Commit Graph

161 Commits (43ba5a677e028ef211d1edf159bed37505cb2de4)

Author SHA1 Message Date
Victor Julien 43ba5a677e DNS: enable mpm/fast_pattern support for dns_query 12 years ago
Anoop Saldanha 602c91ed41 Minor cosmetic changes to the cuda code.
Moved a couple of functions to more cuda relevant files;
Re-structured some data types.
12 years ago
Anoop Saldanha 17c763f855 Version 1 of AC Cuda. 12 years ago
Anoop Saldanha b787da5643 Remove all cuda related code in the engine except for the cuda api wrappers 12 years ago
Victor Julien ce99a07582 After some discussion we decided that var declarations inside a for statement are not in line with our coding style. So removing a bunch. Decision was not unanimous ^^. 13 years ago
Anoop Saldanha a3212f6a0f Minor fixes against the last set of patches for #564, 565, 581 + fp automation.
Rename struct DetectFigureFPAndId_t_ to DetectFPAndItsId_ and move it's
definition from inside the function where it's used to the global namespace,
as requested on #suricata.

Rename DetectEngineContentModifiedBufferSetup to DetectEngineContentModifierBufferSetup.

Also rename DetectFigureFPAndId() to DetectSetFastPatternAndItsId().

Updated DetectSetFastPatternAndItsId() to not exit on failure and return error.
13 years ago
Anoop Saldanha 6de8b1ed53 fix for #564.
Get rid of the hash table, and use a single-one_time_alloc'ed array for
pattern id assignment.
13 years ago
Anoop Saldanha 4c6efa2d40 Update content id assignment.
All fp id assignment now happens in one go.
Also noticing a slight perf increase, probably emanating from improved cache
perf.
Removed irrelevant unittests as well.
13 years ago
Anoop Saldanha 60be1751d5 Figure out sig fp during validation stage, instead of staging stage. 13 years ago
Anoop Saldanha 601836d831 Fast pattern setup now configurable in our code.
You can either enable/disable fp for a particular type + set priority.
13 years ago
Anoop Saldanha 0b5d277254 code cleanup for all content based keywords. 13 years ago
Anoop Saldanha 3511f91bba Add support for the new keyword - http_raw_host header.
The corresponding pcre modifier would be 'Z'.
13 years ago
Anoop Saldanha c4ce19a1be Add support for a new keyword to inspect http_host header.
The corresponding content keyword would now be - http_host.
The corresponding pcre modifier would be W.
13 years ago
Anoop Saldanha 7a7cd6999e feature #558.
Print FP info in rule analysis + other cleanup.
13 years ago
Anoop Saldanha bca1b7c52a change default mpm to ac. Also default sgh-mpm-context is full. 13 years ago
Victor Julien 75cddabd8a fast_pattern: don't consider http_method, http_stat_code and http_stat_msg when automatically giving preference to a HTTP pattern over a stream pattern. 13 years ago
Anoop Saldanha 51c9955c79 fix for bug #577.
If a pattern has matched on mpm, don't re-inspect it later, subject to certain
conditions met by the pattern - namely, not negated, right chop, no replacet
attached to it.
13 years ago
Eric Leblond e176be6fcc Use unlikely for error treatment.
When handling error case on SCMallog, SCCalloc or SCStrdup
we are in an unlikely case. This patch adds the unlikely()
expression to indicate this to gcc.

This patch has been obtained via coccinelle. The transformation
is the following:

@istested@
identifier x;
statement S1;
identifier func =~ "(SCMalloc|SCStrdup|SCCalloc)";
@@

x = func(...)
... when != x
- if (x == NULL) S1
+ if (unlikely(x == NULL)) S1
13 years ago
Anoop Saldanha 21f92c0a89 Give priority to non stream content over stream content when selecting fast
pattern.
13 years ago
Anoop Saldanha 64fad5b36e Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig.
Noticing a good spike in perf with et_pro ruleset.

Thanks to Will Metcalf for the suggestion.
13 years ago
Anoop Saldanha 0eaf0b0129 mpm engine and ac mem free fixes 13 years ago
Anoop Saldanha f4ce9011d2 make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API 13 years ago
Anoop Saldanha fc15cc7de1 some more mpm engine cleanup 13 years ago
Anoop Saldanha f9612f3b83 mpm engine cleanup. Remove unnecessary flags 13 years ago
Anoop Saldanha 0d602d9cde we now support offset, depth inspection against all packet payloads and stream messages 13 years ago
Anoop Saldanha db8500bb26 fast pattern cleanup - Remove FastPatternSupportEnabledForSigMatchList() and all it's associated structures 13 years ago
Anoop Saldanha 988c92f71c http user agent keyword + mpm + inspection + fast pattern support added 13 years ago
Anoop Saldanha 2995867328 b2g cuda up, compiling and running 14 years ago
Victor Julien 28d88746e4 Fix compiler warning and silence complaining unittests. 14 years ago
Victor Julien 8e48a2edfd Fix NULL dereference in PacketPatternSearchWithStreamCtx code. 14 years ago
Anoop Saldanha 4810ee9c5f All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns 14 years ago
Anoop Saldanha dcb2afb02f Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type 14 years ago
Anoop Saldanha 83d9439877 DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent 14 years ago
Anoop Saldanha 0677190960 rebase commit for hscd and hsmd patches 14 years ago
Anoop Saldanha 09313cf9bd Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S 14 years ago
Anoop Saldanha 2007c2711c Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword 14 years ago
Anoop Saldanha 9a665e035b code cleanup over last 2 commits 14 years ago
Anoop Saldanha 55c4e419fd if a signature is non-tcp, it's always a packet sig 14 years ago
Anoop Saldanha 419cdc8558 support splitting mpm ctxs based on direction v2 14 years ago
Anoop Saldanha 42bc22cfa5 indendation fix 14 years ago
Anoop Saldanha ecc7a769a7 reclaim mpm contexts if no patterns are added to it, even in non-full mode 14 years ago
Anoop Saldanha 1389cf6913 update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda 14 years ago
Anoop Saldanha 92643f6110 introduce separate mpm ctxs for tcp/udp/other_protos 14 years ago
Anoop Saldanha a5dec3cb2e refactor all http mpm engine code 14 years ago
Anoop Saldanha 34cf557abf fix indentation 14 years ago
Anoop Saldanha 5b91cec4ae remove unnecessary if/else checks 14 years ago
Victor Julien dd9da1a56f Merge all http mpm related signature flags into a single set: SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_HTTP_NEG. 14 years ago
Victor Julien d5ed28b065 Remove SIG_FLAG_MPM flag. 14 years ago
Victor Julien fe48920514 Remove per sgh mpm_streamcontent_maxlen variable. It was checked but never set. 14 years ago
Victor Julien 291ddd95f2 Detection engine -- mpm
Each signature is in one mpm ctx at max, but there were 3 separate
id's in use: packet, stream, http. Merged them all into one.

Could shrink the SignatureHeader structure with 8 bytes because of this,
should lead to better caching performance.
14 years ago