Victor Julien
|
18b4e3380f
|
Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code.
|
15 years ago |
Victor Julien
|
3f47eade6b
|
Fix couple of cases where incorrect handling of keyword parsing errors would lead to access of uninitialized memory. Found by clang.
|
15 years ago |
Victor Julien
|
3d60e9bfeb
|
Clean up output.
|
15 years ago |
Anoop Saldanha
|
d241e51b32
|
adapt fast pattern engine analysis to reflect the new changes made to your mpm design
|
15 years ago |
Anoop Saldanha
|
c734cd1bdd
|
make cuda mpm parameters configurable
|
15 years ago |
Victor Julien
|
0e8e8e3728
|
Don't stop stream reassembly if protocol detection failed, only stop/prevent app layer parsing.
|
15 years ago |
Victor Julien
|
39dea56a84
|
Remove flowbits as a mask prefilter as they are dynamic. Add a dynamic check.
|
15 years ago |
Anoop Saldanha
|
8c21511c99
|
don't buffer raw headers. Retrieve them individually from htp_state during mpm stage and content valiadation stage
|
15 years ago |
Victor Julien
|
55ca988222
|
Change locking of http_header, http_raw_header and http_client_body so that flow isn't accessed without lock anywhere.
|
15 years ago |
Victor Julien
|
435d0fb327
|
Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering.
|
15 years ago |
Victor Julien
|
169aa5581a
|
Rename SIG_FLAG_AMATCH flag to SIG_FLAG_STATE_MATCH to better reflects its purpose.
|
15 years ago |
Victor Julien
|
d7b92d9bfe
|
Consolidate several signature flags into one.
|
15 years ago |
Victor Julien
|
2102a54c26
|
Cleanup and rearrange detection code slightly.
|
15 years ago |
Anoop Saldanha
|
25588b6910
|
comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri|hcbd|hhd|hrhd mpms. indentation fix as well
|
15 years ago |
Anoop Saldanha
|
e50503e820
|
cleanup/remove dead code
|
15 years ago |
Anoop Saldanha
|
93fa7ea828
|
modify detection engine to run hrhd mpm before building the match array
|
15 years ago |
Anoop Saldanha
|
b140ed1c9c
|
modify detection engine to run hhd mpm before building the match array
|
15 years ago |
Anoop Saldanha
|
4e273f2c8b
|
modify detection engine to carry out hcbd mpm run before build match array if alproto is http and if sgh has atleast one sig with hcbd mpm set
|
15 years ago |
Anoop Saldanha
|
72b0fcf419
|
modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set
|
15 years ago |
Victor Julien
|
6a5d2cb40d
|
Fix potential locking issue in out of memory conditions in the http_header, http_raw_header code. Fix other potential small issues in http_ code.
|
15 years ago |
Anoop Saldanha
|
7ec0382774
|
support fast pattern for http raw header. Also support relative modifiers for http raw header
|
15 years ago |
Victor Julien
|
0c806f70bb
|
Fix --enable-debug compilation, just unittest with --enable-debug-validation enabled.
|
15 years ago |
Victor Julien
|
1a32d9b5ec
|
Fix printing unprintable characters in the engine-analysis fast_pattern mode.
|
15 years ago |
Anoop Saldanha
|
c61c68fd36
|
mpm and fast pattern support for http_header. Also support relative modifiers for http_header
|
15 years ago |
Anoop Saldanha
|
778ec0939c
|
make client body buffer limit configurable. Also some minor changes
|
15 years ago |
Anoop Saldanha
|
0aa5cffb12
|
fast pattern support for http_client_body keyword added. Also mpm support for http_client_body added
|
15 years ago |
Anoop Saldanha
|
c227aeeacb
|
remove support for skipping reinspecting fast pattern contents once again during packet payload inspection. Also make some changes to our detection engine
|
15 years ago |
Anoop Saldanha
|
bbd0c5056b
|
store the content added for mpm inside Signature. also carry out an unconditional cleanup of packet pattern matcher pmq det_ctx->pmq
|
15 years ago |
Anoop Saldanha
|
6df051321f
|
fix fp when content is negated and also added to mpm
|
15 years ago |
Anoop Saldanha
|
5c6a65dc58
|
support relative modifiers for http_client_body. Introduce body processing engine in detect-engine-hcbd.[ch]
|
15 years ago |
Anoop Saldanha
|
3d2f81d978
|
replace all Signature->dmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_DMATCH]
|
15 years ago |
Anoop Saldanha
|
a7353be20d
|
replace all Signature->amatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_AMATCH]
|
15 years ago |
Anoop Saldanha
|
e0476242c6
|
replace all Signature->umatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_UMATCH]
|
15 years ago |
Anoop Saldanha
|
e54358a9e1
|
replace all Signature->pmatch instances in the engine with Signature->sm_lists[DETECT_SM_LIST_PMATCH]
|
15 years ago |
Anoop Saldanha
|
82fd581b64
|
replace all sm lists (match, pmatch, dmatch, umatch, amatch, tmatch) with an array Signature->sm_lists[]. Replace all Signature->match instances in the engine with Signature->sm_lists[DETECT_SM_LIST_MATCH]
|
15 years ago |
Victor Julien
|
001f91056e
|
Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242.
|
15 years ago |
Gurvinder Singh
|
b7da115e6d
|
support for http_stat_code keyword has been added to detection module
|
15 years ago |
Gurvinder Singh
|
1deae70cf7
|
added http_stat_msg keyword support for detection module
|
15 years ago |
Anoop Saldanha
|
2cdb5be391
|
Print out file name for fast_pattern engine_analysis. Also add some info logs
|
15 years ago |
Anoop Saldanha
|
a2d04a94b5
|
selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise
|
15 years ago |
Anoop Saldanha
|
174048544d
|
fix hash generation in b2g and ac addpattern. Brings down the no of patterns added from close to a million to a couple of thousands
|
15 years ago |
Anoop Saldanha
|
0ef684705c
|
support single mpm context distribution across sghs in staging. Also see to it that ac works fine with this setup
|
15 years ago |
Anoop Saldanha
|
a85fa6b792
|
support for fast_pattern only and fast_pattern:offset,length. Also support the new option for engine-analysis
|
15 years ago |
Anoop Saldanha
|
0d741b9a55
|
fix for bug 227. For negated contents that have been added to mpm we might have pmq.pattern_id_array_cnt as 0. We can't ignore inspecting sigs if this is 0, in case the content added is negated
|
15 years ago |
Victor Julien
|
cbd4c298ed
|
Initial version of a new bitmask based signature pre-filtering method.
|
15 years ago |
Victor Julien
|
94898a91cc
|
Reorganize SigMatchSignatures.
|
15 years ago |
Victor Julien
|
fc248ca7a1
|
Many small performance updates.
|
15 years ago |
Pablo Rincon
|
5c43db85ce
|
Drop streams on inline mode when a drop rule match from a reassembled stream and/or app layer inspection
|
15 years ago |
Anoop Saldanha
|
f094523eb1
|
clang fix - some minor fixes for unittests
|
15 years ago |
Pablo Rincon
|
9d7baa7a9f
|
Adding ssh app layer module with two new keywords: ssh.protoversion and ssh.softwareversion
|
15 years ago |