Anoop Saldanha
5e02cb2365
slot_data updated as an atomic var no
12 years ago
Anoop Saldanha
5878d83174
byte_extract_id var now a non-global de_ctx specific var
12 years ago
Anoop Saldanha
f4ce9011d2
make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API
12 years ago
Anoop Saldanha
7acf5ad38e
clean reference config API
12 years ago
Anoop Saldanha
6003c7cb6b
clean classification config API
12 years ago
Anoop Saldanha
f5af4c9ceb
util action api returns error code if it encounters wrong values parsing wrong action conf
12 years ago
Anoop Saldanha
f2dd61868d
variable names global vars, global no more. Moved to detection engine ctx, a place it belongs
12 years ago
Anoop Saldanha
946100845f
fix replace unittets. Re-set modified global_var to orignial value when the test completes
12 years ago
Anoop Saldanha
55d4e9518e
Kill engine during init stage if it fails to load valid value for sgh-mpm-context
12 years ago
Anoop Saldanha
d7a93b6fcd
clear root node during conf de-init. also create root_backup when the root is restored back using it
12 years ago
Victor Julien
ab3fcb01f9
http: decode double decoded path and query string characters. Bug #464 .
12 years ago
Victor Julien
c6cac1ef48
build: Use expanded sysconfdir to pass as CONFIG_DIR to the code.
12 years ago
Victor Julien
108da566bc
http: make client and server body inspection more robust in cases where realloc fails
12 years ago
Victor Julien
60c3af9303
detect: Only run mpm on HTTP buffers in the proper direction. Fixes a file_data FN.
13 years ago
Victor Julien
2055b509a3
dcerpc/smb/smb2: more robust error checking, cosmetic code updates.
13 years ago
Anoop Saldanha
fc15cc7de1
some more mpm engine cleanup
13 years ago
Anoop Saldanha
f9612f3b83
mpm engine cleanup. Remove unnecessary flags
13 years ago
Anoop Saldanha
5bb347106b
cookie header now inspects Set-Cookie headers as well
13 years ago
Anoop Saldanha
593b0cb150
unittests that fail, displaying the issue that we don't inspect set-cookie headers against cookie keywords
...
The next patch in the series will fix the issue and let the unittests pass as well.
13 years ago
Victor Julien
c0ac64e58c
pcap: make sure thread count is 1 if config is missing for a device.
13 years ago
Anoop Saldanha
bc6cf43840
#482 - use decode_flag for all decode TMs. Use the flag as a way to retrieve decode TMs from ThreadVars
13 years ago
Anoop Saldanha
0d602d9cde
we now support offset, depth inspection against all packet payloads and stream messages
13 years ago
Anoop Saldanha
a34f91358d
tests to highlight that
...
- suricata treates sigs with offset/depth without any packet keywords as stream sigs
- as a consequence suricata will FN on such sigs
The tests introduced here will fail, displaying the issues. The
next patch in the series would fix the said issues.
13 years ago
Anoop Saldanha
c5cc9d454d
stream raw reassembly fix
13 years ago
Anoop Saldanha
db8500bb26
fast pattern cleanup - Remove FastPatternSupportEnabledForSigMatchList() and all it's associated structures
13 years ago
Anoop Saldanha
988c92f71c
http user agent keyword + mpm + inspection + fast pattern support added
13 years ago
Victor Julien
bd3a655aeb
Add pcap workers mode.
...
Some cards like Napatech or Myricom support libpcap wrappers that allow for
multiple streams, queues, ringbuffers. The workers mode can be of use in
those cases.
13 years ago
Anoop Saldanha
34fde4ed75
bug #471 - file_data fast pattern unittests added
13 years ago
Anoop Saldanha
90ccbfd80a
bug #471 - http server body fast pattern unittests added
13 years ago
Victor Julien
850379552a
rule analyzer: minor cleanups. Fix warning-only setting, allow true/yes/enabled for yaml option.
13 years ago
Victor Julien
b210bf1290
Fix commandline supplied yaml path being ignored.
13 years ago
Eileen Donlon
c81020e9a3
feature 349 rule analyzer v1
13 years ago
Eric Leblond
a5268088cd
OpenBSD: fix tar command.
13 years ago
Eric Leblond
2d22f667c2
config: use config file in sysconfdir by default.
13 years ago
marcos
8dfddd0a0f
Added -T switch to suricata output.
...
Simply added the -T to be printed out when suricata is run without any
arguments. The capability to test a configuration file has been in
suricata for some time, just doesn't show up as an option right now.
13 years ago
Victor Julien
b744708f28
filemd5: implement negated matching.
13 years ago
Victor Julien
ed9b07ef1f
Update changelog to reflect 1.3beta2 changes.
13 years ago
Victor Julien
dbdab0cb1c
Disable dce unittests that tick off clamav. #458 .
13 years ago
Anoop Saldanha
1f5469fa5a
bug #458 - unittest that uses clamav FPing payload disabled for now. Needs to be rewritten though with new payloads
13 years ago
Victor Julien
3df573219b
Fix compilation warning.
13 years ago
Victor Julien
e3764b90c3
tls: debug compilation fixes, new tls decoder rule for tls.error_message_encountered event.
13 years ago
Anoop Saldanha
f08fc8d7c5
ssl connection error message event added. Remove warning log for the same error alert
13 years ago
Anoop Saldanha
270ea253a2
ssl parser fix/updates
13 years ago
Anoop Saldanha
edb48c1557
We have a new probing parser to detect sslv2 records. todos to be covered later
13 years ago
Victor Julien
fa121a1dd4
filemd5: handle case where no md5 support is compiled it.
13 years ago
Victor Julien
9f7588a756
Add filemd5 keyword that loads a list of md5's to match a file's md5 against.
13 years ago
Victor Julien
8cfc23ee22
Add a new hash datatype to do speedy lookups of read only uniform data, like md5's.
13 years ago
Victor Julien
1bb0199dd7
pfring: protect pfring_set_bpf_filter with a lock as it's not thread safe.
13 years ago
Eric Leblond
d0e3df6057
Autotools: make 'install-full' now run 'install' too.
13 years ago
Victor Julien
1906d317ec
unified2: minor cleanups
13 years ago