suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	91296d1eec	detect/prefilter: add de_ctx to registration	8 years ago
Victor Julien	efbd901385	detect: move mpm engines into detect engine ctx This allows safe registration at runtime.	8 years ago
Victor Julien	0de86211c6	detect: register dynamic buffers into de_ctx Register buffers that are created during rule parsing. Currently this means an existing buffer with one or more transformations.	8 years ago
Victor Julien	a499a44f7a	detect: move buffer type map into detect ctx Move previously global table into detect engine ctx. Now that we can register buffers at rule loading time we need to take concurrency into account. Move DetectBufferType to detect.h and update DetectBufferCtx API calls to include a detect engine ctx reference.	8 years ago
Victor Julien	f6e5cb1db6	detect: prefilter/inspect API v2, with transforms Introduce InspectionBuffer a structure for passing data between prefilters, transforms and inspection engines. At rule parsing time, we'll register new unique 'DetectBufferType's for a 'parent' buffer (e.g. pure file_data) with its transformations. Each unique combination of buffer with transformations gets it's own buffer id. Similarly, mpm registration and inspect engine registration will be copied from the 'parent' (again, e.g. pure file_data) to the new id's. The transforms are called from within the prefilter engines themselves. Provide generic MPM matching and setup callbacks. Can be used by keywords to avoid needless code duplication. Supports transformations. Use unique name for profiling, to distinguish between pure buffers and buffers with transformation. Add new registration calls for mpm/prefilters and inspect engines. Inspect engine api v2: Pass engine to itself. Add generic engine that uses GetData callback and other registered settings. The generic engine should be usable for every 'simple' case where there is just a single non-streaming buffer. For example HTTP uri. The v2 API assumes that registered MPM implements transformations. Add util func to set new transform in rule and add util funcs for rule parsing.	8 years ago
Victor Julien	ac0ae2dcd1	file_data: smtp file_data to generic file_data Generalize the SMTP file_data inspection into a 'files' file_data inspection that can be used for any protocol that uses the File API.	8 years ago
Victor Julien	0b97fbbc13	detect/mpm: micro optimization in setup	8 years ago
Victor Julien	26abf5337c	detect/mpm: minor cleanup: remove unused function arg	8 years ago
Victor Julien	dbd2d7c058	detect: more gracefully handle mpm prepare failure Exit with error instead of using the detection engine in a broken state. Bug #2187	8 years ago
Victor Julien	ab1200fbd7	compiler: more strict compiler warnings Set flags by default: -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wcast-align -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char Fix minor compiler warnings for these new flags on gcc and clang.	8 years ago
Victor Julien	b099008b94	stream: handle no stream scanning case Now that detect moves the raw progress forward, it's important to deal with the case where detect don't consider raw inspection. If no 'stream' rules are active, disable raw. For this the disable raw flag is now per stream.	8 years ago
Victor Julien	5ee68ca2b2	http_header: remove old files	9 years ago
Victor Julien	a1465bc4fa	detect-engine-mpm: api cleanup	9 years ago
Victor Julien	779d40cedf	detect: remove hardcoded sm_list logic from setup Introduce utility functions to aid this.	9 years ago
Victor Julien	f370e88135	detect: move init only Signature members to init_data	9 years ago
Victor Julien	4978a7a133	detect: reorganize id's in prep of dynamic lists	9 years ago
Victor Julien	8edc954e82	detect: get rid of Signature::sm_lists Instead use the lists in init_data during setup and the SigMatchData arrays during runtime.	9 years ago
Sascha Steinbiss	e6044aaf1c	mpm/spm: check for SSSE3 and enable/disable HS The new Hyperscan 4.4 API provides a function to check for SSSE3 presence at runtime. This allows us to fall back to non-Hyperscan matchers on systems without SSSE3 even when the suricata executable is built with Hyperscan support. Addresses Redmine issue #2010. Signed-off-by: Sascha Steinbiss <sascha@steinbiss.name> Tested-by: Arturo Borrero Gonzalez <arturo@debian.org>	9 years ago
Victor Julien	879c3d8ad7	detect: fix scan-build 0-size alloc warnings	9 years ago
Victor Julien	9a0bbd6239	detect mpm: small optimization	9 years ago
Victor Julien	ad3c97f470	detect-mpm: cleanup	9 years ago
Victor Julien	960461f4db	fast_pattern: register app layer mpms automatically Allow for duplicate registrations for the same list. After the first registration new calls will be ignored.	9 years ago
Victor Julien	6dd4dff7b2	mpm: remove empty app_mpms table	9 years ago
Victor Julien	e68b2214e5	tls: register mpm from keywords	9 years ago
Victor Julien	57ae3c43e5	dns_query: register mpm from keyword	9 years ago
Victor Julien	a1a2187a0c	http_cookie: register mpm from keyword	9 years ago
Victor Julien	74661449e0	http_raw_host: register mpm from keyword	9 years ago
Victor Julien	b5cd4889ae	http_host: register mpm from keyword	9 years ago
Victor Julien	91695c81aa	http_client_body: register mpm from keyword	9 years ago
Victor Julien	644d4dc61b	http_stat_code: register mpm from keyword	9 years ago
Victor Julien	cf96db095a	http_stat_msg: register mpm from keyword	9 years ago
Victor Julien	43b281a510	file_data: register mpm from keyword	9 years ago
Victor Julien	6d0632a9c6	http_method: register mpm from keyword	9 years ago
Victor Julien	e4ea38a8de	http_raw_header: register mpm from keyword	9 years ago
Victor Julien	7813a834d0	http_user_agent: register mpm from keyword	9 years ago
Victor Julien	7b98c0073f	http_header: register mpm from keyword	9 years ago
Victor Julien	38e018e2d3	http_raw_uri: register mpm from keyword	9 years ago
Victor Julien	7289d12f1b	http_uri: register mpm from keyword	9 years ago
Victor Julien	5b2e36a1b0	mpm: add App Layer MPM registery Register keywords globally at start up. Create a map of the registery per detection engine. This we need because the sgh_mpm_context value is set per detect engine. Remove APP_MPMS_MAX.	9 years ago
Victor Julien	732921922a	detect mpm: consider sgh direction when adding rules	9 years ago
Victor Julien	9187c20782	detect mpm: negated setup fix	9 years ago
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	9 years ago
Victor Julien	85cb749e8b	detect cleanup: remove sgh mpm_ctx pointers	9 years ago
Victor Julien	82d3c0b520	sgh: remove unused flags	9 years ago
Victor Julien	08407b6d47	tls: mpm prefilter engines	9 years ago
Victor Julien	7acdc66061	smtp file_data: mpm prefilter engine	9 years ago
Victor Julien	0019a7bd9f	http_raw_header: mpm prefilter engine Register for both regular headers and trailer.	9 years ago
Victor Julien	cef12ed80f	http_server_body / file_data: mpm prefilter engine	9 years ago
Victor Julien	5646dd9ecf	http_client_body: mpm prefilter engine	9 years ago
Victor Julien	9b6fd6bb48	http_headers: mpm prefilter engines Register for both regular headers and trailers.	9 years ago

1 2 3 4 5 ...

295 Commits (a2bc0080932e2971590b83011df109373f7aca66)