suricata

Commit Graph

Author	SHA1	Message	Date
William	6730c3ace1	Actually limit recursion and backtracking and stack usage by PCRE. Logic was broken, no example was provided in suricata.yaml even though it could be set from there.	14 years ago
William	d74fe520e5	Experimental support for PCRE-sljit enable via --enable-pcre-sljit	14 years ago
Anoop Saldanha	966119b6aa	support for http_raw_uri keyword + mpm engine	14 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Anoop Saldanha	ceb7fd748e	support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine	15 years ago
Victor Julien	39a5348d2b	Remove dead pcre code.	15 years ago
Anoop Saldanha	8bd6a38318	support relative pcre for http header. All pcre processing for http header moved to hhd engine	15 years ago
Anoop Saldanha	2b781f00d7	support relative pcre for client body. All pcre processing for client body moved to hcbd engine	15 years ago
Anoop Saldanha	4883efd0f6	unifying content structure - uricontent now uses DetectContentData	15 years ago
Anoop Saldanha	3d2f81d978	replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH]	15 years ago
Anoop Saldanha	e54358a9e1	replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]	15 years ago
Victor Julien	66340be072	Fix pcre compilation with debug enabled.	15 years ago
Victor Julien	fc248ca7a1	Many small performance updates.	15 years ago
Pablo Rincon	06a65cb460	moving http_client_body logic to use it per transactions. Adding unittests	15 years ago
Anoop Saldanha	f094523eb1	clang fix - some minor fixes for unittests	15 years ago
Pablo Rincon	f225bd1428	Adding modifiers /C /H and /M to pcre (http cookie, header and method)	15 years ago
Victor Julien	1071a53210	Fix unittests after ip_proto keyword change.	15 years ago
Anoop Saldanha	ead29dc691	make detection engine use dce alstate(if present), on seeing smb traffic	15 years ago
Victor Julien	37ca07b687	Fix segv on loading signatures with unsupported combinations of pcre and the relative flag.	15 years ago
Anoop Saldanha	b94eaec7c2	implement relative pcre matching in detect-engine-(payload\|uri\|dcepayload).c. Also fix within/distance handling of RELATIVE_NEXT flag for uricontent	15 years ago
Anoop Saldanha	ce8d27425d	fix signature parsing to how snort does it for content based keywords along with dce_stub_data	15 years ago
Pablo Rincon	eedafa3a17	Adding unittests for anchored pcres for anchored	15 years ago
Anoop Saldanha	36e4b1830e	add pcre with U modifiers to the umatch sigmatch list. fix for bug 155	15 years ago
Gurvinder Singh	8852b83fa7	flowbits, flowvars, pktvars, flow flags and app layer info added to alert-debug.log	15 years ago
William Metcalf	0e4235cc94	FLOW_DESTROY added to clean-up UT's that init flow	15 years ago
Victor Julien	2f29b8a724	Improve detection of app layer, making sure we only handle app layer on 'established' packets. Should really fix #166 .	15 years ago
Anoop Saldanha	015385c6bd	changes to the dce parser stub data processed var. changed to stub data fresh var to indicate if the stub is fresh or not	15 years ago
Anoop Saldanha	45ea0d914e	dce stub content keywords support using dcepayload.c support for all dce related content keywords	15 years ago
Pablo Rincon	8cc525c939	UDP support at AppLayer message handling	15 years ago
William Metcalf	cc76aa4bc6	properly init flows inside of unit-tests caused lock-up when falling back to using mutex locks	15 years ago
Victor Julien	a0c1209a44	Inspect the reassembled stream together with the packet payload in the same direction.	15 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	15 years ago
Gerardo Iglesias Galvan	9f4fae5b1a	Fix inconsistent use of dynamic memory allocation	15 years ago
Gurvinder Singh	fdc3f728af	set the isdataat keyword when previous sigmatch is either content or pcre (bug 144)	15 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	15 years ago
Gurvinder Singh	7330bcd12c	fixed the regex in bug 136	15 years ago
Gurvinder Singh	0c4687f768	correct the typos (but 135)	15 years ago
Victor Julien	78e15ea7fa	Explicitly test for ipv6 in the htp personalities code. Update all affected unittests to set addr family to the flow.	15 years ago
Pablo Rincon	720f46642f	Fix redmine issue 49 (allow pcre to end a pattern with an escaped slash, '\')	15 years ago
Anoop Saldanha	97d49d8f5e	support for http_client_body keyword	15 years ago
Victor Julien	7a8cd61fdf	Cleanups.	16 years ago
Victor Julien	8b30226914	Detection keyword cleanup	16 years ago
Victor Julien	b259e362cd	Convert uricontent to use new scanning methods as well. Move http_method and http_cookie keywords out of pmatch list for now.	16 years ago
Victor Julien	bef70a04ce	First stage of detect engine redesign: equal patterns share id's, search phase no longer used, new match verification phase.	16 years ago
Pablo Rincon	25a3a5c6d8	Adding mem wrapper to debug runtime alloc()/free() functions. Fixing some memory leaks.	16 years ago
Victor Julien	963691387a	Disable unused uri scanning code.	16 years ago
Pablo Rincon	0165b3f0d8	pcre P modifier support (pcre match over http body requests)	16 years ago
Gerardo Iglesias Galvan	ba6d807a6e	Improve information about errors on signature failure	16 years ago
Jason Ish	9e4da4f8e7	supply pcre_get_substring with the proper start of the string.	16 years ago
Gurvinder Singh	356a8bf385	applayer uri match and modified http handling	16 years ago

1 2

83 Commits (751a77a9be81ea93ca6347119d87f045889aef07)