Commit Graph

179 Commits (6b1517c0b83ca10c50be4dd6cc9076b1e62dddaa)

Author SHA1 Message Date
Anoop Saldanha 0c5b82d891 provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern 15 years ago
Anoop Saldanha e072841e93 hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones 15 years ago
Anoop Saldanha 29b5cb9abd respect content flags in hash compare function during staging. For example, we would end up ignoring a nocase version of a duplicate content from another sig in the same sgh 15 years ago
Anoop Saldanha 0ef684705c support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup 15 years ago
Anoop Saldanha 658ff5753d aho-corasick for the cpu. We have 2 versions of ac. The first MPM_AC uses the delta table and the secone one MPM_AC_GFBS uses the goto-failure table 15 years ago
Victor Julien 5a7efe5f97 Add comment and layout update to new fast_pattern code. 15 years ago
Anoop Saldanha a85fa6b792 support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis 15 years ago
Victor Julien 1859ed54c7 Add memcmp api with a plain memcmp function and a SSE3 accelerated memcmp. 15 years ago
Victor Julien fc248ca7a1 Many small performance updates. 15 years ago
Victor Julien 87f88867f4 Further improve B2gc. Add B2gm. Improve memory layout. 15 years ago
Victor Julien 9dfbab42f8 WIP B2gc 15 years ago
Pablo Rincon 76af1b049b Make malloc errors on initialization stage a fatal error, resulting on a exit() call 15 years ago
Victor Julien 7acb97da9d Use same mpm prepare procedure for uricontent as for normal content. More cleanups. 15 years ago
Victor Julien 9ba11dbfbd Clean up detection engine mpm initialization phase. 15 years ago
Victor Julien 0219b767b8 Fix a content pattern matching bug related to signature grouping and mpm_ctx sharing. In certain conditions (signature combinations) the mpm_stream_ctx (the ctx that handles stream pattern scanning) wasn't properly setup. 15 years ago
Anoop Saldanha 33f4beb0bc batching of packets support for cuda b2g mpm. Supported for both 32 and 64 bit platforms 15 years ago
Victor Julien 393acd77d2 Detection improvements: uricontent escaping now working, better negated pattern (content) handling. 15 years ago
Victor Julien a3ff0e7210 Don't scan TCP packet payload if it was added to the stream. Inspect the tcp stream with the correct packet. Should fix #184 and #185. 15 years ago
Victor Julien b8fec77f37 Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id. 15 years ago
Victor Julien 83b2c8abdb Improve stateful uri detection code. 15 years ago
Victor Julien 9dd753b5f3 Scan uricontent mpm on demand. 15 years ago
Victor Julien a24f288074 Moving the stream content scanning to have it's own mpm ctx. 15 years ago
Victor Julien 9a08d6c11c Fixes to stream pattern matching. 15 years ago
Victor Julien a0c1209a44 Inspect the reassembled stream together with the packet payload in the same direction. 15 years ago
Gurvinder Singh cda664a8c4 memroy leaks fixes in detection module, app layer and counters 15 years ago
Gurvinder Singh 5fe1dc1d24 support for sslv2/sslv3 their unit tests and better stream no reassembly flag handling 15 years ago
Gerardo Iglesias Galvan 9f4fae5b1a Fix inconsistent use of dynamic memory allocation 15 years ago
Victor Julien 7a427ec7f4 Switch to pattern id based results checking in the mpm. Move app layer proto detection towards a more signature based approach. 15 years ago
Victor Julien a372c1d14e Fix/workaround a strange detection issue. 15 years ago
William Metcalf ce01927515 Import of GPLv2 Header 050410 15 years ago
Anoop Saldanha 53e8120c9d adapt b2g cuda code for the mpm architecture change 16 years ago
Pablo Rincon b708d7f65d Adding Uricontent inspection with spm. Modifiers for uricontent are now supported 16 years ago
Victor Julien ec47f840f3 Remove more scan references. 16 years ago
Victor Julien f0d68b633e Remove nosearch flag from pattern api and add a generic bitwise flags field. 16 years ago
Victor Julien 1e01fd613c Remove all references to the scan phase from the pattern matchers and it's api. 16 years ago
Victor Julien dd846c9b0e Remove all search code from the pattern matchers, cleanup mpm api, remove unused http code, more cleanups. 16 years ago
Victor Julien b259e362cd Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now. 16 years ago
Victor Julien bef70a04ce First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase. 16 years ago
Pablo Rincon 25a3a5c6d8 Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks. 16 years ago
Anoop Saldanha 30940c9a94 pack all the packet pattern scan and search packet setup for cuda into a function inside util-cuda-handlers.[ch] 16 years ago
Anoop Saldanha 8cf60d6645 Changed the way cuda dispatcher passes back results. Now each detection thread has it's own queue to which the dispatcher can pump packets back to the detect thread. Also, with cuda enabled and a non-cuda mpm being used, we won't create a dispatcher and instead call the b2g scan/search funtions directly instead of using the dispatcher. 16 years ago
Anoop Saldanha c26e92733d handle the cuda cleanup at shutdown. should get rid of any errors from the call to SigGroupCleanup 16 years ago
Anoop Saldanha 41e6735b92 mpm b2g cuda support added 16 years ago
Gurvinder Singh 999a200bc9 pattern matcher options support 16 years ago
Victor Julien b3bcba077f Only inspect http flows against uri sigs, clean up uri scanning code. 16 years ago
Gurvinder Singh 356a8bf385 applayer uri match and modified http handling 16 years ago
Steve Grubb 60ad9d29c5 Memory leak cleanup in detectors
Hello,

I ran the code through an analysis program and found several leaks that
should be cleaned up.

*In src/detect-engine-address-ipv4.c at line 472, the test for ag == NULL
will never be true since that is the loop entry test.
*In src/detect-engine-port.c at line 1133, the test for p == NULL will
never be true since that is the loop entry test.
*In src/detect-engine-mpm.c at line 263 is a return without freeing
fast_pattern
*In src/detect-ack.c at line 80 and 85, data catches the return from malloc.
One of them should be deleted.
*In src/detect-seq.c at line 81 and 86, data catches the return from malloc.
One of them should be deleted.
*In src/detect-content.c at line 749, many of the paths that lead to the error
exit still has temp pointing to allocated memory. To clean this up, temp
should be set to NULL if not immediately assigning and new value.
*In src/detect-uricontent.c at line 319, both cd and str needto be freed. At
lines 344, str needs to be freed. And at line 347 str and temp need to be
freed.
*In src/detect-flowbits.c at line 231 and 235, str was not being freed. cd was
not being freed at line 235.
*In src/detect-flowvar.c at line 127, str was not being freed. At line 194, cd
and str were not being freed.
*In src/detect-flowint.c at line 277, sfd was not being freed. At line 315, str
was not being freed.
*In src/detect-pktvar.c at line 121, str was not being freed. At line 188, str
and cd was not being freed.
*In src/detect-pcre.c at line 389, there is an extra free of "re" that should
be deleted.
*In src/detect-depth.c at line 42 & 48, str has not been freed.
*In src/detect-distance.c at line 49 and 55, str has not been freed
*In src/detect-offset.c at line 45, str has not been freed.

The patch below fixes these issues.

-Steve
16 years ago
Victor Julien 71ed2d38f5 Fix scan patterns sometimes not being added to the scan ctx. Should fix bug #9. 16 years ago
Victor Julien ecf86f9c23 Rename to Suricata. 16 years ago
Anoop Saldanha 45acb64a61 Bug fix for fast_pattern - bug #8 16 years ago
Anoop Saldanha 8c9df4cd6b modifications to PatternMatchPreprarePopulateMpm to fasten fast_pattern processing 16 years ago
Anoop Saldanha 7a10ddc07b Fixes for the fast-pattern tests and a couple of other minor changes 16 years ago
Anoop Saldanha 6ca5dbc9e9 Support fast_pattern modifier keyword for content 16 years ago
Victor Julien 4f2164677a - Fix pattern matchers b2g and b3g not being able to deal with a single pattern of the max pattern length (32 bytes by default).
- Fix the setting of the correct pattern matcher when it was set in the detection ctx.
- Add tests for the fixes.
16 years ago
Victor Julien 2d0e9658f8 Speed up per sgh content maxlen calc. Remove mpm ptrs from mpm ctx. Add unittests testing the detection engine internals. 16 years ago
Victor Julien 7a7bb7a390 Get rid of global mpm_ctx. 16 years ago
Victor Julien fbe87a3ad5 Bunch of mostly unittest related memleak fixes. 16 years ago
Victor Julien 0d0ffb9963 Reorganize header inclusions. 16 years ago
Victor Julien 6eaff4be12 Fixes for issues found by static code analyzer. 16 years ago
Victor Julien 1132ab635a Rename all pmt->det_ctx. 16 years ago
Victor Julien b9972a9d2c Cleanups 16 years ago
Victor Julien 4369816cdd Improvements to content keyword memory handling.
First version of a simple pattern based L7 proto detection engine. Currently just works by matching a single pattern in the initial data. Implemented HTTP, SSL, MSN, JABBER, SMTP and a few more.

Couple of pattern matcher cleanups.
16 years ago
Anoop Saldanha 244f5d547a new registration functions for the stats api, with local thread storage for counter ids 16 years ago
Brian Rectanus fa5939ca91 64 bit cleanup part2 16 years ago
Victor Julien 689bbfdc45 Rename all structure definitions in the "typedef struct _SomeStruct" format to "typedef struct SomeStruct_" to make the Doxygen output more useful.
Remove the Trie multi pattern matcher code. It wasn't used anymore.
16 years ago
Victor Julien 8397413942 Comment updates. 16 years ago
Victor Julien 84aa365a3b Fix iponly matching. 16 years ago
Victor Julien 657be002d1 Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping. 16 years ago
Victor Julien 5df5b35e90 Put all globals in the detection engine ctx. Add HashList type, a hash that also stores the items ina list to it can be traversed. Many cleanups. 16 years ago
Victor Julien b2eb954099 Add b3g 3gram BNDM pattern matcher. Fix multi queue nfq initialization. Improve speed of b2g and wumanber. 16 years ago
Victor Julien 1c0ad1d415 Add implementation of the Simple BNDM 2gram pattern matcher algorithm. 16 years ago
Victor Julien efb10fc0d6 big update 16 years ago
Victor Julien 21364b34dc Fix uricontent scan for copied siggroupheads. 16 years ago
Victor Julien 69e056e33f Add the scanning to uricontent as well. 16 years ago
Victor Julien fedcc397de Detection engine improvement: don't run pattern matcher on packets with payload sizes less that the biggest content we need to match. Add some extra stats. 16 years ago
Victor Julien dce2c12915 Add Scan before Search to the detection engine. 16 years ago
Victor Julien 4c4862d838 Improve logging, add alert-output module, at module exit stats, add HTTP POST uri capture. 16 years ago
Victor Julien 54ffe2053e Large detection engine update. 16 years ago
Victor Julien 8b3d06fd92 Rename some detection engine related files. 16 years ago