aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
1,981 Commits
8 Branches
165 Tags
227 MiB
main
main-7.0.x
main-8.0.x
master-6.0.x
master-5.0.x
master-4.1.x
master-4.0.x
master-3.2.x
suricata-8.0.2
suricata-7.0.13
suricata-8.0.1
suricata-7.0.12
suricata-8.0.0
suricata-7.0.11
suricata-8.0.0-rc1
suricata-8.0.0-beta1
suricata-7.0.10
suricata-7.0.9
suricata-7.0.8
suricata-7.0.7
suricata-7.0.6
suricata-6.0.20
suricata-7.0.5
suricata-6.0.19
suricata-6.0.18
suricata-7.0.4
suricata-6.0.17
suricata-7.0.3
suricata-6.0.16
suricata-7.0.2
suricata-6.0.15
suricata-7.0.1
suricata-6.0.14
suricata-7.0.0
suricata-7.0.0-rc2
suricata-6.0.13
suricata-6.0.12
suricata-6.0.11
suricata-7.0.0-rc1
suricata-6.0.10
suricata-6.0.9
suricata-7.0.0-beta1
suricata-6.0.8
suricata-6.0.7
suricata-6.0.6
suricata-5.0.10
suricata-6.0.5
suricata-5.0.9
suricata-6.0.4
suricata-5.0.8
suricata-6.0.3
suricata-5.0.7
suricata-6.0.2
suricata-5.0.6
suricata-6.0.1
suricata-5.0.5
suricata-4.1.10
suricata-4.1.9
suricata-5.0.4
suricata-6.0.0
suricata-6.0.0-rc1
suricata-6.0.0-beta1
suricata-5.0.3
suricata-4.1.8
suricata-4.1.7
suricata-5.0.2
suricata-4.1.6
suricata-5.0.1
suricata-5.0.0
suricata-5.0.0-rc1
suricata-4.1.5
suricata-5.0.0-beta1
suricata-4.1.4
suricata-4.1.3
suricata-4.0.7
suricata-4.1.2
suricata-4.1.1
suricata-4.1.0
suricata-4.0.6
suricata-4.1.0-rc2
suricata-4.1.0-rc1
suricata-4.0.5
suricata-4.1.0-beta1
suricata-4.0.4
suricata-4.0.3
suricata-4.0.2
suricata-3.2.5
suricata-4.0.1
suricata-3.2.4
suricata-4.0.0
suricata-4.0.0-rc2
suricata-3.2.3
suricata-4.0.0-rc1
suricata-4.0.0-beta1
suricata-3.2.2
suricata-3.1.4
suricata-3.2.1
suricata-3.2
suricata-3.2RC1
suricata-3.1.3
suricata-3.2beta1
suricata-3.1.2
suricata-3.1.1
suricata-3.1
suricata-3.0.2
suricata-3.1RC1
suricata-3.0.1
suricata-3.0.1RC1
suricata-3.0
suricata-2.0.11
suricata-3.0RC3
suricata-3.0RC2
suricata-3.0RC1
suricata-2.0.10
suricata-2.0.9
suricata-2.1beta4
suricata-2.0.8
suricata-2.0.7
suricata-2.1beta3
suricata-2.0.6
suricata-2.0.5
suricata-2.1beta2
suricata-2.0.4
suricata-2.1beta1
suricata-2.0.3
suricata-2.0.2
suricata-2.0.1
suricata-2.0.1rc1
suricata-2.0
suricata-2.0rc3
suricata-2.0rc2
suricata-2.0rc1
suricata-2.0beta2
suricata-1.4.7
suricata-1.4.6
suricata-1.4.5
suricata-2.0beta1
suricata-1.4.4
suricata-1.4.3
suricata-1.4.2
suricata-1.4.1
suricata-1.3.6
suricata-1.4
suricata-1.3.5
suricata-1.4rc1
suricata-1.3.4
suricata-1.4beta3
suricata-1.3.3
suricata-1.4beta2
suricata-1.3.2
suricata-1.4beta1
suricata-1.3.1
suricata-1.3
suricata-1.3rc1
suricata-1.3beta2
suricata-1.3beta1
suricata-1.2.1
suricata-1.2
suricata-1.2rc1
suricata-1.2beta1
suricata-1.1.1
suricata-0.8.2
suricata-1.0.0
suricata-1.0.1
suricata-1.0.2
suricata-1.0.3
suricata-1.0.4
suricata-1.0.5
suricata-1.1
suricata-1.1beta1
suricata-1.1beta2
suricata-1.1beta3
suricata-1.1rc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9beebf621a'
${ noResults }
Commit Graph

1875 Commits (9beebf621a0e69340b98f7ad2b8f355494b58fb8)

Author SHA1 Message Date
Victor Julien acc38c9ebf Make sure we don't try to 'verdict' the fake PKT_PSEUDO_STREAM_END packets. 15 years ago
Victor Julien c955254b4e Adapt stream code to packet memory allocation changes. 15 years ago
Victor Julien 44e678b86b Comment out disabled unittests. 15 years ago
Victor Julien a622ad5047 Fix new unittests introduced by rebase with next branch. 15 years ago
Victor Julien 1d971b53a6 Update all unittests 15 years ago
Victor Julien fadd6d6361 Add pseudo packet counter. 15 years ago
Victor Julien f606621e8c Fix the pseudo packet having the wrong proto set, causing massive fp's. Flag packets to be part of the established phase of a tcp session, so we won't prematurely inspect the app layer state. 15 years ago
Victor Julien b0901ab30d Fix compilation with --enable-debug 15 years ago
Victor Julien 6482c34909 Increment flow use cnt for pseudo packets as the flow is not supposed to disappear while dealing with those packets. 15 years ago
Victor Julien 2072ad80af Never create a pseudo packet based on a pseudo packet. 15 years ago
Victor Julien 61a9936d55 Inspect a pseudo packet upon receiving a RST so that we are sure both sides of the TCP session are inspected. 15 years ago
Gurvinder Singh 00f21f34e8 support for pseudo packet creation from reassembled stream segments 15 years ago
Victor Julien 8fa5a2c025 Split applayer and raw stream reassembly 
Split stream reassembly in 2 parts: a part that sends ack'd data to the app
layer parsers as soon as it's available, and another part that queues up
data into larger chunks for raw inspection.
 15 years ago
Victor Julien dda6d3e07b Add error counters. 15 years ago
Victor Julien 3b239b3e48 Cleanup and document AppLayerHandleTCPData 15 years ago
Victor Julien fe6bf728d3 Create a AppLayerHandleTCPData function to directly feed data from the reassembly engine to the app layer parsing. 15 years ago
Victor Julien b5a5ef14b9 Make sure we reuse a TCP session if we receive a valid 3WHS on a closed TCP session, can happen if a new session has the same tuple. 15 years ago
Victor Julien 24f071cabb Make sure http_cookie inspects all HTTP transactions. Clean up error messages. Get rid of unused code and dead comments. 15 years ago
Anoop Saldanha c9897a44a4 fast pattern support for http_cookie. Also support relative modifiers 15 years ago
Anoop Saldanha bbbedaf963 fast pattern support for http_method. Also support relative modifiers 15 years ago
Anoop Saldanha 2321a4dd58 support isdataat negation. Also fix addiing isdataat to appropriate lists 15 years ago
Victor Julien 4ae7144876 Fix 2 cases where overlapping data in the stream engine wouldn't be properly handled potentially causing the wrong data being used in stream reassembly. 15 years ago
Eric Leblond 9c2bdc6d0c Main loop: increase timer. 
Timer in the main loop was of 100 usec. This patch increases it
to 10 ms which should be a reasonnable delay to declare some threads
dead.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 89558ab9a4 RFC: modify error treatment in PacketCopyData 
Hello Victor
This patch modifies error treatment following our discussion on IRC.
It tries to follow the error treatment guideline I've been able to
read in the different files.
I will merge this patch in the original commit if the error treatment
seems ok for you.

BR,
Eric
 15 years ago
Eric Leblond 49adc264bc Don't print message after SCMalloc failure. 
This patch generated via coccinelle is getting rid of logging
message after a SCMalloc failure. They were useless as SCMalloc
already displays a message.
 15 years ago
Eric Leblond 67b95c8c4d Auto discovery of default packet size 
If default-packet-size is not set, it is possible in some case to
guess a correct value.

If PCAP or PF_RING are used we are linked to a "physical" interface.
Thus, it is possible to get information about the link MTU and
hardware header size. This give us the ability to auto discover a
decent default-packet-size.
If suricata is running under a different running-mode, it will
default to 1514.
 15 years ago
Eric Leblond 3eada85ff8 Add interface setting discovery via ioctl 
This patch adds support for MTU discovery of link following idea
of go.ph1g. It also adds some function to give a approximation of
link header length.
 15 years ago
Eric Leblond 1db4aadd16 Supress usage of Packet declaration in tests. 
For convenience, a massive usage of 'Packet p;' declaration has
been done in the tests function. Although this was completely
legal, this is not possible anymore because of the new Packet
allocation structure. This massive patch modifies all suricata
files to use a SCMalloc allocated pointer to Packet instead.

This patch has been done using coccinelle (http://coccinelle.lip6.fr)
which is a semantic patching tool. This ensures that things like call
to SCFree() should have not been forget because the semantic patch
explicitly forces the call to SCFree(p) before each return. With this
patch all unittests are running fine with a small and a big default
packet size.
 15 years ago
Eric Leblond 156b202597 Fix decode part of source-nfq 15 years ago
Eric Leblond dd038c1906 Modify files to avoid direct pckt payload access 
This patch implements the needed modification of payload access
in a Packet structure to support the abstraction introduced by
the extended data system.
 15 years ago
Eric Leblond e802e1ed16 Modify Packet structure and prepare accessor. 
This patch modifies decode.c and decode.h to avoid the usage
by default of a bigger than 65535 bytes array in Packet structure.
The idea is that the packet are mainly under 1514 bytes size and
a bigger size must be supported but should not be the default.

If the packet length is bigger than DFLT_PACKET_SIZE then the
data are stored in a dynamically allocated part of the memory.

To ease the modification of the rest of the code, functions to
access and set the payload/length in a Packet have been introduced.

The default packet size can be set at runtime via the default-packet-size
configuration variable.
 15 years ago
Eric Leblond 8471626916 Fix error message and adds information to config 
This patch fixes a typo in an error message and add some
information to the checksum verification option.
 15 years ago
Anoop Saldanha 6fc5dae2f9 fix leak for accepted uuid list in dcerpc state 15 years ago
Victor Julien 3409513a44 Fix FlowTest* unittests to fail sometimes. 15 years ago
Eric Leblond a69bb94335 Checksum match: fix logic problem 
This patch fixes a logic error in the checksum matches. In
case the protocol is not the one tested, the test must return
0 and not 1 (test matched).

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Victor Julien 878d3d87db Add (experimental) support for using multiple pcap devices to acquire packets from. Just passing multiple -i <dev> options on the commandline will activate this. Windows not yet supported. 15 years ago
Victor Julien 18b4e3380f Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code. 15 years ago
Victor Julien 6131dec8a1 Fix a compiler warning due to a broken prototype declaration. 15 years ago
Victor Julien e3bde3e95d Add a simple revision based on the git rev to the version number, like a build number. 15 years ago
Eric Leblond 56c95bf622 Convert thread PRIO to a enum 
This patch converts thread prio value to an enum. This
can add some useful check by gcc in switch.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Eric Leblond 62cf7eea4c util-cpu: fix trivial typo in documentation 
This patch fixes a trivial typo in a documentation message.

Signed-off-by: Eric Leblond <eric@regit.org>
 15 years ago
Victor Julien ffcd512167 Clean up packet pool handler on shutdown. 15 years ago
Victor Julien b24ccf8c80 Clean up stream pmqs in the detect thread ctx. 15 years ago
Victor Julien 3710296057 Cleanup defrag engine on shutdown. 15 years ago
Anoop Saldanha 9c9f3ec963 fix mem leak in http_ engines 15 years ago
Victor Julien 0057a7c15e Suppress a AC debug message. 15 years ago
Victor Julien d48ff8f6aa Extend 'append' option to stats.log as well. Small cleanups. 15 years ago
Gurvinder Singh f4392e1dcc added support for appending the log files 15 years ago
Pierre Chifflier de41612ea1 Add options to choose if we log header and content in Prelude alert module. 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 15 years ago
Pierre Chifflier 9a53a09c58 Log verdict in Prelude alert module 
Signed-off-by: Pierre Chifflier <chifflier@edenwall.com>
 15 years ago
Eric Leblond f73c60b4ff nfq: set some options on netlink socket 
This patch modify nfq system to set some options on the netlink socket.
This should improve performances by handling more correctly capacity
overrun.
 15 years ago
Victor Julien 96ec2a76c6 Update version to 1.1beta1 15 years ago
Victor Julien 014f62247a Another batch of clang fixes. Nothing really serious. Includes a couple of fixes for broken fixes from yesterday. 15 years ago
Victor Julien cac95010f3 Minor unified1-log changes to work around a clang issue, but also to clean up the logic slightly. 15 years ago
Victor Julien 3f47eade6b Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang. 15 years ago
Victor Julien 7dc4b164a8 Fix a clang warning in unittest DetectUriSigTest12. 15 years ago
Victor Julien 2c6f9abaff Work around a suspected fp in clang. 15 years ago
Victor Julien ac97bb7799 Fix a number of small clang issues. Clang doesn't know we exit on malloc errors during init. 15 years ago
Victor Julien b600c9ac09 Fix a clang issue 'Assigned value is garbage or undefined' in the threshold code in case a packet was neither ipv4 or ipv6. 15 years ago
Victor Julien 1112e103a8 Disable DBG_PERF by default except for when DEBUG is enabled. 15 years ago
Victor Julien 6af30e5b2e Handle a clang warning that says dstq can be null referenced. In no call of FlowRequeue dstq can be null so not a real issue. Added a BUG_ON just in case, but only in DEBUG mode to prevent the extra overhead. If the code changes we will run it in DEBUG mode and catch the error. 15 years ago
Victor Julien 743ed7626c Fix potential null deref (introduced a few commits ago) found by clang. 15 years ago
Victor Julien 3d60e9bfeb Clean up output. 15 years ago
Victor Julien 3fcfaef9f7 Fix compiler warning in log-httplog.c & change stats.log to log as mm/dd/yyyy as well. 15 years ago
Gurvinder Singh 791d177c7f fixed the timestamp issue in http.log 15 years ago
Victor Julien 355f237bfd Fix compiler warnings, cleanup counters config code. 15 years ago
Gurvinder Singh ba18110abd support for stats.log configurable and fixed timezone issue in faslog and debuglog 15 years ago
Anoop Saldanha 58c228a56b fix sig ordering bugs. Flowvars and pktvars user type retrieval should be from pmatch list, as well as from match list. Also fix lousy unit tests 15 years ago
Victor Julien c64b9362cf Remove unused stream flag. 15 years ago
Victor Julien 4cacb1e970 Disable adding to unregistered mbit/s counter. 15 years ago
Anoop Saldanha dc2c8be583 always read config.h header file first 15 years ago
Victor Julien 40de0b0270 Have each output use the global log format if none is specified for that specific output. 15 years ago
Anoop Saldanha d241e51b32 adapt fast pattern engine analysis to reflect the new changes made to your mpm design 15 years ago
Anoop Saldanha 54854d74c1 add some header files that we missed while rebasing 15 years ago
Anoop Saldanha 05adf2de41 fix live runmode decode TM for cuda 15 years ago
Anoop Saldanha 42c1287028 renintroduce g_u8_lowercase_table for b2g cuda 15 years ago
Anoop Saldanha 1fb121d0ba wrap cuda based util-mpm.c tests in __SC_CUDA_SUPPORT__ ifdef 15 years ago
Martin Beyer b1c577f829 cuda streams support in b2g-cuda MPM 15 years ago
Martin Beyer 0ce86efe40 cuda handlers support multiple CUmodules per context 15 years ago
Martin Beyer 621815ded0 cuda-packet-batcher timeout supports float values 15 years ago
Anoop Saldanha 7dd2392dea updated cuda todos. Please look at cuda-packet-batcher.c to have a look at the new todos 15 years ago
Anoop Saldanha c734cd1bdd make cuda mpm parameters configurable 15 years ago
Anoop Saldanha 2c08aebec1 enable write combined memory for cuda mpm. Some other minor cleanup 15 years ago
Martin Beyer 8adff3c63c use of pagelocked memory for CUDA 15 years ago
Victor Julien 0e8e8e3728 Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing. 15 years ago
Victor Julien b7a5f16b69 Fix FlowBitsTestSig06 test no longer working properly. 15 years ago
Victor Julien 39dea56a84 Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check. 15 years ago
Victor Julien 6943a7eb8c Move updating the time from the pcap callback to the decoding stage in file mode. 15 years ago
Anoop Saldanha ceb7fd748e support /D option for pcre - http raw header. Also support relative pcre for http raw header. All pcre processing for http header moved to hrhd engine 15 years ago
Victor Julien 16e4e3fe50 Fix request-body-limit option for libhtp config. 15 years ago
Victor Julien 39a5348d2b Remove dead pcre code. 15 years ago
Victor Julien 6ebe7b7cd3 Change the way the request body limit is enforced. 15 years ago
Victor Julien 0cd2bce7da Manually add unittest by Pablo Rincon from bug #210. 15 years ago
Anoop Saldanha 8bd6a38318 support relative pcre for http header. All pcre processing for http header moved to hhd engine 15 years ago
Anoop Saldanha 2b781f00d7 support relative pcre for client body. All pcre processing for client body moved to hcbd engine 15 years ago
Victor Julien 0a58f0728a Remove redundant checks in http header and http client body code. 15 years ago
Anoop Saldanha 8c21511c99 don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage 15 years ago
Victor Julien 2422c7471a Reduce number of locks required for http_header and http_client_body inspection. 15 years ago
Victor Julien 55ca988222 Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere. 15 years ago
Victor Julien 435d0fb327 Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering. 15 years ago
Victor Julien 169aa5581a Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose. 15 years ago
Victor Julien d7b92d9bfe Consolidate several signature flags into one. 15 years ago
Victor Julien 2102a54c26 Cleanup and rearrange detection code slightly. 15 years ago
Anoop Saldanha 25588b6910 comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well 15 years ago
Anoop Saldanha e50503e820 cleanup/remove dead code 15 years ago
Anoop Saldanha 93fa7ea828 modify detection engine to run hrhd mpm before building the match array 15 years ago
Anoop Saldanha ea3fd38291 fix lock issue with mpms inspecting http state for body, header 15 years ago
Anoop Saldanha b140ed1c9c modify detection engine to run hhd mpm before building the match array 15 years ago
Anoop Saldanha 4e273f2c8b modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set 15 years ago
Anoop Saldanha 72b0fcf419 modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set 15 years ago
Anoop Saldanha 6648d1faf0 allow sigs for http uri of the form content:one; content:two; distance:0; http_[raw_]header; 15 years ago
Anoop Saldanha 8f1d17846f allow sigs for http uri of the form content:one; content:two; distance:0; http_uri; 15 years ago
Anoop Saldanha 07f20674ac allow sigs for http client body of the form content:one; content:two; distance:0; http_client_body; 15 years ago
Victor Julien 6a5d2cb40d Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code. 15 years ago
Anoop Saldanha eecf2d7e13 Add the makefile.am addition that I forgot to add in the previous commit for http_raw_header 15 years ago
Anoop Saldanha 7ec0382774 support fast pattern for http raw header. Also support relative modifiers for http raw header 15 years ago
Victor Julien 0c806f70bb Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled. 15 years ago
Victor Julien 1a32d9b5ec Fix printing unprintable characters in the engine-analysis fast_pattern mode. 15 years ago
Anoop Saldanha 075719ea8c fix fast pattern unittests 15 years ago
Victor Julien 18d3c87947 Add check to fast pattern keyword to make sure that the offset and length don't exceed the actual pattern length. 15 years ago
Anoop Saldanha c61c68fd36 mpm and fast pattern support for http_header. Also support relative modifiers for http_header 15 years ago
Anoop Saldanha 778ec0939c make client body buffer limit configurable. Also some minor changes 15 years ago
Anoop Saldanha fc46f216ca detect-http-header.c cleanup before we start working on it 15 years ago
Anoop Saldanha 302011dbca fix compilation issues with debug enabled. 15 years ago
Anoop Saldanha 0aa5cffb12 fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added 15 years ago
Anoop Saldanha c227aeeacb remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine 15 years ago
Anoop Saldanha bbd0c5056b store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq 15 years ago
Anoop Saldanha 68b78664fa Add unittests for checking content flags. Fix indentation in PopulateMpmAddPatternToMpm(). Also fix DETECT_CONTENT_IS_SINGLE 15 years ago
Anoop Saldanha b15ada8102 set content_packet_mpm and content_stream_mpm flag for content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 67aecc73c2 set content_uri_mpm flag for uri content to prevent double check inside inspection code 15 years ago
Anoop Saldanha 1cd8bd3d3c make changes for uri mpm, when uricontent is negated and also is the fp and we ignore checking it once again in engine-uri.c 15 years ago
Anoop Saldanha 6df051321f fix fp when content is negated and also added to mpm 15 years ago
Anoop Saldanha 5c6a65dc58 support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch] 15 years ago
Victor Julien 234656e5f6 Fix compilation in --enable-debug mode. 15 years ago
Anoop Saldanha eade60f0fd make some name changes. break PopulateMpm(). Set the avoid mpm double check flags 15 years ago
Anoop Saldanha 96bf15bd74 unifying content structure - http_stat_msg now uses DetectContentData 15 years ago
Anoop Saldanha 4c53a9d606 unifying content structure - http_header now uses DetectContentData 15 years ago
Anoop Saldanha 1957eee389 unifying content structure - http_method now uses DetectContentData 15 years ago
Anoop Saldanha 041f5b1a4f unifying content structure - http_cookie now uses DetectContentData 15 years ago
Anoop Saldanha f05b0f4e1e unifying content structure - http_client_body now uses DetectContentData 15 years ago
Anoop Saldanha 4883efd0f6 unifying content structure - uricontent now uses DetectContentData 15 years ago
Anoop Saldanha 3b0a9ca97e add support for http_uri; content fast_patterns 15 years ago
Anoop Saldanha 3c73854d2d completely remove populate_mpm_flags. Some indentation changes. Also disable support to avoid double checks inside payload inspection for patterns added to mpm. Also add support to MpmFactory to reclaim a mpm_ctx 15 years ago
Anoop Saldanha fde2c64ea7 fix code after fresh rebase. change some pmatch and amatch lists to sm_lists[] format 15 years ago
Anoop Saldanha a6899218fc remove populate_mpm_flags from inside PatternMatchPreparePopulateMpm() 15 years ago
Anoop Saldanha 6eaba8941c Use new flags to indicate uricontent has a mpm set 15 years ago
Anoop Saldanha 46b4806d8e use a single populatempm() function to add the right content for mpm 15 years ago
Anoop Saldanha 4a038511ff Change the struct members uricontent and uricontent_len in DetectUricontentData to content and content_len. Make replacements everywhere else in the codebase to accomodate these changes 15 years ago
Anoop Saldanha ede7be34b5 replace all Signature->tmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_TMATCH] 15 years ago
Anoop Saldanha 3d2f81d978 replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH] 15 years ago
Anoop Saldanha a7353be20d replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH] 15 years ago
Anoop Saldanha e0476242c6 replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH] 15 years ago
Anoop Saldanha e54358a9e1 replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH] 15 years ago
Anoop Saldanha 82fd581b64 replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH] 15 years ago
Anoop Saldanha 3656879aa0 fix some dce opnum/stub tests that would have shown success always irrespective of test results 15 years ago
Anoop Saldanha 4b77f132df add support for sigs with uricontent fast_pattern 15 years ago
Anoop Saldanha ea8eaf31aa Fix fast_pattern tests that always showed success, irrespective of test results 15 years ago
Victor Julien 966c7349d3 Make sure we have a response message before inspecting it in http_stat_msg. 15 years ago
Victor Julien 07ec1ee10e Slightly cleanup detect-engine.sgh-mpm-context option parsing. 15 years ago
Anoop Saldanha c89507836b if sgh-mpm-context is not available in conf, alias the auto case inside the engine 15 years ago
Victor Julien bac621760e Fix a potential invalid memory read in the protocol name code used by alert-fastlog. 15 years ago
Gurvinder Singh f92ba23331 add the support for >= and <= operator for byte_test 15 years ago
Victor Julien 412498f4e4 Converts port vars in http logger from uint32_t to Port and update output. 15 years ago
Gurvinder Singh b7ff6537d2 fixed the incorrect port issue in http.log 15 years ago
Victor Julien 275bd3b7d7 Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests. 15 years ago
Victor Julien dec4218d62 Layout updates to NFQ runmode. 15 years ago
Victor Julien 7e49aa7f76 Simplify NFQ runmode reducing the number of threads and thus queues. 15 years ago
Victor Julien 7e6f01765f Change default of detect-engine.sgh-mpm-context to auto. 15 years ago
Victor Julien 001f91056e Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242. 15 years ago
Victor Julien 4598274d07 Fix depth error messages referring to distance instead of depth, fix their layout. 15 years ago
Victor Julien afdb39e5f6 Print an error if the protocol field of a signature contains a unknown/invalid value. 15 years ago
Victor Julien 8d0bc27fc4 Fix a case where alerting in inline mode would lead dropping on alert sigs. 15 years ago
Victor Julien 5a10eac5bd Cleanup http_stat_code unittests, shrink data structure. 15 years ago
Victor Julien 1636152e32 Fix negated http_method not working properly, causing false positives. 15 years ago
Gurvinder Singh b7da115e6d support for http_stat_code keyword has been added to detection module 15 years ago
Gurvinder Singh 1deae70cf7 added http_stat_msg keyword support for detection module 15 years ago
Jason Ish a4d19e4130 Add new profiling sort option, maxticks. 15 years ago
Anoop Saldanha 59923316bc change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval 15 years ago
Anoop Saldanha 5d9a453e0d find an optimal value for detect-engine:inspection-recursion_limit + unittest 15 years ago
Anoop Saldanha bc99328ec8 define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code 15 years ago
William Metcalf efeab331ea compilation fix missing UT ifdef wrapper in reference code 15 years ago
Victor Julien 746ef0d2f8 Remove stray newline char from profiling output. 15 years ago
Victor Julien 3062b19068 Clean up output of signature ordering module. 15 years ago
Victor Julien 001dcaae84 Minor reference.config support changes: improve error handling, reduce hash table size. 15 years ago
Anoop Saldanha 88d94b136d Support for reference.config file 15 years ago
Anoop Saldanha f5a02833dd code cleanup in detect-reference.c 15 years ago
Victor Julien 344ea14695 Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility. 15 years ago
Victor Julien 41fd7e51c6 Really add secunia reference support. 15 years ago
Victor Julien 33170fd181 Add secunia reference pending our reference.config support. 15 years ago
Anoop Saldanha 067e53403c add missing sig_app_layer flags for dce sigs 15 years ago
Victor Julien 26fd2a0afd Add telus and bid references for etpro. 15 years ago
Victor Julien 2b187a2721 Remove a BUG_ON statement from the payload inspection code. 15 years ago
Victor Julien f2e6ec7374 Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc). 15 years ago
Anoop Saldanha 2cdb5be391 Print out file name for fast_pattern engine_analysis. Also add some info logs 15 years ago
Anoop Saldanha 0c5b82d891 provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern 15 years ago
Victor Julien 3bd7441ea5 Default to 'single' ctx for ac-gfbs as well. 15 years ago
Anoop Saldanha e072841e93 hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones 15 years ago
Anoop Saldanha de5db1a730 support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table 15 years ago
Anoop Saldanha 8628c572df update todos for ac. Cleanup some memory as well. 15 years ago
Anoop Saldanha a2d04a94b5 selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise 15 years ago