Anoop Saldanha
0c5b82d891
provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern
15 years ago
Anoop Saldanha
e072841e93
hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones
15 years ago
Anoop Saldanha
29b5cb9abd
respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh
15 years ago
Anoop Saldanha
0ef684705c
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
15 years ago
Anoop Saldanha
658ff5753d
aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table
15 years ago
Victor Julien
5a7efe5f97
Add comment and layout update to new fast_pattern code.
15 years ago
Anoop Saldanha
a85fa6b792
support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis
15 years ago
Victor Julien
1859ed54c7
Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp.
15 years ago
Victor Julien
fc248ca7a1
Many small performance updates.
15 years ago
Victor Julien
87f88867f4
Further improve B2gc. Add B2gm. Improve memory layout.
15 years ago
Victor Julien
9dfbab42f8
WIP B2gc
15 years ago
Pablo Rincon
76af1b049b
Make malloc errors on initialization stage a fatal error, resulting on a exit() call
15 years ago
Victor Julien
7acb97da9d
Use same mpm prepare procedure for uricontent as for normal content. More cleanups.
15 years ago
Victor Julien
9ba11dbfbd
Clean up detection engine mpm initialization phase.
15 years ago
Victor Julien
0219b767b8
Fix a content pattern matching bug related to signature grouping and mpm_ctx sharing. In certain conditions (signature combinations) the mpm_stream_ctx (the ctx that handles stream pattern scanning) wasn't properly setup.
15 years ago
Anoop Saldanha
33f4beb0bc
batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms
15 years ago
Victor Julien
393acd77d2
Detection improvements: uricontent escaping now working, better negated pattern (content) handling.
15 years ago
Victor Julien
a3ff0e7210
Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185 .
15 years ago
Victor Julien
b8fec77f37
Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id.
15 years ago
Victor Julien
83b2c8abdb
Improve stateful uri detection code.
15 years ago
Victor Julien
9dd753b5f3
Scan uricontent mpm on demand.
15 years ago
Victor Julien
a24f288074
Moving the stream content scanning to have it's own mpm ctx.
15 years ago
Victor Julien
9a08d6c11c
Fixes to stream pattern matching.
15 years ago
Victor Julien
a0c1209a44
Inspect the reassembled stream together with the packet payload in the same direction.
15 years ago
Gurvinder Singh
cda664a8c4
memroy leaks fixes in detection module, app layer and counters
15 years ago
Gurvinder Singh
5fe1dc1d24
support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling
15 years ago
Gerardo Iglesias Galvan
9f4fae5b1a
Fix inconsistent use of dynamic memory allocation
15 years ago
Victor Julien
7a427ec7f4
Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach.
15 years ago
Victor Julien
a372c1d14e
Fix/workaround a strange detection issue.
15 years ago
William Metcalf
ce01927515
Import of GPLv2 Header 050410
15 years ago
Anoop Saldanha
53e8120c9d
adapt b2g cuda code for the mpm architecture change
16 years ago
Pablo Rincon
b708d7f65d
Adding Uricontent inspection with spm. Modifiers for uricontent are now supported
16 years ago
Victor Julien
ec47f840f3
Remove more scan references.
16 years ago
Victor Julien
f0d68b633e
Remove nosearch flag from pattern api and add a generic bitwise flags field.
16 years ago
Victor Julien
1e01fd613c
Remove all references to the scan phase from the pattern matchers and it's api.
16 years ago
Victor Julien
dd846c9b0e
Remove all search code from the pattern matchers, cleanup mpm api, remove unused http code, more cleanups.
16 years ago
Victor Julien
b259e362cd
Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now.
16 years ago
Victor Julien
bef70a04ce
First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase.
16 years ago
Pablo Rincon
25a3a5c6d8
Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.
16 years ago
Anoop Saldanha
30940c9a94
pack all the packet pattern scan and search packet setup for cuda into a function inside util-cuda-handlers.[ch]
16 years ago
Anoop Saldanha
8cf60d6645
Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher.
16 years ago
Anoop Saldanha
c26e92733d
handle the cuda cleanup at shutdown. should get rid of any errors from the call to SigGroupCleanup
16 years ago
Anoop Saldanha
41e6735b92
mpm b2g cuda support added
16 years ago
Gurvinder Singh
999a200bc9
pattern matcher options support
16 years ago
Victor Julien
b3bcba077f
Only inspect http flows against uri sigs, clean up uri scanning code.
16 years ago
Gurvinder Singh
356a8bf385
applayer uri match and modified http handling
16 years ago
Steve Grubb
60ad9d29c5
Memory leak cleanup in detectors
...
Hello,
I ran the code through an analysis program and found several leaks that
should be cleaned up.
*In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL
will never be true since that is the loop entry test.
*In src/detect-engine-port.c at line 1133, the test for p == NULL will
never be true since that is the loop entry test.
*In src/detect-engine-mpm.c at line 263 is a return without freeing
fast_pattern
*In src/detect-ack.c at line 80 and 85, data catches the return from malloc.
One of them should be deleted.
*In src/detect-seq.c at line 81 and 86, data catches the return from malloc.
One of them should be deleted.
*In src/detect-content.c at line 749, many of the paths that lead to the error
exit still has temp pointing to allocated memory. To clean this up, temp
should be set to NULL if not immediately assigning and new value.
*In src/detect-uricontent.c at line 319, both cd and str needto be freed. At
lines 344, str needs to be freed. And at line 347 str and temp need to be
freed.
*In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was
not being freed at line 235.
*In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd
and str were not being freed.
*In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str
was not being freed.
*In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str
and cd was not being freed.
*In src/detect-pcre.c at line 389, there is an extra free of "re" that should
be deleted.
*In src/detect-depth.c at line 42 & 48, str has not been freed.
*In src/detect-distance.c at line 49 and 55, str has not been freed
*In src/detect-offset.c at line 45, str has not been freed.
The patch below fixes these issues.
-Steve
16 years ago
Victor Julien
71ed2d38f5
Fix scan patterns sometimes not being added to the scan ctx. Should fix bug #9 .
16 years ago
Victor Julien
ecf86f9c23
Rename to Suricata.
16 years ago
Anoop Saldanha
45acb64a61
Bug fix for fast_pattern - bug #8
16 years ago
Anoop Saldanha
8c9df4cd6b
modifications to PatternMatchPreprarePopulateMpm to fasten fast_pattern processing
16 years ago
Anoop Saldanha
7a10ddc07b
Fixes for the fast-pattern tests and a couple of other minor changes
16 years ago
Anoop Saldanha
6ca5dbc9e9
Support fast_pattern modifier keyword for content
16 years ago
Victor Julien
4f2164677a
- Fix pattern matchers b2g and b3g not being able to deal with a single pattern of the max pattern length (32 bytes by default).
...
- Fix the setting of the correct pattern matcher when it was set in the detection ctx.
- Add tests for the fixes.
16 years ago
Victor Julien
2d0e9658f8
Speed up per sgh content maxlen calc. Remove mpm ptrs from mpm ctx. Add unittests testing the detection engine internals.
16 years ago
Victor Julien
7a7bb7a390
Get rid of global mpm_ctx.
16 years ago
Victor Julien
fbe87a3ad5
Bunch of mostly unittest related memleak fixes.
16 years ago
Victor Julien
0d0ffb9963
Reorganize header inclusions.
16 years ago
Victor Julien
6eaff4be12
Fixes for issues found by static code analyzer.
16 years ago
Victor Julien
1132ab635a
Rename all pmt->det_ctx.
16 years ago
Victor Julien
b9972a9d2c
Cleanups
16 years ago
Victor Julien
4369816cdd
Improvements to content keyword memory handling.
...
First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more.
Couple of pattern matcher cleanups.
16 years ago
Anoop Saldanha
244f5d547a
new registration functions for the stats api, with local thread storage for counter ids
16 years ago
Brian Rectanus
fa5939ca91
64 bit cleanup part2
16 years ago
Victor Julien
689bbfdc45
Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful.
...
Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
Victor Julien
8397413942
Comment updates.
16 years ago
Victor Julien
84aa365a3b
Fix iponly matching.
16 years ago
Victor Julien
657be002d1
Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping.
16 years ago
Victor Julien
5df5b35e90
Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups.
16 years ago
Victor Julien
b2eb954099
Add b3g 3gram BNDM pattern matcher. Fix multi queue nfq initialization. Improve speed of b2g and wumanber.
16 years ago
Victor Julien
1c0ad1d415
Add implementation of the Simple BNDM 2gram pattern matcher algorithm.
16 years ago
Victor Julien
efb10fc0d6
big update
16 years ago
Victor Julien
21364b34dc
Fix uricontent scan for copied siggroupheads.
16 years ago
Victor Julien
69e056e33f
Add the scanning to uricontent as well.
16 years ago
Victor Julien
fedcc397de
Detection engine improvement: don't run pattern matcher on packets with payload sizes less that the biggest content we need to match. Add some extra stats.
16 years ago
Victor Julien
dce2c12915
Add Scan before Search to the detection engine.
16 years ago
Victor Julien
4c4862d838
Improve logging, add alert-output module, at module exit stats, add HTTP POST uri capture.
16 years ago
Victor Julien
54ffe2053e
Large detection engine update.
16 years ago
Victor Julien
8b3d06fd92
Rename some detection engine related files.
16 years ago