Anoop Saldanha
|
3656879aa0
|
fix some dce opnum/stub tests that would have shown success always irrespective of test results
|
14 years ago |
Anoop Saldanha
|
4b77f132df
|
add support for sigs with uricontent fast_pattern
|
14 years ago |
Anoop Saldanha
|
ea8eaf31aa
|
Fix fast_pattern tests that always showed success, irrespective of test results
|
14 years ago |
Victor Julien
|
966c7349d3
|
Make sure we have a response message before inspecting it in http_stat_msg.
|
14 years ago |
Victor Julien
|
07ec1ee10e
|
Slightly cleanup detect-engine.sgh-mpm-context option parsing.
|
14 years ago |
Anoop Saldanha
|
c89507836b
|
if sgh-mpm-context is not available in conf, alias the auto case inside the engine
|
14 years ago |
Victor Julien
|
bac621760e
|
Fix a potential invalid memory read in the protocol name code used by alert-fastlog.
|
14 years ago |
Gurvinder Singh
|
f92ba23331
|
add the support for >= and <= operator for byte_test
|
14 years ago |
Victor Julien
|
412498f4e4
|
Converts port vars in http logger from uint32_t to Port and update output.
|
14 years ago |
Gurvinder Singh
|
b7ff6537d2
|
fixed the incorrect port issue in http.log
|
14 years ago |
Victor Julien
|
275bd3b7d7
|
Switch back to defaulting to full for detect-engine.sgh-mpm-context as it broke many tests.
|
14 years ago |
Victor Julien
|
dec4218d62
|
Layout updates to NFQ runmode.
|
14 years ago |
Victor Julien
|
7e49aa7f76
|
Simplify NFQ runmode reducing the number of threads and thus queues.
|
14 years ago |
Victor Julien
|
7e6f01765f
|
Change default of detect-engine.sgh-mpm-context to auto.
|
14 years ago |
Victor Julien
|
001f91056e
|
Add http_raw_header as an alias to the http_header keyword as that actually inspects the raw headers (see issue #243). Closes issue #242.
|
14 years ago |
Victor Julien
|
4598274d07
|
Fix depth error messages referring to distance instead of depth, fix their layout.
|
14 years ago |
Victor Julien
|
afdb39e5f6
|
Print an error if the protocol field of a signature contains a unknown/invalid value.
|
14 years ago |
Victor Julien
|
8d0bc27fc4
|
Fix a case where alerting in inline mode would lead dropping on alert sigs.
|
14 years ago |
Victor Julien
|
5a10eac5bd
|
Cleanup http_stat_code unittests, shrink data structure.
|
14 years ago |
Victor Julien
|
1636152e32
|
Fix negated http_method not working properly, causing false positives.
|
14 years ago |
Gurvinder Singh
|
b7da115e6d
|
support for http_stat_code keyword has been added to detection module
|
14 years ago |
Gurvinder Singh
|
1deae70cf7
|
added http_stat_msg keyword support for detection module
|
14 years ago |
Jason Ish
|
a4d19e4130
|
Add new profiling sort option, maxticks.
|
14 years ago |
Anoop Saldanha
|
59923316bc
|
change the default recursion limit in the code to 3000, the value which we currently have in the conf file. Also change print modifier for printing timeval
|
14 years ago |
Anoop Saldanha
|
5d9a453e0d
|
find an optimal value for detect-engine:inspection-recursion_limit + unittest
|
14 years ago |
Anoop Saldanha
|
bc99328ec8
|
define a new conf paramter detect-engine:inspection-recursion-limit; Defines a recursion limit for content inspection code
|
14 years ago |
William Metcalf
|
efeab331ea
|
compilation fix missing UT ifdef wrapper in reference code
|
14 years ago |
Victor Julien
|
746ef0d2f8
|
Remove stray newline char from profiling output.
|
14 years ago |
Victor Julien
|
3062b19068
|
Clean up output of signature ordering module.
|
14 years ago |
Victor Julien
|
001dcaae84
|
Minor reference.config support changes: improve error handling, reduce hash table size.
|
14 years ago |
Anoop Saldanha
|
88d94b136d
|
Support for reference.config file
|
14 years ago |
Anoop Saldanha
|
f5a02833dd
|
code cleanup in detect-reference.c
|
14 years ago |
Victor Julien
|
5f4d681a42
|
Apply revision 233 and 234 from libhtp to improve memory handling when Suricata runs out of memory.
|
14 years ago |
Victor Julien
|
344ea14695
|
Change mpm hash_size config setting highest to higher as highest wasn't the... highest. Max was higher. Leaving highest as an alias to higher for backwards compatibility.
|
14 years ago |
Victor Julien
|
41fd7e51c6
|
Really add secunia reference support.
|
14 years ago |
Victor Julien
|
33170fd181
|
Add secunia reference pending our reference.config support.
|
14 years ago |
Anoop Saldanha
|
067e53403c
|
add missing sig_app_layer flags for dce sigs
|
14 years ago |
Victor Julien
|
26fd2a0afd
|
Add telus and bid references for etpro.
|
14 years ago |
Victor Julien
|
2b187a2721
|
Remove a BUG_ON statement from the payload inspection code.
|
14 years ago |
Victor Julien
|
f2e6ec7374
|
Fix http_method not inspecting all http transactions all the time. Fix proper nocase setting. Switch to pattern scanning only, no more numeric compares as it turned to be incompatible with how the keyword is used (nocase, etc).
|
14 years ago |
Anoop Saldanha
|
2cdb5be391
|
Print out file name for fast_pattern engine_analysis. Also add some info logs
|
14 years ago |
Anoop Saldanha
|
0c5b82d891
|
provide separate ids for content, uricontent, http_(client_body_data|cookie|header|method|uri), when they share the same pattern
|
14 years ago |
Victor Julien
|
3bd7441ea5
|
Default to 'single' ctx for ac-gfbs as well.
|
14 years ago |
Anoop Saldanha
|
e072841e93
|
hash fix in staging to differentiate nocase duplicate patterns from case-senstive ones
|
14 years ago |
Anoop Saldanha
|
de5db1a730
|
support cases for ac, where we have a single pattern in 2 different sigs, but one that is case-senstive and the other not. Also remove duplicate pids from the output_table
|
14 years ago |
Anoop Saldanha
|
62f814a4c3
|
change default value for detect-engine.sgh_mpm_context to auto
|
14 years ago |
Anoop Saldanha
|
8628c572df
|
update todos for ac. Cleanup some memory as well.
|
14 years ago |
Anoop Saldanha
|
a2d04a94b5
|
selecting auto for detect-engine.sgh_mpm_context now uses single if the mpm is ac, full otherwise
|
14 years ago |
Anoop Saldanha
|
5cc7f90f45
|
fix hash bug in ac-gfbs. Should reduce the no of patterns added for single context ac-gfbs from a million to a couple of thousands. Also support no case handling. \todo support insertion of final state presence into goto_table and failure table state transitions
|
14 years ago |
Anoop Saldanha
|
ded1f63323
|
fix ac nocase handling
|
14 years ago |