suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	d378b76c04	http: body inspection improvement Improve http_client_body and file_data performance when request and response body limits are set to high values.	14 years ago
Victor Julien	19a7e7f395	flow: create a flow lock macro API, implement it for mutex and rwlocks. Mutex remains the default.	14 years ago
Anoop Saldanha	603d4a719a	remove det_ctx->payload_offset and use det_ctx->buffer_offset. Update hscd and hsmd to use the new generic content inspection engine	14 years ago
Anoop Saldanha	d1d5507679	remove all old content inspection engines and references to them. We have cleaned the entire content inspection phase and improved alert accuracy	14 years ago
Anoop Saldanha	35f1f7e8d9	unify payload detection engines + fix other bugs in pcre init	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	419cdc8558	support splitting mpm ctxs based on direction v2	14 years ago
Victor Julien	416b463c51	file-data: add more unittests	14 years ago
Victor Julien	07e560b137	file-data: initial file_data support Support file_data for: content, pcre (relative), byte_test, byte_jump, byte_extract, isdataat. File_data support is handled at signature parsing time, all matches occurring after the file_data in the rule are converted to http_server_body matches. Content matches relative to the file_data are converted. Within to depth, distance to offset. Relative to the start of the body buffer.	14 years ago
Anoop Saldanha	420befb180	Changed my email address to anoopsaldanha at gmail dot com from my current one	14 years ago
Victor Julien	89f83e714c	Introduce http_server_body keyword. The http_server_body content modifier modifies the previous content to inspect the normalized (dechunked, unzipped) http_server_body. The workings are similar to http_client_body. Additionally, a new pcre flag was introduced "/S". To facilitate this change the signature flags field was changed to be 64 bit.	14 years ago

1 2

61 Commits (debc1a6334bdd9f37ccd043b6e3fe57b9c549d5d)