Victor Julien
d318bfc934
dcerpc: simplify common detect code
8 years ago
Victor Julien
402eb645a0
ftp: parser and ftpbounce update
...
Convert parser to TX API.
Convert ftpbounce keyword to use that.
8 years ago
Victor Julien
d9a300cd8c
detect: move lua smtp support to dynamic list
8 years ago
Victor Julien
96b8100a51
lua: convert lua output to be tx aware
8 years ago
Victor Julien
a10b2fdecf
detect: make ssh detection use dynamic list
8 years ago
Victor Julien
c412352474
ssh: remove single logger limit
8 years ago
Victor Julien
3ee4989ba7
ssh: convert app-layer parser to be tx aware
...
Like with SSL, there is only a single 'tx'.
8 years ago
Victor Julien
4ae4fd0802
lua: use tls_generic list for ssl/tls
8 years ago
Victor Julien
a8975c68e0
detect ssl/tls: use dynamic lists
8 years ago
Victor Julien
1cacba435b
ssl/tls: clean up keywords
8 years ago
Victor Julien
6ef4712cd6
detect: convert old tls keywords to dynamic list
8 years ago
Victor Julien
ef149bed7b
tls.store: convert to postmatch
8 years ago
Victor Julien
8b3a71a285
tls.store: cleanup
8 years ago
Victor Julien
8eac1156c6
app-layer-events: remove unused API options
8 years ago
Victor Julien
1087495d6d
detect: http_start sticky buffer
...
Matches on the start of a HTTP request or response.
Uses a buffer constructed from the request line and normalized request
headers, including the Cookie header.
Or for the response side, it uses the response line plus the
normalized response headers, including the Set-Cookie header.
Both buffers are terminated by an extra \r\n.
8 years ago
Victor Julien
36535efa04
detect: add http_protocol sticky buffer
...
Matches on protocol field in HTTP.
8 years ago
Victor Julien
f2fc5a255f
http_header: convert to use common code
8 years ago
Victor Julien
6279ec399e
http_header: common detection code
8 years ago
Victor Julien
5ee68ca2b2
http_header: remove old files
8 years ago
Victor Julien
2bb0cae05a
http_header: move all code into keyword files
8 years ago
Victor Julien
aaeeae0722
detect: http_header_names sticky buffer keyword
...
A sticky buffer that allows content inspection on a contructed buffer
of HTTP header names. The buffer starts with \r\n, the names are
separated by \r\n and the end of the buffer contains an extra \r\n.
E.g. \r\nHost\r\nUser-Agent\r\n\r\n
The leading \r\n is to make sure one can match on a full name in all
cases.
8 years ago
Victor Julien
cf9678d926
detect: global registery for keyword thread data
...
Some keywords need a scratch space where they can do store the results
of expensive operations that remain valid for the time of a packets
journey through the detection engine.
An example is the reconstructed 'http_header' field, that is needed
in MPM, and then for each rule that manually inspects it. Storing this
data in the flow is a waste, and reconstructing multiple times on
demand as well.
This API allows for registering a keyword with an init and free function.
It it mean to be used an initialization time, when the keyword is
registered.
8 years ago
Victor Julien
75907fce06
profiling: output all sort options for rules
...
Limit the default number of sids to 10.
8 years ago
Victor Julien
7d8a5a75ef
profiling: honor limit in json rule output
8 years ago
Victor Julien
a9a228a289
profiling: fix keyword profiling
8 years ago
Victor Julien
a1465bc4fa
detect-engine-mpm: api cleanup
8 years ago
Victor Julien
8bd1422948
detect: detect engine registration cleanup
8 years ago
Victor Julien
49fbd28ceb
detect: cleanup built-in list id's
8 years ago
Victor Julien
40851eecf0
template: dynamic buffer
8 years ago
Victor Julien
815120896b
app-layer-events: dynamic list
8 years ago
Victor Julien
b68343e372
files: use dynamic list
8 years ago
Victor Julien
e4bfdd53c2
cip/enip: dynamic buffer
8 years ago
Victor Julien
f2393c1ae0
modbus: dynamic buffer
8 years ago
Victor Julien
cfdd934aba
dnp3: dynamic buffers/lists
8 years ago
Victor Julien
9ba386a141
tls: dynamic buffers
8 years ago
Victor Julien
d9b3ae6cd6
dns: use dynamic buffers
8 years ago
Victor Julien
d2f77978ec
detect-parse: content modifier cleanup
8 years ago
Victor Julien
6f867c3c73
http_raw_uri: dynamic buffer
8 years ago
Victor Julien
ee55aefa1c
http_client_body: dynamic buffer
8 years ago
Victor Julien
e7d5e845c7
http_header / http_raw_header: dynamic buffers
8 years ago
Victor Julien
b694d96e22
http_stat_msg: dynamic buffer
8 years ago
Victor Julien
7e3ab4f5ea
http_stat_code: dynamic buffer
8 years ago
Victor Julien
128b59d4f6
http_raw_host: dynamic buffer
8 years ago
Victor Julien
296c275e23
http_host: dynamic buffer
8 years ago
Victor Julien
67b7d9734e
http_cookie: dynamic buffer
8 years ago
Victor Julien
54604c7bf2
http_user_agent: dynamic buffer
8 years ago
Victor Julien
9262fa3dcf
http_response_line: dynamic buffer
8 years ago
Victor Julien
6346a074a7
http_uri: dynamic buffer
...
Clean up tests
8 years ago
Victor Julien
e34102d67a
http_method: make list dynamic
8 years ago
Victor Julien
6bd37611ee
file_data: dynamic buffer
8 years ago