suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	732921922a	detect mpm: consider sgh direction when adding rules	9 years ago
Victor Julien	9bb12ccb27	prefilter: move payload engines into separate list	9 years ago
Victor Julien	e3b98d5bbf	detect-ack: extra match support	9 years ago
Victor Julien	a41bf2ae14	detect-seq: extra match support	9 years ago
Victor Julien	a1accbbaf0	detect-ttl: extra match support	9 years ago
Victor Julien	a270dfa008	detect-id: extra match support	9 years ago
Victor Julien	fbb0490c31	detect-dsize: extra match support	9 years ago
Victor Julien	34e3484dad	detect-flags: prefilter extra match support	9 years ago
Victor Julien	ace8f9f5df	detect-flow: prefilter extra match support	9 years ago
Victor Julien	e2eb9f8ede	prefilter: add 'extra match' logic to packet engines Many of the packet engines are very generic. Rules are generally more limited. A rule like 'alert tcp any any -> any 888 (flags:S; sid:1;)' would still be inspected against every SYN packet in most cases (it depends a bit on rule grouping though). This extra match logic adds an additional check to these packet engines. It can add a check based on alproto, source port and dest port. It uses only one of these 3. Priority order is src port > alproto > dst port. For the ports only 'single' ports are used at this time.	9 years ago
Victor Julien	9187c20782	detect mpm: negated setup fix	9 years ago
Victor Julien	5537e25f38	detect-icmp-id: prefilter	9 years ago
Victor Julien	fbe7e0aaeb	detect-icmp-seq: prefilter	9 years ago
Victor Julien	3a86aeac65	detect-icode: implement as u8 hash prefilter	9 years ago
Victor Julien	6a3917b375	detect-itype: implement as u8 hash prefilter	9 years ago
Victor Julien	f5d2166e23	detect-id: implement prefilter	9 years ago
Victor Julien	d5e5c11bd1	detect-icode: implement prefilter	9 years ago
Victor Julien	10f8e636d6	detect-itype: implement prefilter	9 years ago
Victor Julien	b88c0a56b9	detect-ttl: implement prefilter	9 years ago
Victor Julien	9ce300620e	detect-seq: implement prefilter	9 years ago
Victor Julien	822e034753	detect-flow: implement prefilter	9 years ago
Victor Julien	14b0537f95	prefilter: implement basic prefilter priority order	9 years ago
Victor Julien	4104f8c066	detect-fragoffset: implement prefilter	9 years ago
Victor Julien	9195708d58	detect analyzer: give minimal prefilter info	9 years ago
Victor Julien	065d9bceae	detect-dsize: enable prefilter support Enable prefilter support for the dsize keyword.	9 years ago
Victor Julien	9ccd0c0f90	prefilter: implement fragbits	9 years ago
Victor Julien	3b4aa06377	prefilter: engine for ack rules Rules for the 'ack' keyword are uncommon, but if used inspected against almost every packet.	9 years ago
Victor Julien	31ad0a133b	prefilter: engine for tcp flags keyword If there are many rules for TCP flags these rules would be inspected against each TCP packet. Even though the flags check is not expensive, the combined cost of inspecting multiple rules against each and every packet is high. This patch implements a prefilter engine for flags. If a rule group has rules looking for specific flags and engine for that flag or flags combination is set up. This way those rules are only inspected if the flag is actually present in the packet.	9 years ago
Victor Julien	8798bf48b2	profiling: support prefilter engines	9 years ago
Victor Julien	ea26ee906f	prefilter: intro common engine for u8 matches	9 years ago
Victor Julien	99b9896bd7	prefilter: common funcs for packet header prefilters	9 years ago
Victor Julien	f80623fd73	prefilter: show prefilter capability in --list-keywords	9 years ago
Victor Julien	56239690d0	prefilter: implement prefilter keyword Introduce prefilter keyword to force a keyword to be used as prefilter. e.g. alert tcp any any -> any any (content:"A"; flags:R; prefilter; sid:1;) alert tcp any any -> any any (content:"A"; flags:R; sid:2;) alert tcp any any -> any any (content:"A"; dsize:1; prefilter; sid:3;) alert tcp any any -> any any (content:"A"; dsize:1; sid:4;) In sid 2 and 4 the content keyword is used in the MPM engine. In sid 1 and 3 the flags and dsize keywords will be used.	9 years ago
Victor Julien	85cb749e8b	detect cleanup: remove sgh mpm_ctx pointers	9 years ago
Victor Julien	82d3c0b520	sgh: remove unused flags	9 years ago
Victor Julien	08407b6d47	tls: mpm prefilter engines	9 years ago
Victor Julien	7acdc66061	smtp file_data: mpm prefilter engine	9 years ago
Victor Julien	0019a7bd9f	http_raw_header: mpm prefilter engine Register for both regular headers and trailer.	9 years ago
Victor Julien	cef12ed80f	http_server_body / file_data: mpm prefilter engine	9 years ago
Victor Julien	5646dd9ecf	http_client_body: mpm prefilter engine	9 years ago
Victor Julien	9b6fd6bb48	http_headers: mpm prefilter engines Register for both regular headers and trailers.	9 years ago
Victor Julien	9cab3ea2cd	http_stat_code: mpm prefilter engine	9 years ago
Victor Julien	4d57b2fc63	http_stat_msg: mpm prefilter engine	9 years ago
Victor Julien	86d303e32b	http_raw_host: mpm prefilter engine	9 years ago
Victor Julien	5218849213	http_host: mpm prefilter engine	9 years ago
Victor Julien	61c3748fc4	http_user_agent: mpm prefilter engine	9 years ago
Victor Julien	a43a69305d	http_cookie: mpm prefilter engine	9 years ago
Victor Julien	7a46364e42	http_raw_uri: mpm prefilter engine	9 years ago
Victor Julien	746a169127	dns_query: mpm prefilter engine	9 years ago
Victor Julien	9ff5703c49	packet/stream: mpm prefilter engine	9 years ago

1 2 3 4 5 ...

7359 Commits (a4450b768eeb56eb095805c62cc793173ec129b1) All Branches Search

7359 Commits (a4450b768eeb56eb095805c62cc793173ec129b1)

All Branches