suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	6381b1a643	detect/iponly: cleanups	4 years ago
Victor Julien	af51e0f5a1	detect: rewrite of the detect engine Use per tx detect_flags to track prefilter. Detect flags are used for 2 things: 1. marking tx as fully inspected 2. tracking already run prefilter (incl mpm) engines This supercedes the MpmIDs API for directionless tracking of the prefilter engines. When we have no SGH we have to flag the txs that are 'complete' as inspected as well. Special handling for the stream engine: If a rule mixes TX inspection and STREAM inspection, we can encounter the case where the rule is evaluated against multiple transactions during a single inspection run. As the stream data is exactly the same for each of those runs, it's wasteful to rerun inspection of the stream portion of the rule. This patch enables caching of the stream 'inspect engine' result in the local 'RuleMatchCandidateTx' array. This is valid only during the live of a single inspection run. Remove stateful inspection from 'mask' (SignatureMask). The mask wasn't used in most cases for those rules anyway, as there we rely on the prefilter. Add a alproto check to catch the remaining cases. When building the active non-mpm/non-prefilter list check not just the mask, but also the alproto. This especially helps stateful rules with negated mpm. Simplify AppLayerParserHasDecoderEvents usage in detection to only return true if protocol detection events are set. Other detection is done in inspect engines. Move rule group lookup and handling into it's own function. Handle 'post lookup' tasks immediately, instead of after the first detect run. The tasks were independent of the initial detection. Many cleanups and much refactoring.	8 years ago
Victor Julien	0bc27c7dc7	rule-vars: take detect engine as arg	11 years ago
Victor Julien	c1a40447c1	IP Only cleanup: make most functions static. Add error message on address parsing issues.	14 years ago
Anoop Saldanha	7e5c52c80b	add flowbits:set; only sigs to be treated as ip only	14 years ago
William Metcalf	ce01927515	Import of GPLv2 Header 050410	15 years ago
Anoop Saldanha	47037ef9ec	fix for bug 115	16 years ago
Pablo Rincon	e7a989e305	IP Only Engine using radix trees	16 years ago
Victor Julien	15ab5d7003	More engine init memleaks fixed. HashListTable remove function fixed.	16 years ago
Victor Julien	085b7a3c0e	Move unittests away from detect.c	16 years ago
Victor Julien	657be002d1	Big detection engine update: scan improvements, b2g/b3g updates, bloom fixes, iponly detection implementation, dsize/flow grouping.	16 years ago

11 Commits (f5408ec2d7f74a6c9792e8d86c14a5d609861a4a)