Commit Graph

20 Commits (4ae7144876e7535fbecf039db37a21b0e5c8a60c)

Author SHA1 Message Date
Anoop Saldanha 2b781f00d7 support relative pcre for client body. All pcre processing for client body moved to hcbd engine 15 years ago
Anoop Saldanha ce8d27425d fix signature parsing to how snort does it for content based keywords along with dce_stub_data 15 years ago
Anoop Saldanha 9ecade76b9 in case of duplicate signatures used the one with the latest revision 15 years ago
Pablo Rincon eed0ef6e69 Adding tag keyword support 15 years ago
Anoop Saldanha 45ea0d914e dce stub content keywords support using dcepayload.c support for all dce related content keywords 15 years ago
Victor Julien 0a607fce3d Finish http_uri keyword, fix invalid read issue in one of the tests. 15 years ago
Victor Julien 70b32f7380 First stab at creating a stateful detection engine.
Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications:

- Generalize transaction tracking, logging and inspection.
- Adapt http and dcerpc to use the new transaction handling.
- Stream engine now always notifies app layer of a stream eof.

This commit fixes bug #124.
15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Pablo Rincon c7350a8ac6 Fixing some naming convention issues and incorrect error messages 16 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 16 years ago
Victor Julien f298fec872 Make sure nocase applies to the last pattern, content or uricontent. 16 years ago
Victor Julien b259e362cd Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now. 16 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago
Brian Rectanus c22d42693a Added http_method rule keyword. 16 years ago
Gurvinder Singh a0f184866c http_cookie keywork support 16 years ago
Pablo Rincon 6206ffb530 Adding bidirectional operator support and unittests 16 years ago
Anoop Saldanha bb5bd91045 Support to get the last sigmatch of a particular type. To be used for content and its modifiers 16 years ago
Victor Julien 5df5b35e90 Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups. 16 years ago
Victor Julien dc224cb2d2 Large update containing the first step to making the detection engine use rule groups. Address based rule groups are now implemented. 16 years ago
Victor Julien d036264f80 Cleanup signature parsing and other detect.c parts. 16 years ago