reported by clang tool	16 years ago
Victor Julien	c1a19bcd6b	Fix compilation of new detect-filter code, fix ip-only compatibility of detect-filter code.	16 years ago
Victor Julien	297001c6d9	Only process a app layer sig if it has the proper state. Make sure a sig can't have conflicting sigmatches, such as ftpbouce and uricontent.	16 years ago
Victor Julien	dd846c9b0e	Remove all search code from the pattern matchers, cleanup mpm api, remove unused http code, more cleanups.	16 years ago
Victor Julien	f298fec872	Make sure nocase applies to the last pattern, content or uricontent.	16 years ago
Victor Julien	8b30226914	Detection keyword cleanup	16 years ago
Victor Julien	b259e362cd	Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now.	16 years ago
Pablo Rincon	25a3a5c6d8	Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.	16 years ago
Victor Julien	6a53ab9c5a	Stream engine memory handling update The stream engine memory handling needed updating as it didn't scale. Changes: - pools can now be initialized to size 0, meaning unlimited - stream engine uses a memcap setting. Sessions, segments and aldata is part of this, app layer state isn't. - memory is accounted using a global int that is spinlocked. - a counter for sessions that have not been picked up because of memcap was added. - all reassembly errors are converted to debug msgs.	16 years ago
Victor Julien	c352bff6fb	Remove unused conditional locking code from the app layer parsing code.	16 years ago
Victor Julien	4824868766	Application layer detection improvements - improve locking of application layer handling, making sure that the flow cannot be freed/cleared when the detection engine is still working with it. - add a check to the app layer detection to make sure that a match function will only inspect an app layer state if it's of the right type.	16 years ago
Pablo Rincon	f2f9b83280	Adding FTP app layer parser and ftpbounce detection at L7	16 years ago

29 Commits (4030840212382fb31bc61c1a632d556c520e9c54)