suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	c2c539942b	Rework the way the http parser can tell the de_state to reset it's file section on arrival of new files in the same tx. Fixes a dead lock in the auto runmode.	13 years ago
Victor Julien	89f83e714c	Introduce http_server_body keyword. The http_server_body content modifier modifies the previous content to inspect the normalized (dechunked, unzipped) http_server_body. The workings are similar to http_client_body. Additionally, a new pcre flag was introduced "/S". To facilitate this change the signature flags field was changed to be 64 bit.	13 years ago
Victor Julien	96d20098b0	file inspect: stateful inspection split Split stateful detection of the files in a HTTP state between toserver and toclient inspection.	13 years ago
Victor Julien	04ea70ccf7	file extract: pruning Add pruning of files in memory so we keep only memory what we really need. Fix magic logic. Reset file part of the de_state on receiving another file in the same tx.	13 years ago
Victor Julien	23e01d23d3	Implement filestore keyword, including a way for the stateful detection engine to conclude that a file will never have to be stored.	13 years ago
Eric Leblond	b055a21d63	doc: create doxygen group for state detection.	14 years ago
Victor Julien	73efb4c70f	Add a app layer state and stateful detection engine counter that makes sure the stateful inspection is only done when the state changes.	14 years ago
Victor Julien	50aceb11eb	Clean up stateful detection code.	14 years ago
Anoop Saldanha	966119b6aa	support for http_raw_uri keyword + mpm engine	14 years ago
Anoop Saldanha	c9897a44a4	fast pattern support for http_cookie. Also support relative modifiers	14 years ago
Anoop Saldanha	bbbedaf963	fast pattern support for http_method. Also support relative modifiers	14 years ago
Anoop Saldanha	7ec0382774	support fast pattern for http raw header. Also support relative modifiers for http raw header	14 years ago
Anoop Saldanha	c61c68fd36	mpm and fast pattern support for http_header. Also support relative modifiers for http_header	14 years ago
Anoop Saldanha	5c6a65dc58	support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch]	14 years ago
Victor Julien	0d008c8135	Change stateful detection engine to be able to start the stateful detection separate from other sigs. Fixes bugs #213 , #214 , #215 .	15 years ago
Pablo Rincon	a8cb8d830b	Fix for bug 186 and thresholding issue handling ip versions	15 years ago
Victor Julien	b8fec77f37	Fix tcp connections that are reset (RST packet) not always inspecting the reassembled stream. Update transaction id code to make sure both directions of a transaction are inspected before incrementing the inspect_id.	15 years ago
Victor Julien	8cea3779fa	Move dce payload inspection to stateful detection engine.	15 years ago
Victor Julien	e8fce5f7fa	Convert uricontent scanning to use the detect engine state.	15 years ago
William Metcalf	2eef905c07	GPL and Copyright header updates.	15 years ago
Victor Julien	70b32f7380	First stab at creating a stateful detection engine. Stateful detection for app layer detection keywords, except uricontent. Stores it's partial results in the flow structure. Other modifications: - Generalize transaction tracking, logging and inspection. - Adapt http and dcerpc to use the new transaction handling. - Stream engine now always notifies app layer of a stream eof. This commit fixes bug #124.	15 years ago

1 2

71 Commits (9fd56e84303888fd01afde81579b4827f27de5c8)