suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	6dd4dff7b2	mpm: remove empty app_mpms table	9 years ago
Victor Julien	e68b2214e5	tls: register mpm from keywords	9 years ago
Victor Julien	57ae3c43e5	dns_query: register mpm from keyword	9 years ago
Victor Julien	a1a2187a0c	http_cookie: register mpm from keyword	9 years ago
Victor Julien	74661449e0	http_raw_host: register mpm from keyword	9 years ago
Victor Julien	b5cd4889ae	http_host: register mpm from keyword	9 years ago
Victor Julien	91695c81aa	http_client_body: register mpm from keyword	9 years ago
Victor Julien	644d4dc61b	http_stat_code: register mpm from keyword	9 years ago
Victor Julien	cf96db095a	http_stat_msg: register mpm from keyword	9 years ago
Victor Julien	43b281a510	file_data: register mpm from keyword	9 years ago
Victor Julien	6d0632a9c6	http_method: register mpm from keyword	9 years ago
Victor Julien	e4ea38a8de	http_raw_header: register mpm from keyword	9 years ago
Victor Julien	7813a834d0	http_user_agent: register mpm from keyword	9 years ago
Victor Julien	7b98c0073f	http_header: register mpm from keyword	9 years ago
Victor Julien	38e018e2d3	http_raw_uri: register mpm from keyword	9 years ago
Victor Julien	7289d12f1b	http_uri: register mpm from keyword	9 years ago
Victor Julien	5b2e36a1b0	mpm: add App Layer MPM registery Register keywords globally at start up. Create a map of the registery per detection engine. This we need because the sgh_mpm_context value is set per detect engine. Remove APP_MPMS_MAX.	9 years ago
Victor Julien	732921922a	detect mpm: consider sgh direction when adding rules	9 years ago
Victor Julien	9187c20782	detect mpm: negated setup fix	9 years ago
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	9 years ago
Victor Julien	85cb749e8b	detect cleanup: remove sgh mpm_ctx pointers	9 years ago
Victor Julien	82d3c0b520	sgh: remove unused flags	9 years ago
Victor Julien	08407b6d47	tls: mpm prefilter engines	9 years ago
Victor Julien	7acdc66061	smtp file_data: mpm prefilter engine	9 years ago
Victor Julien	0019a7bd9f	http_raw_header: mpm prefilter engine Register for both regular headers and trailer.	9 years ago
Victor Julien	cef12ed80f	http_server_body / file_data: mpm prefilter engine	9 years ago
Victor Julien	5646dd9ecf	http_client_body: mpm prefilter engine	9 years ago
Victor Julien	9b6fd6bb48	http_headers: mpm prefilter engines Register for both regular headers and trailers.	9 years ago
Victor Julien	9cab3ea2cd	http_stat_code: mpm prefilter engine	9 years ago
Victor Julien	4d57b2fc63	http_stat_msg: mpm prefilter engine	9 years ago
Victor Julien	86d303e32b	http_raw_host: mpm prefilter engine	9 years ago
Victor Julien	5218849213	http_host: mpm prefilter engine	9 years ago
Victor Julien	61c3748fc4	http_user_agent: mpm prefilter engine	9 years ago
Victor Julien	a43a69305d	http_cookie: mpm prefilter engine	9 years ago
Victor Julien	7a46364e42	http_raw_uri: mpm prefilter engine	9 years ago
Victor Julien	746a169127	dns_query: mpm prefilter engine	9 years ago
Victor Julien	9ff5703c49	packet/stream: mpm prefilter engine	9 years ago
Victor Julien	72f2a78b1f	http_method: mpm prefilter engine	9 years ago
Victor Julien	b62c4cc359	http_uri: mpm prefilter engine Inspect partial request line as well.	9 years ago
Victor Julien	4c0ab681f2	mpm: remove Cleanup API call It's unused by all of the implementations.	9 years ago
Mats Klepsland	4172c4c8ac	tls: add (mpm) keyword tls_cert_subject This keyword is a replacement for tls.subject.	9 years ago
Mats Klepsland	9b2717799c	tls: add (mpm) keyword tls_cert_issuer This keyword is a replacement for tls.issuerdn.	9 years ago
Victor Julien	ec0217f52c	detect: minor style fixes	9 years ago
Victor Julien	b3bf7a5729	output: introduce config and perf output levels Goal is to reduce info output	9 years ago
Victor Julien	371113e21e	ac-ks: don't allow use on big-endian	9 years ago
Justin Viiret	c9d0d6f698	mpm: add "auto" default for mpm-algo Setting mpm-algo to "auto" will use "hs" if Suricata was built against Hyperscan, and "ac" otherwise (or "ac-tile" on Tilera platforms).	9 years ago
Mats Klepsland	a13df67864	detect: add (mpm) keyword for tls_sni Match on server name indication (SNI) extension in TLS using tls_sni keyword, e.g: alert tls any any -> any any (msg:"SNI test"; tls_sni; content:"example.com"; sid:12345;)	9 years ago
maxtors	9d3fd82849	Removed duplicate include statements.	9 years ago
Victor Julien	d085362e61	detect: fix error handling in mpm setup *** CID 1358124: Null pointer dereferences (REVERSE_INULL) /src/detect-engine-mpm.c: 940 in MpmStoreSetup() 934 PopulateMpmHelperAddPatternToPktCtx(ms->mpm_ctx, 935 cd, s, 0, (cd->flags & DETECT_CONTENT_FAST_PATTERN_CHOP)); 936 } 937 } 938 } 939 >>> CID 1358124: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "ms->mpm_ctx" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 940 if (ms->mpm_ctx != NULL) { 941 if (ms->mpm_ctx->pattern_cnt == 0) { 942 MpmFactoryReClaimMpmCtx(de_ctx, ms->mpm_ctx); 943 ms->mpm_ctx = NULL; 944 } else { 945 if (ms->sgh_mpm_context == MPM_CTX_FACTORY_UNIQUE_CONTEXT) {	9 years ago
Victor Julien	5b1d75f0bd	detect: suppress output	9 years ago

1 2 3 4 5 ...

273 Commits (6dd4dff7b288f9446568c91c5ae5c70fa5ba5ba6)