suricata

Commit Graph

Author	SHA1	Message	Date
Victor Julien	75cddabd8a	fast_pattern: don't consider http_method, http_stat_code and http_stat_msg when automatically giving preference to a HTTP pattern over a stream pattern.	13 years ago
Anoop Saldanha	51c9955c79	fix for bug #577 . If a pattern has matched on mpm, don't re-inspect it later, subject to certain conditions met by the pattern - namely, not negated, right chop, no replacet attached to it.	13 years ago
Eric Leblond	e176be6fcc	Use unlikely for error treatment. When handling error case on SCMallog, SCCalloc or SCStrdup we are in an unlikely case. This patch adds the unlikely() expression to indicate this to gcc. This patch has been obtained via coccinelle. The transformation is the following: @istested@ identifier x; statement S1; identifier func =~ "(SCMalloc\|SCStrdup\|SCCalloc)"; @@ x = func(...) ... when != x - if (x == NULL) S1 + if (unlikely(x == NULL)) S1	13 years ago
Anoop Saldanha	21f92c0a89	Give priority to non stream content over stream content when selecting fast pattern.	13 years ago
Anoop Saldanha	64fad5b36e	Update fast_pattern engine to not use negated content as fast_pattern if we have non-negated content in the sig. Noticing a good spike in perf with et_pro ruleset. Thanks to Will Metcalf for the suggestion.	13 years ago
Anoop Saldanha	0eaf0b0129	mpm engine and ac mem free fixes	13 years ago
Anoop Saldanha	f4ce9011d2	make mpm ctx container de_ctx specific. Also introduce global variable in mpm_ctx. this is a workaround for cleaning non global mpm_ctx's since we now don't supply the de_ctx around the detection engine API	13 years ago
Anoop Saldanha	fc15cc7de1	some more mpm engine cleanup	13 years ago
Anoop Saldanha	f9612f3b83	mpm engine cleanup. Remove unnecessary flags	13 years ago
Anoop Saldanha	0d602d9cde	we now support offset, depth inspection against all packet payloads and stream messages	13 years ago
Anoop Saldanha	db8500bb26	fast pattern cleanup - Remove FastPatternSupportEnabledForSigMatchList() and all it's associated structures	13 years ago
Anoop Saldanha	988c92f71c	http user agent keyword + mpm + inspection + fast pattern support added	13 years ago
Anoop Saldanha	2995867328	b2g cuda up, compiling and running	14 years ago
Victor Julien	28d88746e4	Fix compiler warning and silence complaining unittests.	14 years ago
Victor Julien	8e48a2edfd	Fix NULL dereference in PacketPatternSearchWithStreamCtx code.	14 years ago
Anoop Saldanha	4810ee9c5f	All uricontent modified patterns now are DETECT_CONTENT and not DETECT_URICONTENT. Step towards unifying all content based patterns. Makes way for easier management of patterns	14 years ago
Anoop Saldanha	dcb2afb02f	Use sm_list to differentiate between different content types while retrieving pattern ids instead of sm_type	14 years ago
Anoop Saldanha	83d9439877	DetectPatternGetId() cleanup. Remove separate search element creation for uricontent. We don't need this now since we have unified content structures for content and uricontent	14 years ago
Anoop Saldanha	0677190960	rebase commit for hscd and hsmd patches	14 years ago
Anoop Saldanha	09313cf9bd	Support http stat code detection engine, fast pattern(mpm engine included). Fix http stat code setup function. Fix pcre option for stat msg keyword. With this the pcre options for server_body is Q, for stat_msg is Y and for stat_code is S	14 years ago
Anoop Saldanha	2007c2711c	Support http stat msg detection engine, fast pattern(mpm engine included). Fix http stat msg setup function. Fix pcre option for stat msg keyword	14 years ago
Anoop Saldanha	9a665e035b	code cleanup over last 2 commits	14 years ago
Anoop Saldanha	55c4e419fd	if a signature is non-tcp, it's always a packet sig	14 years ago
Anoop Saldanha	419cdc8558	support splitting mpm ctxs based on direction v2	14 years ago
Anoop Saldanha	42bc22cfa5	indendation fix	14 years ago
Anoop Saldanha	ecc7a769a7	reclaim mpm contexts if no patterns are added to it, even in non-full mode	14 years ago
Anoop Saldanha	1389cf6913	update cuda mpm to support per proto mpm contexts. Fix faulty stream mpm usage of cuda	14 years ago
Anoop Saldanha	92643f6110	introduce separate mpm ctxs for tcp/udp/other_protos	14 years ago
Anoop Saldanha	a5dec3cb2e	refactor all http mpm engine code	14 years ago
Anoop Saldanha	34cf557abf	fix indentation	14 years ago
Anoop Saldanha	5b91cec4ae	remove unnecessary if/else checks	14 years ago
Victor Julien	dd9da1a56f	Merge all http mpm related signature flags into a single set: SIG_FLAG_MPM_HTTP and SIG_FLAG_MPM_HTTP_NEG.	14 years ago
Victor Julien	d5ed28b065	Remove SIG_FLAG_MPM flag.	14 years ago
Victor Julien	fe48920514	Remove per sgh mpm_streamcontent_maxlen variable. It was checked but never set.	14 years ago
Victor Julien	291ddd95f2	Detection engine -- mpm Each signature is in one mpm ctx at max, but there were 3 separate id's in use: packet, stream, http. Merged them all into one. Could shrink the SignatureHeader structure with 8 bytes because of this, should lead to better caching performance.	14 years ago
Victor Julien	89f83e714c	Introduce http_server_body keyword. The http_server_body content modifier modifies the previous content to inspect the normalized (dechunked, unzipped) http_server_body. The workings are similar to http_client_body. Additionally, a new pcre flag was introduced "/S". To facilitate this change the signature flags field was changed to be 64 bit.	14 years ago
Anoop Saldanha	17f3f36d38	packet keywords only added for packet mpm. Rest in stream mpm. Update detection engine to handle the same	14 years ago
Victor Julien	09b5dca343	Consider signatures with the flags keyword to be packet inspecting only, not stream.	14 years ago
Eric Leblond	0c34a1c5e7	rewrite constants and add flag for replace This patch make use of bit shift to rewrite some of the mask constants. It also delete an unused flag value and suppress the associated dead code. The numeric value of the flag is now used by the flag needed for replace code.	14 years ago
Anoop Saldanha	966119b6aa	support for http_raw_uri keyword + mpm engine	14 years ago
Anoop Saldanha	c9897a44a4	fast pattern support for http_cookie. Also support relative modifiers	15 years ago
Anoop Saldanha	bbbedaf963	fast pattern support for http_method. Also support relative modifiers	15 years ago
Eric Leblond	49adc264bc	Don't print message after SCMalloc failure. This patch generated via coccinelle is getting rid of logging message after a SCMalloc failure. They were useless as SCMalloc already displays a message.	15 years ago
Victor Julien	18b4e3380f	Make mpm-algo use the mpm_table that has the actual mpm's registered. Clean up dead code.	15 years ago
Victor Julien	435d0fb327	Clean up signature flags creating room for merging flags and mpm_flags. Merge flags and mpm_flags. Move new mpm id's into signature header. Get rid of full signature access in signature prefiltering.	15 years ago
Anoop Saldanha	25588b6910	comment out hrhd flags that we were using previously. Also remove the de_mpm_ based flags inside detect.h used by uri\|hcbd\|hhd\|hrhd mpms. indentation fix as well	15 years ago
Anoop Saldanha	72b0fcf419	modify detection engine to carry out uri mpm run before build match array if alproto is http and if sgh has atleast one sig with uri mpm set	15 years ago
Anoop Saldanha	7ec0382774	support fast pattern for http raw header. Also support relative modifiers for http raw header	15 years ago
Anoop Saldanha	c61c68fd36	mpm and fast pattern support for http_header. Also support relative modifiers for http_header	15 years ago
Anoop Saldanha	778ec0939c	make client body buffer limit configurable. Also some minor changes	15 years ago

1 2 3

146 Commits (fd6df00684a503b69d303d6cffe2b6ba5ffbd531)