Victor Julien
43ba5a677e
DNS: enable mpm/fast_pattern support for dns_query
12 years ago
Anoop Saldanha
602c91ed41
Minor cosmetic changes to the cuda code.
...
Moved a couple of functions to more cuda relevant files;
Re-structured some data types.
12 years ago
Anoop Saldanha
17c763f855
Version 1 of AC Cuda.
12 years ago
Anoop Saldanha
b787da5643
Remove all cuda related code in the engine except for the cuda api wrappers
12 years ago
Victor Julien
ce99a07582
After some discussion we decided that var declarations inside a for statement are not in line with our coding style. So removing a bunch. Decision was not unanimous ^^.
13 years ago
Anoop Saldanha
a3212f6a0f
Minor fixes against the last set of patches for #564 , 565, 581 + fp automation.
...
Rename struct DetectFigureFPAndId_t_ to DetectFPAndItsId_ and move it's
definition from inside the function where it's used to the global namespace,
as requested on #suricata.
Rename DetectEngineContentModifiedBufferSetup to DetectEngineContentModifierBufferSetup.
Also rename DetectFigureFPAndId() to DetectSetFastPatternAndItsId().
Updated DetectSetFastPatternAndItsId() to not exit on failure and return error.
13 years ago
Anoop Saldanha
6de8b1ed53
fix for #564 .
...
Get rid of the hash table, and use a single-one_time_alloc'ed array for
pattern id assignment.
13 years ago
Anoop Saldanha
4c6efa2d40
Update content id assignment.
...
All fp id assignment now happens in one go.
Also noticing a slight perf increase, probably emanating from improved cache
perf.
Removed irrelevant unittests as well.
13 years ago
Anoop Saldanha
60be1751d5
Figure out sig fp during validation stage, instead of staging stage.
13 years ago
Anoop Saldanha
601836d831
Fast pattern setup now configurable in our code.
...
You can either enable/disable fp for a particular type + set priority.
13 years ago
Anoop Saldanha
0b5d277254
code cleanup for all content based keywords.
13 years ago
Anoop Saldanha
3511f91bba
Add support for the new keyword - http_raw_host header.
...
The corresponding pcre modifier would be 'Z'.
13 years ago
Anoop Saldanha
c4ce19a1be
Add support for a new keyword to inspect http_host header.
...
The corresponding content keyword would now be - http_host.
The corresponding pcre modifier would be W.
13 years ago
Anoop Saldanha
7a7cd6999e
feature #558 .
...
Print FP info in rule analysis + other cleanup.
13 years ago
Anoop Saldanha
bca1b7c52a
change default mpm to ac. Also default sgh-mpm-context is full.
13 years ago
Victor Julien
75cddabd8a
fast_pattern: don't consider http_method, http_stat_code and http_stat_msg when automatically giving preference to a HTTP pattern over a stream pattern.
13 years ago
Anoop Saldanha
51c9955c79
fix for bug #577 .
...
If a pattern has matched on mpm, don't re-inspect it later, subject to certain
conditions met by the pattern - namely, not negated, right chop, no replacet
attached to it.
13 years ago
Eric Leblond
e176be6fcc
Use unlikely for error treatment.
...
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.
This patch has been obtained via coccinelle. The transformation
is the following:
@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@
x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
13 years ago
Anoop Saldanha
21f92c0a89
Give priority to non stream content over stream content when selecting fast
...
pattern.
13 years ago
Anoop Saldanha
64fad5b36e
Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig.
...
Noticing a good spike in perf with et_pro ruleset.
Thanks to Will Metcalf for the suggestion.
13 years ago
Anoop Saldanha
0eaf0b0129
mpm engine and ac mem free fixes
13 years ago
Anoop Saldanha
f4ce9011d2
make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API
13 years ago
Anoop Saldanha
fc15cc7de1
some more mpm engine cleanup
13 years ago
Anoop Saldanha
f9612f3b83
mpm engine cleanup. Remove unnecessary flags
13 years ago
Anoop Saldanha
0d602d9cde
we now support offset, depth inspection against all packet payloads and stream messages
13 years ago
Anoop Saldanha
db8500bb26
fast pattern cleanup - Remove FastPatternSupportEnabledForSigMatchList() and all it's associated structures
13 years ago
Anoop Saldanha
988c92f71c
http user agent keyword + mpm + inspection + fast pattern support added
13 years ago
Anoop Saldanha
2995867328
b2g cuda up, compiling and running
14 years ago
Victor Julien
28d88746e4
Fix compiler warning and silence complaining unittests.
14 years ago
Victor Julien
8e48a2edfd
Fix NULL dereference in PacketPatternSearchWithStreamCtx code.
14 years ago
Anoop Saldanha
4810ee9c5f
All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns
14 years ago
Anoop Saldanha
dcb2afb02f
Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type
14 years ago
Anoop Saldanha
83d9439877
DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent
14 years ago
Anoop Saldanha
0677190960
rebase commit for hscd and hsmd patches
14 years ago
Anoop Saldanha
09313cf9bd
Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S
14 years ago
Anoop Saldanha
2007c2711c
Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword
14 years ago
Anoop Saldanha
9a665e035b
code cleanup over last 2 commits
14 years ago
Anoop Saldanha
55c4e419fd
if a signature is non-tcp, it's always a packet sig
14 years ago
Anoop Saldanha
419cdc8558
support splitting mpm ctxs based on direction v2
14 years ago
Anoop Saldanha
42bc22cfa5
indendation fix
14 years ago
Anoop Saldanha
ecc7a769a7
reclaim mpm contexts if no patterns are added to it, even in non-full mode
14 years ago
Anoop Saldanha
1389cf6913
update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda
14 years ago
Anoop Saldanha
92643f6110
introduce separate mpm ctxs for tcp/udp/other_protos
14 years ago
Anoop Saldanha
a5dec3cb2e
refactor all http mpm engine code
14 years ago
Anoop Saldanha
34cf557abf
fix indentation
14 years ago
Anoop Saldanha
5b91cec4ae
remove unnecessary if/else checks
14 years ago
Victor Julien
dd9da1a56f
Merge all http mpm related signature flags into a single set: SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_HTTP_NEG.
14 years ago
Victor Julien
d5ed28b065
Remove SIG_FLAG_MPM flag.
14 years ago
Victor Julien
fe48920514
Remove per sgh mpm_streamcontent_maxlen variable. It was checked but never set.
14 years ago
Victor Julien
291ddd95f2
Detection engine -- mpm
...
Each signature is in one mpm ctx at max, but there were 3 separate
id's in use: packet, stream, http. Merged them all into one.
Could shrink the SignatureHeader structure with 8 bytes because of this,
should lead to better caching performance.
14 years ago