suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	b5d5389438	detect/ssh: minor --list-keywords improvements	6 years ago
Mats Klepsland	08efbdc632	detect-ssh-software-version: add description and url to keyword	7 years ago
Victor Julien	ab1200fbd7	compiler: more strict compiler warnings Set flags by default: -Wmissing-prototypes -Wmissing-declarations -Wstrict-prototypes -Wwrite-strings -Wcast-align -Wbad-function-cast -Wformat-security -Wno-format-nonliteral -Wmissing-format-attribute -funsigned-char Fix minor compiler warnings for these new flags on gcc and clang.	8 years ago
Victor Julien	342059835f	detect-parse: improve common parser In preparation of turning input to keyword parsers to const add options to the common rule parser to enforce and strip double quotes and parse negation support. At registration, the keyword can register 3 extra flags: SIGMATCH_QUOTES_MANDATORY: value to keyword must be quoted SIGMATCH_QUOTES_OPTIONAL: value to keyword may be quoted SIGMATCH_HANDLE_NEGATION: leading ! is parsed In all cases leading spaces are removed. If the 'quote' flags are set, the quotes are removed from the input as well.	8 years ago
Victor Julien	d304be5bc3	detect: register progress in inspect engines Register required progress so we can stop inspecting as soon as the progress isn't far enough yet.	8 years ago
Victor Julien	cc4010343d	detect: add and use util func for alproto sets	9 years ago
Victor Julien	a10b2fdecf	detect: make ssh detection use dynamic list	9 years ago
Victor Julien	3ee4989ba7	ssh: convert app-layer parser to be tx aware Like with SSL, there is only a single 'tx'.	9 years ago
Victor Julien	8edc954e82	detect: get rid of Signature::sm_lists Instead use the lists in init_data during setup and the SigMatchData arrays during runtime.	9 years ago
Victor Julien	bfd4bc8233	detect: constify Signature/SigMatch use at runtime	9 years ago
Giuseppe Longo	675fa56497	app-layer: add ThreadVars to AppLayerParserParse To be able to add a transaction counter we will need a ThreadVars in the AppLayerParserParse function. This function is massively used in unittests and this result in an long commit.	9 years ago
Victor Julien	6530c3d0d8	unittests: replace SCMutex* calls by FLOWLOCK_*	9 years ago
Victor Julien	9030e89c94	detect: don't set alproto while registering keyword The field is not used except for some printing, and is wrong for many keywords.	9 years ago
Victor Julien	e67ae0f174	detect keywords: use parse regex util func	9 years ago
Jason Ish	796dd5223b	tests: no longer necessary to provide successful return code 1 pass, 0 is fail.	9 years ago
Antti Tönkyrä	834c36659e	Allow colon in SSH version, at least some trojaned PuTTY clients have version like Putty-Local: Timestamp HH:MM:SS	10 years ago
Victor Julien	59d12f334e	ssh.softwareversion: allow more characters The keyword would not allow matching on "OpenSSH_5.5p1 Debian-6+squeeze5" as the + and space characters were not allowed. This patch adds support for them.	11 years ago
Ken Steele	8f1d75039a	Enforce function coding standard Functions should be defined as: int foo(void) { } Rather than: int food(void) { } All functions where changed by a script to match this standard.	11 years ago
Victor Julien	6e0112d737	detect: modify AMATCH locking This is an intrusive change. This patch modifies the way AMATCH inspection uses locking. So far, each keyword did it's own locking. This lead to a situation where a 'alstate' pointer was passed around that was not always protected by a lock. This patch moves the locking to the Stateful detection functions.	11 years ago
Victor Julien	6c0162bf26	ssh: reenable ssh.softwareversion keyword	12 years ago
Anoop Saldanha	abded4200a	Disabling the ssh parser temporarily, since we are moving away from some of the archaic features we use in the app layer. We will reintroduce this parser shortly. Also do note that keywords that rely on the ssh parser would now be disabled.	12 years ago
Anoop Saldanha	b1dffdfbe0	Add app layer protocol packet event detection support.	12 years ago
Victor Julien	16130cc974	ssh: fix memleaks during ssh.softwareversion init and cleanup	12 years ago
Eric Leblond	cd3e32ce19	unittests: some functions needs a flow lock. In debug validation mode, it is required to call application layer parsing and other functions with a lock on flow. This patch updates the code to do so.	12 years ago
Last G	8ae11f73b2	Added parentheses to fix Eclipse static code analysis Fixed bug in action priority (REJECT_DST had lowest prio)	13 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Anoop Saldanha	c9af50ea0c	code cleanup - replace SigMatchAppendAppLayer with SigMatchAppendSMToList	14 years ago
Anoop Saldanha	9a6aef459e	modify all relevant app layer API calls to accomodate passing parser local storage argument	14 years ago
Victor Julien	06904c9024	App Layer cleanup Removal of per flow 'aldata' array. It contained a ptr for each ALPROTO. Instead now we have 2 ptrs in the flow: alparser and alstate. Various cleanups and dead code removal from the app layer API. Should safe 100+ bytes memory per flow on 64 bit. Updated lots of unittests to reflect these changes.	14 years ago
Victor Julien	1d971b53a6	Update all unittests	15 years ago
Victor Julien	fc248ca7a1	Many small performance updates.	15 years ago
Pablo Rincon	9d7baa7a9f	Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion	15 years ago

33 Commits (d623dc4ac0ee0ca0496d05a2aabf8b3203a65572)